From e33e4ae0550c9d38c9cc7d7662eb25d294179631 Mon Sep 17 00:00:00 2001 From: Sami Wagiaalla Date: Thu, 17 Dec 2015 11:44:30 -0500 Subject: [PATCH 1/5] Move manageVolumeOwnership to pkg/volume/volume.go --- pkg/volume/volume.go | 1 + pkg/volume/volume_linux.go | 79 ++++++++++++++++++++++++++++++++ pkg/volume/volume_unsupported.go | 23 ++++++++++ 3 files changed, 103 insertions(+) create mode 100644 pkg/volume/volume_linux.go create mode 100644 pkg/volume/volume_unsupported.go diff --git a/pkg/volume/volume.go b/pkg/volume/volume.go index aab01158f2b..83b231b42a9 100644 --- a/pkg/volume/volume.go +++ b/pkg/volume/volume.go @@ -20,6 +20,7 @@ import ( "io/ioutil" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api/resource" + "os" "path" ) diff --git a/pkg/volume/volume_linux.go b/pkg/volume/volume_linux.go new file mode 100644 index 00000000000..d99d3f780d2 --- /dev/null +++ b/pkg/volume/volume_linux.go @@ -0,0 +1,79 @@ +// +build linux + +/* +Copyright 2016 The Kubernetes Authors All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package volume + +import ( + "k8s.io/kubernetes/pkg/util/chmod" + "k8s.io/kubernetes/pkg/util/chown" + "path/filepath" + "syscall" + + "github.com/golang/glog" + "os" +) + +const ( + rwMask = os.FileMode(0660) + roMask = os.FileMode(0440) +) + +// SetVolumeOwnership modifies the given volume to be owned by +// fsGroup, and sets SetGid so that newly created files are owned by +// fsGroup. If fsGroup is nil nothing is done. +func SetVolumeOwnership(builder Builder, fsGroup *int64) error { + + if fsGroup == nil { + return nil + } + + chownRunner := chown.New() + chmodRunner := chmod.New() + return filepath.Walk(builder.GetPath(), func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + + stat, ok := info.Sys().(*syscall.Stat_t) + if !ok { + return nil + } + + if stat == nil { + glog.Errorf("Got nil stat_t for path %v while setting ownership of volume", path) + return nil + } + + err = chownRunner.Chown(path, int(stat.Uid), int(*fsGroup)) + if err != nil { + glog.Errorf("Chown failed on %v: %v", path, err) + } + + mask := rwMask + if builder.GetAttributes().ReadOnly { + mask = roMask + } + + err = chmodRunner.Chmod(path, info.Mode()|mask|os.ModeSetgid) + if err != nil { + glog.Errorf("Chmod failed on %v: %v", path, err) + } + + return nil + }) +} diff --git a/pkg/volume/volume_unsupported.go b/pkg/volume/volume_unsupported.go new file mode 100644 index 00000000000..dd86d0e06f6 --- /dev/null +++ b/pkg/volume/volume_unsupported.go @@ -0,0 +1,23 @@ +// +build !linux + +/* +Copyright 2016 The Kubernetes Authors All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package volume + +func SetVolumeOwnership(builder Builder, fsGroup *int64) error { + return nil +} From f650648aae80b48341efd7173a55b09fbd974177 Mon Sep 17 00:00:00 2001 From: Sami Wagiaalla Date: Fri, 18 Dec 2015 10:55:11 -0500 Subject: [PATCH 2/5] Add fsGroup to SetUp and SetUpAt --- pkg/kubelet/kubelet_test.go | 6 +++--- pkg/kubelet/volumes.go | 6 +++--- pkg/volume/aws_ebs/aws_ebs.go | 6 +++--- pkg/volume/aws_ebs/aws_ebs_test.go | 2 +- pkg/volume/cephfs/cephfs.go | 6 +++--- pkg/volume/cephfs/cephfs_test.go | 2 +- pkg/volume/cinder/cinder.go | 6 +++--- pkg/volume/cinder/cinder_test.go | 2 +- pkg/volume/downwardapi/downwardapi.go | 8 ++++---- pkg/volume/downwardapi/downwardapi_test.go | 20 ++++++++++---------- pkg/volume/empty_dir/empty_dir.go | 6 +++--- pkg/volume/empty_dir/empty_dir_test.go | 2 +- pkg/volume/fc/fc.go | 6 +++--- pkg/volume/fc/fc_test.go | 2 +- pkg/volume/flexvolume/flexvolume.go | 6 +++--- pkg/volume/flexvolume/flexvolume_test.go | 4 ++-- pkg/volume/flocker/plugin.go | 6 +++--- pkg/volume/flocker/plugin_test.go | 2 +- pkg/volume/gce_pd/gce_pd.go | 6 +++--- pkg/volume/gce_pd/gce_pd_test.go | 2 +- pkg/volume/git_repo/git_repo.go | 8 ++++---- pkg/volume/git_repo/git_repo_test.go | 2 +- pkg/volume/glusterfs/glusterfs.go | 6 +++--- pkg/volume/glusterfs/glusterfs_test.go | 2 +- pkg/volume/host_path/host_path.go | 4 ++-- pkg/volume/host_path/host_path_test.go | 2 +- pkg/volume/iscsi/iscsi.go | 6 +++--- pkg/volume/iscsi/iscsi_test.go | 2 +- pkg/volume/nfs/nfs.go | 6 +++--- pkg/volume/nfs/nfs_test.go | 2 +- pkg/volume/rbd/rbd.go | 6 +++--- pkg/volume/rbd/rbd_test.go | 2 +- pkg/volume/secret/secret.go | 8 ++++---- pkg/volume/secret/secret_test.go | 6 +++--- pkg/volume/testing.go | 6 +++--- pkg/volume/volume.go | 19 ++++++++++++------- 36 files changed, 99 insertions(+), 94 deletions(-) diff --git a/pkg/kubelet/kubelet_test.go b/pkg/kubelet/kubelet_test.go index 282a8f83c1e..7624650c522 100644 --- a/pkg/kubelet/kubelet_test.go +++ b/pkg/kubelet/kubelet_test.go @@ -515,7 +515,7 @@ func TestGetPodVolumesFromDisk(t *testing.T) { expectedPaths := []string{} for i := range volsOnDisk { fv := volume.FakeVolume{PodUID: volsOnDisk[i].podUID, VolName: volsOnDisk[i].volName, Plugin: plug} - fv.SetUp() + fv.SetUp(nil) expectedPaths = append(expectedPaths, fv.GetPath()) } @@ -550,11 +550,11 @@ func (f *stubVolume) GetAttributes() volume.Attributes { return volume.Attributes{} } -func (f *stubVolume) SetUp() error { +func (f *stubVolume) SetUp(fsGroup *int64) error { return nil } -func (f *stubVolume) SetUpAt(dir string) error { +func (f *stubVolume) SetUpAt(dir string, fsGroup *int64) error { return nil } diff --git a/pkg/kubelet/volumes.go b/pkg/kubelet/volumes.go index 60a569feef9..06ae6d4681a 100644 --- a/pkg/kubelet/volumes.go +++ b/pkg/kubelet/volumes.go @@ -120,10 +120,10 @@ func (kl *Kubelet) mountExternalVolumes(pod *api.Pod) (kubecontainer.VolumeMap, for i := range pod.Spec.Volumes { volSpec := &pod.Spec.Volumes[i] hasFSGroup := false - var fsGroup int64 = 0 + var fsGroup *int64 if pod.Spec.SecurityContext != nil && pod.Spec.SecurityContext.FSGroup != nil { hasFSGroup = true - fsGroup = *pod.Spec.SecurityContext.FSGroup + fsGroup = pod.Spec.SecurityContext.FSGroup } rootContext, err := kl.getRootDirContext() @@ -141,7 +141,7 @@ func (kl *Kubelet) mountExternalVolumes(pod *api.Pod) (kubecontainer.VolumeMap, if builder == nil { return nil, errUnsupportedVolumeType } - err = builder.SetUp() + err = builder.SetUp(fsGroup) if err != nil { return nil, err } diff --git a/pkg/volume/aws_ebs/aws_ebs.go b/pkg/volume/aws_ebs/aws_ebs.go index 30e55d9b645..1278afe39f9 100644 --- a/pkg/volume/aws_ebs/aws_ebs.go +++ b/pkg/volume/aws_ebs/aws_ebs.go @@ -230,12 +230,12 @@ func (b *awsElasticBlockStoreBuilder) GetAttributes() volume.Attributes { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *awsElasticBlockStoreBuilder) SetUp() error { - return b.SetUpAt(b.GetPath()) +func (b *awsElasticBlockStoreBuilder) SetUp(fsGroup *int64) error { + return b.SetUpAt(b.GetPath(), fsGroup) } // SetUpAt attaches the disk and bind mounts to the volume path. -func (b *awsElasticBlockStoreBuilder) SetUpAt(dir string) error { +func (b *awsElasticBlockStoreBuilder) SetUpAt(dir string, fsGroup *int64) error { // TODO: handle failed mounts here. notMnt, err := b.