Skip to content

Commit 40f47db

Browse files
committed
Address the latest review comments by:
1. delete constants.go and move NoGID to fileutil 2. Re-include "volume mount with rotation but skipped" in nodeserver_test.go 3. Added comment about why 64 bit word was chosen for FsGroup in filesystem.go 4. Change the GID and FSGroup to generic int to allow for 64bit int if and when applicable as provisioned at https://github.com/kubernetes/kubernetes/blob/b910026535af2d8a64d45efefeb8d9efb75a4817/pkg/volume/csi/csi_client.go#L64 5. Fixed enable_secret_rotation in e2e-provider.bats to correctly return the name of the pod.
1 parent da34a62 commit 40f47db

11 files changed

Lines changed: 49 additions & 58 deletions

File tree

pkg/constants/constants.go

Lines changed: 0 additions & 22 deletions
This file was deleted.

pkg/secrets-store/nodeserver.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -350,7 +350,7 @@ func (ns *nodeServer) NodeUnstageVolume(ctx context.Context, req *csi.NodeUnstag
350350
return &csi.NodeUnstageVolumeResponse{}, nil
351351
}
352352

353-
func (ns *nodeServer) mountSecretsStoreObjectContent(ctx context.Context, providerName, attributes, secrets, targetPath, permission, podName string, gid int64) (map[string]string, string, error) {
353+
func (ns *nodeServer) mountSecretsStoreObjectContent(ctx context.Context, providerName, attributes, secrets, targetPath, permission, podName string, gid int) (map[string]string, string, error) {
354354
if len(attributes) == 0 {
355355
return nil, "", errors.New("missing attributes")
356356
}

pkg/secrets-store/nodeserver_test.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,7 @@ func getRequest(t *testing.T, customize func(*csi.NodePublishVolumeRequest)) *cs
9191
customize(request)
9292
return request
9393
}
94+
9495
func TestNodePublishVolume_Errors(t *testing.T) {
9596
tests := []struct {
9697
name string
@@ -268,6 +269,15 @@ func TestNodePublishVolume(t *testing.T) {
268269
rotationCacheDuration: -1 * time.Minute, // Using negative interval to pass the rotation interval check in unit tests
269270
},
270271
},
272+
{
273+
name: "volume mount with rotation but skipped",
274+
nodePublishVolReq: getRequest(t, func(*csi.NodePublishVolumeRequest) {}),
275+
initObjects: getInitObjects(func(*secretsstorev1.SecretProviderClass) {}),
276+
rotationConfig: &rotationConfig{
277+
enabled: true,
278+
rotationCacheDuration: time.Minute,
279+
},
280+
},
271281
{
272282
name: "volume mount with valid FSGroup",
273283
nodePublishVolReq: getRequest(t, func(r *csi.NodePublishVolumeRequest) {

pkg/secrets-store/provider_client.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -225,7 +225,7 @@ func (p *PluginClientBuilder) HealthCheck(ctx context.Context, interval time.Dur
225225

226226
// MountContent calls the client's Mount() RPC with helpers to format the
227227
// request and interpret the response.
228-
func MountContent(ctx context.Context, client v1alpha1.CSIDriverProviderClient, attributes, secrets, targetPath, permission string, oldObjectVersions map[string]string, gid int64) (map[string]string, string, error) {
228+
func MountContent(ctx context.Context, client v1alpha1.CSIDriverProviderClient, attributes, secrets, targetPath, permission string, oldObjectVersions map[string]string, gid int) (map[string]string, string, error) {
229229
var objVersions []*v1alpha1.ObjectVersion
230230
for obj, version := range oldObjectVersions {
231231
objVersions = append(objVersions, &v1alpha1.ObjectVersion{Id: obj, Version: version})

pkg/secrets-store/provider_client_test.go

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,6 @@ import (
2727
"testing"
2828
"time"
2929

30-
"sigs.k8s.io/secrets-store-csi-driver/pkg/constants"
3130
"sigs.k8s.io/secrets-store-csi-driver/pkg/util/fileutil"
3231
"sigs.k8s.io/secrets-store-csi-driver/provider/fake"
3332
"sigs.k8s.io/secrets-store-csi-driver/provider/v1alpha1"
@@ -196,7 +195,7 @@ func TestMountContent(t *testing.T) {
196195
t.Fatalf("expected err to be nil, got: %+v", err)
197196
}
198197

