From 5861451ef0342faf5ff303551ea04b6068cf3629 Mon Sep 17 00:00:00 2001 From: yandu Date: Tue, 11 Feb 2025 14:09:01 -0500 Subject: [PATCH] Test tweaks --- pkg/api/cached.go | 16 +++++++++++--- test/cached_csi_test.go | 46 ++++++++++++++++++++++++++++++++++++----- 2 files changed, 54 insertions(+), 8 deletions(-) diff --git a/pkg/api/cached.go b/pkg/api/cached.go index ec5376a..c99a0f6 100644 --- a/pkg/api/cached.go +++ b/pkg/api/cached.go @@ -75,6 +75,13 @@ func (c *Cached) Prepare(ctx context.Context) error { return err } + // Once we've prepared the cache make it read-only for + // everyone except the user running the daemon + err = os.Chmod(c.GetCachePath(), 0755) + if err != nil { + return fmt.Errorf("failed to change permissions of cache path %s: %v", c.GetCachePath(), err) + } + c.currentVersion = version logger.Info(ctx, c.GetCachePath()) @@ -153,8 +160,7 @@ func (c *Cached) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolu volumePath := path.Join(targetPath, "..") var version int64 - // Perform an overlay mount if the mountCache attribute is true - // Mount the root `StagingPath` at `targetPath/gadget` making `targetPath/gadget` `0777` + // Perform an overlay mount upperdir := path.Join(volumePath, UPPER_DIR) err := os.MkdirAll(upperdir, 0777) if err != nil { @@ -172,6 +178,10 @@ func (c *Cached) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolu if err != nil { return nil, fmt.Errorf("failed to create target path directory %s: %v", targetPath, err) } + err = os.Chmod(targetPath, 0777) + if err != nil { + return nil, fmt.Errorf("failed to change permissions of target path directory %s: %v", targetPath, err) + } mountArgs := []string{ "-t", @@ -222,7 +232,7 @@ func (s *Cached) NodeUnpublishVolume(ctx context.Context, req *csi.NodeUnpublish // Unmount the overlay err := execCommand("umount", targetPath) if err != nil { - return nil, fmt.Errorf("failed to unmount overlay: %s", err) + return nil, fmt.Errorf("failed to unmount overlay at %s: %v", targetPath, err) } // Clean up upper and work directories from the overlay diff --git a/test/cached_csi_test.go b/test/cached_csi_test.go index f1f5ca6..d87b23e 100644 --- a/test/cached_csi_test.go +++ b/test/cached_csi_test.go @@ -81,9 +81,7 @@ func TestCachedCSIDriverMountsCache(t *testing.T) { }) require.NoError(t, err) - targetDir = path.Join(targetDir, "dl_cache") - - verifyDir(t, targetDir, -1, map[string]expectedFile{ + verifyDir(t, path.Join(targetDir, "dl_cache"), -1, map[string]expectedFile{ fmt.Sprintf("objects/%v/pack/a/1", aHash): {content: "pack/a/1 v1"}, fmt.Sprintf("objects/%v/pack/a/2", aHash): {content: "pack/a/2 v1"}, fmt.Sprintf("objects/%v/pack/b/1", bHash): {content: "pack/b/1 v1"}, @@ -91,16 +89,34 @@ func TestCachedCSIDriverMountsCache(t *testing.T) { "versions": {content: fmt.Sprintf("%v\n", version)}, }) + // Check to see that we have created the upper and work directories + require.DirExists(t, path.Join(tmpDir, api.UPPER_DIR)) + require.DirExists(t, path.Join(tmpDir, api.WORK_DIR)) + + upperInfo, err := os.Stat(path.Join(tmpDir, api.UPPER_DIR)) + require.NoError(t, err) + require.Equal(t, formatFileMode(os.FileMode(0777)), formatFileMode(upperInfo.Mode()&os.ModePerm)) + + workInfo, err := os.Stat(path.Join(tmpDir, api.WORK_DIR)) + require.NoError(t, err) + require.Equal(t, formatFileMode(os.FileMode(0777)), formatFileMode(workInfo.Mode()&os.ModePerm)) + fileInfo, err := os.Stat(targetDir) require.NoError(t, err) // the target dir should not be world writable -- only by the user the CSI driver is running as (which will be root) - require.Equal(t, formatFileMode(os.FileMode(0755)), formatFileMode(fileInfo.Mode()&os.ModePerm)) + require.Equal(t, formatFileMode(os.FileMode(0777)), formatFileMode(fileInfo.Mode()&os.ModePerm)) // files inside cache dir should also *not* be writable -- it's managed by the CSI and must remain pristine - cacheFileInfo, err := os.Stat(path.Join(targetDir, fmt.Sprintf("objects/%v/pack/a/1", aHash))) + cacheFileInfo, err := os.Stat(path.Join(targetDir, "dl_cache", fmt.Sprintf("objects/%v/pack/a/1", aHash))) require.NoError(t, err) require.Equal(t, formatFileMode(os.FileMode(0755)), formatFileMode(cacheFileInfo.Mode()&os.ModePerm)) + + _, err = cached.NodeUnpublishVolume(tc.Context(), &csi.NodeUnpublishVolumeRequest{ + VolumeId: "foobar", + TargetPath: targetDir, + }) + require.NoError(t, err) } func TestCachedCSIDriverMountsCacheAtSuffix(t *testing.T) { @@ -124,6 +140,7 @@ func TestCachedCSIDriverMountsCacheAtSuffix(t *testing.T) { require.NoError(t, err, "cached.Prepare must succeed") targetDir := path.Join(tmpDir, "vol-target") + stagingDir := path.Join(tmpDir, "vol-staging-target") _, err = cached.NodePublishVolume(tc.Context(), &csi.NodePublishVolumeRequest{ VolumeId: "foobar", @@ -142,6 +159,18 @@ func TestCachedCSIDriverMountsCacheAtSuffix(t *testing.T) { "dl_cache/versions": {content: fmt.Sprintf("%v\n", version)}, }) + // Check to see that we have created the upper and work directories + require.DirExists(t, path.Join(tmpDir, api.UPPER_DIR)) + require.DirExists(t, path.Join(tmpDir, api.WORK_DIR)) + + upperInfo, err := os.Stat(path.Join(tmpDir, api.UPPER_DIR)) + require.NoError(t, err) + require.Equal(t, formatFileMode(os.FileMode(0777)), formatFileMode(upperInfo.Mode()&os.ModePerm)) + + workInfo, err := os.Stat(path.Join(tmpDir, api.WORK_DIR)) + require.NoError(t, err) + require.Equal(t, formatFileMode(os.FileMode(0777)), formatFileMode(workInfo.Mode()&os.ModePerm)) + fileInfo, err := os.Stat(targetDir) require.NoError(t, err) @@ -157,6 +186,13 @@ func TestCachedCSIDriverMountsCacheAtSuffix(t *testing.T) { cacheFileInfo, err = os.Stat(path.Join(targetDir, fmt.Sprintf("dl_cache/objects/%v/pack/a/1", aHash))) require.NoError(t, err) require.Equal(t, formatFileMode(os.FileMode(0755)), formatFileMode(cacheFileInfo.Mode())) + require.Equal(t, targetDir, path.Join(tmpDir, "vol-target")) + + _, err = cached.NodeUnpublishVolume(tc.Context(), &csi.NodeUnpublishVolumeRequest{ + VolumeId: "foobar", + TargetPath: targetDir, + }) + require.NoError(t, err) } func TestCachedCSIDriverProbeFailsUntilPrepared(t *testing.T) {