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("PersistentDisk set up: %s %v %v", dir, !notMnt, err) diff --git a/pkg/volume/aws_ebs/aws_ebs_test.go b/pkg/volume/aws_ebs/aws_ebs_test.go index c2b2921db62..43d0b4a45a3 100644 --- a/pkg/volume/aws_ebs/aws_ebs_test.go +++ b/pkg/volume/aws_ebs/aws_ebs_test.go @@ -154,7 +154,7 @@ func TestPlugin(t *testing.T) { t.Errorf("Got unexpected path: %s", path) } - if err := builder.SetUp(); err != nil { + if err := builder.SetUp(nil); err != nil { t.Errorf("Expected success, got: %v", err) } if _, err := os.Stat(path); err != nil { diff --git a/pkg/volume/cephfs/cephfs.go b/pkg/volume/cephfs/cephfs.go index d362027cb6f..48640b9f4c3 100644 --- a/pkg/volume/cephfs/cephfs.go +++ b/pkg/volume/cephfs/cephfs.go @@ -163,12 +163,12 @@ func (cephfsVolume *cephfsBuilder) GetAttributes() volume.Attributes { } // SetUp attaches the disk and bind mounts to the volume path. -func (cephfsVolume *cephfsBuilder) SetUp() error { - return cephfsVolume.SetUpAt(cephfsVolume.GetPath()) +func (cephfsVolume *cephfsBuilder) SetUp(fsGroup *int64) error { + return cephfsVolume.SetUpAt(cephfsVolume.GetPath(), fsGroup) } // SetUpAt attaches the disk and bind mounts to the volume path. -func (cephfsVolume *cephfsBuilder) SetUpAt(dir string) error { +func (cephfsVolume *cephfsBuilder) SetUpAt(dir string, fsGroup *int64) error { notMnt, err := cephfsVolume.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("CephFS mount set up: %s %v %v", dir, !notMnt, err) if err != nil && !os.IsNotExist(err) { diff --git a/pkg/volume/cephfs/cephfs_test.go b/pkg/volume/cephfs/cephfs_test.go index e68106cd48a..b2e8d5bf725 100644 --- a/pkg/volume/cephfs/cephfs_test.go +++ b/pkg/volume/cephfs/cephfs_test.go @@ -88,7 +88,7 @@ func TestPlugin(t *testing.T) { if path != volpath { t.Errorf("Got unexpected path: %s", path) } - if err := builder.SetUp(); err != nil { + if err := builder.SetUp(nil); err != nil { t.Errorf("Expected success, got: %v", err) } if _, err := os.Stat(volumePath); err != nil { diff --git a/pkg/volume/cinder/cinder.go b/pkg/volume/cinder/cinder.go index c824ff586bf..28a35e21086 100644 --- a/pkg/volume/cinder/cinder.go +++ b/pkg/volume/cinder/cinder.go @@ -223,12 +223,12 @@ func (b *cinderVolumeBuilder) GetAttributes() volume.Attributes { } } -func (b *cinderVolumeBuilder) SetUp() error { - return b.SetUpAt(b.GetPath()) +func (b *cinderVolumeBuilder) SetUp(fsGroup *int64) error { + return b.SetUpAt(b.GetPath(), fsGroup) } // SetUp attaches the disk and bind mounts to the volume path. -func (b *cinderVolumeBuilder) SetUpAt(dir string) error { +func (b *cinderVolumeBuilder) SetUpAt(dir string, fsGroup *int64) error { // TODO: handle failed mounts here. notmnt, err := b.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("PersistentDisk set up: %s %v %v", dir, !notmnt, err) diff --git a/pkg/volume/cinder/cinder_test.go b/pkg/volume/cinder/cinder_test.go index e22519f10d4..3613ed5c3a0 100644 --- a/pkg/volume/cinder/cinder_test.go +++ b/pkg/volume/cinder/cinder_test.go @@ -121,7 +121,7 @@ func TestPlugin(t *testing.T) { t.Errorf("Got unexpected path: %s", path) } - if err := builder.SetUp(); err != nil { + if err := builder.SetUp(nil); err != nil { t.Errorf("Expected success, got: %v", err) } if _, err := os.Stat(path); err != nil { diff --git a/pkg/volume/downwardapi/downwardapi.go b/pkg/volume/downwardapi/downwardapi.go index be71ab431c4..1811a8674d9 100644 --- a/pkg/volume/downwardapi/downwardapi.go +++ b/pkg/volume/downwardapi/downwardapi.go @@ -123,11 +123,11 @@ func (d *downwardAPIVolume) GetAttributes() volume.Attributes { // This function is not idempotent by design. We want the data to be refreshed periodically. // The internal sync interval of kubelet will drive the refresh of data. // TODO: Add volume specific ticker and refresh loop -func (b *downwardAPIVolumeBuilder) SetUp() error { - return b.SetUpAt(b.GetPath()) +func (b *downwardAPIVolumeBuilder) SetUp(fsGroup *int64) error { + return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *downwardAPIVolumeBuilder) SetUpAt(dir string) error { +func (b *downwardAPIVolumeBuilder) SetUpAt(dir string, fsGroup *int64) error { glog.V(3).Infof("Setting up a downwardAPI volume %v for pod %v/%v at %v", b.volName, b.pod.Namespace, b.pod.Name, dir) // Wrap EmptyDir. Here we rely on the idempotency of the wrapped plugin to avoid repeatedly mounting wrapped, err := b.plugin.host.NewWrapperBuilder(wrappedVolumeSpec, b.pod, *b.opts) @@ -135,7 +135,7 @@ func (b *downwardAPIVolumeBuilder) SetUpAt(dir string) error { glog.Errorf("Couldn't setup downwardAPI volume %v for pod %v/%v: %s", b.volName, b.pod.Namespace, b.pod.Name, err.Error()) return err } - if err := wrapped.SetUpAt(dir); err != nil { + if err := wrapped.SetUpAt(dir, fsGroup); err != nil { glog.Errorf("Unable to setup downwardAPI volume %v for pod %v/%v: %s", b.volName, b.pod.Namespace, b.pod.Name, err.Error()) return err } diff --git a/pkg/volume/downwardapi/downwardapi_test.go b/pkg/volume/downwardapi/downwardapi_test.go index 6c2559e38d4..b68920b98e4 100644 --- a/pkg/volume/downwardapi/downwardapi_test.go +++ b/pkg/volume/downwardapi/downwardapi_test.go @@ -136,7 +136,7 @@ func TestLabels(t *testing.T) { volumePath := builder.GetPath() - err = builder.SetUp() + err = builder.SetUp(nil) if err != nil { t.Errorf("Failed to setup volume: %v", err) } @@ -205,7 +205,7 @@ func TestAnnotations(t *testing.T) { volumePath := builder.GetPath() - err = builder.SetUp() + err = builder.SetUp(nil) if err != nil { t.Errorf("Failed to setup volume: %v", err) } @@ -270,7 +270,7 @@ func TestName(t *testing.T) { volumePath := builder.GetPath() - err = builder.SetUp() + err = builder.SetUp(nil) if err != nil { t.Errorf("Failed to setup volume: %v", err) } @@ -336,7 +336,7 @@ func TestNamespace(t *testing.T) { volumePath := builder.GetPath() - err = builder.SetUp() + err = builder.SetUp(nil) if err != nil { t.Errorf("Failed to setup volume: %v", err) } @@ -404,7 +404,7 @@ func TestWriteTwiceNoUpdate(t *testing.T) { } volumePath := builder.GetPath() - err = builder.SetUp() + err = builder.SetUp(nil) if err != nil { t.Errorf("Failed to setup volume: %v", err) } @@ -415,7 +415,7 @@ func TestWriteTwiceNoUpdate(t *testing.T) { t.Errorf(".current should be a link... %s\n", err.Error()) } - err = builder.SetUp() // now re-run Setup + err = builder.SetUp(nil) // now re-run Setup if err != nil { t.Errorf("Failed to re-setup volume: %v", err) } @@ -493,7 +493,7 @@ func TestWriteTwiceWithUpdate(t *testing.T) { } volumePath := builder.GetPath() - err = builder.SetUp() + err = builder.SetUp(nil) if err != nil { t.Errorf("Failed to setup volume: %v", err) } @@ -520,7 +520,7 @@ func TestWriteTwiceWithUpdate(t *testing.T) { // Now update the labels pod.ObjectMeta.Labels = newLabels - err = builder.SetUp() // now re-run Setup + err = builder.SetUp(nil) // now re-run Setup if err != nil { t.Errorf("Failed to re-setup volume: %v", err) } @@ -604,7 +604,7 @@ func TestWriteWithUnixPath(t *testing.T) { } volumePath := builder.GetPath() - err = builder.SetUp() + err = builder.SetUp(nil) if err != nil { t.Errorf("Failed to setup volume: %v", err) } @@ -689,7 +689,7 @@ func TestWriteWithUnixPathBadPath(t *testing.T) { volumePath := builder.GetPath() defer CleanEverything(plugin, testVolumeName, volumePath, testPodUID, t) - err = builder.SetUp() + err = builder.SetUp(nil) if err != nil { t.Fatalf("Failed to setup volume: %v", err) } diff --git a/pkg/volume/empty_dir/empty_dir.go b/pkg/volume/empty_dir/empty_dir.go index 7028f819e55..409e20947d1 100644 --- a/pkg/volume/empty_dir/empty_dir.go +++ b/pkg/volume/empty_dir/empty_dir.go @@ -150,12 +150,12 @@ func (ed *emptyDir) GetAttributes() volume.Attributes { } // SetUp creates new directory. -func (ed *emptyDir) SetUp() error { - return ed.SetUpAt(ed.GetPath()) +func (ed *emptyDir) SetUp(fsGroup *int64) error { + return ed.SetUpAt(ed.GetPath(), fsGroup) } // SetUpAt creates new directory. -func (ed *emptyDir) SetUpAt(dir string) error { +func (ed *emptyDir) SetUpAt(dir string, fsGroup *int64) error { notMnt, err := ed.mounter.IsLikelyNotMountPoint(dir) // Getting an os.IsNotExist err from is a contingency; the directory // may not exist yet, in which case, setup should run. diff --git a/pkg/volume/empty_dir/empty_dir_test.go b/pkg/volume/empty_dir/empty_dir_test.go index dd19f47693a..a1e4044bb45 100644 --- a/pkg/volume/empty_dir/empty_dir_test.go +++ b/pkg/volume/empty_dir/empty_dir_test.go @@ -185,7 +185,7 @@ func doTestPlugin(t *testing.T, config pluginTestConfig) { t.Errorf("Got unexpected path: %s", volPath) } - if err := builder.SetUp(); err != nil { + if err := builder.SetUp(nil); err != nil { t.Errorf("Expected success, got: %v", err) } diff --git a/pkg/volume/fc/fc.go b/pkg/volume/fc/fc.go index 8029f1690fc..a930803a236 100644 --- a/pkg/volume/fc/fc.go +++ b/pkg/volume/fc/fc.go @@ -176,11 +176,11 @@ func (b *fcDiskBuilder) GetAttributes() volume.Attributes { SupportsSELinux: true, } } -func (b *fcDiskBuilder) SetUp() error { - return b.SetUpAt(b.GetPath()) +func (b *fcDiskBuilder) SetUp(fsGroup *int64) error { + return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *fcDiskBuilder) SetUpAt(dir string) error { +func (b *fcDiskBuilder) SetUpAt(dir string, fsGroup *int64) error { // diskSetUp checks mountpoints and prevent repeated calls err := diskSetUp(b.manager, *b, dir, b.mounter) if err != nil { diff --git a/pkg/volume/fc/fc_test.go b/pkg/volume/fc/fc_test.go index 96531fb7456..dbfefdc97f4 100644 --- a/pkg/volume/fc/fc_test.go +++ b/pkg/volume/fc/fc_test.go @@ -121,7 +121,7 @@ func doTestPlugin(t *testing.T, spec *volume.Spec) { t.Errorf("Got unexpected path: %s", path) } - if err := builder.SetUp(); err != nil { + if err := builder.SetUp(nil); err != nil { t.Errorf("Expected success, got: %v", err) } if _, err := os.Stat(path); err != nil { diff --git a/pkg/volume/flexvolume/flexvolume.go b/pkg/volume/flexvolume/flexvolume.go index c558453bbcb..9de2e3233bc 100644 --- a/pkg/volume/flexvolume/flexvolume.go +++ b/pkg/volume/flexvolume/flexvolume.go @@ -223,8 +223,8 @@ type flexVolumeBuilder struct { } // SetUp creates new directory. -func (f *flexVolumeBuilder) SetUp() error { - return f.SetUpAt(f.GetPath()) +func (f *flexVolumeBuilder) SetUp(fsGroup *int64) error { + return f.SetUpAt(f.GetPath(), fsGroup) } // GetAttributes get the flex volume attributes. The attributes will be queried @@ -251,7 +251,7 @@ type flexVolumeManager interface { } // SetUpAt creates new directory. -func (f *flexVolumeBuilder) SetUpAt(dir string) error { +func (f *flexVolumeBuilder) SetUpAt(dir string, fsGroup *int64) error { notmnt, err := f.blockDeviceMounter.IsLikelyNotMountPoint(dir) if err != nil && !os.IsNotExist(err) { diff --git a/pkg/volume/flexvolume/flexvolume_test.go b/pkg/volume/flexvolume/flexvolume_test.go index f5438af9bd5..fe01c7a347d 100644 --- a/pkg/volume/flexvolume/flexvolume_test.go +++ b/pkg/volume/flexvolume/flexvolume_test.go @@ -238,7 +238,7 @@ func doTestPluginAttachDetach(t *testing.T, spec *volume.Spec) { if path != "/tmp/fake/pods/poduid/volumes/kubernetes.io~fakeAttacher/vol1" { t.Errorf("Got unexpected path: %s", path) } - if err := builder.SetUp(); err != nil { + if err := builder.SetUp(nil); err != nil { t.Errorf("Expected success, got: %v", err) } if _, err := os.Stat(volumePath); err != nil { @@ -310,7 +310,7 @@ func doTestPluginMountUnmount(t *testing.T, spec *volume.Spec) { if path != "/tmp/fake/pods/poduid/volumes/kubernetes.io~fakeMounter/vol1" { t.Errorf("Got unexpected path: %s", path) } - if err := builder.SetUp(); err != nil { + if err := builder.SetUp(nil); err != nil { t.Errorf("Expected success, got: %v", err) } if _, err := os.Stat(volumePath); err != nil { diff --git a/pkg/volume/flocker/plugin.go b/pkg/volume/flocker/plugin.go index a4b4fa99ba5..39e68463d5a 100644 --- a/pkg/volume/flocker/plugin.go +++ b/pkg/volume/flocker/plugin.go @@ -127,8 +127,8 @@ func (b flockerBuilder) GetPath() string { return b.flocker.path } -func (b flockerBuilder) SetUp() error { - return b.SetUpAt(b.flocker.datasetName) +func (b flockerBuilder) SetUp(fsGroup *int64) error { + return b.SetUpAt(b.flocker.datasetName, fsGroup) } // newFlockerClient uses environment variables and pod attributes to return a @@ -168,7 +168,7 @@ control service: need to update the Primary UUID for this volume. 5. Wait until the Primary UUID was updated or timeout. */ -func (b flockerBuilder) SetUpAt(dir string) error { +func (b flockerBuilder) SetUpAt(dir string, fsGroup *int64) error { if volumeutil.IsReady(b.getMetaDir()) { return nil } diff --git a/pkg/volume/flocker/plugin_test.go b/pkg/volume/flocker/plugin_test.go index e172d2badc7..10574d5a6a2 100644 --- a/pkg/volume/flocker/plugin_test.go +++ b/pkg/volume/flocker/plugin_test.go @@ -211,6 +211,6 @@ func TestSetUpAtInternal(t *testing.T) { b := flockerBuilder{flocker: &flocker{pod: pod, plugin: plug.(*flockerPlugin)}} b.client = newMockFlockerClient("dataset-id", "primary-uid", mockPath) - assert.NoError(b.SetUpAt(dir)) + assert.NoError(b.SetUpAt(dir, nil)) assert.Equal(expectedPath, b.flocker.path) } diff --git a/pkg/volume/gce_pd/gce_pd.go b/pkg/volume/gce_pd/gce_pd.go index f77a0a4c78f..2fb2a0d5f44 100644 --- a/pkg/volume/gce_pd/gce_pd.go +++ b/pkg/volume/gce_pd/gce_pd.go @@ -219,12 +219,12 @@ func (b *gcePersistentDiskBuilder) GetAttributes() volume.Attributes { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *gcePersistentDiskBuilder) SetUp() error { - return b.SetUpAt(b.GetPath()) +func (b *gcePersistentDiskBuilder) SetUp(fsGroup *int64) error { + return b.SetUpAt(b.GetPath(), fsGroup) } // SetUpAt attaches the disk and bind mounts to the volume path. -func (b *gcePersistentDiskBuilder) SetUpAt(dir string) error { +func (b *gcePersistentDiskBuilder) SetUpAt(dir string, fsGroup *int64) error { // TODO: handle failed mounts here. notMnt, err := b.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("PersistentDisk set up: %s %v %v", dir, !notMnt, err) diff --git a/pkg/volume/gce_pd/gce_pd_test.go b/pkg/volume/gce_pd/gce_pd_test.go index 4e5651e393b..3fb1b24c445 100644 --- a/pkg/volume/gce_pd/gce_pd_test.go +++ b/pkg/volume/gce_pd/gce_pd_test.go @@ -162,7 +162,7 @@ func TestPlugin(t *testing.T) { t.Errorf("Got unexpected path: %s", path) } - if err := builder.SetUp(); err != nil { + if err := builder.SetUp(nil); err != nil { t.Errorf("Expected success, got: %v", err) } if _, err := os.Stat(path); err != nil { diff --git a/pkg/volume/git_repo/git_repo.go b/pkg/volume/git_repo/git_repo.go index cd6bd05c5a6..02ac90d454e 100644 --- a/pkg/volume/git_repo/git_repo.go +++ b/pkg/volume/git_repo/git_repo.go @@ -124,8 +124,8 @@ func (b *gitRepoVolumeBuilder) GetAttributes() volume.Attributes { } // SetUp creates new directory and clones a git repo. -func (b *gitRepoVolumeBuilder) SetUp() error { - return b.SetUpAt(b.GetPath()) +func (b *gitRepoVolumeBuilder) SetUp(fsGroup *int64) error { + return b.SetUpAt(b.GetPath(), fsGroup) } // This is the spec for the volume that this plugin wraps. @@ -134,7 +134,7 @@ var wrappedVolumeSpec = &volume.Spec{ } // SetUpAt creates new directory and clones a git repo. -func (b *gitRepoVolumeBuilder) SetUpAt(dir string) error { +func (b *gitRepoVolumeBuilder) SetUpAt(dir string, fsGroup *int64) error { if volumeutil.IsReady(b.getMetaDir()) { return nil } @@ -144,7 +144,7 @@ func (b *gitRepoVolumeBuilder) SetUpAt(dir string) error { if err != nil { return err } - if err := wrapped.SetUpAt(dir); err != nil { + if err := wrapped.SetUpAt(dir, fsGroup); err != nil { return err } diff --git a/pkg/volume/git_repo/git_repo_test.go b/pkg/volume/git_repo/git_repo_test.go index e4c588d9dfa..9526dec3c07 100644 --- a/pkg/volume/git_repo/git_repo_test.go +++ b/pkg/volume/git_repo/git_repo_test.go @@ -335,7 +335,7 @@ func doTestSetUp(scenario struct { g := builder.