From 58bd3e5230df253cb23c22641883b87da92e5f43 Mon Sep 17 00:00:00 2001 From: Christian Huffman Date: Wed, 10 Jun 2020 14:54:48 -0400 Subject: [PATCH 1/4] Include CSIDriver SupportsFsGroup --- api/openapi-spec/swagger.json | 8 ++ pkg/apis/storage/types.go | 39 ++++++++ pkg/apis/storage/v1/defaults.go | 4 + pkg/apis/storage/v1beta1/defaults.go | 6 +- pkg/apis/storage/validation/validation.go | 16 +++ .../storage/validation/validation_test.go | 20 ++++ pkg/features/kube_features.go | 7 ++ pkg/registry/storage/csidriver/strategy.go | 11 ++- pkg/volume/csi/csi_mounter.go | 79 +++++++++------ pkg/volume/csi/csi_mounter_test.go | 99 +++++++++++++++++-- pkg/volume/csi/csi_plugin.go | 46 +++++++++ staging/src/k8s.io/api/storage/v1/types.go | 39 ++++++++ .../src/k8s.io/api/storage/v1beta1/types.go | 33 +++++++ 13 files changed, 369 insertions(+), 38 deletions(-) diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json index 3d38d46101c..ca4ef0815cf 100644 --- a/api/openapi-spec/swagger.json +++ b/api/openapi-spec/swagger.json @@ -14879,6 +14879,10 @@ "description": "attachRequired indicates this CSI volume driver requires an attach operation (because it implements the CSI ControllerPublishVolume() method), and that the Kubernetes attach detach controller should call the attach volume interface which checks the volumeattachment status and waits until the volume is attached before proceeding to mounting. The CSI external-attacher coordinates with CSI volume driver and updates the volumeattachment status when the attach operation is complete. If the CSIDriverRegistry feature gate is enabled and the value is specified to false, the attach operation will be skipped. Otherwise the attach operation will be called.", "type": "boolean" }, + "fsGroupPolicy": { + "description": "Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. If set to Supported, FSGroupPolicy indicates that the volumes provisioned by this CSIDriver support volume ownership and permission changes, and the filesystem will be modified to match the defined fsGroup every time the volume is mounted. If set to Unsupported, then the volume will be mounted without modifying the volume's ownership or permissions. Defaults to Heuristic, which results in the volume being examined and the volume ownership and permissions attempting to be updated only when the PodSecurityPolicy's fsGroup is explicitly defined, the fsType is defined, and the PersistentVolumes's accessModes includes RWO. This field is alpha-level, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.", + "type": "string" + }, "podInfoOnMount": { "description": "If set to true, podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations. If set to false, pod information will not be passed on mount. Default is false. The CSI driver specifies podInfoOnMount as part of driver deployment. If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. The following VolumeConext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. \"csi.storage.k8s.io/pod.name\": pod.Name \"csi.storage.k8s.io/pod.namespace\": pod.Namespace \"csi.storage.k8s.io/pod.uid\": string(pod.UID) \"csi.storage.k8s.io/ephemeral\": \"true\" iff the volume is an ephemeral inline volume\n defined by a CSIVolumeSource, otherwise \"false\"\n\n\"csi.storage.k8s.io/ephemeral\" is a new feature in Kubernetes 1.16. It is only required for drivers which support both the \"Persistent\" and \"Ephemeral\" VolumeLifecycleMode. Other drivers can leave pod info disabled and/or ignore this field. As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when deployed on such a cluster and the deployment determines which mode that is, for example via a command line parameter of the driver.", "type": "boolean" @@ -15497,6 +15501,10 @@ "description": "attachRequired indicates this CSI volume driver requires an attach operation (because it implements the CSI ControllerPublishVolume() method), and that the Kubernetes attach detach controller should call the attach volume interface which checks the volumeattachment status and waits until the volume is attached before proceeding to mounting. The CSI external-attacher coordinates with CSI volume driver and updates the volumeattachment status when the attach operation is complete. If the CSIDriverRegistry feature gate is enabled and the value is specified to false, the attach operation will be skipped. Otherwise the attach operation will be called.", "type": "boolean" }, + "fsGroupPolicy": { + "description": "Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. If set to Supported, FSGroupPolicy indicates that the volumes provisioned by this CSIDriver support volume ownership and permission changes, and the filesystem will be modified to match the defined fsGroup every time the volume is mounted. If set to Unsupported, then the volume will be mounted without modifying the volume's ownership or permissions. Defaults to Heuristic, which results in the volume being examined and the volume ownership and permissions attempting to be updated only when the PodSecurityPolicy's fsGroup is explicitly defined, the fsType is defined, and the PersistentVolumes's accessModes includes RWO. This field is alpha-level, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.", + "type": "string" + }, "podInfoOnMount": { "description": "If set to true, podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations. If set to false, pod information will not be passed on mount. Default is false. The CSI driver specifies podInfoOnMount as part of driver deployment. If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. The following VolumeConext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. \"csi.storage.k8s.io/pod.name\": pod.Name \"csi.storage.k8s.io/pod.namespace\": pod.Namespace \"csi.storage.k8s.io/pod.uid\": string(pod.UID) \"csi.storage.k8s.io/ephemeral\": \"true\" iff the volume is an ephemeral inline volume\n defined by a CSIVolumeSource, otherwise \"false\"\n\n\"csi.storage.k8s.io/ephemeral\" is a new feature in Kubernetes 1.16. It is only required for drivers which support both the \"Persistent\" and \"Ephemeral\" VolumeLifecycleMode. Other drivers can leave pod info disabled and/or ignore this field. As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when deployed on such a cluster and the deployment determines which mode that is, for example via a command line parameter of the driver.", "type": "boolean" diff --git a/pkg/apis/storage/types.go b/pkg/apis/storage/types.go index 4cb484aabfe..15befc40266 100644 --- a/pkg/apis/storage/types.go +++ b/pkg/apis/storage/types.go @@ -277,6 +277,14 @@ type CSIDriverSpec struct { // +optional AttachRequired *bool + // Defines if the underlying volume supports changing ownership and + // permission of the volume before being mounted. + // Refer to the specific FSGroupPolicy values for additional details. + // This field is alpha-level, and is only honored by servers + // that enable the CSIVolumeFSGroupPolicy feature gate. + // +optional + FSGroupPolicy *FSGroupPolicy + // If set to true, podInfoOnMount indicates this CSI volume driver // requires additional pod information (like podName, podUID, etc.) during // mount operations. @@ -331,6 +339,37 @@ type CSIDriverSpec struct { StorageCapacity *bool } +// FSGroupPolicy specifies if a CSI Driver supports modifying +// volume ownership and permissions of the volume to be mounted. +// More modes may be added in the future. +type FSGroupPolicy string + +const ( + // ReadWriteOnceWithFSTypeFSGroupPolicy indicates that each volume will be examined + // to determine if the volume ownership and permissions + // should be modified. If a fstype is defined and the volume's access mode + // contains ReadWriteOnce, then the defined fsGroup will be applied. + // This mode should be defined if it's expected that the + // fsGroup may need to be modified depending on the pod's SecurityPolicy. + // This is the default behavior if no other FSGroupPolicy is defined. + ReadWriteOnceWithFSTypeFSGroupPolicy FSGroupPolicy = "ReadWriteOnceWithFSType" + + // FileFSGroupPolicy indicates that CSI driver supports volume ownership + // and permission change via fsGroup, and Kubernetes may use fsGroup + // to change permissions and ownership of the volume to match user requested fsGroup in + // the pod's SecurityPolicy regardless of fstype or access mode. + // This mode should be defined if the fsGroup is expected to always change on mount + FileFSGroupPolicy FSGroupPolicy = "File" + + // NoneFSGroupPolicy indicates that volumes will be mounted without performing + // any ownership or permission modifications, as the CSIDriver does not support + // these operations. + // This mode should be selected if the CSIDriver does not support fsGroup modifications, + // for example when Kubernetes cannot change ownership and permissions on a volume due + // to root-squash settings on a NFS volume. + NoneFSGroupPolicy FSGroupPolicy = "None" +) + // VolumeLifecycleMode specifies how a CSI volume is used in Kubernetes. // More modes may be added in the future. type VolumeLifecycleMode string diff --git a/pkg/apis/storage/v1/defaults.go b/pkg/apis/storage/v1/defaults.go index 4d9145a8f49..f5b4182521b 100644 --- a/pkg/apis/storage/v1/defaults.go +++ b/pkg/apis/storage/v1/defaults.go @@ -53,6 +53,10 @@ func SetDefaults_CSIDriver(obj *storagev1.CSIDriver) { obj.Spec.StorageCapacity = new(bool) *(obj.Spec.StorageCapacity) = false } + if obj.Spec.FSGroupPolicy == nil && utilfeature.DefaultFeatureGate.Enabled(features.CSIVolumeFSGroupPolicy) { + obj.Spec.FSGroupPolicy = new(storagev1.FSGroupPolicy) + *obj.Spec.FSGroupPolicy = storagev1.ReadWriteOnceWithFSTypeFSGroupPolicy + } if len(obj.Spec.VolumeLifecycleModes) == 0 && utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) { obj.Spec.VolumeLifecycleModes = append(obj.Spec.VolumeLifecycleModes, storagev1.VolumeLifecyclePersistent) } diff --git a/pkg/apis/storage/v1beta1/defaults.go b/pkg/apis/storage/v1beta1/defaults.go index fc6e346c2ec..3601d300951 100644 --- a/pkg/apis/storage/v1beta1/defaults.go +++ b/pkg/apis/storage/v1beta1/defaults.go @@ -17,7 +17,7 @@ limitations under the License. package v1beta1 import ( - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" storagev1beta1 "k8s.io/api/storage/v1beta1" "k8s.io/apimachinery/pkg/runtime" utilfeature "k8s.io/apiserver/pkg/util/feature" @@ -53,6 +53,10 @@ func SetDefaults_CSIDriver(obj *storagev1beta1.CSIDriver) { obj.Spec.StorageCapacity = new(bool) *(obj.Spec.StorageCapacity) = false } + if obj.Spec.FSGroupPolicy == nil && utilfeature.DefaultFeatureGate.Enabled(features.CSIVolumeFSGroupPolicy) { + obj.Spec.FSGroupPolicy = new(storagev1beta1.FSGroupPolicy) + *obj.Spec.FSGroupPolicy = storagev1beta1.ReadWriteOnceWithFSTypeFSGroupPolicy + } if len(obj.Spec.VolumeLifecycleModes) == 0 && utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) { obj.Spec.VolumeLifecycleModes = append(obj.Spec.VolumeLifecycleModes, storagev1beta1.VolumeLifecyclePersistent) } diff --git a/pkg/apis/storage/validation/validation.go b/pkg/apis/storage/validation/validation.go index 290430f4e6f..62b3ba0d330 100644 --- a/pkg/apis/storage/validation/validation.go +++ b/pkg/apis/storage/validation/validation.go @@ -421,6 +421,7 @@ func validateCSIDriverSpec( allErrs = append(allErrs, validateAttachRequired(spec.AttachRequired, fldPath.Child("attachedRequired"))...) allErrs = append(allErrs, validatePodInfoOnMount(spec.PodInfoOnMount, fldPath.Child("podInfoOnMount"))...) allErrs = append(allErrs, validateStorageCapacity(spec.StorageCapacity, fldPath.Child("storageCapacity"))...) + allErrs = append(allErrs, validateFSGroupPolicy(spec.FSGroupPolicy, fldPath.Child("fsGroupPolicy"))...) allErrs = append(allErrs, validateVolumeLifecycleModes(spec.VolumeLifecycleModes, fldPath.Child("volumeLifecycleModes"))...) return allErrs } @@ -451,6 +452,21 @@ func validateStorageCapacity(storageCapacity *bool, fldPath *field.Path) field.E if storageCapacity == nil && utilfeature.DefaultFeatureGate.Enabled(features.CSIStorageCapacity) { allErrs = append(allErrs, field.Required(fldPath, "")) } +} + +var supportedFSGroupPolicy = sets.NewString(string(storage.ReadWriteOnceWithFSTypeFSGroupPolicy), string(storage.FileFSGroupPolicy), string(storage.NoneFSGroupPolicy)) + +// validateFSGroupPolicy tests if FSGroupPolicy contains an appropriate value. +func validateFSGroupPolicy(fsGroupPolicy *storage.FSGroupPolicy, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + if fsGroupPolicy == nil { + // This is not a required field, so if nothing is provided simply return + return allErrs + } + + if !supportedFSGroupPolicy.Has(string(*fsGroupPolicy)) { + allErrs = append(allErrs, field.NotSupported(fldPath, fsGroupPolicy, supportedFSGroupPolicy.List())) + } return allErrs } diff --git a/pkg/apis/storage/validation/validation_test.go b/pkg/apis/storage/validation/validation_test.go index d335ce89a1a..0ec0e7a9c23 100644 --- a/pkg/apis/storage/validation/validation_test.go +++ b/pkg/apis/storage/validation/validation_test.go @@ -1665,6 +1665,9 @@ func TestCSIDriverValidation(t *testing.T) { attachNotRequired := false podInfoOnMount := true notPodInfoOnMount := false + supportedFSGroupPolicy := storage.FileFSGroupPolicy + invalidFSGroupPolicy := storage.ReadWriteOnceWithFSTypeFSGroupPolicy + invalidFSGroupPolicy = "invalid-mode" successCases := []storage.CSIDriver{ { ObjectMeta: metav1.ObjectMeta{Name: driverName}, @@ -1769,6 +1772,14 @@ func TestCSIDriverValidation(t *testing.T) { }, }, }, + { + ObjectMeta: metav1.ObjectMeta{Name: driverName}, + Spec: storage.CSIDriverSpec{ + AttachRequired: &attachNotRequired, + PodInfoOnMount: ¬PodInfoOnMount, + FSGroupPolicy: &supportedFSGroupPolicy, + }, + }, } for _, csiDriver := range successCases { @@ -1818,6 +1829,15 @@ func TestCSIDriverValidation(t *testing.T) { }, }, }, + { + // invalid fsGroupPolicy + ObjectMeta: metav1.ObjectMeta{Name: driverName}, + Spec: storage.CSIDriverSpec{ + AttachRequired: &attachNotRequired, + PodInfoOnMount: ¬PodInfoOnMount, + FSGroupPolicy: &invalidFSGroupPolicy, + }, + }, } for _, csiDriver := range errorCases { diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go index bc42d10cca8..6368a759d2f 100644 --- a/pkg/features/kube_features.go +++ b/pkg/features/kube_features.go @@ -435,6 +435,12 @@ const ( // Expects vSphere CSI Driver to be installed and configured on all nodes. CSIMigrationvSphereComplete featuregate.Feature = "CSIMigrationvSphereComplete" + // owner: @huffmanca + // alpha: v1.19 + // + // Determines if a CSI Driver supports applying fsGroup. + CSIVolumeFSGroupPolicy featuregate.Feature = "CSIVolumeFSGroupPolicy" + // owner: @gnufied // alpha: v1.18 // Allows user to configure volume permission change policy for fsGroups when mounting @@ -685,6 +691,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS CSIInlineVolume: {Default: true, PreRelease: featuregate.Beta}, CSIStorageCapacity: {Default: false, PreRelease: featuregate.Alpha}, GenericEphemeralVolume: {Default: false, PreRelease: featuregate.Alpha}, + CSIVolumeFSGroupPolicy: {Default: false, PreRelease: featuregate.Alpha}, RuntimeClass: {Default: true, PreRelease: featuregate.Beta}, NodeLease: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, SCTPSupport: {Default: true, PreRelease: featuregate.Beta}, diff --git a/pkg/registry/storage/csidriver/strategy.go b/pkg/registry/storage/csidriver/strategy.go index f406ef55885..ea3dd853ad4 100644 --- a/pkg/registry/storage/csidriver/strategy.go +++ b/pkg/registry/storage/csidriver/strategy.go @@ -45,14 +45,16 @@ func (csiDriverStrategy) NamespaceScoped() bool { // PrepareForCreate clears the fields for which the corresponding feature is disabled. func (csiDriverStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { + csiDriver := obj.(*storage.CSIDriver) if !utilfeature.DefaultFeatureGate.Enabled(features.CSIStorageCapacity) { - csiDriver := obj.(*storage.CSIDriver) csiDriver.Spec.StorageCapacity = nil } if !utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) { - csiDriver := obj.(*storage.CSIDriver) csiDriver.Spec.VolumeLifecycleModes = nil } + if !utilfeature.DefaultFeatureGate.Enabled(features.CSIVolumeFSGroupPolicy) { + csiDriver.Spec.FSGroupPolicy = nil + } } func (csiDriverStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { @@ -86,6 +88,11 @@ func (csiDriverStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime. newCSIDriver := obj.(*storage.CSIDriver) newCSIDriver.Spec.VolumeLifecycleModes = nil } + if old.(*storage.CSIDriver).Spec.FSGroupPolicy == nil && + !utilfeature.DefaultFeatureGate.Enabled(features.CSIVolumeFSGroupPolicy) { + newCSIDriver := obj.(*storage.CSIDriver) + newCSIDriver.Spec.FSGroupPolicy = nil + } } func (csiDriverStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { diff --git a/pkg/volume/csi/csi_mounter.go b/pkg/volume/csi/csi_mounter.go index 590f74a6282..f30e02e5eeb 100644 --- a/pkg/volume/csi/csi_mounter.go +++ b/pkg/volume/csi/csi_mounter.go @@ -66,6 +66,7 @@ type csiMountMgr struct { plugin *csiPlugin driverName csiDriverName volumeLifecycleMode storage.VolumeLifecycleMode + fsGroupPolicy storage.FSGroupPolicy volumeID string specVolumeID string readOnly bool @@ -277,17 +278,30 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error klog.V(2).Info(log("error checking for SELinux support: %s", err)) } - // apply volume ownership - // The following logic is derived from https://github.com/kubernetes/kubernetes/issues/66323 - // if fstype is "", then skip fsgroup (could be indication of non-block filesystem) - // if fstype is provided and pv.AccessMode == ReadWriteOnly, then apply fsgroup - err = c.applyFSGroup(fsType, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy) - if err != nil { - // At this point mount operation is successful: - // 1. Since volume can not be used by the pod because of invalid permissions, we must return error - // 2. Since mount is successful, we must record volume as mounted in uncertain state, so it can be - // cleaned up. - return volumetypes.NewUncertainProgressError(fmt.Sprintf("applyFSGroup failed for vol %s: %v", c.volumeID, err)) + fsGroupFeatureGateEnabled := utilfeature.DefaultFeatureGate.Enabled(features.CSIVolumeFSGroupPolicy) + // If the feature gate isn't enabled, then adjust the CSIDriver to use the ReadWriteOnceWithFSTypeFSGroupPolicy + // policy. This keeps the default behavior. + if !fsGroupFeatureGateEnabled { + c.fsGroupPolicy = storage.ReadWriteOnceWithFSTypeFSGroupPolicy + } + + // If the the FSGroupPolicy isn't NoneFSGroupPolicy, then we should attempt to modify + // the fsGroup. At this point the feature gate is enabled, so we should proceed, + // or it's disabled, at which point we should evaluate the fstype and pv.AccessMode + // and update the fsGroup appropriately. + if c.fsGroupPolicy != storage.NoneFSGroupPolicy { + + // The following logic is derived from https://github.com/kubernetes/kubernetes/issues/66323 + // if fstype