Test tweaks

pkg/api/cached.go

@@ -75,6 +75,13 @@ func (c *Cached) Prepare(ctx context.Context) error {
 		return err
 	}
 
+	// Once we've prepared the cache make it read-only for
+	// everyone except the user running the daemon
+	err = os.Chmod(c.GetCachePath(), 0755)
+	if err != nil {
+		return fmt.Errorf("failed to change permissions of cache path %s: %v", c.GetCachePath(), err)
+	}
+
 	c.currentVersion = version
 
 	logger.Info(ctx, c.GetCachePath())
@@ -153,8 +160,7 @@ func (c *Cached) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolu
 	volumePath := path.Join(targetPath, "..")
 	var version int64
 
-	// Perform an overlay mount if the mountCache attribute is true
-	// Mount the root `StagingPath` at `targetPath/gadget` making `targetPath/gadget` `0777`
+	// Perform an overlay mount
 	upperdir := path.Join(volumePath, UPPER_DIR)
 	err := os.MkdirAll(upperdir, 0777)
 	if err != nil {
@@ -172,6 +178,10 @@ func (c *Cached) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolu
 	if err != nil {
 		return nil, fmt.Errorf("failed to create target path directory %s: %v", targetPath, err)
 	}
+	err = os.Chmod(targetPath, 0777)
+	if err != nil {
+		return nil, fmt.Errorf("failed to change permissions of target path directory %s: %v", targetPath, err)
+	}
 
 	mountArgs := []string{
 		"-t",
@@ -222,7 +232,7 @@ func (s *Cached) NodeUnpublishVolume(ctx context.Context, req *csi.NodeUnpublish
 	// Unmount the overlay
 	err := execCommand("umount", targetPath)
 	if err != nil {
-		return nil, fmt.Errorf("failed to unmount overlay: %s", err)
+		return nil, fmt.Errorf("failed to unmount overlay at %s: %v", targetPath, err)
 	}
 
 	// Clean up upper and work directories from the overlay

test/cached_csi_test.go

@@ -81,26 +81,42 @@ func TestCachedCSIDriverMountsCache(t *testing.T) {
 	})
 	require.NoError(t, err)
 
-	targetDir = path.Join(targetDir, "dl_cache")
-
-	verifyDir(t, targetDir, -1, map[string]expectedFile{
+	verifyDir(t, path.Join(targetDir, "dl_cache"), -1, map[string]expectedFile{
 		fmt.Sprintf("objects/%v/pack/a/1", aHash): {content: "pack/a/1 v1"},
 		fmt.Sprintf("objects/%v/pack/a/2", aHash): {content: "pack/a/2 v1"},
 		fmt.Sprintf("objects/%v/pack/b/1", bHash): {content: "pack/b/1 v1"},
 		fmt.Sprintf("objects/%v/pack/b/2", bHash): {content: "pack/b/2 v1"},
 		"versions": {content: fmt.Sprintf("%v\n", version)},
 	})
 
+	// Check to see that we have created the upper and work directories
+	require.DirExists(t, path.Join(tmpDir, api.UPPER_DIR))
+	require.DirExists(t, path.Join(tmpDir, api.WORK_DIR))
+
+	upperInfo, err := os.Stat(path.Join(tmpDir, api.UPPER_DIR))
+	require.NoError(t, err)
+	require.Equal(t, formatFileMode(os.FileMode(0777)), formatFileMode(upperInfo.Mode()&os.ModePerm))
+
+	workInfo, err := os.Stat(path.Join(tmpDir, api.WORK_DIR))
+	require.NoError(t, err)
+	require.Equal(t, formatFileMode(os.FileMode(0777)), formatFileMode(workInfo.Mode()&os.ModePerm))
+
 	fileInfo, err := os.Stat(targetDir)
 	require.NoError(t, err)
 
 	// the target dir should not be world writable -- only by the user the CSI driver is running as (which will be root)
-	require.Equal(t, formatFileMode(os.FileMode(0755)), formatFileMode(fileInfo.Mode()&os.ModePerm))
+	require.Equal(t, formatFileMode(os.FileMode(0777)), formatFileMode(fileInfo.Mode()&os.ModePerm))
 
 	// files inside cache dir should also *not* be writable -- it's managed by the CSI and must remain pristine
-	cacheFileInfo, err := os.Stat(path.Join(targetDir, fmt.Sprintf("objects/%v/pack/a/1", aHash)))
+	cacheFileInfo, err := os.Stat(path.Join(targetDir, "dl_cache", fmt.Sprintf("objects/%v/pack/a/1", aHash)))
 	require.NoError(t, err)
 	require.Equal(t, formatFileMode(os.FileMode(0755)), formatFileMode(cacheFileInfo.Mode()&os.ModePerm))
+
+	_, err = cached.NodeUnpublishVolume(tc.Context(), &csi.NodeUnpublishVolumeRequest{
+		VolumeId:   "foobar",
+		TargetPath: targetDir,
+	})
+	require.NoError(t, err)
 }
 
 func TestCachedCSIDriverMountsCacheAtSuffix(t *testing.T) {
@@ -124,6 +140,7 @@ func TestCachedCSIDriverMountsCacheAtSuffix(t *testing.T) {
 	require.NoError(t, err, "cached.Prepare must succeed")
 
 	targetDir := path.Join(tmpDir, "vol-target")
+
 	stagingDir := path.Join(tmpDir, "vol-staging-target")
 	_, err = cached.NodePublishVolume(tc.Context(), &csi.NodePublishVolumeRequest{
 		VolumeId:          "foobar",
@@ -142,6 +159,18 @@ func TestCachedCSIDriverMountsCacheAtSuffix(t *testing.T) {
 		"dl_cache/versions": {content: fmt.Sprintf("%v\n", version)},
 	})
 
+	// Check to see that we have created the upper and work directories
+	require.DirExists(t, path.Join(tmpDir, api.UPPER_DIR))
+	require.DirExists(t, path.Join(tmpDir, api.WORK_DIR))
+
+	upperInfo, err := os.Stat(path.Join(tmpDir, api.UPPER_DIR))
+	require.NoError(t, err)
+	require.Equal(t, formatFileMode(os.FileMode(0777)), formatFileMode(upperInfo.Mode()&os.ModePerm))
+
+	workInfo, err := os.Stat(path.Join(tmpDir, api.WORK_DIR))
+	require.NoError(t, err)
+	require.Equal(t, formatFileMode(os.FileMode(0777)), formatFileMode(workInfo.Mode()&os.ModePerm))
+
 	fileInfo, err := os.Stat(targetDir)
 	require.NoError(t, err)
 
@@ -157,6 +186,13 @@ func TestCachedCSIDriverMountsCacheAtSuffix(t *testing.T) {
 	cacheFileInfo, err = os.Stat(path.Join(targetDir, fmt.Sprintf("dl_cache/objects/%v/pack/a/1", aHash)))
 	require.NoError(t, err)
 	require.Equal(t, formatFileMode(os.FileMode(0755)), formatFileMode(cacheFileInfo.Mode()))
+	require.Equal(t, targetDir, path.Join(tmpDir, "vol-target"))
+
+	_, err = cached.NodeUnpublishVolume(tc.Context(), &csi.NodeUnpublishVolumeRequest{
+		VolumeId:   "foobar",
+		TargetPath: targetDir,
+	})
+	require.NoError(t, err)
 }
 
 func TestCachedCSIDriverProbeFailsUntilPrepared(t *testing.T) {