(*gitRepoVolumeBuilder) g.exec = &fake - g.SetUp() + g.SetUp(nil) if fake.CommandCalls != len(expecteds) { allErrs = append(allErrs, diff --git a/pkg/volume/glusterfs/glusterfs.go b/pkg/volume/glusterfs/glusterfs.go index 4b0e5d9f10a..b2933962048 100644 --- a/pkg/volume/glusterfs/glusterfs.go +++ b/pkg/volume/glusterfs/glusterfs.go @@ -166,11 +166,11 @@ func (b *glusterfsBuilder) GetAttributes() volume.Attributes { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *glusterfsBuilder) SetUp() error { - return b.SetUpAt(b.GetPath()) +func (b *glusterfsBuilder) SetUp(fsGroup *int64) error { + return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *glusterfsBuilder) SetUpAt(dir string) error { +func (b *glusterfsBuilder) SetUpAt(dir string, fsGroup *int64) error { notMnt, err := b.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("glusterfs: mount set up: %s %v %v", dir, !notMnt, err) if err != nil && !os.IsNotExist(err) { diff --git a/pkg/volume/glusterfs/glusterfs_test.go b/pkg/volume/glusterfs/glusterfs_test.go index f074e669009..709eaa40e9f 100644 --- a/pkg/volume/glusterfs/glusterfs_test.go +++ b/pkg/volume/glusterfs/glusterfs_test.go @@ -105,7 +105,7 @@ func doTestPlugin(t *testing.T, spec *volume.Spec) { if path != "/tmp/fake/pods/poduid/volumes/kubernetes.io~glusterfs/vol1" { t.Errorf("Got unexpected path: %s", path) } - if err := builder.SetUp(); err != nil { + if err := builder.SetUp(nil); err != nil { t.Errorf("Expected success, got: %v", err) } if _, err := os.Stat(volumePath); err != nil { diff --git a/pkg/volume/host_path/host_path.go b/pkg/volume/host_path/host_path.go index 636369e816e..d689911cc75 100644 --- a/pkg/volume/host_path/host_path.go +++ b/pkg/volume/host_path/host_path.go @@ -186,12 +186,12 @@ func (b *hostPathBuilder) GetAttributes() volume.Attributes { } // SetUp does nothing. -func (b *hostPathBuilder) SetUp() error { +func (b *hostPathBuilder) SetUp(fsGroup *int64) error { return nil } // SetUpAt does not make sense for host paths - probably programmer error. -func (b *hostPathBuilder) SetUpAt(dir string) error { +func (b *hostPathBuilder) SetUpAt(dir string, fsGroup *int64) error { return fmt.Errorf("SetUpAt() does not make sense for host paths") } diff --git a/pkg/volume/host_path/host_path_test.go b/pkg/volume/host_path/host_path_test.go index 4188fb05d6c..6a29c989cf3 100644 --- a/pkg/volume/host_path/host_path_test.go +++ b/pkg/volume/host_path/host_path_test.go @@ -211,7 +211,7 @@ func TestPlugin(t *testing.T) { t.Errorf("Got unexpected path: %s", path) } - if err := builder.SetUp(); err != nil { + if err := builder.SetUp(nil); err != nil { t.Errorf("Expected success, got: %v", err) } diff --git a/pkg/volume/iscsi/iscsi.go b/pkg/volume/iscsi/iscsi.go index cea14098720..429848c8eba 100644 --- a/pkg/volume/iscsi/iscsi.go +++ b/pkg/volume/iscsi/iscsi.go @@ -175,11 +175,11 @@ func (b *iscsiDiskBuilder) GetAttributes() volume.Attributes { } } -func (b *iscsiDiskBuilder) SetUp() error { - return b.SetUpAt(b.GetPath()) +func (b *iscsiDiskBuilder) SetUp(fsGroup *int64) error { + return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *iscsiDiskBuilder) SetUpAt(dir string) error { +func (b *iscsiDiskBuilder) SetUpAt(dir string, fsGroup *int64) error { // diskSetUp checks mountpoints and prevent repeated calls err := diskSetUp(b.manager, *b, dir, b.mounter) if err != nil { diff --git a/pkg/volume/iscsi/iscsi_test.go b/pkg/volume/iscsi/iscsi_test.go index aec79aa3460..9496bb3e33c 100644 --- a/pkg/volume/iscsi/iscsi_test.go +++ b/pkg/volume/iscsi/iscsi_test.go @@ -121,7 +121,7 @@ func doTestPlugin(t *testing.T, spec *volume.Spec) { t.Errorf("Got unexpected path: %s", path) } - if err := builder.SetUp(); err != nil { + if err := builder.SetUp(nil); err != nil { t.Errorf("Expected success, got: %v", err) } if _, err := os.Stat(path); err != nil { diff --git a/pkg/volume/nfs/nfs.go b/pkg/volume/nfs/nfs.go index 300777e5266..2c1deb2f896 100644 --- a/pkg/volume/nfs/nfs.go +++ b/pkg/volume/nfs/nfs.go @@ -159,11 +159,11 @@ func (b *nfsBuilder) GetAttributes() volume.Attributes { } // SetUp attaches the disk and bind mounts to the volume path. -func (b *nfsBuilder) SetUp() error { - return b.SetUpAt(b.GetPath()) +func (b *nfsBuilder) SetUp(fsGroup *int64) error { + return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *nfsBuilder) SetUpAt(dir string) error { +func (b *nfsBuilder) SetUpAt(dir string, fsGroup *int64) error { notMnt, err := b.mounter.IsLikelyNotMountPoint(dir) glog.V(4).Infof("NFS mount set up: %s %v %v", dir, !notMnt, err) if err != nil && !os.IsNotExist(err) { diff --git a/pkg/volume/nfs/nfs_test.go b/pkg/volume/nfs/nfs_test.go index 8dd1414c44c..0610c7e1c34 100644 --- a/pkg/volume/nfs/nfs_test.go +++ b/pkg/volume/nfs/nfs_test.go @@ -134,7 +134,7 @@ func doTestPlugin(t *testing.T, spec *volume.Spec) { if path != "/tmp/fake/pods/poduid/volumes/kubernetes.io~nfs/vol1" { t.Errorf("Got unexpected path: %s", path) } - if err := builder.SetUp(); err != nil { + if err := builder.SetUp(nil); err != nil { t.Errorf("Expected success, got: %v", err) } if _, err := os.Stat(volumePath); err != nil { diff --git a/pkg/volume/rbd/rbd.go b/pkg/volume/rbd/rbd.go index 7ba955230ef..0e562885d3a 100644 --- a/pkg/volume/rbd/rbd.go +++ b/pkg/volume/rbd/rbd.go @@ -203,11 +203,11 @@ func (b *rbd) GetAttributes() volume.Attributes { } } -func (b *rbdBuilder) SetUp() error { - return b.SetUpAt(b.GetPath()) +func (b *rbdBuilder) SetUp(fsGroup *int64) error { + return b.SetUpAt(b.GetPath(), fsGroup) } -func (b *rbdBuilder) SetUpAt(dir string) error { +func (b *rbdBuilder) SetUpAt(dir string, fsGroup *int64) error { // diskSetUp checks mountpoints and prevent repeated calls err := diskSetUp(b.manager, *b, dir, b.mounter) if err != nil { diff --git a/pkg/volume/rbd/rbd_test.go b/pkg/volume/rbd/rbd_test.go index f9a6096ae19..1287d2687bc 100644 --- a/pkg/volume/rbd/rbd_test.go +++ b/pkg/volume/rbd/rbd_test.go @@ -88,7 +88,7 @@ func doTestPlugin(t *testing.T, spec *volume.Spec) { t.Errorf("Got unexpected path: %s", path) } - if err := builder.SetUp(); err != nil { + if err := builder.SetUp(nil); err != nil { t.Errorf("Expected success, got: %v", err) } if _, err := os.Stat(path); err != nil { diff --git a/pkg/volume/secret/secret.go b/pkg/volume/secret/secret.go index 2bb426d3c60..91332949920 