is "", then skip fsgroup (could be indication of non-block filesystem) + // if fstype is provided and pv.AccessMode == ReadWriteOnly, then apply fsgroup + err = c.applyFSGroup(fsType, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy) + if err != nil { + // At this point mount operation is successful: + // 1. Since volume can not be used by the pod because of invalid permissions, we must return error + // 2. Since mount is successful, we must record volume as mounted in uncertain state, so it can be + // cleaned up. + return volumetypes.NewUncertainProgressError(fmt.Sprintf("applyFSGroup failed for vol %s: %v", c.volumeID, err)) + } } klog.V(4).Infof(log("mounter.SetUp successfully requested NodePublish [%s]", dir)) @@ -377,25 +391,30 @@ func (c *csiMountMgr) TearDownAt(dir string) error { // 1) if fstype is "", then skip fsgroup (could be indication of non-block filesystem) // 2) if fstype is provided and pv.AccessMode == ReadWriteOnly and !c.spec.ReadOnly then apply fsgroup func (c *csiMountMgr) applyFSGroup(fsType string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy) error { - if fsGroup != nil { - if fsType == "" { - klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, fsType not provided")) - return nil - } + if c.fsGroupPolicy == storage.FileFSGroupPolicy || fsGroup != nil { - accessModes := c.spec.PersistentVolume.Spec.AccessModes - if c.spec.PersistentVolume.Spec.AccessModes == nil { - klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, access modes not provided")) - return nil - } - if !hasReadWriteOnce(accessModes) { - klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, only support ReadWriteOnce access mode")) - return nil - } + // If the FSGroupPolicy is ReadWriteOnceWithFSTypeFSGroupPolicy perform additional checks + // to determine if we should proceed with modifying the fsGroup. + if c.fsGroupPolicy == storage.ReadWriteOnceWithFSTypeFSGroupPolicy { + if fsType == "" { + klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, fsType not provided")) + return nil + } - if c.readOnly { - klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, volume is readOnly")) - return nil + accessModes := c.spec.PersistentVolume.Spec.AccessModes + if c.spec.PersistentVolume.Spec.AccessModes == nil { + klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, access modes not provided")) + return nil + } + if !hasReadWriteOnce(accessModes) { + klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, only support ReadWriteOnce access mode")) + return nil + } + + if c.readOnly { + klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, volume is readOnly")) + return nil + } } err := volume.SetVolumeOwnership(c, fsGroup, fsGroupChangePolicy) @@ -403,7 +422,9 @@ func (c *csiMountMgr) applyFSGroup(fsType string, fsGroup *int64, fsGroupChangeP return err } - klog.V(4).Info(log("mounter.SetupAt fsGroup [%d] applied successfully to %s", *fsGroup, c.volumeID)) + if fsGroup != nil { + klog.V(4).Info(log("mounter.SetupAt fsGroup [%d] applied successfully to %s", *fsGroup, c.volumeID)) + } } return nil diff --git a/pkg/volume/csi/csi_mounter_test.go b/pkg/volume/csi/csi_mounter_test.go index c5421e6a27e..151da9a7646 100644 --- a/pkg/volume/csi/csi_mounter_test.go +++ b/pkg/volume/csi/csi_mounter_test.go @@ -640,12 +640,14 @@ func TestMounterSetUpWithFSGroup(t *testing.T) { defer os.RemoveAll(tmpDir) testCases := []struct { - name string - accessModes []api.PersistentVolumeAccessMode - readOnly bool - fsType string - setFsGroup bool - fsGroup int64 + name string + accessModes []api.PersistentVolumeAccessMode + readOnly bool + fsType string + setFsGroup bool + fsGroup int64 + driverFSGroupPolicy bool + supportMode storage.FSGroupPolicy }{ { name: "default fstype, with no fsgroup (should not apply fsgroup)", @@ -694,11 +696,93 @@ func TestMounterSetUpWithFSGroup(t *testing.T) { setFsGroup: true, fsGroup: 3000, }, + { + name: "fstype, fsgroup, RWO provided, FSGroupPolicy ReadWriteOnceWithFSType (should apply fsgroup)", + accessModes: []api.PersistentVolumeAccessMode{ + api.ReadWriteOnce, + }, + fsType: "ext4", + setFsGroup: true, + fsGroup: 3000, + driverFSGroupPolicy: true, + supportMode: storage.ReadWriteOnceWithFSTypeFSGroupPolicy, + }, + { + name: "default fstype with no fsgroup, FSGroupPolicy ReadWriteOnceWithFSType (should not apply fsgroup)", + accessModes: []api.PersistentVolumeAccessMode{ + api.ReadWriteOnce, + }, + readOnly: false, + fsType: "", + driverFSGroupPolicy: true, + supportMode: storage.ReadWriteOnceWithFSTypeFSGroupPolicy, + }, + { + name: "default fstype with fsgroup, FSGroupPolicy ReadWriteOnceWithFSType (should not apply fsgroup)", + accessModes: []api.PersistentVolumeAccessMode{ + api.ReadWriteOnce, + }, + readOnly: false, + fsType: "", + setFsGroup: true, + fsGroup: 3000, + driverFSGroupPolicy: true, + supportMode: storage.ReadWriteOnceWithFSTypeFSGroupPolicy, + }, + { + name: "fstype, fsgroup, RWO provided, readonly, FSGroupPolicy ReadWriteOnceWithFSType (should not apply fsgroup)", + accessModes: []api.PersistentVolumeAccessMode{ + api.ReadWriteOnce, + }, + readOnly: true, + fsType: "ext4", + setFsGroup: true, + fsGroup: 3000, + driverFSGroupPolicy: true, + supportMode: storage.ReadWriteOnceWithFSTypeFSGroupPolicy, + }, + { + name: "fstype, fsgroup, RWX provided, FSGroupPolicy ReadWriteOnceWithFSType (should not apply fsgroup)", + accessModes: []api.PersistentVolumeAccessMode{ + api.ReadWriteMany, + }, + readOnly: false, + fsType: "ext4", + setFsGroup: true, + fsGroup: 3000, + driverFSGroupPolicy: true, + supportMode: storage.ReadWriteOnceWithFSTypeFSGroupPolicy, + }, + { + name: "fstype, fsgroup, RWO provided, FSGroupPolicy None (should not apply fsgroup)", + accessModes: []api.PersistentVolumeAccessMode{ + api.ReadWriteOnce, + }, + fsType: "ext4", + setFsGroup: true, + fsGroup: 3000, + driverFSGroupPolicy: true, + supportMode: storage.NoneFSGroupPolicy, + }, + { + name: "fstype, fsgroup, RWO provided, readOnly, FSGroupPolicy File (should apply fsgroup)", + accessModes: []api.PersistentVolumeAccessMode{ + api.ReadWriteOnce, + }, + readOnly: true, + fsType: "ext4", + setFsGroup: true, + fsGroup: 3000, + driverFSGroupPolicy: true, + supportMode: storage.FileFSGroupPolicy, + }, } for i, tc := range testCases { t.Logf("Running test %s", tc.name) + defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIVolumeFSGroupPolicy, tc.driverFSGroupPolicy)() + volName := fmt.Sprintf("test-vol-%d", i) registerFakePlugin(testDriver, "endpoint", []string{"1.0.0"}, t) pv := makeTestPV("test-pv", 10, testDriver, volName) @@ -725,6 +809,9 @@ func TestMounterSetUpWithFSGroup(t *testing.T) { } csiMounter := mounter.(*csiMountMgr) + if tc.driverFSGroupPolicy { + csiMounter.fsGroupPolicy = tc.supportMode + } csiMounter.csiClient = setupClient(t, true) attachID := getAttachmentName(csiMounter.volumeID, string(csiMounter.driverName), string(plug.host.GetNodeName())) diff --git a/pkg/volume/csi/csi_plugin.go b/pkg/volume/csi/csi_plugin.go index 61da1c3f2ca..9fe48924d51 100644 --- a/pkg/volume/csi/csi_plugin.go +++ b/pkg/volume/csi/csi_plugin.go @@ -380,6 +380,11 @@ func (p *csiPlugin) NewMounter( return nil, err } + fsGroupPolicy, err := p.getFSGroupPolicy(driverName) + if err != nil { + return nil, err + } + k8s := p.host.GetKubeClient() if k8s == nil { return nil, errors.New(log("failed to get a kubernetes client")) @@ -398,6 +403,7 @@ func (p *csiPlugin) NewMounter( podUID: pod.UID, driverName: csiDriverName(driverName), volumeLifecycleMode: volumeLifecycleMode, + fsGroupPolicy: fsGroupPolicy, volumeID: volumeHandle, specVolumeID: spec.Name(), readOnly: readOnly, @@ -846,6 +852,46 @@ func (p *csiPlugin) getVolumeLifecycleMode(spec *volume.Spec) (storage.VolumeLif return storage.VolumeLifecyclePersistent, nil } +// getFSGroupPolicy returns if the CSI driver supports a volume in the given mode. +// An error indicates that it isn't supported and explains why. +func (p *csiPlugin) getFSGroupPolicy(driver string) (storage.FSGroupPolicy, error) { + if !utilfeature.DefaultFeatureGate.Enabled(features.CSIVolumeFSGroupPolicy) { + // feature is disabled, default to ReadWriteOnceWithFSTypeFSGroupPolicy + return storage.ReadWriteOnceWithFSTypeFSGroupPolicy, nil + } + + // Retrieve CSIDriver. It's not an error if that isn't + // possible (we don't have the lister if CSIDriverRegistry is + // disabled) or the driver isn't found (CSIDriver is + // optional) + var csiDriver *storage.CSIDriver + if p.csiDriverLister != nil { + kletHost, ok := p.host.