mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-27 16:50:23 +00:00
e2e: add podsecuritycontext fsgroup for normal user validation
considering the pod has run as normal user, the fsgroup has also
set to the same.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit 7ff048bf1e
)
This commit is contained in:
parent
825649185e
commit
bf5553971d
@ -333,6 +333,7 @@ func validateNormalUserPVCAccess(pvcPath string, f *framework.Framework) error {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
Spec: v1.PodSpec{
|
Spec: v1.PodSpec{
|
||||||
|
SecurityContext: &v1.PodSecurityContext{FSGroup: &user},
|
||||||
Containers: []v1.Container{
|
Containers: []v1.Container{
|
||||||
{
|
{
|
||||||
Name: "write-pod",
|
Name: "write-pod",
|
||||||
|
@ -420,7 +420,7 @@ func (ns *NodeServer) stageTransaction(
|
|||||||
transaction.isStagePathCreated = true
|
transaction.isStagePathCreated = true
|
||||||
|
|
||||||
// nodeStage Path
|
// nodeStage Path
|
||||||
_, err = ns.mountVolumeToStagePath(ctx, req, staticVol, stagingTargetPath, devicePath)
|
err = ns.mountVolumeToStagePath(ctx, req, staticVol, stagingTargetPath, devicePath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return transaction, err
|
return transaction, err
|
||||||
}
|
}
|
||||||
@ -678,7 +678,7 @@ func (ns *NodeServer) mountVolumeToStagePath(
|
|||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
req *csi.NodeStageVolumeRequest,
|
req *csi.NodeStageVolumeRequest,
|
||||||
staticVol bool,
|
staticVol bool,
|
||||||
stagingPath, devicePath string) (bool, error) {
|
stagingPath, devicePath string) error {
|
||||||
readOnly := false
|
readOnly := false
|
||||||
fsType := req.GetVolumeCapability().GetMount().GetFsType()
|
fsType := req.GetVolumeCapability().GetMount().GetFsType()
|
||||||
diskMounter := &mount.SafeFormatAndMount{Interface: ns.Mounter, Exec: utilexec.New()}
|
diskMounter := &mount.SafeFormatAndMount{Interface: ns.Mounter, Exec: utilexec.New()}
|
||||||
@ -696,7 +696,7 @@ func (ns *NodeServer) mountVolumeToStagePath(
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
log.ErrorLog(ctx, "failed to get disk format for path %s, error: %v", devicePath, err)
|
log.ErrorLog(ctx, "failed to get disk format for path %s, error: %v", devicePath, err)
|
||||||
|
|
||||||
return readOnly, err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
opt := []string{"_netdev"}
|
opt := []string{"_netdev"}
|
||||||
@ -736,7 +736,7 @@ func (ns *NodeServer) mountVolumeToStagePath(
|
|||||||
if cmdErr != nil {
|
if cmdErr != nil {
|
||||||
log.ErrorLog(ctx, "failed to run mkfs error: %v, output: %v", cmdErr, string(cmdOut))
|
log.ErrorLog(ctx, "failed to run mkfs error: %v, output: %v", cmdErr, string(cmdOut))
|
||||||
|
|
||||||
return readOnly, cmdErr
|
return cmdErr
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -757,7 +757,7 @@ func (ns *NodeServer) mountVolumeToStagePath(
|
|||||||
err)
|
err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return readOnly, err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ns *NodeServer) mountVolume(ctx context.Context, stagingPath string, req *csi.NodePublishVolumeRequest) error {
|
func (ns *NodeServer) mountVolume(ctx context.Context, stagingPath string, req *csi.NodePublishVolumeRequest) error {
|
||||||
|
Loading…
Reference in New Issue
Block a user