100644 --- a/pkg/volume/secret/secret.go +++ b/pkg/volume/secret/secret.go @@ -107,8 +107,8 @@ func (sv *secretVolume) GetAttributes() volume.Attributes { SupportsSELinux: true, } } -func (b *secretVolumeBuilder) SetUp() error { - return b.SetUpAt(b.GetPath()) +func (b *secretVolumeBuilder) SetUp(fsGroup *int64) error { + return b.SetUpAt(b.GetPath(), fsGroup) } // This is the spec for the volume that this plugin wraps. @@ -120,7 +120,7 @@ func (b *secretVolumeBuilder) getMetaDir() string { return path.Join(b.plugin.host.GetPodPluginDir(b.podUID, util.EscapeQualifiedNameForDisk(secretPluginName)), b.volName) } -func (b *secretVolumeBuilder) SetUpAt(dir string) error { +func (b *secretVolumeBuilder) SetUpAt(dir string, fsGroup *int64) error { notMnt, err := b.mounter.IsLikelyNotMountPoint(dir) // Getting an os.IsNotExist err from is a contingency; the directory // may not exist yet, in which case, setup should run. @@ -141,7 +141,7 @@ func (b *secretVolumeBuilder) SetUpAt(dir string) error { if err != nil { return err } - if err := wrapped.SetUpAt(dir); err != nil { + if err := wrapped.SetUpAt(dir, fsGroup); err != nil { return err } diff --git a/pkg/volume/secret/secret_test.go b/pkg/volume/secret/secret_test.go index 5ccc6aa7654..03a2e3b75c3 100644 --- a/pkg/volume/secret/secret_test.go +++ b/pkg/volume/secret/secret_test.go @@ -98,7 +98,7 @@ func TestPlugin(t *testing.T) { t.Errorf("Got unexpected path: %s", volumePath) } - err = builder.SetUp() + err = builder.SetUp(nil) if err != nil { t.Errorf("Failed to setup volume: %v", err) } @@ -156,7 +156,7 @@ func TestPluginIdempotent(t *testing.T) { } volumePath := builder.GetPath() - err = builder.SetUp() + err = builder.SetUp(nil) if err != nil { t.Errorf("Failed to setup volume: %v", err) } @@ -214,7 +214,7 @@ func TestPluginReboot(t *testing.T) { t.Errorf("Got unexpected path: %s", volumePath) } - err = builder.SetUp() + err = builder.SetUp(nil) if err != nil { t.Errorf("Failed to setup volume: %v", err) } diff --git a/pkg/volume/testing.go b/pkg/volume/testing.go index 02f8fba72fc..c35700430f5 100644 --- a/pkg/volume/testing.go +++ b/pkg/volume/testing.go @@ -183,11 +183,11 @@ func (_ *FakeVolume) GetAttributes() Attributes { } } -func (fv *FakeVolume) SetUp() error { - return fv.SetUpAt(fv.GetPath()) +func (fv *FakeVolume) SetUp(fsGroup *int64) error { + return fv.SetUpAt(fv.GetPath(), fsGroup) } -func (fv *FakeVolume) SetUpAt(dir string) error { +func (fv *FakeVolume) SetUpAt(dir string, fsGroup *int64) error { return os.MkdirAll(dir, 0750) } diff --git a/pkg/volume/volume.go b/pkg/volume/volume.go index 83b231b42a9..32b8ec86793 100644 --- a/pkg/volume/volume.go +++ b/pkg/volume/volume.go @@ -70,14 +70,19 @@ type Attributes struct { type Builder interface { // Uses Interface to provide the path for Docker binds. Volume - // SetUp prepares and mounts/unpacks the volume to a self-determined - // directory path. This may be called more than once, so + // SetUp prepares and mounts/unpacks the volume to a + // self-determined directory path. The mount point and its + // content should be owned by 'fsGroup' so that it can be + // accessed by the pod. This may be called more than once, so // implementations must be idempotent. - SetUp() error - // SetUpAt prepares and mounts/unpacks the volume to the specified - // directory path, which may or may not exist yet. This may be called - // more than once, so implementations must be idempotent. - SetUpAt(dir string) error + SetUp(fsGroup *int64) error + // SetUpAt prepares and mounts/unpacks the volume to the + // specified directory path, which may or may not exist yet. + // The mount point and its content should be owned by + // 'fsGroup' so that it can be accessed by the pod. This may + // be called more than once, so implementations must be + // idempotent. + SetUpAt(dir string, sGroup *int64) error // GetAttributes returns the attributes of the builder. GetAttributes() Attributes } From 125295ba406e671ebcc73155f8b7ac2617d482e4 Mon Sep 17 00:00:00 2001 From: Sami Wagiaalla Date: Fri, 18 Dec 2015 14:02:48 -0500 Subject: [PATCH 3/5] Remove manageVolumeOwnership from kubelet --- cmd/kubelet/app/server.go | 13 ------ pkg/kubelet/kubelet.go | 10 ----- pkg/kubelet/volumes.go | 13 ------ pkg/kubelet/volumes_linux.go | 71 ------------------------------ pkg/kubelet/volumes_unsupported.go | 28 ------------ 5 files changed, 135 deletions(-) delete mode 100644 pkg/kubelet/volumes_linux.go delete mode 100644 pkg/kubelet/volumes_unsupported.go diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index f486213ac8d..a42dc75ad65 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -55,8 +55,6 @@ import ( "k8s.io/kubernetes/pkg/kubelet/server" kubetypes "k8s.io/kubernetes/pkg/kubelet/types" "k8s.io/kubernetes/pkg/util" - "k8s.io/kubernetes/pkg/util/chmod" - "k8s.io/kubernetes/pkg/util/chown" "k8s.io/kubernetes/pkg/util/io" "k8s.io/kubernetes/pkg/util/mount" nodeutil "k8s.io/kubernetes/pkg/util/node" @@ -133,9 +131,6 @@ func UnsecuredKubeletConfig(s *options.KubeletServer) (*KubeletConfig, error) { writer = &io.NsenterWriter{} } - chmodRunner := chmod.New() - chownRunner := chown.New() - tlsOptions, err := InitializeTLS(s) if err != nil { return nil, err @@ -210,8 +205,6 @@ func UnsecuredKubeletConfig(s *options.KubeletServer) (*KubeletConfig, error) { MaxPods: s.MaxPods, MinimumGCAge: s.MinimumGCAge, Mounter: mounter, - ChownRunner: chownRunner, - ChmodRunner: chmodRunner, NetworkPluginName: s.NetworkPluginName, NetworkPlugins: ProbeNetworkPlugins(s.NetworkPluginDir), NodeLabels: s.NodeLabels, @@ -503,8 +496,6 @@ func SimpleKubelet(client *client.Client, MaxPods: maxPods, MinimumGCAge: minimumGCAge, Mounter: mount.New(), - ChownRunner: chown.New(), - ChmodRunner: chmod.New(), NodeStatusUpdateFrequency: nodeStatusUpdateFrequency, OOMAdjuster: oom.NewFakeOOMAdjuster(), OSInterface: osInterface, @@ -687,8 +678,6 @@ type KubeletConfig struct { MaxPods int MinimumGCAge time.Duration Mounter mount.Interface - ChownRunner chown.Interface - ChmodRunner chmod.Interface NetworkPluginName string NetworkPlugins []network.NetworkPlugin NodeName string @@ -793,8 +782,6 @@ func CreateAndInitKubelet(kc *KubeletConfig) (k KubeletBootstrap, pc *config.Pod kc.RktStage1Image, kc.Mounter, kc.Writer, - kc.ChownRunner, - kc.ChmodRunner, kc.DockerDaemonContainer, kc.SystemContainer, kc.ConfigureCBR0, diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go index 84823f984ea..2a94b508737 100644 --- a/pkg/kubelet/kubelet.go +++ b/pkg/kubelet/kubelet.go @@ -69,8 +69,6 @@ import ( "k8s.io/kubernetes/pkg/util" "k8s.io/kubernetes/pkg/util/atomic" "k8s.io/kubernetes/pkg/util/bandwidth" - "k8s.io/kubernetes/pkg/util/chmod" - "k8s.io/kubernetes/pkg/util/chown" utilerrors "k8s.io/kubernetes/pkg/util/errors" kubeio "k8s.io/kubernetes/pkg/util/io" "k8s.io/kubernetes/pkg/util/mount" @@ -179,8 +177,6 @@ func NewMainKubelet( rktStage1Image string, mounter mount.Interface, writer kubeio.Writer, - chownRunner chown.Interface, - chmodRunner chmod.Interface, dockerDaemonContainer string, systemContainer string, configureCBR0 bool, @@ -299,8 +295,6 @@ func NewMainKubelet( oomWatcher: oomWatcher, cgroupRoot: cgroupRoot, mounter: mounter, - chmodRunner: chmodRunner, - chownRunner: chownRunner, writer: writer, configureCBR0: configureCBR0, reconcileCIDR: reconcileCIDR, @@ -596,10 +590,6 @@ type Kubelet struct { // Mounter to use for volumes. mounter mount.Interface - // chown.Interface implementation to use - chownRunner chown.Interface - // chmod.Interface implementation to use - chmodRunner chmod.Interface // Writer interface to use for volumes. writer kubeio.Writer diff --git a/pkg/kubelet/volumes.go b/pkg/kubelet/volumes.go index 06ae6d4681a..697b437aa59 100644 --- a/pkg/kubelet/volumes.go +++ b/pkg/kubelet/volumes.go @@ -119,10 +119,8 @@ func (kl *Kubelet) mountExternalVolumes(pod *api.Pod) (kubecontainer.VolumeMap, podVolumes := make(kubecontainer.VolumeMap) for i := range pod.Spec.Volumes { volSpec := &pod.Spec.Volumes[i] - hasFSGroup := false var fsGroup *int64 if pod.Spec.SecurityContext != nil && pod.Spec.SecurityContext.FSGroup != nil { - hasFSGroup = true fsGroup = pod.Spec.SecurityContext.FSGroup } @@ -145,17 +143,6 @@ func (kl *Kubelet) mountExternalVolumes(pod *api.Pod) (kubecontainer.VolumeMap, if err != nil { return nil, err } - if hasFSGroup && - builder.GetAttributes().Managed && - builder.GetAttributes().SupportsOwnershipManagement { - err := kl.manageVolumeOwnership(pod, internal, builder, fsGroup) - if err != nil { - glog.Errorf("Error managing ownership of volume %v for pod %v/%v: %v", internal.Name(), pod.Namespace, pod.Name, err) - return nil, err - } else { - glog.V(3).Infof("Managed ownership of volume %v for pod %v/%v", internal.Name(), pod.Namespace, pod.Name) - } - } podVolumes[volSpec.Name] = kubecontainer.VolumeInfo{Builder: builder} } return podVolumes, nil diff --git a/pkg/kubelet/volumes_linux.go b/pkg/kubelet/volumes_linux.go deleted file mode 100644 index 3f20a0a10bb..00000000000 --- a/pkg/kubelet/volumes_linux.go +++ /dev/null @@ -1,71 +0,0 @@ -// +build linux - -/* -Copyright 2014 The Kubernetes Authors All rights reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package kubelet - -import ( - "os" - "path/filepath" - "syscall" - - "github.com/golang/glog" - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/volume" -) - -// Bitmasks to OR with current ownership of volumes that allow ownership management by the Kubelet -const ( - rwMask = os.FileMode(0660) - roMask = os.FileMode(0440) -) - -// manageVolumeOwnership modifies the given volume to be owned by fsGroup. -func (kl *Kubelet) manageVolumeOwnership(pod *api.Pod, volSpec *volume.Spec, builder volume.Builder, fsGroup int64) error { - return filepath.Walk(builder.GetPath(), func(path string, info os.FileInfo, err error) error { - if err != nil { - return err - } - - stat, ok := info.Sys().(*syscall.Stat_t) - if !ok { - return nil - } - - if stat == nil { - glog.Errorf("Got nil stat_t for path %v while managing ownership of volume %v for pod %s/%s", path, volSpec.Name, pod.Namespace, pod.Name) - return nil - } - - err = kl.chownRunner.Chown(path, int(stat.Uid), int(fsGroup)) - if err != nil { - glog.Errorf("Chown failed on %v: %v", path, err) - } - - mask := rwMask - if builder.GetAttributes().ReadOnly { - mask = roMask - } - - err = kl.chmodRunner.Chmod(path, info.Mode()|mask|os.ModeSetgid) - if err != nil { - glog.Errorf("Chmod failed on %v: %v", path, err) - } - - return nil - }) -} diff --git a/pkg/kubelet/volumes_unsupported.go b/pkg/kubelet/volumes_unsupported.go deleted file mode 100644 index 7590e0a8979..00000000000 --- a/pkg/kubelet/volumes_unsupported.go +++ /dev/null @@ -1,28 +0,0 @@ -// +build !linux - -/* -Copyright 2014 The Kubernetes Authors All rights reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package kubelet - -import ( - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/volume" -) - -func (_ *Kubelet) manageVolumeOwnership(pod *api.Pod, volSpec *volume.Spec, builder volume.Builder, fsGroup int64) error { - return nil -} From 4ac151321a09d68a6346b281fee7c32677cfd932 Mon Sep 17 00:00:00 2001 From: Sami Wagiaalla Date: Fri, 18 Dec 2015 13:57:25 -0500 Subject: [PATCH 4/5] Call SetVolumeOwnership from volume plugins --- pkg/volume/aws_ebs/aws_ebs.go | 4 ++++ pkg/volume/cinder/cinder.go | 4 ++++ pkg/volume/downwardapi/downwardapi.go | 3 +++ pkg/volume/empty_dir/empty_dir.go | 2 ++ pkg/volume/fc/disk_manager.go | 8 +++++++- pkg/volume/fc/fc.go | 2 +- pkg/volume/gce_pd/gce_pd.go | 4 ++++ pkg/volume/iscsi/disk_manager.go | 8 +++++++- pkg/volume/iscsi/iscsi.go | 2 +- pkg/volume/rbd/disk_manager.go | 8 +++++++- pkg/volume/rbd/rbd.go | 2 +- pkg/volume/secret/secret.go | 2 ++ 12 files changed, 43 insertions(+), 6 deletions(-) diff --git a/pkg/volume/aws_ebs/aws_ebs.go b/pkg/volume/aws_ebs/aws_ebs.go index 1278afe39f9..d71804855b1 100644 --- a/pkg/volume/aws_ebs/aws_ebs.go +++ b/pkg/volume/aws_ebs/aws_ebs.go @@ -291,6 +291,10 @@ func (b *awsElasticBlockStoreBuilder) SetUpAt(dir string, fsGroup *int64) error return err } + if !b.readOnly { + volume.SetVolumeOwnership(b, fsGroup) + } + return nil } diff --git a/pkg/volume/cinder/cinder.go b/pkg/volume/cinder/cinder.go index 28a35e21086..30d312385a8 100644 --- a/pkg/volume/cinder/cinder.go +++ b/pkg/volume/cinder/cinder.go @@ -284,6 +284,10 @@ func (b *cinderVolumeBuilder) SetUpAt(dir string, fsGroup *int64) error { return err } + if !b.readOnly { + volume.SetVolumeOwnership(b, fsGroup) + } + return nil } diff --git a/pkg/volume/downwardapi/downwardapi.go b/pkg/volume/downwardapi/downwardapi.go index 1811a8674d9..1b9a887a722 100644 --- a/pkg/volume/downwardapi/downwardapi.go +++ b/pkg/volume/downwardapi/downwardapi.go @@ -157,6 +157,9 @@ func (b *downwardAPIVolumeBuilder) SetUpAt(dir string, fsGroup *int64) error { } glog.V(3).Infof("Data dumped for downwardAPI volume %v for pod %v/%v", b.volName, b.pod.Namespace, b.pod.Name) + + volume.SetVolumeOwnership(b, fsGroup) + return nil } diff --git a/pkg/volume/empty_dir/empty_dir.go b/pkg/volume/empty_dir/empty_dir.go index 409e20947d1..275ac19b225 100644 --- a/pkg/volume/empty_dir/empty_dir.go +++ b/pkg/volume/empty_dir/empty_dir.go @@ -190,6 +190,8 @@ func (ed *emptyDir) SetUpAt(dir string, fsGroup *int64) error { err = fmt.Errorf("unknown storage medium %q", ed.medium) } + volume.SetVolumeOwnership(ed, fsGroup) + if err == nil { volumeutil.SetReady(ed.getMetaDir()) } diff --git a/pkg/volume/fc/disk_manager.go b/pkg/volume/fc/disk_manager.go index b7419ecc95b..c064eada605 100644 --- a/pkg/volume/fc/disk_manager.go +++ b/pkg/volume/fc/disk_manager.go @@ -21,6 +21,7 @@ import ( "github.com/golang/glog" "k8s.io/kubernetes/pkg/util/mount" + "k8s.io/kubernetes/pkg/volume" ) // Abstract interface to disk operations. @@ -33,7 +34,7 @@ type diskManager interface { } // utility to mount a disk based filesystem -func diskSetUp(manager diskManager, b fcDiskBuilder, volPath string, mounter mount.Interface) error { +func diskSetUp(manager diskManager, b fcDiskBuilder, volPath string, mounter mount.Interface, fsGroup *int64) error { globalPDPath := manager.MakeGlobalPDName(*b.fcDisk) // TODO: handle failed mounts here. noMnt, err := mounter.IsLikelyNotMountPoint(volPath) @@ -64,6 +65,11 @@ func diskSetUp(manager diskManager, b fcDiskBuilder, volPath string, mounter mou glog.Errorf("failed to bind mount:%s", globalPDPath) return err } + + if !b.readOnly { + volume.SetVolumeOwnership(&b, fsGroup) + } + return nil } diff --git a/pkg/volume/fc/fc.go