(volume.KubeletVolumeHost) + if ok { + if err := kletHost.WaitForCacheSync(); err != nil { + return storage.ReadWriteOnceWithFSTypeFSGroupPolicy, err + } + } + + c, err := p.csiDriverLister.Get(driver) + if err != nil && !apierrors.IsNotFound(err) { + // Some internal error. + return storage.ReadWriteOnceWithFSTypeFSGroupPolicy, err + } + csiDriver = c + } + + // If the csiDriver isn't defined, return the default behavior + if csiDriver == nil { + return storage.ReadWriteOnceWithFSTypeFSGroupPolicy, nil + } + // If the csiDriver exists but the fsGroupPolicy isn't defined, return an error + if csiDriver.Spec.FSGroupPolicy == nil || *csiDriver.Spec.FSGroupPolicy == "" { + return storage.ReadWriteOnceWithFSTypeFSGroupPolicy, errors.New(log("expected valid fsGroupPolicy, received nil value or empty string")) + } + return *csiDriver.Spec.FSGroupPolicy, nil +} + func (p *csiPlugin) getPublishContext(client clientset.Interface, handle, driver, nodeName string) (map[string]string, error) { skip, err := p.skipAttach(driver) if err != nil { diff --git a/staging/src/k8s.io/api/storage/v1/types.go b/staging/src/k8s.io/api/storage/v1/types.go index 6f0b3ee465b..27e06debb1a 100644 --- a/staging/src/k8s.io/api/storage/v1/types.go +++ b/staging/src/k8s.io/api/storage/v1/types.go @@ -336,8 +336,47 @@ type CSIDriverSpec struct { // // +optional StorageCapacity *bool `json:"storageCapacity,omitempty" protobuf:"bytes,4,opt,name=storageCapacity"` + + // Defines if the underlying volume supports changing ownership and + // permission of the volume before being mounted. + // Refer to the specific FSGroupPolicy values for additional details. + // This field is alpha-level, and is only honored by servers + // that enable the CSIVolumeFSGroupPolicy feature gate. + // +optional + FSGroupPolicy *FSGroupPolicy `json:"fsGroupPolicy,omitempty" protobuf:"bytes,5,opt,name=fsGroupPolicy"` } +// FSGroupPolicy specifies if a CSI Driver supports modifying +// volume ownership and permissions of the volume to be mounted. +// More modes may be added in the future. +type FSGroupPolicy string + +const ( + // ReadWriteOnceWithFSTypeFSGroupPolicy indicates that each volume will be examined + // to determine if the volume ownership and permissions + // should be modified. If a fstype is defined and the volume's access mode + // contains ReadWriteOnce, then the defined fsGroup will be applied. + // This mode should be defined if it's expected that the + // fsGroup may need to be modified depending on the pod's SecurityPolicy. + // This is the default behavior if no other FSGroupPolicy is defined. + ReadWriteOnceWithFSTypeFSGroupPolicy FSGroupPolicy = "ReadWriteOnceWithFSType" + + // FileFSGroupPolicy indicates that CSI driver supports volume ownership + // and permission change via fsGroup, and Kubernetes may use fsGroup + // to change permissions and ownership of the volume to match user requested fsGroup in + // the pod's SecurityPolicy regardless of fstype or access mode. + // This mode should be defined if the fsGroup is expected to always change on mount + FileFSGroupPolicy FSGroupPolicy = "File" + + // NoneFSGroupPolicy indicates that volumes will be mounted without performing + // any ownership or permission modifications, as the CSIDriver does not support + // these operations. + // This mode should be selected if the CSIDriver does not support fsGroup modifications, + // for example when Kubernetes cannot change ownership and permissions on a volume due + // to root-squash settings on a NFS volume. + NoneFSGroupPolicy FSGroupPolicy = "None" +) + // VolumeLifecycleMode is an enumeration of possible usage modes for a volume // provided by a CSI driver. More modes may be added in the future. type VolumeLifecycleMode string diff --git a/staging/src/k8s.io/api/storage/v1beta1/types.go b/staging/src/k8s.io/api/storage/v1beta1/types.go index 40d8ba20334..7946663a3f7 100644 --- a/staging/src/k8s.io/api/storage/v1beta1/types.go +++ b/staging/src/k8s.io/api/storage/v1beta1/types.go @@ -356,8 +356,41 @@ type CSIDriverSpec struct { // // +optional StorageCapacity *bool `json:"storageCapacity,omitempty" protobuf:"bytes,4,opt,name=storageCapacity"` + + // Defines if the underlying volume supports changing ownership and + // permission of the volume before being mounted. + // Refer to the specific FSGroupPolicy values for additional details. + // This field is alpha-level, and is only honored by servers + // that enable the CSIVolumeFSGroupPolicy feature gate. + // +optional + FSGroupPolicy *FSGroupPolicy `json:"fsGroupPolicy,omitempty" protobuf:"bytes,5,opt,name=fsGroupPolicy"` } +// FSGroupPolicy specifies if a CSI Driver supports modifying +// volume ownership and permissions of the volume to be mounted. +// More modes may be added in the future. +type FSGroupPolicy string + +const ( + // ReadWriteOnceWithFSTypeFSGroupPolicy indicates that each volume will be examined + // to determine if the volume ownership and permissions + // should be modified. If a fstype is defined and the volume's access mode + // contains ReadWriteOnce, then the defined fsGroup will be applied. + // This is the default behavior if no other FSGroupPolicy is defined. + ReadWriteOnceWithFSTypeFSGroupPolicy FSGroupPolicy = "ReadWriteOnceWithFSType" + + // FileFSGroupPolicy indicates that CSI driver supports volume ownership + // and permission change via fsGroup, and Kubernetes may use fsGroup + // to change permissions and ownership of the volume to match user requested fsGroup in + // the pod's SecurityPolicy regardless of fstype or access mode. + FileFSGroupPolicy FSGroupPolicy = "File" + + // None indicates that volumes will be mounted without performing + // any ownership or permission modifications, as the CSIDriver does not support + // these operations. + NoneFSGroupPolicy FSGroupPolicy = "None" +) + // VolumeLifecycleMode is an enumeration of possible usage modes for a volume // provided by a CSI driver. More modes may be added in the future. type VolumeLifecycleMode string From e65f0f565a3516046b481e4959b8374101c23c97 Mon Sep 17 00:00:00 2001 From: Christian Huffman Date: Wed, 10 Jun 2020 15:09:17 -0400 Subject: [PATCH 2/4] Updated dependencies --- api/openapi-spec/swagger.json | 4 +- .../storage/v1/zz_generated.conversion.go | 26 ++- .../v1beta1/zz_generated.conversion.go | 26 ++- pkg/apis/storage/validation/validation.go | 2 + pkg/apis/storage/zz_generated.deepcopy.go | 5 + .../src/k8s.io/api/storage/v1/generated.pb.go | 219 ++++++++++------- .../src/k8s.io/api/storage/v1/generated.proto | 8 + .../storage/v1/types_swagger_doc_generated.go | 1 + .../api/storage/v1/zz_generated.deepcopy.go | 5 + .../api/storage/v1beta1/generated.pb.go | 221 +++++++++++------- .../api/storage/v1beta1/generated.proto | 8 + .../v1beta1/types_swagger_doc_generated.go | 1 + .../storage/v1beta1/zz_generated.deepcopy.go | 5 + .../HEAD/storage.k8s.io.v1.CSIDriver.json | 3 +- .../HEAD/storage.k8s.io.v1.CSIDriver.pb | Bin 258 -> 285 bytes .../HEAD/storage.k8s.io.v1.CSIDriver.yaml | 1 + .../storage.k8s.io.v1beta1.CSIDriver.json | 3 +- .../HEAD/storage.k8s.io.v1beta1.CSIDriver.pb | Bin 263 -> 290 bytes .../storage.k8s.io.v1beta1.CSIDriver.yaml | 1 + 19 files changed, 358 insertions(+), 181 deletions(-) diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json index ca4ef0815cf..285346fc30d 100644 --- a/api/openapi-spec/swagger.json +++ b/api/openapi-spec/swagger.json @@ -14880,7 +14880,7 @@ "type": "boolean" }, "fsGroupPolicy": { - "description": "Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. If set to Supported, FSGroupPolicy indicates that the volumes provisioned by this CSIDriver support volume ownership and permission changes, and the filesystem will be modified to match the defined fsGroup every time the volume is mounted. If set to Unsupported, then the volume will be mounted without modifying the volume's ownership or permissions. Defaults to Heuristic, which results in the volume being examined and the volume ownership and permissions attempting to be updated only when the PodSecurityPolicy's fsGroup is explicitly defined, the fsType is defined, and the PersistentVolumes's accessModes includes RWO. This field is alpha-level, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.", + "description": "Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. This field is alpha-level, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.", "type": "string" }, "podInfoOnMount": { @@ -15502,7 +15502,7 @@ "type": "boolean" }, "fsGroupPolicy": { - "description": "Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. If set to Supported, FSGroupPolicy indicates that the volumes provisioned by this CSIDriver support volume ownership and permission changes, and the filesystem will be modified to match the defined fsGroup every time the volume is mounted. If set to Unsupported, then the volume will be mounted without modifying the volume's ownership or permissions. Defaults to Heuristic, which results in the volume being examined and the volume ownership and permissions attempting to be updated only when the PodSecurityPolicy's fsGroup is explicitly defined, the fsType is defined, and the PersistentVolumes's accessModes includes RWO. This field is alpha-level, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.", + "description": "Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. This field is alpha-level, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.", "type": "string" }, "podInfoOnMount": { diff --git a/pkg/apis/storage/v1/zz_generated.conversion.go b/pkg/apis/storage/v1/zz_generated.conversion.go index 7ae58b2a6d9..4ac067e3f8e 100644 --- a/pkg/apis/storage/v1/zz_generated.conversion.go +++ b/pkg/apis/storage/v1/zz_generated.conversion.go @@ -230,7 +230,17 @@ func Convert_storage_CSIDriver_To_v1_CSIDriver(in *storage.CSIDriver, out *v1.CS func autoConvert_v1_CSIDriverList_To_storage_CSIDriverList(in *v1.CSIDriverList, out *storage.CSIDriverList, s conversion.Scope) error { out.ListMeta = in.ListMeta - out.Items = *(*[]storage.CSIDriver)(unsafe.Pointer(&in.Items)) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]storage.CSIDriver, len(*in)) + for i := range *in { + if err := Convert_v1_CSIDriver_To_storage_CSIDriver(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Items = nil + } return nil } @@ -241,7 +251,17 @@ func Convert_v1_CSIDriverList_To_storage_CSIDriverList(in *v1.CSIDriverList, out func