199-
objectVersions, _, err := MountContent(context.TODO(), client, "{}", "{}", targetPath, test.permission, nil, constants.NoGID)
198+
objectVersions, _, err := MountContent(context.TODO(), client, "{}", "{}", targetPath, test.permission, nil, fileutil.NoGID)
200199
if err != nil {
201200
t.Errorf("expected err to be nil, got: %+v", err)
202201
}
@@ -254,7 +253,7 @@ func TestMountContent_TooLarge(t *testing.T) {
254253
}
255254

256255
// rpc error: code = ResourceExhausted desc = grpc: received message larger than max (28 vs. 5)
257-
_, errorCode, err := MountContent(context.TODO(), client, "{}", "{}", targetPath, "777", nil, constants.NoGID)
256+
_, errorCode, err := MountContent(context.TODO(), client, "{}", "{}", targetPath, "777", nil, fileutil.NoGID)
258257
if err == nil {
259258
t.Errorf("expected err to be not nil")
260259
}
@@ -348,7 +347,7 @@ func TestMountContentError(t *testing.T) {
348347
t.Fatalf("expected err to be nil, got: %+v", err)
349348
}
350349

351-
objectVersions, errorCode, err := MountContent(context.TODO(), client, test.attributes, test.secrets, test.targetPath, test.permission, nil, constants.NoGID)
350+
objectVersions, errorCode, err := MountContent(context.TODO(), client, test.attributes, test.secrets, test.targetPath, test.permission, nil, fileutil.NoGID)
352351
if err == nil {
353352
t.Errorf("expected err to be not nil")
354353
}

pkg/util/fileutil/atomic_writer.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ type AtomicWriter struct {
7171
type FileProjection struct {
7272
Data []byte
7373
Mode int32
74-
FsGroup *int64
74+
FsGroup *int
7575
}
7676

7777
// NewAtomicWriter creates a new AtomicWriter configured to write to the given
@@ -415,8 +415,8 @@ func (w *AtomicWriter) writePayloadToDir(payload map[string]FileProjection, dir
415415
if fileProjection.FsGroup == nil || runtimeutil.IsRuntimeWindows() {
416416
continue
417417
}
418-
if err := os.Chown(fullPath, -1, int(*fileProjection.FsGroup)); err != nil {
419-
klog.ErrorS(err, "unable to change file with owner", "logContext", w.logContext, "fullPath", fullPath, "owner", int(*fileProjection.FsGroup))
418+
if err := os.Chown(fullPath, -1, *fileProjection.FsGroup); err != nil {
419+
klog.ErrorS(err, "unable to change file with owner", "logContext", w.logContext, "fullPath", fullPath, "owner", *fileProjection.FsGroup)
420420
return err
421421
}
422422
}

pkg/util/fileutil/filesystem.go

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,11 @@ import (
2323
"regexp"
2424
"strconv"
2525
"strings"
26+
)
2627

27-
"sigs.k8s.io/secrets-store-csi-driver/pkg/constants"
28+
const (
29+
// NoGID is the default gid -1 to indicate no change in FSGroup
30+
NoGID int = -1
2831
)
2932

3033
var (
@@ -131,14 +134,11 @@ func GetVolumeNameFromTargetPath(targetPath string) string {
131134
return match[2]
132135
}
133136

134-
// ParseFSGroup parses the FSGroup string and returns the GID as int64.
135-
// If fsGroupStr is empty, returns constants.NoGID.
136-
// Returns an error if the fsGroupStr cannot be parsed as a valid non-negative int64.
137-
func ParseFSGroup(fsGroupStr string) (int64, error) {
137+
// ParseFSGroup parses the FSGroup string and returns the GID.
138+
// If fsGroupStr is empty, returns NoGID.
139+
func ParseFSGroup(fsGroupStr string) (int, error) {
138140
if len(fsGroupStr) == 0 {
139-
return constants.NoGID, nil
141+
return NoGID, nil
140142
}
141-
// Non-sentinel negative GID is invalid and thus we use ParseUint here.
142-
gid, err := strconv.ParseUint(fsGroupStr, 10, 63)
143-
return int64(gid), err
143+
return strconv.Atoi(fsGroupStr)
144144
}

pkg/util/fileutil/filesystem_test.go

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,6 @@ import (
2424

2525
"github.com/google/go-cmp/cmp"
2626
"github.com/google/go-cmp/cmp/cmpopts"
27-
"sigs.k8s.io/secrets-store-csi-driver/pkg/constants"
2827
)
2928