b/pkg/volume/fc/fc.go index a930803a236..0f5b1efc0d4 100644 --- a/pkg/volume/fc/fc.go +++ b/pkg/volume/fc/fc.go @@ -182,7 +182,7 @@ func (b *fcDiskBuilder) SetUp(fsGroup *int64) error { func (b *fcDiskBuilder) SetUpAt(dir string, fsGroup *int64) error { // diskSetUp checks mountpoints and prevent repeated calls - err := diskSetUp(b.manager, *b, dir, b.mounter) + err := diskSetUp(b.manager, *b, dir, b.mounter, fsGroup) if err != nil { glog.Errorf("fc: failed to setup") } diff --git a/pkg/volume/gce_pd/gce_pd.go b/pkg/volume/gce_pd/gce_pd.go index 2fb2a0d5f44..907d3389bff 100644 --- a/pkg/volume/gce_pd/gce_pd.go +++ b/pkg/volume/gce_pd/gce_pd.go @@ -280,6 +280,10 @@ func (b *gcePersistentDiskBuilder) SetUpAt(dir string, fsGroup *int64) error { return err } + if !b.readOnly { + volume.SetVolumeOwnership(b, fsGroup) + } + return nil } diff --git a/pkg/volume/iscsi/disk_manager.go b/pkg/volume/iscsi/disk_manager.go index 800633ae46e..70dd679e61e 100644 --- a/pkg/volume/iscsi/disk_manager.go +++ b/pkg/volume/iscsi/disk_manager.go @@ -21,6 +21,7 @@ import ( "github.com/golang/glog" "k8s.io/kubernetes/pkg/util/mount" + "k8s.io/kubernetes/pkg/volume" ) // Abstract interface to disk operations. @@ -33,7 +34,7 @@ type diskManager interface { } // utility to mount a disk based filesystem -func diskSetUp(manager diskManager, b iscsiDiskBuilder, volPath string, mounter mount.Interface) error { +func diskSetUp(manager diskManager, b iscsiDiskBuilder, volPath string, mounter mount.Interface, fsGroup *int64) error { globalPDPath := manager.MakeGlobalPDName(*b.iscsiDisk) // TODO: handle failed mounts here. notMnt, err := mounter.IsLikelyNotMountPoint(volPath) @@ -64,6 +65,11 @@ func diskSetUp(manager diskManager, b iscsiDiskBuilder, volPath string, mounter glog.Errorf("failed to bind mount:%s", globalPDPath) return err } + + if !b.readOnly { + volume.SetVolumeOwnership(&b, fsGroup) + } + return nil } diff --git a/pkg/volume/iscsi/iscsi.go b/pkg/volume/iscsi/iscsi.go index 429848c8eba..afdfb278868 100644 --- a/pkg/volume/iscsi/iscsi.go +++ b/pkg/volume/iscsi/iscsi.go @@ -181,7 +181,7 @@ func (b *iscsiDiskBuilder) SetUp(fsGroup *int64) error { func (b *iscsiDiskBuilder) SetUpAt(dir string, fsGroup *int64) error { // diskSetUp checks mountpoints and prevent repeated calls - err := diskSetUp(b.manager, *b, dir, b.mounter) + err := diskSetUp(b.manager, *b, dir, b.mounter, fsGroup) if err != nil { glog.Errorf("iscsi: failed to setup") } diff --git a/pkg/volume/rbd/disk_manager.go b/pkg/volume/rbd/disk_manager.go index 229827fd903..37982491b0c 100644 --- a/pkg/volume/rbd/disk_manager.go +++ b/pkg/volume/rbd/disk_manager.go @@ -27,6 +27,7 @@ import ( "github.com/golang/glog" "k8s.io/kubernetes/pkg/util/mount" + "k8s.io/kubernetes/pkg/volume" ) // Abstract interface to disk operations. @@ -39,7 +40,7 @@ type diskManager interface { } // utility to mount a disk based filesystem -func diskSetUp(manager diskManager, b rbdBuilder, volPath string, mounter mount.Interface) error { +func diskSetUp(manager diskManager, b rbdBuilder, volPath string, mounter mount.Interface, fsGroup *int64) error { globalPDPath := manager.MakeGlobalPDName(*b.rbd) // TODO: handle failed mounts here. notMnt, err := mounter.IsLikelyNotMountPoint(volPath) @@ -70,6 +71,11 @@ func diskSetUp(manager diskManager, b rbdBuilder, volPath string, mounter mount. glog.Errorf("failed to bind mount:%s", globalPDPath) return err } + + if !b.ReadOnly { + volume.SetVolumeOwnership(&b, fsGroup) + } + return nil } diff --git a/pkg/volume/rbd/rbd.go b/pkg/volume/rbd/rbd.go index 0e562885d3a..8807c646626 100644 --- a/pkg/volume/rbd/rbd.go +++ b/pkg/volume/rbd/rbd.go @@ -209,7 +209,7 @@ func (b *rbdBuilder) SetUp(fsGroup *int64) error { func (b *rbdBuilder) SetUpAt(dir string, fsGroup *int64) error { // diskSetUp checks mountpoints and prevent repeated calls - err := diskSetUp(b.manager, *b, dir, b.mounter) + err := diskSetUp(b.manager, *b, dir, b.mounter, fsGroup) if err != nil { glog.Errorf("rbd: failed to setup") } diff --git a/pkg/volume/secret/secret.go b/pkg/volume/secret/secret.go index 91332949920..f1c8f39df76 100644 --- a/pkg/volume/secret/secret.go +++ b/pkg/volume/secret/secret.go @@ -173,6 +173,8 @@ func (b *secretVolumeBuilder) SetUpAt(dir string, fsGroup *int64) error { } } + volume.SetVolumeOwnership(b, fsGroup) + volumeutil.SetReady(b.getMetaDir()) return nil From 776769845914b08d775946a24f24105fbeab8b49 Mon Sep 17 00:00:00 2001 From: Sami Wagiaalla Date: Mon, 11 Jan 2016 11:10:55 -0500 Subject: [PATCH 5/5] Remove SupportsOwnershipManagement volume attribute --- pkg/volume/aws_ebs/aws_ebs.go | 7 +++---- pkg/volume/cephfs/cephfs.go | 7 +++---- pkg/volume/cinder/cinder.go | 7 +++---- pkg/volume/downwardapi/downwardapi.go | 7 +++---- pkg/volume/empty_dir/empty_dir.go | 7 +++---- pkg/volume/fc/fc.go | 7 +++---- pkg/volume/flexvolume/flexvolume.go | 7 +++---- pkg/volume/flocker/plugin.go | 7 +++---- pkg/volume/gce_pd/gce_pd.go | 7 +++---- pkg/volume/git_repo/git_repo.go | 7 +++---- pkg/volume/glusterfs/glusterfs.go | 7 +++---- pkg/volume/host_path/host_path.go | 7 +++---- pkg/volume/iscsi/iscsi.go | 7 +++---- pkg/volume/nfs/nfs.go | 7 +++---- pkg/volume/rbd/rbd.go | 7 +++---- pkg/volume/secret/secret.go | 7 +++---- pkg/volume/testing.go | 7 +++---- pkg/volume/volume.go | 7 +++---- 18 files changed, 54 insertions(+), 72 deletions(-) diff --git a/pkg/volume/aws_ebs/aws_ebs.go b/pkg/volume/aws_ebs/aws_ebs.go index d71804855b1..c87f8ca26b2 100644 --- a/pkg/volume/aws_ebs/aws_ebs.go +++ b/pkg/volume/aws_ebs/aws_ebs.go @@ -222,10 +222,9 @@ var _ volume.Builder = &awsElasticBlockStoreBuilder{} func (b *awsElasticBlockStoreBuilder) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: b.readOnly, - Managed: !b.readOnly, - SupportsOwnershipManagement: true, - SupportsSELinux: true, + ReadOnly: b.readOnly, + Managed: !b.readOnly, + SupportsSELinux: true, } } diff --git a/pkg/volume/cephfs/cephfs.go b/pkg/volume/cephfs/cephfs.go index 48640b9f4c3..b11bb324070 100644 --- a/pkg/volume/cephfs/cephfs.go +++ b/pkg/volume/cephfs/cephfs.go @@ -155,10 +155,9 @@ var _ volume.Builder = &cephfsBuilder{} func (cephfsVolume *cephfsBuilder) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: cephfsVolume.readonly, - Managed: false, - SupportsOwnershipManagement: false, - SupportsSELinux: false, + ReadOnly: cephfsVolume.readonly, + Managed: false, + SupportsSELinux: false, } } diff --git a/pkg/volume/cinder/cinder.go b/pkg/volume/cinder/cinder.go index 30d312385a8..14ecf7e46ff 100644 --- a/pkg/volume/cinder/cinder.go +++ b/pkg/volume/cinder/cinder.go @@ -216,10 +216,9 @@ func detachDiskLogError(cd *cinderVolume) { func (b *cinderVolumeBuilder) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: b.readOnly, - Managed: !b.readOnly, - SupportsOwnershipManagement: true, - SupportsSELinux: true, + ReadOnly: b.readOnly, + Managed: !b.readOnly, + SupportsSELinux: true, } } diff --git a/pkg/volume/downwardapi/downwardapi.go b/pkg/volume/downwardapi/downwardapi.go index 1b9a887a722..50d88fa2d44 100644 --- a/pkg/volume/downwardapi/downwardapi.go +++ b/pkg/volume/downwardapi/downwardapi.go @@ -112,10 +112,9 @@ var _ volume.Builder = &downwardAPIVolumeBuilder{} // downward API volumes are always ReadOnlyManaged func (d *downwardAPIVolume) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: true, - Managed: true, - SupportsOwnershipManagement: true, - SupportsSELinux: true, + ReadOnly: true, + Managed: true, + SupportsSELinux: true, } } diff --git a/pkg/volume/empty_dir/empty_dir.go b/pkg/volume/empty_dir/empty_dir.go index 275ac19b225..4a2dfc52e5b 100644 --- a/pkg/volume/empty_dir/empty_dir.go +++ b/pkg/volume/empty_dir/empty_dir.go @@ -142,10 +142,9 @@ type emptyDir struct { func (ed *emptyDir) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: false, - Managed: true, - SupportsOwnershipManagement: true, - SupportsSELinux: true, + ReadOnly: false, + Managed: true, + SupportsSELinux: true, } } diff --git a/pkg/volume/fc/fc.go b/pkg/volume/fc/fc.go index 0f5b1efc0d4..1f54cd011b0 100644 --- a/pkg/volume/fc/fc.go +++ b/pkg/volume/fc/fc.go @@ -170,10 +170,9 @@ var _ volume.Builder = &fcDiskBuilder{} func (b *fcDiskBuilder) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: b.readOnly, - Managed: !b.readOnly, - SupportsOwnershipManagement: true, - SupportsSELinux: true, + ReadOnly: b.readOnly, + Managed: !b.readOnly, + SupportsSELinux: true, } } func (b *fcDiskBuilder) SetUp(fsGroup *int64) error { diff --git a/pkg/volume/flexvolume/flexvolume.go b/pkg/volume/flexvolume/flexvolume.go index 9de2e3233bc..bfa1215517b 100644 --- a/pkg/volume/flexvolume/flexvolume.go +++ b/pkg/volume/flexvolume/flexvolume.go @@ -231,10 +231,9 @@ func (f *flexVolumeBuilder) SetUp(fsGroup *int64) error { // using plugin callout after we finalize the callout syntax. func (f flexVolumeBuilder) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: f.readOnly, - Managed: false, - SupportsOwnershipManagement: false, - SupportsSELinux: false, + ReadOnly: f.readOnly, + Managed: false, + SupportsSELinux: false, } } diff --git a/pkg/volume/flocker/plugin.go b/pkg/volume/flocker/plugin.go index 39e68463d5a..441db0d6646 100644 --- a/pkg/volume/flocker/plugin.go +++ b/pkg/volume/flocker/plugin.go @@ -117,10 +117,9 @@ type flockerBuilder struct { func (b flockerBuilder) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: b.readOnly, - Managed: false, - SupportsOwnershipManagement: false, - SupportsSELinux: false, + ReadOnly: b.readOnly, + Managed: false, + SupportsSELinux: false, } } func (b flockerBuilder) GetPath() string { diff --git a/pkg/volume/gce_pd/gce_pd.go b/pkg/volume/gce_pd/gce_pd.go index 907d3389bff..057c0d46e8b 100644 --- a/pkg/volume/gce_pd/gce_pd.go +++ b/pkg/volume/gce_pd/gce_pd.go @@ -211,10 +211,9 @@ var _ volume.Builder = &gcePersistentDiskBuilder{} func (b *gcePersistentDiskBuilder) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: b.readOnly, - Managed: !b.readOnly, - SupportsOwnershipManagement: true, - SupportsSELinux: true, + ReadOnly: b.readOnly, + Managed: !b.readOnly, + SupportsSELinux: true, } } diff --git a/pkg/volume/git_repo/git_repo.go b/pkg/volume/git_repo/git_repo.go index 02ac90d454e..e3e9fd8815e 100644 --- a/pkg/volume/git_repo/git_repo.go +++ b/pkg/volume/git_repo/git_repo.go @@ -116,10 +116,9 @@ var _ volume.Builder = &gitRepoVolumeBuilder{} func (b *gitRepoVolumeBuilder) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: false, - Managed: true, - SupportsOwnershipManagement: false, - SupportsSELinux: true, // xattr change should be okay, TODO: double check + ReadOnly: false, + Managed: true, + SupportsSELinux: true, // xattr change should be okay, TODO: double check } } diff --git a/pkg/volume/glusterfs/glusterfs.go b/pkg/volume/glusterfs/glusterfs.go index b2933962048..f38946067dd 100644 --- a/pkg/volume/glusterfs/glusterfs.go +++ b/pkg/volume/glusterfs/glusterfs.go @@ -158,10 +158,9 @@ var _ volume.Builder = &glusterfsBuilder{} func (b *glusterfsBuilder) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: b.readOnly, - Managed: false, - SupportsOwnershipManagement: false, - SupportsSELinux: false, + ReadOnly: b.readOnly, + Managed: false, + SupportsSELinux: false, } } diff --git a/pkg/volume/host_path/host_path.go b/pkg/volume/host_path/host_path.go index d689911cc75..1dfcec7503b 100644 --- a/pkg/volume/host_path/host_path.go +++ b/pkg/volume/host_path/host_path.go @@ -178,10 +178,9 @@ var _ volume.Builder = &hostPathBuilder{} func (b *hostPathBuilder) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: b.readOnly, - Managed: false, - SupportsOwnershipManagement: false, - SupportsSELinux: false, + ReadOnly: b.readOnly, + Managed: false, + SupportsSELinux: false, } } diff --git a/pkg/volume/iscsi/iscsi.go b/pkg/volume/iscsi/iscsi.go index afdfb278868..39fcf33ede8 100644 --- a/pkg/volume/iscsi/iscsi.go +++ b/pkg/volume/iscsi/iscsi.go @@ -168,10 +168,9 @@ var _ volume.Builder = &iscsiDiskBuilder{} func (b *iscsiDiskBuilder) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: b.readOnly, - Managed: !b.readOnly, - SupportsOwnershipManagement: true, - SupportsSELinux: true, + ReadOnly: b.readOnly, + Managed: !b.readOnly, + SupportsSELinux: true, } } diff --git a/pkg/volume/nfs/nfs.go b/pkg/volume/nfs/nfs.go index 2c1deb2f896..60e7ece59c2 100644 --- a/pkg/volume/nfs/nfs.go +++ b/pkg/volume/nfs/nfs.go @@ -151,10 +151,9 @@ var _ volume.Builder = &nfsBuilder{} func (b *nfsBuilder) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: b.readOnly, - Managed: false, - SupportsOwnershipManagement: false, - SupportsSELinux: false, + ReadOnly: b.readOnly, + Managed: false, + SupportsSELinux: false, } } diff --git a/pkg/volume/rbd/rbd.go b/pkg/volume/rbd/rbd.go index 8807c646626..78af488f7be 100644 --- a/pkg/volume/rbd/rbd.go +++ b/pkg/volume/rbd/rbd.go @@ -196,10 +196,9 @@ var _ volume.Builder = &rbdBuilder{} func (b *rbd) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: b.ReadOnly, - Managed: !b.ReadOnly, - SupportsOwnershipManagement: true, - SupportsSELinux: true, + ReadOnly: b.ReadOnly, + Managed: !b.ReadOnly, + SupportsSELinux: true, } } diff --git a/pkg/volume/secret/secret.go b/pkg/volume/secret/secret.go index f1c8f39df76..339380c4630 100644 --- a/pkg/volume/secret/secret.go +++ b/pkg/volume/secret/secret.go @@ -101,10 +101,9 @@ var _ volume.Builder = &secretVolumeBuilder{} func (sv *secretVolume) GetAttributes() volume.Attributes { return volume.Attributes{ - ReadOnly: true, - Managed: true, - SupportsOwnershipManagement: true, - SupportsSELinux: true, + ReadOnly: true, + Managed: true, + SupportsSELinux: true, } } func (b *secretVolumeBuilder) SetUp(fsGroup *int64) error { diff --git a/pkg/volume/testing.go b/pkg/volume/testing.go index c35700430f5..9e2750774ee 100644 --- a/pkg/volume/testing.go +++ b/pkg/volume/testing.go @@ -176,10 +176,9 @@ type FakeVolume struct { func (_ *FakeVolume) GetAttributes() Attributes { return Attributes{ - ReadOnly: false, - Managed: true, - SupportsOwnershipManagement: true, - SupportsSELinux: true, + ReadOnly: false, + Managed: true, + SupportsSELinux: true, } } diff --git a/pkg/volume/volume.go b/pkg/volume/volume.go index 32b8ec86793..c8c9a70b9bd 100644 --- a/pkg/volume/volume.go +++ b/pkg/volume/volume.go @@ -60,10 +60,9 @@ type Metrics struct { // Attributes represents the attributes of this builder. type Attributes struct { - ReadOnly bool - Managed bool - SupportsOwnershipManagement bool - SupportsSELinux bool + ReadOnly bool + Managed bool + SupportsSELinux bool } // Builder interface provides methods to set up/mount the volume.