autoConvert_storage_CSIDriverList_To_v1_CSIDriverList(in *storage.CSIDriverList, out *v1.CSIDriverList, s conversion.Scope) error { out.ListMeta = in.ListMeta - out.Items = *(*[]v1.CSIDriver)(unsafe.Pointer(&in.Items)) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]v1.CSIDriver, len(*in)) + for i := range *in { + if err := Convert_storage_CSIDriver_To_v1_CSIDriver(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Items = nil + } return nil } @@ -255,6 +275,7 @@ func autoConvert_v1_CSIDriverSpec_To_storage_CSIDriverSpec(in *v1.CSIDriverSpec, out.PodInfoOnMount = (*bool)(unsafe.Pointer(in.PodInfoOnMount)) out.VolumeLifecycleModes = *(*[]storage.VolumeLifecycleMode)(unsafe.Pointer(&in.VolumeLifecycleModes)) out.StorageCapacity = (*bool)(unsafe.Pointer(in.StorageCapacity)) + out.FSGroupPolicy = (*storage.FSGroupPolicy)(unsafe.Pointer(in.FSGroupPolicy)) return nil } @@ -265,6 +286,7 @@ func Convert_v1_CSIDriverSpec_To_storage_CSIDriverSpec(in *v1.CSIDriverSpec, out func autoConvert_storage_CSIDriverSpec_To_v1_CSIDriverSpec(in *storage.CSIDriverSpec, out *v1.CSIDriverSpec, s conversion.Scope) error { out.AttachRequired = (*bool)(unsafe.Pointer(in.AttachRequired)) + out.FSGroupPolicy = (*v1.FSGroupPolicy)(unsafe.Pointer(in.FSGroupPolicy)) out.PodInfoOnMount = (*bool)(unsafe.Pointer(in.PodInfoOnMount)) out.VolumeLifecycleModes = *(*[]v1.VolumeLifecycleMode)(unsafe.Pointer(&in.VolumeLifecycleModes)) out.StorageCapacity = (*bool)(unsafe.Pointer(in.StorageCapacity)) diff --git a/pkg/apis/storage/v1beta1/zz_generated.conversion.go b/pkg/apis/storage/v1beta1/zz_generated.conversion.go index a79b8df6700..c21e139365a 100644 --- a/pkg/apis/storage/v1beta1/zz_generated.conversion.go +++ b/pkg/apis/storage/v1beta1/zz_generated.conversion.go @@ -230,7 +230,17 @@ func Convert_storage_CSIDriver_To_v1beta1_CSIDriver(in *storage.CSIDriver, out * func autoConvert_v1beta1_CSIDriverList_To_storage_CSIDriverList(in *v1beta1.CSIDriverList, out *storage.CSIDriverList, s conversion.Scope) error { out.ListMeta = in.ListMeta - out.Items = *(*[]storage.CSIDriver)(unsafe.Pointer(&in.Items)) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]storage.CSIDriver, len(*in)) + for i := range *in { + if err := Convert_v1beta1_CSIDriver_To_storage_CSIDriver(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Items = nil + } return nil } @@ -241,7 +251,17 @@ func Convert_v1beta1_CSIDriverList_To_storage_CSIDriverList(in *v1beta1.CSIDrive func autoConvert_storage_CSIDriverList_To_v1beta1_CSIDriverList(in *storage.CSIDriverList, out *v1beta1.CSIDriverList, s conversion.Scope) error { out.ListMeta = in.ListMeta - out.Items = *(*[]v1beta1.CSIDriver)(unsafe.Pointer(&in.Items)) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]v1beta1.CSIDriver, len(*in)) + for i := range *in { + if err := Convert_storage_CSIDriver_To_v1beta1_CSIDriver(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Items = nil + } return nil } @@ -255,6 +275,7 @@ func autoConvert_v1beta1_CSIDriverSpec_To_storage_CSIDriverSpec(in *v1beta1.CSID out.PodInfoOnMount = (*bool)(unsafe.Pointer(in.PodInfoOnMount)) out.VolumeLifecycleModes = *(*[]storage.VolumeLifecycleMode)(unsafe.Pointer(&in.VolumeLifecycleModes)) out.StorageCapacity = (*bool)(unsafe.Pointer(in.StorageCapacity)) + out.FSGroupPolicy = (*storage.FSGroupPolicy)(unsafe.Pointer(in.FSGroupPolicy)) return nil } @@ -265,6 +286,7 @@ func Convert_v1beta1_CSIDriverSpec_To_storage_CSIDriverSpec(in *v1beta1.CSIDrive func autoConvert_storage_CSIDriverSpec_To_v1beta1_CSIDriverSpec(in *storage.CSIDriverSpec, out *v1beta1.CSIDriverSpec, s conversion.Scope) error { out.AttachRequired = (*bool)(unsafe.Pointer(in.AttachRequired)) + out.FSGroupPolicy = (*v1beta1.FSGroupPolicy)(unsafe.Pointer(in.FSGroupPolicy)) out.PodInfoOnMount = (*bool)(unsafe.Pointer(in.PodInfoOnMount)) out.VolumeLifecycleModes = *(*[]v1beta1.VolumeLifecycleMode)(unsafe.Pointer(&in.VolumeLifecycleModes)) out.StorageCapacity = (*bool)(unsafe.Pointer(in.StorageCapacity)) diff --git a/pkg/apis/storage/validation/validation.go b/pkg/apis/storage/validation/validation.go index 62b3ba0d330..4ba31b66c9d 100644 --- a/pkg/apis/storage/validation/validation.go +++ b/pkg/apis/storage/validation/validation.go @@ -452,6 +452,8 @@ func validateStorageCapacity(storageCapacity *bool, fldPath *field.Path) field.E if storageCapacity == nil && utilfeature.DefaultFeatureGate.Enabled(features.CSIStorageCapacity) { allErrs = append(allErrs, field.Required(fldPath, "")) } + + return allErrs } var supportedFSGroupPolicy = sets.NewString(string(storage.ReadWriteOnceWithFSTypeFSGroupPolicy), string(storage.FileFSGroupPolicy), string(storage.NoneFSGroupPolicy)) diff --git a/pkg/apis/storage/zz_generated.deepcopy.go b/pkg/apis/storage/zz_generated.deepcopy.go index 548a63152d8..0ec57047ec4 100644 --- a/pkg/apis/storage/zz_generated.deepcopy.go +++ b/pkg/apis/storage/zz_generated.deepcopy.go @@ -94,6 +94,11 @@ func (in *CSIDriverSpec) DeepCopyInto(out *CSIDriverSpec) { *out = new(bool) **out = **in } + if in.FSGroupPolicy != nil { + in, out := &in.FSGroupPolicy, &out.FSGroupPolicy + *out = new(FSGroupPolicy) + **out = **in + } if in.PodInfoOnMount != nil { in, out := &in.PodInfoOnMount, &out.PodInfoOnMount *out = new(bool) diff --git a/staging/src/k8s.io/api/storage/v1/generated.pb.go b/staging/src/k8s.io/api/storage/v1/generated.pb.go index bb54822193e..2c7088c3898 100644 --- a/staging/src/k8s.io/api/storage/v1/generated.pb.go +++ b/staging/src/k8s.io/api/storage/v1/generated.pb.go @@ -520,93 +520,95 @@ func init() { } var fileDescriptor_3b530c1983504d8d = []byte{ - // 1363 bytes of a gzipped FileDescriptorProto + // 1395 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x57, 0xcf, 0x6f, 0x1b, 0xc5, - 0x17, 0xcf, 0xc6, 0xf9, 0x39, 0x4e, 0x1a, 0x67, 0x92, 0xef, 0x17, 0x93, 0x83, 0x37, 0x5a, 0x2a, - 0x08, 0x85, 0xae, 0x9b, 0x52, 0xaa, 0xaa, 0x52, 0x91, 0xe2, 0xc4, 0x88, 0x88, 0x38, 0x89, 0x26, - 0xa5, 0x42, 0x08, 0x10, 0x93, 0xdd, 0x57, 0x67, 0x1b, 0xef, 0xce, 0x76, 0x77, 0x6c, 0xf0, 0x8d, - 0x13, 0x37, 0x24, 0xb8, 0xf2, 0x2f, 0x70, 0x01, 0x09, 0x2e, 0x1c, 0x39, 0x95, 0x5b, 0xc5, 0xa9, - 0x27, 0x8b, 0x2e, 0x67, 0xf8, 0x03, 0x72, 0x42, 0x33, 0x3b, 0xf6, 0xee, 0xda, 0xeb, 0x34, 0xbd, - 0xe4, 0xe6, 0x79, 0xef, 0x7d, 0x3e, 0xef, 0xbd, 0x79, 0x3f, 0x66, 0x8d, 0xde, 0x3b, 0xbd, 0x13, - 0x9a, 0x0e, 0xab, 0x9e, 0xb6, 0x8f, 0x21, 0xf0, 0x80, 0x43, 0x58, 0xed, 0x80, 0x67, 0xb3, 0xa0, - 0xaa, 0x14, 0xd4, 0x77, 0xaa, 0x21, 0x67, 0x01, 0x6d, 0x42, 0xb5, 0xb3, 0x59, 0x6d, 0x82, 0x07, - 0x01, 0xe5, 0x60, 0x9b, 0x7e, 0xc0, 0x38, 0xc3, 0xff, 0x8b, 0xcd, 0x4c, 0xea, 0x3b, 0xa6, 0x32, - 0x33, 0x3b, 0x9b, 0x6b, 0xd7, 0x9b, 0x0e, 0x3f, 0x69, 0x1f, 0x9b, 0x16, 0x73, 0xab, 0x4d, 0xd6, - 0x64, 0x55, 0x69, 0x7d, 0xdc, 0x7e, 0x28, 0x4f, 0xf2, 0x20, 0x7f, 0xc5, 0x2c, 0x6b, 0x46, 0xca, - 0x99, 0xc5, 0x82, 0x3c, 0x4f, 0x6b, 0xb7, 0x12, 0x1b, 0x97, 0x5a, 0x27, 0x8e, 0x07, 0x41, 0xb7, - 0xea, 0x9f, 0x36, 0x85, 0x20, 0xac, 0xba, 0xc0, 0x69, 0x1e, 0xaa, 0x3a, 0x0e, 0x15, 0xb4, 0x3d, - 0xee, 0xb8, 0x30, 0x02, 0xb8, 0xfd, 0x22, 0x40, 0x68, 0x9d, 0x80, 0x4b, 0x87, 0x71, 0xc6, 0xaf, - 0x1a, 0x9a, 0xdf, 0x3e, 0xda, 0xdd, 0x09, 0x9c, 0x0e, 0x04, 0xf8, 0x0b, 0x34, 0x27, 0x22, 0xb2, - 0x29, 0xa7, 0x65, 0x6d, 0x5d, 0xdb, 0x28, 0xde, 0xbc, 0x61, 0x26, 0x37, 0x35, 0x20, 0x36, 0xfd, - 0xd3, 0xa6, 0x10, 0x84, 0xa6, 0xb0, 0x36, 0x3b, 0x9b, 0xe6, 0xc1, 0xf1, 0x23, 0xb0, 0x78, 0x03, - 0x38, 0xad, 0xe1, 0x27, 0x3d, 0x7d, 0x22, 0xea, 0xe9, 0x28, 0x91, 0x91, 0x01, 0x2b, 0x7e, 0x1f, - 0x4d, 0x85, 0x3e, 0x58, 0xe5, 0x49, 0xc9, 0x7e, 0xd5, 0xcc, 0xad, 0x83, 0x39, 0x88, 0xe8, 0xc8, - 0x07, 0xab, 0xb6, 0xa0, 0x18, 0xa7, 0xc4, 0x89, 0x48, 0xbc, 0xf1, 0x8b, 0x86, 0x16, 0x07, 0x56, - 0x7b, 0x4e, 0xc8, 0xf1, 0xa7, 0x23, 0xb1, 0x9b, 0x17, 0x8b, 0x5d, 0xa0, 0x65, 0xe4, 0x25, 0xe5, - 0x67, 0xae, 0x2f, 0x49, 0xc5, 0x5d, 0x47, 0xd3, 0x0e, 0x07, 0x37, 0x2c, 0x4f, 0xae, 0x17, 0x36, - 0x8a, 0x37, 0xd7, 0x5f, 0x14, 0x78, 0x6d, 0x51, 0x91, 0x4d, 0xef, 0x0a, 0x18, 0x89, 0xd1, 0xc6, - 0x8f, 0x93, 0xa9, 0xb0, 0x45, 0x3a, 0xf8, 0x2e, 0xba, 0x42, 0x39, 0xa7, 0xd6, 0x09, 0x81, 0xc7, - 0x6d, 0x27, 0x00, 0x5b, 0x06, 0x3f, 0x57, 0xc3, 0x51, 0x4f, 0xbf, 0xb2, 0x95, 0xd1, 0x90, 0x21, - 0x4b, 0x81, 0xf5, 0x99, 0xbd, 0xeb, 0x3d, 0x64, 0x07, 0x5e, 0x83, 0xb5, 0x3d, 0x2e, 0xaf, 0x55, - 0x61, 0x0f, 0x33, 0x1a, 0x32, 0x64, 0x89, 0x2d, 0xb4, 0xda, 0x61, 0xad, 0xb6, 0x0b, 0x7b, 0xce, - 0x43, 0xb0, 0xba, 0x56, 0x0b, 0x1a, 0xcc, 0x86, 0xb0, 0x5c, 0x58, 0x2f, 0x6c, 0xcc, 0xd7, 0xaa, - 0x51, 0x4f, 0x5f, 0x7d, 0x90, 0xa3, 0x3f, 0xeb, 0xe9, 0x2b, 0x39, 0x72, 0x92, 0x4b, 0x86, 0xef, - 0xa1, 0x25, 0x75, 0x39, 0xdb, 0xd4, 0xa7, 0x96, 0xc3, 0xbb, 0xe5, 0x29, 0x19, 0xe1, 0x4a, 0xd4, - 0xd3, 0x97, 0x8e, 0xb2, 0x2a, 0x32, 0x6c, 0x6b, 0xfc, 0xac, 0xa1, 0xd9, 0xed, 0xa3, 0xdd, 0x7d, - 0x66, 0xc3, 0x25, 0xb4, 0xe6, 0x4e, 0xa6, 0x35, 0x8d, 0xf1, 0x15, 0x16, 0xf1, 0x8c, 0x6d, 0xcc, - 0x7f, 0xe3, 0xc6, 0x14, 0x36, 0x6a, 0xa8, 0xd6, 0xd1, 0x94, 0x47, 0x5d, 0x90, 0x51, 0xcf, 0x27, - 0x98, 0x7d, 0xea, 0x02, 0x91, 0x1a, 0xfc, 0x3a, 0x9a, 0xf1, 0x98, 0x0d, 0xbb, 0x3b, 0xd2, 0xf7, - 0x7c, 0xed, 0x8a, 0xb2, 0x99, 0xd9, 0x97, 0x52, 0xa2, 0xb4, 0xf8, 0x16, 0x5a, 0xe0, 0xcc, 0x67, - 0x2d, 0xd6, 0xec, 0x7e, 0x08, 0xdd, 0x7e, 0xad, 0x4a, 0x51, 0x4f, 0x5f, 0xb8, 0x9f, 0x92, 0x93, - 0x8c, 0x15, 0xfe, 0x0c, 0x15, 0x69, 0xab, 0xc5, 0x2c, 0xca, 0xe9, 0x71, 0x0b, 0x64, 0x01, 0x8a, - 0x37, 0xaf, 0x8d, 0x49, 0x2f, 0xae, 0xad, 0xf0, 0x4b, 0x20, 0x64, 0xed, 0xc0, 0x82, 0xb0, 0xb6, - 0x14, 0xf5, 0xf4, 0xe2, 0x56, 0x42, 0x41, 0xd2, 0x7c, 0xc6, 