3029
func TestGetMountedFiles(t *testing.T) {
@@ -339,13 +338,13 @@ func TestParseFSGroup(t *testing.T) {
339338
cases := []struct {
340339
name string
341340
fsGroupStr string
342-
want int64
341+
want int
343342
expectedErr bool
344343
}{
345344
{
346345
name: "empty string returns NoGID",
347346
fsGroupStr: "",
348-
want: constants.NoGID,
347+
want: NoGID,
349348
expectedErr: false,
350349
},
351350
{
@@ -382,9 +381,9 @@ func TestParseFSGroup(t *testing.T) {
382381
expectedErr: true,
383382
},
384383
{
385-
name: "negative gid",
386-
fsGroupStr: "-23",
387-
expectedErr: true,
384+
name: "negative gid",
385+
fsGroupStr: "-23",
386+
want: -23,
388387
},
389388
}
390389

pkg/util/fileutil/writer.go

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ func Validate(payloads []*v1alpha1.File) error {
4242
// WritePayloads writes the files to target directory. This helper builds the
4343
// atomic writer and converts the v1alpha1.File proto to the FileProjection type
4444
// used by the atomic writer.
45-
func WritePayloads(path string, payloads []*v1alpha1.File, gid int64) error {
45+
func WritePayloads(path string, payloads []*v1alpha1.File, gid int) error {
4646
if err := Validate(payloads); err != nil {
4747
return err
4848
}
@@ -58,13 +58,18 @@ func WritePayloads(path string, payloads []*v1alpha1.File, gid int64) error {
5858
return err
5959
}
6060

61+
var fsGroup *int
62+
if gid != NoGID {
63+
fsGroup = &gid
64+
}
65+
6166
// convert v1alpha1.File to FileProjection
6267
files := make(map[string]FileProjection, len(payloads))
6368
for _, payload := range payloads {
6469
files[payload.GetPath()] = FileProjection{
6570
Data: payload.GetContents(),
6671
Mode: payload.GetMode(),
67-
FsGroup: &gid,
72+
FsGroup: fsGroup,
6873
}
6974
}
7075

pkg/util/fileutil/writer_test.go

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,6 @@ import (
2727
"strings"
2828
"testing"
2929

30-
"sigs.k8s.io/secrets-store-csi-driver/pkg/constants"
3130
"sigs.k8s.io/secrets-store-csi-driver/pkg/util/runtimeutil"
3231
"sigs.k8s.io/secrets-store-csi-driver/provider/v1alpha1"
3332
)
@@ -373,7 +372,7 @@ func TestWritePayloads(t *testing.T) {
373372
dir := t.TempDir()
374373

375374
// check that the first write succeeds and the contents match
376-
if err := WritePayloads(dir, tc.first, constants.NoGID); err != nil {
375+
if err := WritePayloads(dir, tc.first, NoGID); err != nil {
377376
t.Errorf("WritePayload(first) got error: %v", err)
378377
}
379378

@@ -383,7 +382,7 @@ func TestWritePayloads(t *testing.T) {
383382

384383
// check that the second write succeeds and the contents match,
385384
// ensuring that the files have the updated values
386-
if err := WritePayloads(dir, tc.second, constants.NoGID); err != nil {
385+
if err := WritePayloads(dir, tc.second, NoGID); err != nil {
387386
t.Errorf("WritePayload(second) got error: %v", err)
388387
}
389388

@@ -422,7 +421,7 @@ func TestWritePayloads_BackwardCompatible(t *testing.T) {
422421

423422
want := []byte("new")
424423

425-
if err := WritePayloads(dir, payload, constants.NoGID); err != nil {
424+
if err := WritePayloads(dir, payload, NoGID); err != nil {
426425
t.Fatalf("could not write new file: %s", err)
427426
}
428427

0 commit comments

Comments
 (0)