Merge pull request #62375 from feiskyer/visible-files

Automatic merge from submit-queue (batch tested with PRs 62650, 62303, 62545, 62375). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Fix user visible files creation for windows **What this PR does / why we need it**: Fix user visible files creation for windows. Without this, [createUserVisibleFiles](https://github.com/kubernetes/kubernetes/blob/master/pkg/volume/util/atomic_writer.go#L415:24) will get linkname with subpath included, and then symlink will fail. This is because "/" is used in pod spec (e.g. `"new/path/data-1"`) while "\" is used on Windows to get linkname. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #62338 **Special notes for your reviewer**: Should also be cherry-picked to old releases. **Release note**: ```release-note Fix user visible files creation for windows ```
2025-07-23 19:56:01 +00:00 · 2018-04-16 13:56:13 -07:00 · 2018-04-16 13:56:13 -07:00 · 6fb3d3a79c
commit 6fb3d3a79c
parent 7c0df535e2 f12b8eb497
2 changed files with 174 additions and 1 deletions
--- a/pkg/volume/util/atomic_writer.go
+++ b/pkg/volume/util/atomic_writer.go
@ -230,7 +230,7 @@ func validatePayload(payload map[string]FileProjection) (map[string]FileProjecti
 			return nil, err
 		}

-		cleanPayload[path.Clean(k)] = content
+		cleanPayload[filepath.Clean(k)] = content
 	}

 	return cleanPayload, nil
--- a/pkg/volume/util/atomic_writer_test.go
+++ b/pkg/volume/util/atomic_writer_test.go
@ -811,3 +811,176 @@ func checkVolumeContents(targetDir, tcName string, payload map[string]FileProjec
 		t.Errorf("%v: payload and observed payload do not match.", tcName)
 	}
 }
+
+func TestValidatePayload(t *testing.T) {
+	maxPath := strings.Repeat("a", maxPathLength+1)
+
+	cases := []struct {
+		name     string
+		payload  map[string]FileProjection
+		expected sets.String
+		valid    bool
+	}{
+		{
+			name: "valid payload",
+			payload: map[string]FileProjection{
+				"foo": {},
+				"bar": {},
+			},
+			valid:    true,
+			expected: sets.NewString("foo", "bar"),
+		},
+		{
+			name: "payload with path length > 4096 is invalid",
+			payload: map[string]FileProjection{
+				maxPath: {},
+			},
+			valid: false,
+		},
+		{
+			name: "payload with absolute path is invalid",
+			payload: map[string]FileProjection{
+				"/dev/null": {},
+			},
+			valid: false,
+		},
+		{
+			name: "payload with reserved path is invalid",
+			payload: map[string]FileProjection{
+				"..sneaky.txt": {},
+			},
+			valid: false,
+		},
+		{
+			name: "payload with doubledot path is invalid",
+			payload: map[string]FileProjection{
+				"foo/../etc/password": {},
+			},
+			valid: false,
+		},
+		{
+			name: "payload with empty path is invalid",
+			payload: map[string]FileProjection{
+				"": {},
+			},
+			valid: false,
+		},
+		{
+			name: "payload with unclean path should be cleaned",
+			payload: map[string]FileProjection{
+				"foo////bar": {},
+			},
+			valid:    true,
+			expected: sets.NewString("foo/bar"),
+		},
+	}
+	getPayloadPaths := func(payload map[string]FileProjection) sets.String {
+		paths := sets.NewString()
+		for path := range payload {
+			paths.Insert(path)
+		}
+		return paths
+	}
+
+	for _, tc := range cases {
+		real, err := validatePayload(tc.payload)
+		if !tc.valid && err == nil {
+			t.Errorf("%v: unexpected success", tc.name)
+		}
+
+		if tc.valid {
+			if err != nil {
+				t.Errorf("%v: unexpected failure: %v", tc.name, err)
+				continue
+			}
+
+			realPaths := getPayloadPaths(real)
+			if !realPaths.Equal(tc.expected) {
+				t.Errorf("%v: unexpected payload paths: %v is not equal to %v", tc.name, realPaths, tc.expected)
+			}
+		}
+
+	}
+}
+
+func TestCreateUserVisibleFiles(t *testing.T) {
+	cases := []struct {
+		name     string
+		payload  map[string]FileProjection
+		expected map[string]string
+	}{
+		{
+			name: "simple path",
+			payload: map[string]FileProjection{
+				"foo": {},
+				"bar": {},
+			},
+			expected: map[string]string{
+				"foo": "..data/foo",
+				"bar": "..data/bar",
+			},
+		},
+		{
+			name: "simple nested path",
+			payload: map[string]FileProjection{
+				"foo/bar":     {},
+				"foo/bar/txt": {},
+				"bar/txt":     {},
+			},
+			expected: map[string]string{
+				"foo": "..data/foo",
+				"bar": "..data/bar",
+			},
+		},
+		{
+			name: "unclean nested path",
+			payload: map[string]FileProjection{
+				"./bar":     {},
+				"foo///bar": {},
+			},
+			expected: map[string]string{
+				"bar": "..data/bar",
+				"foo": "..data/foo",
+			},
+		},
+	}
+
+	for _, tc := range cases {
+		targetDir, err := utiltesting.MkTmpdir("atomic-write")
+		if err != nil {
+			t.Errorf("%v: unexpected error creating tmp dir: %v", tc.name, err)
+			continue
+		}
+		defer os.RemoveAll(targetDir)
+
+		dataDirPath := path.Join(targetDir, dataDirName)
+		err = os.MkdirAll(dataDirPath, 0755)
+		if err != nil {
+			t.Fatalf("%v: unexpected error creating data path: %v", tc.name, err)
+		}
+
+		writer := &AtomicWriter{targetDir: targetDir, logContext: "-test-"}
+		payload, err := validatePayload(tc.payload)
+		if err != nil {
+			t.Fatalf("%v: unexpected error validating payload: %v", tc.name, err)
+		}
+		err = writer.createUserVisibleFiles(payload)
+		if err != nil {
+			t.Fatalf("%v: unexpected error creating visible files: %v", tc.name, err)
+		}
+
+		for subpath, expectedDest := range tc.expected {
+			visiblePath := path.Join(targetDir, subpath)
+			destination, err := os.Readlink(visiblePath)
+			if err != nil && os.IsNotExist(err) {
+				t.Fatalf("%v: visible symlink does not exist: %v", tc.name, visiblePath)
+			} else if err != nil {
+				t.Fatalf("%v: unable to read symlink %v: %v", tc.name, dataDirPath, err)
+			}
+
+			if expectedDest != destination {
+				t.Fatalf("%v: symlink destination %q not same with expected data dir %q", tc.name, destination, expectedDest)
+			}
+		}
+	}
+}