From 1e7b4406a38fb75c0855496a448add5cae2f5246 Mon Sep 17 00:00:00 2001 From: Hemant Kumar Date: Mon, 21 Oct 2024 17:14:33 -0400 Subject: [PATCH] Apply fsGroup when accessMode is ReadWriteOncePod --- pkg/apis/storage/types.go | 2 +- pkg/volume/csi/csi_mounter_test.go | 9 +++++++++ pkg/volume/csi/csi_util.go | 3 ++- staging/src/k8s.io/api/storage/v1/types.go | 2 +- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/pkg/apis/storage/types.go b/pkg/apis/storage/types.go index 64c0c995ab5..3ce92f642d3 100644 --- a/pkg/apis/storage/types.go +++ b/pkg/apis/storage/types.go @@ -423,7 +423,7 @@ const ( // ReadWriteOnceWithFSTypeFSGroupPolicy indicates that each volume will be examined // to determine if the volume ownership and permissions // should be modified. If a fstype is defined and the volume's access mode - // contains ReadWriteOnce, then the defined fsGroup will be applied. + // contains ReadWriteOnce or ReadWriteOncePod, then the defined fsGroup will be applied. // This mode should be defined if it's expected that the // fsGroup may need to be modified depending on the pod's SecurityPolicy. // This is the default behavior if no other FSGroupPolicy is defined. diff --git a/pkg/volume/csi/csi_mounter_test.go b/pkg/volume/csi/csi_mounter_test.go index c8466661db8..feabf7967d9 100644 --- a/pkg/volume/csi/csi_mounter_test.go +++ b/pkg/volume/csi/csi_mounter_test.go @@ -860,6 +860,15 @@ func TestMounterSetUpWithFSGroup(t *testing.T) { setFsGroup: true, fsGroup: 3000, }, + { + name: "fstype, fsgroup, RWOP provided (should apply fsgroup)", + accessModes: []corev1.PersistentVolumeAccessMode{ + corev1.ReadWriteOncePod, + }, + fsType: "ext4", + setFsGroup: true, + fsGroup: 3000, + }, { name: "fstype, fsgroup, RWO provided, FSGroupPolicy ReadWriteOnceWithFSType (should apply fsgroup)", accessModes: []corev1.PersistentVolumeAccessMode{ diff --git a/pkg/volume/csi/csi_util.go b/pkg/volume/csi/csi_util.go index bb4d799ff3c..ac4d73b4845 100644 --- a/pkg/volume/csi/csi_util.go +++ b/pkg/volume/csi/csi_util.go @@ -134,7 +134,8 @@ func hasReadWriteOnce(modes []api.PersistentVolumeAccessMode) bool { return false } for _, mode := range modes { - if mode == api.ReadWriteOnce { + if mode == api.ReadWriteOnce || + mode == api.ReadWriteOncePod { return true } } diff --git a/staging/src/k8s.io/api/storage/v1/types.go b/staging/src/k8s.io/api/storage/v1/types.go index d63b9d8cf16..3936dc83bc8 100644 --- a/staging/src/k8s.io/api/storage/v1/types.go +++ b/staging/src/k8s.io/api/storage/v1/types.go @@ -433,7 +433,7 @@ const ( // ReadWriteOnceWithFSTypeFSGroupPolicy indicates that each volume will be examined // to determine if the volume ownership and permissions // should be modified. If a fstype is defined and the volume's access mode - // contains ReadWriteOnce, then the defined fsGroup will be applied. + // contains ReadWriteOnce or ReadWriteOncePod, then the defined fsGroup will be applied. // This mode should be defined if it's expected that the // fsGroup may need to be modified depending on the pod's SecurityPolicy. // This is the default behavior if no other FSGroupPolicy is defined.