0x4f, 0x1a, 0x2a, 0xaa, 0x84, 0x2f, - 0x61, 0x0e, 0xb7, 0xb3, 0x73, 0x58, 0x39, 0xbf, 0x4a, 0x63, 0xa6, 0xf0, 0xf3, 0x41, 0xc4, 0x72, - 0x04, 0x0f, 0xd0, 0xac, 0x2d, 0x4b, 0x15, 0x96, 0x35, 0xc9, 0x7a, 0xf5, 0x7c, 0x56, 0x35, 0xe1, - 0x4b, 0x8a, 0x7b, 0x36, 0x3e, 0x87, 0xa4, 0xcf, 0x62, 0x7c, 0x3b, 0x83, 0x16, 0xfa, 0xcd, 0xdd, - 0xa2, 0x61, 0x78, 0x09, 0xcd, 0xfb, 0x2e, 0x2a, 0xfa, 0x01, 0xeb, 0x38, 0xa1, 0xc3, 0x3c, 0x08, - 0x54, 0x1f, 0xad, 0x28, 0x48, 0xf1, 0x30, 0x51, 0x91, 0xb4, 0x1d, 0x6e, 0x22, 0xe4, 0xd3, 0x80, - 0xba, 0xc0, 0x45, 0xf6, 0x05, 0x99, 0xfd, 0x3b, 0x63, 0xb2, 0x4f, 0x67, 0x64, 0x1e, 0x0e, 0x50, - 0x75, 0x8f, 0x07, 0xdd, 0x24, 0xba, 0x44, 0x41, 0x52, 0xd4, 0xf8, 0x14, 0x2d, 0x06, 0x60, 0xb5, - 0xa8, 0xe3, 0x1e, 0xb2, 0x96, 0x63, 0xc5, 0x7b, 0x60, 0xbe, 0x56, 0x8f, 0x7a, 0xfa, 0x22, 0x49, - 0x2b, 0xce, 0x7a, 0xfa, 0x8d, 0xd1, 0x67, 0xd5, 0x3c, 0x84, 0x20, 0x74, 0x42, 0x0e, 0x1e, 0x8f, - 0x3b, 0x34, 0x83, 0x21, 0x59, 0x6e, 0x31, 0x27, 0xae, 0x58, 0x72, 0x07, 0x3e, 0x77, 0x98, 0x17, - 0x96, 0xa7, 0x93, 0x39, 0x69, 0xa4, 0xe4, 0x24, 0x63, 0x85, 0xf7, 0xd0, 0xaa, 0xe8, 0xeb, 0x2f, - 0x63, 0x07, 0xf5, 0xaf, 0x7c, 0xea, 0x89, 0x5b, 0x2a, 0xcf, 0xc8, 0x8d, 0x55, 0x16, 0x1b, 0x71, - 0x2b, 0x47, 0x4f, 0x72, 0x51, 0xf8, 0x63, 0xb4, 0x1c, 0xaf, 0xc4, 0x9a, 0xe3, 0xd9, 0x8e, 0xd7, - 0x14, 0x0b, 0xb1, 0x3c, 0x2b, 0x93, 0xbe, 0x16, 0xf5, 0xf4, 0xe5, 0x07, 0xc3, 0xca, 0xb3, 0x3c, - 0x21, 0x19, 0x25, 0xc1, 0x8f, 0xd1, 0xb2, 0xf4, 0x08, 0xb6, 0x1a, 0x7a, 0x07, 0xc2, 0xf2, 0x9c, - 0x2c, 0xdd, 0x46, 0xba, 0x74, 0xe2, 0xea, 0x44, 0xdd, 0xfa, 0xab, 0xe1, 0x08, 0x5a, 0x60, 0x71, - 0x16, 0xdc, 0x87, 0xc0, 0xad, 0xbd, 0xaa, 0xea, 0xb5, 0xbc, 0x35, 0x4c, 0x45, 0x46, 0xd9, 0xd7, - 0xee, 0xa1, 0xa5, 0xa1, 0x82, 0xe3, 0x12, 0x2a, 0x9c, 0x42, 0x37, 0x5e, 0x6a, 0x44, 0xfc, 0xc4, - 0xab, 0x68, 0xba, 0x43, 0x5b, 0x6d, 0x88, 0x9b, 0x8f, 0xc4, 0x87, 0xbb, 0x93, 0x77, 0x34, 0xe3, - 0x37, 0x0d, 0x95, 0xd2, 0xdd, 0x73, 0x09, 0x7b, 0xe2, 0x83, 0xec, 0x9e, 0x78, 0xed, 0x02, 0x3d, - 0x3d, 0x66, 0x59, 0xfc, 0x30, 0x89, 0x4a, 0x71, 0x5d, 0xe2, 0xd7, 0xd8, 0x05, 0x8f, 0x5f, 0xc2, - 0x40, 0x37, 0x32, 0xaf, 0xd1, 0x5b, 0xe7, 0xae, 0xeb, 0x24, 0xb0, 0x71, 0xcf, 0x12, 0xfe, 0x08, - 0xcd, 0x84, 0x9c, 0xf2, 0xb6, 0x18, 0x72, 0x41, 0x78, 0xfd, 0xa2, 0x84, 0x12, 0x94, 0xbc, 0x48, - 0xf1, 0x99, 0x28, 0x32, 0xe3, 0x77, 0x0d, 0xad, 0x0e, 0x43, 0x2e, 0xa1, 0xba, 0x7b, 0xd9, 0xea, - 0xbe, 0x71, 0xc1, 0x64, 0xc6, 0x54, 0xf8, 0x4f, 0x0d, 0xfd, 0x7f, 0x24, 0x6f, 0xf9, 0xf6, 0x89, - 0x9d, 0xe0, 0x0f, 0x6d, 0x9e, 0xfd, 0xe4, 0x2d, 0x97, 0x3b, 0xe1, 0x30, 0x47, 0x4f, 0x72, 0x51, - 0xf8, 0x11, 0x2a, 0x39, 0x5e, 0xcb, 0xf1, 0x20, 0x96, 0x1d, 0x25, 0xf5, 0xcd, 0x1d, 0xdc, 0x61, - 0x66, 0x59, 0xdc, 0xd5, 0xa8, 0xa7, 0x97, 0x76, 0x87, 0x58, 0xc8, 0x08, 0xaf, 0xf1, 0x47, 0x4e, - 0x65, 0xe4, 0x6b, 0xf7, 0x36, 0x9a, 0x8b, 0x3f, 0x23, 0x21, 0x50, 0x69, 0x0c, 0x6e, 0x7a, 0x4b, - 0xc9, 0xc9, 0xc0, 0x42, 0xf6, 0x8d, 0xbc, 0x0a, 0x15, 0xe8, 0x85, 0xfb, 0x46, 0x82, 0x52, 0x7d, - 0x23, 0xcf, 0x44, 0x91, 0x89, 0x20, 0xc4, 0x37, 0x8d, 0xbc, 0xcb, 0x42, 0x36, 0x88, 0x7d, 0x25, - 0x27, 0x03, 0x0b, 0xe3, 0x9f, 0x42, 0x4e, 0x81, 0x64, 0x03, 0xa6, 0xb2, 0xe9, 0x7f, 0x38, 0x0f, - 0x67, 0x63, 0x0f, 0xb2, 0xb1, 0xf1, 0xf7, 0x1a, 0xc2, 0x74, 0x40, 0xd1, 0xe8, 0x37, 0x68, 0xdc, - 0x45, 0xf5, 0x97, 0x1a, 0x09, 0x73, 0x6b, 0x84, 0x27, 0x7e, 0x09, 0xd7, 0x94, 0x7f, 0x3c, 0x6a, - 0x40, 0x72, 0x9c, 0x63, 0x1b, 0x15, 0x63, 0x69, 0x3d, 0x08, 0x58, 0xa0, 0xc6, 0xd3, 0x38, 0x37, - 0x16, 0x69, 0x59, 0xab, 0xc8, 0xcf, 0xb2, 0x04, 0x7a, 0xd6, 0xd3, 0x8b, 0x29, 0x3d, 0x49, 0xd3, - 0x0a, 0x2f, 0x36, 0x24, 0x5e, 0xa6, 0x5e, 0xce, 0xcb, 0x0e, 0x8c, 0xf7, 0x92, 0xa2, 0x5d, 0xab, - 0xa3, 0x57, 0xc6, 0x5c, 0xcb, 0x4b, 0xbd, 0x17, 0xdf, 0x68, 0x28, 0xed, 0x03, 0xef, 0xa1, 0x29, - 0xf1, 0x1f, 0x56, 0x2d, 0x92, 0x6b, 0x17, 0x5b, 0x24, 0xf7, 0x1d, 0x17, 0x92, 0x55, 0x28, 0x4e, - 0x44, 0xb2, 0xe0, 0x37, 0xd1, 0xac, 0x0b, 0x61, 0x48, 0x9b, 0xca, 0x73, 0xf2, 0x21, 0xd7, 0x88, - 0xc5, 0xa4, 0xaf, 0x37, 0x6e, 0xa3, 0x95, 0x9c, 0x0f, 0x62, 0xac, 0xa3, 0x69, 0x4b, 0xfe, 0xdd, - 0x12, 0x01, 0x4d, 0xd7, 0xe6, 0xc5, 0x46, 0xd9, 0x96, 0xff, 0xb2, 0x62, 0x79, 0x6d, 0xe3, 0xc9, - 0xf3, 0xca, 0xc4, 0xd3, 0xe7, 0x95, 0x89, 0x67, 0xcf, 0x2b, 0x13, 0x5f, 0x47, 0x15, 0xed, 0x49, - 0x54, 0xd1, 0x9e, 0x46, 0x15, 0xed, 0x59, 0x54, 0xd1, 0xfe, 0x8a, 0x2a, 0xda, 0x77, 0x7f, 0x57, - 0x26, 0x3e, 0x99, 0xec, 0x6c, 0xfe, 0x17, 0x00, 0x00, 0xff, 0xff, 0x6c, 0x40, 0x09, 0x76, 0xc9, - 0x10, 0x00, 0x00, + 0x17, 0xcf, 0xc6, 0x76, 0x7e, 0x8c, 0x93, 0xc6, 0x99, 0xe4, 0xfb, 0xfd, 0xfa, 0x9b, 0x83, 0x37, + 0x5a, 0x2a, 0x08, 0x85, 0xae, 0x9b, 0x52, 0xaa, 0xaa, 0x52, 0x91, 0xe2, 0xc4, 0xa5, 0x11, 0x71, + 0x12, 0x8d, 0x4b, 0x85, 0x10, 0x20, 0x26, 0xbb, 0x13, 0x67, 0x1b, 0xef, 0xce, 0x76, 0x77, 0x6c, + 0xf0, 0x8d, 0x13, 0x37, 0x24, 0xb8, 0xf2, 0x57, 0x80, 0x04, 0x17, 0x8e, 0x9c, 0xca, 0xad, 0xe2, + 0xd4, 0xd3, 0x8a, 0x2e, 0x67, 0xb8, 0x71, 0xc9, 0x09, 0xcd, 0xec, 0xd8, 0xfb, 0xc3, 0xeb, 0x34, + 0xbd, 0xe4, 0xe6, 0x79, 0xef, 0x7d, 0x3e, 0xef, 0xbd, 0x79, 0x3f, 0x66, 0x0d, 0xde, 0x3b, 0xbd, + 0xe3, 0xeb, 0x16, 0xad, 0x9f, 0xf6, 0x8e, 0x88, 0xe7, 0x10, 0x46, 0xfc, 0x7a, 0x9f, 0x38, 0x26, + 0xf5, 0xea, 0x52, 0x81, 0x5d, 0xab, 0xee, 0x33, 0xea, 0xe1, 0x0e, 0xa9, 0xf7, 0x37, 0xeb, 0x1d, + 0xe2, 0x10, 0x0f, 0x33, 0x62, 0xea, 0xae, 0x47, 0x19, 0x85, 0xff, 0x89, 0xcc, 0x74, 0xec, 0x5a, + 0xba, 0x34, 0xd3, 0xfb, 0x9b, 0x6b, 0xd7, 0x3b, 0x16, 0x3b, 0xe9, 0x1d, 0xe9, 0x06, 0xb5, 0xeb, + 0x1d, 0xda, 0xa1, 0x75, 0x61, 0x7d, 0xd4, 0x3b, 0x16, 0x27, 0x71, 0x10, 0xbf, 0x22, 0x96, 0x35, + 0x2d, 0xe1, 0xcc, 0xa0, 0x5e, 0x9e, 0xa7, 0xb5, 0x5b, 0xb1, 0x8d, 0x8d, 0x8d, 0x13, 0xcb, 0x21, + 0xde, 0xa0, 0xee, 0x9e, 0x76, 0xb8, 0xc0, 0xaf, 0xdb, 0x84, 0xe1, 0x3c, 0x54, 0x7d, 0x12, 0xca, + 0xeb, 0x39, 0xcc, 0xb2, 0xc9, 0x18, 0xe0, 0xf6, 0xcb, 0x00, 0xbe, 0x71, 0x42, 0x6c, 0x9c, 0xc5, + 0x69, 0x3f, 0x2b, 0x60, 0x7e, 0xbb, 0xbd, 0xbb, 0xe3, 0x59, 0x7d, 0xe2, 0xc1, 0xcf, 0xc1, 0x1c, + 0x8f, 0xc8, 0xc4, 0x0c, 0x57, 0x95, 0x75, 0x65, 0xa3, 0x7c, 0xf3, 0x86, 0x1e, 0xdf, 0xd4, 0x88, + 0x58, 0x77, 0x4f, 0x3b, 0x5c, 0xe0, 0xeb, 0xdc, 0x5a, 0xef, 0x6f, 0xea, 0x07, 0x47, 0x8f, 0x89, + 0xc1, 0x5a, 0x84, 0xe1, 0x06, 0x7c, 0x1a, 0xa8, 0x53, 0x61, 0xa0, 0x82, 0x58, 0x86, 0x46, 0xac, + 0xf0, 0x3e, 0x28, 0xfa, 0x2e, 0x31, 0xaa, 0xd3, 0x82, 0xfd, 0xaa, 0x9e, 0x5b, 0x07, 0x7d, 0x14, + 0x51, 0xdb, 0x25, 0x46, 0x63, 0x41, 0x32, 0x16, 0xf9, 0x09, 0x09, 0xbc, 0xf6, 0x93, 0x02, 0x16, + 0x47, 0x56, 0x7b, 0x96, 0xcf, 0xe0, 0x27, 0x63, 0xb1, 0xeb, 0x17, 0x8b, 0x9d, 0xa3, 0x45, 0xe4, + 0x15, 0xe9, 0x67, 0x6e, 0x28, 0x49, 0xc4, 0xdd, 0x04, 0x25, 0x8b, 0x11, 0xdb, 0xaf, 0x4e, 0xaf, + 0x17, 0x36, 0xca, 0x37, 0xd7, 0x5f, 0x16, 0x78, 0x63, 0x51, 0x92, 0x95, 0x76, 0x39, 0x0c, 0x45, + 0x68, 0xed, 0x9f, 0xe9, 0x44, 0xd8, 0x3c, 0x1d, 0x78, 0x17, 0x5c, 0xc1, 0x8c, 0x61, 0xe3, 0x04, + 0x91, 0x27, 0x3d, 0xcb, 0x23, 0xa6, 0x08, 0x7e, 0xae, 0x01, 0xc3, 0x40, 0xbd, 0xb2, 0x95, 0xd2, + 0xa0, 0x8c, 0x25, 0xc7, 0xba, 0xd4, 0xdc, 0x75, 0x8e, 0xe9, 0x81, 0xd3, 0xa2, 0x3d, 0x87, 0x89, + 0x6b, 0x95, 0xd8, 0xc3, 0x94, 0x06, 0x65, 0x2c, 0xa1, 0x01, 0x56, 0xfb, 0xb4, 0xdb, 0xb3, 0xc9, + 0x9e, 0x75, 0x4c, 0x8c, 0x81, 0xd1, 0x25, 0x2d, 0x6a, 0x12, 0xbf, 0x5a, 0x58, 0x2f, 0x6c, 0xcc, + 0x37, 0xea, 0x61, 0xa0, 0xae, 0x3e, 0xca, 0xd1, 0x9f, 0x05, 0xea, 0x4a, 0x8e, 0x1c, 0xe5, 0x92, + 0xc1, 0x7b, 0x60, 0x49, 0x5e, 0xce, 0x36, 0x76, 0xb1, 0x61, 0xb1, 0x41, 0xb5, 0x28, 0x22, 0x5c, + 0x09, 0x03, 0x75, 0xa9, 0x9d, 0x56, 0xa1, 0xac, 0x2d, 0x7c, 0x00, 0x16, 0x8f, 0xfd, 0xf7, 0x3d, + 0xda, 0x73, 0x0f, 0x69, 0xd7, 0x32, 0x06, 0xd5, 0xd2, 0xba, 0xb2, 0x31, 0xdf, 0xd0, 0xc2, 0x40, + 0x5d, 0xbc, 0xdf, 0x4e, 0x28, 0xce, 0xb2, 0x02, 0x94, 0x06, 0x6a, 0x3f, 0x2a, 0x60, 0x76, 0xbb, + 0xbd, 0xbb, 0x4f, 0x4d, 0x72, 0x09, 0x4d, 0xbe, 0x93, 0x6a, 0x72, 0x6d, 0x72, 0xaf, 0xf0, 0x78, + 0x26, 0xb6, 0xf8, 0xdf, 0x51, 0x8b, 0x73, 0x1b, 0x39, 0x9e, 0xeb, 0xa0, 0xe8, 0x60, 0x9b, 0x88, + 0xa8, 0xe7, 0x63, 0xcc, 0x3e, 0xb6, 0x09, 0x12, 0x1a, 0xf8, 0x3a, 0x98, 0x71, 0xa8, 0x49, 0x76, + 0x77, 0x84, 0xef, 0xf9, 0xc6, 0x15, 0x69, 0x33, 0xb3, 0x2f, 0xa4, 0x48, 0x6a, 0xe1, 0x2d, 0xb0, + 0xc0, 0xa8, 0x4b, 0xbb, 0xb4, 0x33, 0xf8, 0x80, 0x0c, 0x86, 0x55, 0xaf, 0x84, 0x81, 0xba, 0xf0, + 0x30, 0x21, 0x47, 0x29, 0x2b, 0xf8, 0x29, 0x28, 0xe3, 0x6e, 0x97, 0x1a, 0x98, 0xe1, 0xa3, 0x2e, + 0x11, 0xa5, 0x2c, 0xdf, 0xbc, 0x36, 0x21, 0xbd, 0xa8, 0x4b, 0xb8, 0x5f, 0x44, 0x7c, 0xda, 0xf3, + 0x0c, 0xe2, 0x37, 0x96, 0xc2, 0x40, 0x2d, 0x6f, 0xc5, 0x14, 0x28, 0xc9, 0xa7, 0xfd, 0xa0, 0x80, + 0xb2, 0x4c, 0xf8, 0x12, 0x26, 0x7a, 0x3b, 0x3d, 0xd1, 0xb5, 0xf3, 0xab, 0x34, 0x61, 0x9e, 0x3f, + 0x1b, 0x45, 0x2c, 0x86, 0xf9, 0x00, 0xcc, 0x9a, 0xa2, 0x54, 0x7e, 0x55, 0x11, 0xac, 0x57, 0xcf, + 0x67, 0x95, 0xbb, 0x62, 0x49, 0x72, 0xcf, 0x46, 0x67, 0x1f, 0x0d, 0x59, 0xb4, 0x6f, 0x66, 0xc0, + 0xc2, 0x70, 0x4c, 0xba, 0xd8, 0xf7, 0x2f, 0xa1, 0x79, 0xdf, 0x05, 0x65, 0xd7, 0xa3, 0x7d, 0xcb, + 0xb7, 0xa8, 0x43, 0x3c, 0xd9, 0x47, 0x2b, 0x12, 0x52, 0x3e, 0x8c, 0x55, 0x28, 0x69, 0x07, 0x3b, + 0x00, 0xb8, 0xd8, 0xc3, 0x36, 0x61, 0x3c, 0xfb, 0x82, 0xc8, 0xfe, 0x9d, 0x09, 0xd9, 0x27, 0x33, + 0xd2, 0x0f, 0x47, 0xa8, 0xa6, 0xc3, 0xbc, 0x41, 0x1c, 0x5d, 0xac, 0x40, 0x09, 0x6a, 0x78, 0x0a, + 0x16, 0x3d, 0x62, 0x74, 0xb1, 0x65, 0xcb, 0xa5, 0x50, 0x14, 0x11, 0x36, 0xf9, 0x52, 0x40, 0x49, + 0xc5, 0x59, 0xa0, 0xde, 0x18, 0x7f, 0xa0, 0xf5, 0x43, 0xe2, 0xf9, 0x96, 0xcf, 0x88, 0xc3, 0xa2, + 0x0e, 0x4d, 0x61, 0x50, 0x9a, 0x9b, 0xcf, 0x89, 0xcd, 0xd7, 0xe5, 0x81, 0xcb, 0x2c, 0xea, 0xf8, + 0xd5, 0x52, 0x3c, 0x27, 0xad, 0x84, 0x1c, 0xa5, 0xac, 0xe0, 0x1e, 0x58, 0xe5, 0x7d, 0xfd, 0x45, + 0xe4, 0xa0, 0xf9, 0xa5, 0x8b, 0x1d, 0x7e, 0x4b, 0xd5, 0x19, 0xb1, 0xfb, 0xaa, 0x7c, 0xb7, 0x6e, + 0xe5, 0xe8, 0x51, 0x2e, 0x0a, 0x7e, 0x04, 0x96, 0xa3, 0xe5, 0xda, 0xb0, 0x1c, 0xd3, 0x72, 0x3a, + 0x7c, 0xb5, 0x56, 0x67, 0x45, 0xd2, 0xd7, 0xc2, 0x40, 0x5d, 0x7e, 0x94, 0x55, 0x9e, 0xe5, 0x09, + 0xd1, 0x38, 0x09, 0x7c, 0x02, 0x96, 0x85, 0x47, 0x62, 0xca, 0xa1, 0xb7, 0x88, 0x5f, 0x9d, 0x13, + 0xa5, 0xdb, 0x48, 0x96, 0x8e, 0x5f, 0x1d, 0xaf, 0xdb, 0x70, 0x35, 0xb4, 0x49, 0x97, 0x18, 0x8c, + 0x7a, 0x0f, 0x89, 0x67, 0x37, 0xfe, 0x2f, 0xeb, 0xb5, 0xbc, 0x95, 0xa5, 0x42, 0xe3, 0xec, 0x6b, + 0xf7, 0xc0, 0x52, 0xa6, 0xe0, 0xb0, 0x02, 0x0a, 0xa7, 0x64, 0x10, 0x2d, 0x35, 0xc4, 0x7f, 0xc2, + 0x55, 0x50, 0xea, 0xe3, 0x6e, 0x8f, 0x44, 0xcd, 0x87, 0xa2, 0xc3, 0xdd, 0xe9, 0x3b, 0x8a, 0xf6, + 0x8b, 0x02, 0x2a, 0xc9, 0xee, 0xb9, 0x84, 0x3d, 0xf1, 0x20, 0xbd, 0x27, 0x5e, 0xbb, 0x40, 0x4f, + 0x4f, 0x58, 0x16, 0xdf, 0x4f, 0x83, 0x4a, 0x54, 0x97, 0xe8, 0x5d, 0xb7, 0x89, 0xc3, 0x2e, 0x61, + 0xa0, 0x5b, 0xa9, 0xd7, 0xe8, 0xad, 0x73, 0xd7, 0x75, 0x1c, 0xd8, 0xa4, 0x67, 0x09, 0x7e, 0x08, + 0x66, 0x7c, 0x86, 0x59, 0x8f, 0x0f, 0x39, 0x27, 0xbc, 0x7e, 0x51, 0x42, 0x01, 0x8a, 0x5f, 0xa4, + 0xe8, 0x8c, 0x24, 0x99, 0xf6, 0xab, 0x02, 0x56, 0xb3, 0x90, 0x4b, 0xa8, 0xee, 0x5e, 0xba, 0xba, + 0x6f, 0x5c, 0x30, 0x99, 0x09, 0x15, 0xfe, 0x5d, 0x01, 0xff, 0x1d, 0xcb, 0x5b, 0xbc, 0x7d, 0x7c, + 0x27, 0xb8, 0x99, 0xcd, 0xb3, 0x1f, 0xbf, 0xe5, 0x62, 0x27, 0x1c, 0xe6, 0xe8, 0x51, 0x2e, 0x0a, + 0x3e, 0x06, 0x15, 0xcb, 0xe9, 0x5a, 0x0e, 0x89, 0x64, 0xed, 0xb8, 0xbe, 0xb9, 0x83, 0x9b, 0x65, + 0x16, 0xc5, 0x5d, 0x0d, 0x03, 0xb5, 0xb2, 0x9b, 0x61, 0x41, 0x63, 0xbc, 0xda, 0x6f, 0x39, 0x95, + 0x11, 0xaf, 0xdd, 0xdb, 0x60, 0x2e, 0xfa, 0x20, 0x25, 0x9e, 0x4c, 0x63, 0x74, 0xd3, 0x5b, 0x52, + 0x8e, 0x46, 0x16, 0xa2, 0x6f, 0xc4, 0x55, 0xc8, 0x40, 0x2f, 0xdc, 0x37, 0x02, 0x94, 0xe8, 0x1b, + 0x71, 0x46, 0x92, 0x8c, 0x07, 0xc1, 0xbf, 0x69, 0xc4, 0x5d, 0x16, 0xd2, 0x41, 0xec, 0x4b, 0x39, + 0x1a, 0x59, 0x68, 0x7f, 0x15, 0x72, 0x0a, 0x24, 0x1a, 0x30, 0x91, 0xcd, 0xf0, 0x13, 0x3c, 0x9b, + 0x8d, 0x39, 0xca, 0xc6, 0x84, 0xdf, 0x29, 0x00, 0xe2, 0x11, 0x45, 0x6b, 0xd8, 0xa0, 0x51, 0x17, + 0x35, 0x5f, 0x69, 0x24, 0xf4, 0xad, 0x31, 0x9e, 0xe8, 0x25, 0x5c, 0x93, 0xfe, 0xe1, 0xb8, 0x01, + 0xca, 0x71, 0x0e, 0x4d, 0x50, 0x8e, 0xa4, 0x4d, 0xcf, 0xa3, 0x9e, 0x1c, 0x4f, 0xed, 0xdc, 0x58, + 0x84, 0x65, 0xa3, 0x26, 0x3e, 0xcb, 0x62, 0xe8, 0x59, 0xa0, 0x96, 0x13, 0x7a, 0x94, 0xa4, 0xe5, + 0x5e, 0x4c, 0x12, 0x7b, 0x29, 0xbe, 0x9a, 0x97, 0x1d, 0x32, 0xd9, 0x4b, 0x82, 0x76, 0xad, 0x09, + 0xfe, 0x37, 0xe1, 0x5a, 0x5e, 0xe9, 0xbd, 0xf8, 0x5a, 0x01, 0x49, 0x1f, 0x70, 0x0f, 0x14, 0xf9, + 0xbf, 0x61, 0xb9, 0x48, 0xae, 0x5d, 0x6c, 0x91, 0x3c, 0xb4, 0x6c, 0x12, 0xaf, 0x42, 0x7e, 0x42, + 0x82, 0x05, 0xbe, 0x09, 0x66, 0x6d, 0xe2, 0xfb, 0xb8, 0x23, 0x3d, 0xc7, 0x1f, 0x72, 0xad, 0x48, + 0x8c, 0x86, 0x7a, 0xed, 0x36, 0x58, 0xc9, 0xf9, 0x20, 0x86, 0x2a, 0x28, 0x19, 0xe2, 0x8f, 0x1b, + 0x0f, 0xa8, 0xd4, 0x98, 0xe7, 0x1b, 0x65, 0x5b, 0xfc, 0x5f, 0x8b, 0xe4, 0x8d, 0x8d, 0xa7, 0x2f, + 0x6a, 0x53, 0xcf, 0x5e, 0xd4, 0xa6, 0x9e, 0xbf, 0xa8, 0x4d, 0x7d, 0x15, 0xd6, 0x94, 0xa7, 0x61, + 0x4d, 0x79, 0x16, 0xd6, 0x94, 0xe7, 0x61, 0x4d, 0xf9, 0x23, 0xac, 0x29, 0xdf, 0xfe, 0x59, 0x9b, + 0xfa, 0x78, 0xba, 0xbf, 0xf9, 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x9e, 0x83, 0x24, 0x44, 0x13, + 0x11, 0x00, 0x00, } func (m *CSIDriver) Marshal() (dAtA []byte, err error) { @@ -719,6 +721,13 @@ func (m *CSIDriverSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.FSGroupPolicy != nil { + i -= len(*m.FSGroupPolicy) + copy(dAtA[i:], *m.FSGroupPolicy) + i = encodeVarintGenerated(dAtA, i, uint64(len(*m.FSGroupPolicy))) + i-- + dAtA[i] = 0x2a + } if m.StorageCapacity != nil { i-- if *m.StorageCapacity { @@ -1490,6 +1499,10 @@ func (m *CSIDriverSpec) Size() (n int) { if m.StorageCapacity != nil { n += 2 } + if m.FSGroupPolicy != nil { + l = len(*m.FSGroupPolicy) + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -1779,6 +1792,7 @@ func (this *CSIDriverSpec) String() string { `PodInfoOnMount:` + valueToStringGenerated(this.PodInfoOnMount) + `,`, `VolumeLifecycleModes:` + fmt.Sprintf("%v", this.VolumeLifecycleModes) + `,`, `StorageCapacity:` + valueToStringGenerated(this.StorageCapacity) + `,`, + `FSGroupPolicy:` + valueToStringGenerated(this.FSGroupPolicy) + `,`, `}`, }, "") return s @@ -2352,6 +2366,39 @@ func (m *CSIDriverSpec) Unmarshal(dAtA []byte) error { } b := bool(v != 0) m.StorageCapacity = &b + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field FSGroupPolicy", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := FSGroupPolicy(dAtA[iNdEx:postIndex]) + m.FSGroupPolicy = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/staging/src/k8s.io/api/storage/v1/generated.proto b/staging/src/k8s.io/api/storage/v1/generated.proto index 584d7dcb28a..a3526ca4e43 100644 --- a/staging/src/k8s.io/api/storage/v1/generated.proto +++ b/staging/src/k8s.io/api/storage/v1/generated.proto @@ -138,6 +138,14 @@ message CSIDriverSpec { // // +optional optional bool storageCapacity = 4; + + // Defines if the underlying volume supports changing ownership and + // permission of the volume before being mounted. + // Refer to the specific FSGroupPolicy values for additional details. + // This field is alpha-level, and is only honored by servers + // that enable the CSIVolumeFSGroupPolicy feature gate. + // +optional + optional string fsGroupPolicy = 5; } // CSINode holds information about all CSI drivers installed on a node. diff --git a/staging/src/k8s.io/api/storage/v1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/storage/v1/types_swagger_doc_generated.go index 374e933254c..606cda4dbc8 100644 --- a/staging/src/k8s.io/api/storage/v1/types_swagger_doc_generated.go +++ b/staging/src/k8s.io/api/storage/v1/types_swagger_doc_generated.go @@ -53,6 +53,7 @@ var map_CSIDriverSpec = map[string]string{ "podInfoOnMount": "If set to true, podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations. If set to false, pod information will not be passed on mount. Default is false. The CSI driver specifies podInfoOnMount as part of driver deployment. If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. The following VolumeConext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. \"csi.storage.k8s.io/pod.name\": pod.Name \"csi.storage.k8s.io/pod.namespace\": pod.Namespace \"csi.storage.k8s.io/pod.uid\": string(pod.UID) \"csi.storage.k8s.io/ephemeral\": \"true\" iff the volume is an ephemeral inline volume\n defined by a CSIVolumeSource, otherwise \"false\"\n\n\"csi.storage.k8s.io/ephemeral\" is a new feature in Kubernetes 1.16. It is only required for drivers which support both the \"Persistent\" and \"Ephemeral\" VolumeLifecycleMode. Other drivers can leave pod info disabled and/or ignore this field. As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when deployed on such a cluster and the deployment determines which mode that is, for example via a command line parameter of the driver.", "volumeLifecycleModes": "volumeLifecycleModes defines what kind of volumes this CSI volume driver supports. The default if the list is empty is \"Persistent\", which is the usage defined by the CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. The other mode is \"Ephemeral\". In this mode, volumes are defined inline inside the pod spec with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. For more information about implementing this mode, see https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html A driver can support one or more of these modes and more modes may be added in the future. This field is beta.", "storageCapacity": "If set to true, storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information.\n\nThe check can be enabled immediately when deploying a driver. In that case, provisioning new volumes with late binding will pause until the driver deployment has published some suitable CSIStorageCapacity object.\n\nAlternatively, the driver can be deployed with the field unset or false and it can be flipped later when storage capacity information has been published.\n\nThis is an alpha field and only available when the CSIStorageCapacity feature is enabled. The default is false.", + "fsGroupPolicy": "Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. This field is alpha-level, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.", } func (CSIDriverSpec) SwaggerDoc() map[string]string { diff --git a/staging/src/k8s.io/api/storage/v1/zz_generated.deepcopy.go b/staging/src/k8s.io/api/storage/v1/zz_generated.deepcopy.go index d05dfa56f9e..5eb0225a06b 100644 --- a/staging/src/k8s.io/api/storage/v1/zz_generated.deepcopy.go +++ b/staging/src/k8s.io/api/storage/v1/zz_generated.deepcopy.go @@ -108,6 +108,11 @@ func (in *CSIDriverSpec) DeepCopyInto(out *CSIDriverSpec) { *out = new(bool) **out = **in } + if in.FSGroupPolicy != nil { + in, out := &in.FSGroupPolicy, &out.FSGroupPolicy + *out = new(FSGroupPolicy) + **out = **in + } return } diff --git a/staging/src/k8s.io/api/storage/v1beta1/generated.pb.go b/staging/src/k8s.io/api/storage/v1beta1/generated.pb.go index 8547f88fee9..cec77515e1e 100644 --- a/staging/src/k8s.io/api/storage/v1beta1/generated.pb.go +++ b/staging/src/k8s.io/api/storage/v1beta1/generated.pb.go @@ -520,93 +520,95 @@ func init() { } var fileDescriptor_7d2980599fd0de80 = []byte{ - // 1368 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x57, 0x3d, 0x6f, 0xdb, 0xc6, - 0x1b, 0x37, 0x2d, 0xbf, 0x9e, 0xec, 0x58, 0x3e, 0x1b, 0xff, 0xbf, 0xaa, 0x41, 0x34, 0x54, 0xb4, - 0x71, 0x82, 0x84, 0x4a, 0x8c, 0x34, 0x08, 0x02, 0x64, 0xb0, 0x1c, 0x03, 0x55, 0x62, 0x39, 0xee, - 0xd9, 0x08, 0x8a, 0xa0, 0x43, 0x4f, 0xe4, 0x13, 0x99, 0xb1, 0xc8, 0x63, 0xc8, 0x93, 0x5a, 0x6d, - 0x9d, 0x3a, 0x17, 0x1d, 0xfa, 0x09, 0xba, 0x75, 0x6e, 0x81, 0x76, 0xe9, 0xd8, 0x4c, 0x45, 0xd0, - 0x29, 0x93, 0xd0, 0xb0, 0x1f, 0xa1, 0x9b, 0xd1, 0xa1, 0xb8, 0xe3, 0x49, 0xa4, 0x28, 0x2a, 0xb6, - 0x3b, 0x78, 0xe3, 0x3d, 0x2f, 0xbf, 0xe7, 0xfd, 0xb9, 0x23, 0xda, 0x39, 0xb9, 0x17, 0x18, 0x36, - 0xab, 0x9e, 0x74, 0x9a, 0xe0, 0xbb, 0xc0, 0x21, 0xa8, 0x76, 0xc1, 0xb5, 0x98, 0x5f, 0x55, 0x0c, - 0xea, 0xd9, 0xd5, 0x80, 0x33, 0x9f, 0xb6, 0xa0, 0xda, 0xbd, 0xdd, 0x04, 0x4e, 0x6f, 0x57, 0x5b, - 0xe0, 0x82, 0x4f, 0x39, 0x58, 0x86, 0xe7, 0x33, 0xce, 0x70, 0x29, 0x92, 0x35, 0xa8, 0x67, 0x1b, - 0x4a, 0xd6, 0x50, 0xb2, 0xa5, 0x9b, 0x2d, 0x9b, 0x1f, 0x77, 0x9a, 0x86, 0xc9, 0x9c, 0x6a, 0x8b, - 0xb5, 0x58, 0x55, 0xaa, 0x34, 0x3b, 0xcf, 0xe5, 0x49, 0x1e, 0xe4, 0x57, 0x04, 0x55, 0xaa, 0x24, - 0xcc, 0x9a, 0xcc, 0x17, 0x36, 0xd3, 0xe6, 0x4a, 0x77, 0x62, 0x19, 0x87, 0x9a, 0xc7, 0xb6, 0x0b, - 0x7e, 0xaf, 0xea, 0x9d, 0xb4, 0x04, 0x21, 0xa8, 0x3a, 0xc0, 0x69, 0x96, 0x56, 0x75, 0x92, 0x96, - 0xdf, 0x71, 0xb9, 0xed, 0xc0, 0x98, 0xc2, 0xdd, 0xb3, 0x14, 0x02, 0xf3, 0x18, 0x1c, 0x9a, 0xd6, - 0xab, 0xfc, 0xa2, 0xa1, 0xc5, 0x9d, 0xc3, 0xfa, 0x43, 0xdf, 0xee, 0x82, 0x8f, 0x3f, 0x47, 0x0b, - 0xc2, 0x23, 0x8b, 0x72, 0x5a, 0xd4, 0x36, 0xb4, 0xcd, 0xfc, 0xd6, 0x2d, 0x23, 0x4e, 0xd7, 0x10, - 0xd8, 0xf0, 0x4e, 0x5a, 0x82, 0x10, 0x18, 0x42, 0xda, 0xe8, 0xde, 0x36, 0x9e, 0x34, 0x5f, 0x80, - 0xc9, 0x1b, 0xc0, 0x69, 0x0d, 0xbf, 0xea, 0xeb, 0x53, 0x61, 0x5f, 0x47, 0x31, 0x8d, 0x0c, 0x51, - 0xf1, 0x63, 0x34, 0x13, 0x78, 0x60, 0x16, 0xa7, 0x25, 0xfa, 0x35, 0x63, 0x72, 0x31, 0x8c, 0xa1, - 0x5b, 0x87, 0x1e, 0x98, 0xb5, 0x25, 0x05, 0x3b, 0x23, 0x4e, 0x44, 0x82, 0x54, 0x7e, 0xd6, 0xd0, - 0xf2, 0x50, 0x6a, 0xcf, 0x0e, 0x38, 0xfe, 0x6c, 0x2c, 0x00, 0xe3, 0x7c, 0x01, 0x08, 0x6d, 0xe9, - 0x7e, 0x41, 0xd9, 0x59, 0x18, 0x50, 0x12, 0xce, 0x3f, 0x42, 0xb3, 0x36, 0x07, 0x27, 0x28, 0x4e, - 0x6f, 0xe4, 0x36, 0xf3, 0x5b, 0x1f, 0x9c, 0xcb, 0xfb, 0xda, 0xb2, 0x42, 0x9c, 0xad, 0x0b, 0x5d, - 0x12, 0x41, 0x54, 0x7e, 0x98, 0x4e, 0xf8, 0x2e, 0x62, 0xc2, 0xf7, 0xd1, 0x15, 0xca, 0x39, 0x35, - 0x8f, 0x09, 0xbc, 0xec, 0xd8, 0x3e, 0x58, 0x32, 0x82, 0x85, 0x1a, 0x0e, 0xfb, 0xfa, 0x95, 0xed, - 0x11, 0x0e, 0x49, 0x49, 0x0a, 0x5d, 0x8f, 0x59, 0x75, 0xf7, 0x39, 0x7b, 0xe2, 0x36, 0x58, 0xc7, - 0xe5, 0x32, 0xc1, 0x4a, 0xf7, 0x60, 0x84, 0x43, 0x52, 0x92, 0xd8, 0x44, 0xeb, 0x5d, 0xd6, 0xee, - 0x38, 0xb0, 0x67, 0x3f, 0x07, 0xb3, 0x67, 0xb6, 0xa1, 0xc1, 0x2c, 0x08, 0x8a, 0xb9, 0x8d, 0xdc, - 0xe6, 0x62, 0xad, 0x1a, 0xf6, 0xf5, 0xf5, 0xa7, 0x19, 0xfc, 0xd3, 0xbe, 0xbe, 0x96, 0x41, 0x27, - 0x99, 0x60, 0xf8, 0x01, 0x5a, 0x51, 0x19, 0xda, 0xa1, 0x1e, 0x35, 0x6d, 0xde, 0x2b, 0xce, 0x48, - 0x0f, 0xd7, 0xc2, 0xbe, 0xbe, 0x72, 0x38, 0xca, 0x22, 0x69, 0xd9, 0xca, 0x4f, 0x1a, 0x9a, 0xdf, - 0x39, 0xac, 0xef, 0x33, 0x0b, 0x2e, 0xa1, 0x49, 0xeb, 0x23, 0x4d, 0x7a, 0xf5, 0x8c, 0x32, 0x0b, - 0xa7, 0x26, 0xb6, 0xe8, 0xdf, 0x51, 0x8b, 0x0a, 0x19, 0x35, 0x63, 0x1b, 0x68, 0xc6, 0xa5, 0x0e, - 0x48, 0xd7, 0x17, 0x63, 0x9d, 0x7d, 0xea, 0x00, 0x91, 0x1c, 0xfc, 0x21, 0x9a, 0x73, 0x99, 0x05, - 0xf5, 0x87, 0xd2, 0x81, 0xc5, 0xda, 0x15, 0x25, 0x33, 0xb7, 0x2f, 0xa9, 0x44, 0x71, 0xf1, 0x1d, - 0xb4, 0xc4, 0x99, 0xc7, 0xda, 0xac, 0xd5, 0x7b, 0x0c, 0xbd, 0x41, 0xc1, 0x0a, 0x61, 0x5f, 0x5f, - 0x3a, 0x4a, 0xd0, 0xc9, 0x88, 0x14, 0x6e, 0xa2, 0x3c, 0x6d, 0xb7, 0x99, 0x49, 0x39, 0x6d, 0xb6, - 0x41, 0x56, 0x21, 0xbf, 0x55, 0x7d, 0x57, 0x8c, 0x51, 0x95, 0x85, 0x71, 0x02, 0x01, 0xeb, 0xf8, - 0x26, 0x04, 0xb5, 0x95, 0xb0, 0xaf, 0xe7, 0xb7, 0x63, 0x1c, 0x92, 0x04, 0xad, 0xfc, 0xa8, 0xa1, - 0xbc, 0x8a, 0xfa, 0x12, 0xc6, 0xf2, 0xe3, 0xd1, 0xb1, 0x7c, 0xff, 0x1c, 0xf5, 0x9a, 0x30, 0x94, - 0xe6, 0xd0, 0x6d, 0x39, 0x91, 0x47, 0x68, 0xde, 0x92, 0x45, 0x0b, 0x8a, 0x9a, 0x84, 0xbe, 0x76, - 0x0e, 0x68, 0x35, 0xf5, 0x2b, 0xca, 0xc0, 0x7c, 0x74, 0x0e, 0xc8, 0x00, 0xaa, 0xf2, 0xed, 0x1c, - 0x5a, 0x1a, 0x34, 0x7c, 0x9b, 0x06, 0xc1, 0x25, 0x34, 0xf4, 0x47, 0x28, 0xef, 0xf9, 0xac, 0x6b, - 0x07, 0x36, 0x73, 0xc1, 0x57, 0x6d, 0xb5, 0xa6, 0x54, 0xf2, 0x07, 0x31, 0x8b, 0x24, 0xe5, 0x70, - 0x1b, 0x21, 0x8f, 0xfa, 0xd4, 0x01, 0x2e, 0x52, 0x90, 0x93, 0x29, 0xb8, 0xf7, 0xae, 0x14, 0x24, - 0xc3, 0x32, 0x0e, 0x86, 0xaa, 0xbb, 0x2e, 0xf7, 0x7b, 0xb1, 0x8b, 0x31, 0x83, 0x24, 0xf0, 0xf1, - 0x09, 0x5a, 0xf6, 0xc1, 0x6c, 0x53, 0xdb, 0x39, 0x60, 0x6d, 0xdb, 0x8c, 0x16, 0xc4, 0x62, 0x6d, - 0x37, 0xec, 0xeb, 0xcb, 0x24, 0xc9, 0x38, 0xed, 0xeb, 0xb7, 0xc6, 0x6f, 0x5e, 0xe3, 0x00, 0xfc, - 0xc0, 0x0e, 0x38, 0xb8, 0x3c, 0x6a, 0xd8, 0x11, 0x1d, 0x32, 0x8a, 0x2d, 0x66, 0xc7, 0x11, 0xdb, - 0xef, 0x89, 0xc7, 0x6d, 0xe6, 0x06, 0xc5, 0xd9, 0x78, 0x76, 0x1a, 0x09, 0x3a, 0x19, 0x91, 0xc2, - 0x7b, 0x68, 0x5d, 0xb4, 0xf9, 0x17, 0x91, 0x81, 0xdd, 0x2f, 0x3d, 0xea, 0x8a, 0x54, 0x15, 0xe7, - 0xe4, 0x2a, 0x2b, 0x8a, 0x55, 0xb9, 0x9d, 0xc1, 0x27, 0x99, 0x5a, 0xf8, 0x53, 0xb4, 0x1a, 0xed, - 0xca, 0x9a, 0xed, 0x5a, 0xb6, 0xdb, 0x12, 0x9b, 0xb2, 0x38, 0x2f, 0x83, 0xbe, 0x1e, 0xf6, 0xf5, - 0xd5, 0xa7, 0x69, 0xe6, 0x69, 0x16, 0x91, 0x8c, 0x83, 0xe0, 0x97, 0x68, 0x55, 0x5a, 0x04, 0x4b, - 0x2d, 0x02, 0x1b, 0x82, 0xe2, 0x82, 0xac, 0xdf, 0x66, 0xb2, 0x7e, 0x22, 0x75, 0xa2, 0x91, 0x06, - 0xeb, 0xe2, 0x10, 0xda, 0x60, 0x72, 0xe6, 0x1f, 0x81, 0xef, 0xd4, 0xde, 0x53, 0xf5, 0x5a, 0xdd, - 0x4e, 0x43, 0x91, 0x71, 0xf4, 0xd2, 0x03, 0xb4, 0x92, 0x2a, 0x38, 0x2e, 0xa0, 0xdc, 0x09, 0xf4, - 0xa2, 0x45, 0x47, 0xc4, 0x27, 0x5e, 0x47, 0xb3, 0x5d, 0xda, 0xee, 0x40, 0xd4, 0x81, 0x24, 0x3a, - 0xdc, 0x9f, 0xbe, 0xa7, 0x55, 0x7e, 0xd5, 0x50, 0x21, 0xd9, 0x3d, 0x97, 0xb0, 0x36, 0x1a, 0xa3, - 0x6b, 0x63, 0xf3, 0xbc, 0x8d, 0x3d, 0x61, 0x77, 0x7c, 0x3f, 0x8d, 0x0a, 0x51, 0x71, 0xa2, 0xbb, - 0xda, 0x01, 0x97, 0x5f, 0xc2, 0x68, 0x93, 0x91, 0xbb, 0xea, 0xd6, 0xd9, 0x7b, 0x3c, 0xf6, 0x6e, - 0xd2, 0xa5, 0x85, 0x9f, 0xa1, 0xb9, 0x80, 0x53, 0xde, 0x11, 0x33, 0x2f, 0x50, 0xb7, 0x2e, 0x84, - 0x2a, 0x35, 0xe3, 0x4b, 0x2b, 0x3a, 0x13, 0x85, 0x58, 0xf9, 0x4d, 0x43, 0xeb, 0x69, 0x95, 0x4b, - 0x28, 0xf6, 0x27, 0xa3, 0xc5, 0xbe, 0x71, 0x91, 0x88, 0x26, 0x14, 0xfc, 0x0f, 0x0d, 0xfd, 0x6f, - 0x2c, 0x78, 0x79, 0x3d, 0x8a, 0x3d, 0xe1, 0xa5, 0xb6, 0xd1, 0x7e, 0x7c, 0xe7, 0xcb, 0x3d, 0x71, - 0x90, 0xc1, 0x27, 0x99, 0x5a, 0xf8, 0x05, 0x2a, 0xd8, 0x6e, 0xdb, 0x76, 0x21, 0xa2, 0x1d, 0xc6, - 0xe5, 0xce, 0x1c, 0xe6, 0x34, 0xb2, 0x2c, 0xf3, 0x7a, 0xd8, 0xd7, 0x0b, 0xf5, 0x14, 0x0a, 0x19, - 0xc3, 0xad, 0xfc, 0x9e, 0x51, 0x1e, 0x79, 0x17, 0xde, 0x40, 0x0b, 0xd1, 0x9b, 0x13, 0x7c, 0x15, - 0xc6, 0x30, 0xdd, 0xdb, 0x8a, 0x4e, 0x86, 0x12, 0xb2, 0x83, 0x64, 0x2a, 0x94, 0xa3, 0x17, 0xeb, - 0x20, 0xa9, 0x99, 0xe8, 0x20, 0x79, 0x26, 0x0a, 0x51, 0x78, 0x22, 0x1e, 0x40, 0x32, 0xa1, 0xb9, - 0x51, 0x4f, 0xf6, 0x15, 0x9d, 0x0c, 0x25, 0x2a, 0xff, 0xe4, 0x32, 0xaa, 0x24, 0x5b, 0x31, 0x11, - 0xd2, 0xe0, 0xa9, 0x9d, 0x0e, 0xc9, 0x1a, 0x86, 0x64, 0xe1, 0xef, 0x34, 0x84, 0xe9, 0x10, 0xa2, - 0x31, 0x68, 0xd5, 0xa8, 0x9f, 0x1e, 0x5d, 0x7c, 0x42, 0x8c, 0xed, 0x31, 0xb0, 0xe8, 0x9e, 0x2c, - 0x29, 0x27, 0xf0, 0xb8, 0x00, 0xc9, 0xf0, 0x00, 0xdb, 0x28, 0x1f, 0x51, 0x77, 0x7d, 0x9f, 0xf9, - 0x6a, 0x64, 0xaf, 0x9e, 0xed, 0x90, 0x14, 0xaf, 0x95, 0xe5, 0x43, 0x2e, 0xd6, 0x3f, 0xed, 0xeb, - 0xf9, 0x04, 0x9f, 0x24, 0xb1, 0x85, 0x29, 0x0b, 0x62, 0x53, 0x33, 0xff, 0xc1, 0xd4, 0x43, 0x98, - 0x6c, 0x2a, 0x81, 0x5d, 0xda, 0x45, 0xff, 0x9f, 0x90, 0xa0, 0x0b, 0xdd, 0x2b, 0x5f, 0x6b, 0x28, - 0x69, 0x03, 0xef, 0xa1, 0x19, 0xf1, 0x3b, 0xac, 0x36, 0xcc, 0xf5, 0xf3, 0x6d, 0x98, 0x23, 0xdb, - 0x81, 0x78, 0x51, 0x8a, 0x13, 0x91, 0x28, 0xf8, 0x1a, 0x9a, 0x77, 0x20, 0x08, 0x68, 0x4b, 0x59, - 0x8e, 0x5f, 0x7d, 0x8d, 0x88, 0x4c, 0x06, 0xfc, 0xca, 0x5d, 0xb4, 0x96, 0xf1, 0x8e, 0xc6, 0x3a, - 0x9a, 0x35, 0xe5, 0xff, 0x9a, 0x70, 0x68, 0xb6, 0xb6, 0x28, 0xb6, 0xcc, 0x8e, 0xfc, 0x4d, 0x8b, - 0xe8, 0xb5, 0x9b, 0xaf, 0xde, 0x96, 0xa7, 0x5e, 0xbf, 0x2d, 0x4f, 0xbd, 0x79, 0x5b, 0x9e, 0xfa, - 0x2a, 0x2c, 0x6b, 0xaf, 0xc2, 0xb2, 0xf6, 0x3a, 0x2c, 0x6b, 0x6f, 0xc2, 0xb2, 0xf6, 0x67, 0x58, - 0xd6, 0xbe, 0xf9, 0xab, 0x3c, 0xf5, 0x6c, 0x5e, 0xe5, 0xfb, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, - 0xeb, 0xa0, 0x59, 0x1b, 0x23, 0x11, 0x00, 0x00, + // 1400 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x57, 0x3d, 0x6f, 0xdb, 0x46, + 0x1f, 0x37, 0x2d, 0xc9, 0x2f, 0x27, 0x3b, 0x96, 0xcf, 0xc6, 0xf3, 0xe8, 0xd1, 0x20, 0x1a, 0x7a, + 0xd0, 0xc6, 0x09, 0x12, 0x2a, 0x31, 0xd2, 0x20, 0x08, 0x90, 0xc1, 0x72, 0xdc, 0x46, 0x89, 0xe5, + 0xb8, 0x27, 0x23, 0x28, 0x82, 0x0e, 0x3d, 0x91, 0x67, 0x99, 0xb1, 0xc8, 0x63, 0xc8, 0x93, 0x5a, + 0x6d, 0x9d, 0x3a, 0x17, 0x1d, 0xfa, 0x09, 0xfa, 0x15, 0x5a, 0xa0, 0x5d, 0x3a, 0x36, 0x53, 0x11, + 0x74, 0xca, 0x44, 0x34, 0xec, 0x47, 0x28, 0xba, 0x18, 0x1d, 0x8a, 0x3b, 0x9e, 0xc4, 0x17, 0x51, + 0xb1, 0xdd, 0xc1, 0x1b, 0xef, 0xff, 0xf2, 0xfb, 0xbf, 0xff, 0xef, 0x08, 0x76, 0x4e, 0xee, 0x79, + 0x9a, 0x49, 0xeb, 0x27, 0xfd, 0x0e, 0x71, 0x6d, 0xc2, 0x88, 0x57, 0x1f, 0x10, 0xdb, 0xa0, 0x6e, + 0x5d, 0x32, 0xb0, 0x63, 0xd6, 0x3d, 0x46, 0x5d, 0xdc, 0x25, 0xf5, 0xc1, 0xed, 0x0e, 0x61, 0xf8, + 0x76, 0xbd, 0x4b, 0x6c, 0xe2, 0x62, 0x46, 0x0c, 0xcd, 0x71, 0x29, 0xa3, 0xb0, 0x12, 0xca, 0x6a, + 0xd8, 0x31, 0x35, 0x29, 0xab, 0x49, 0xd9, 0xca, 0xcd, 0xae, 0xc9, 0x8e, 0xfb, 0x1d, 0x4d, 0xa7, + 0x56, 0xbd, 0x4b, 0xbb, 0xb4, 0x2e, 0x54, 0x3a, 0xfd, 0x23, 0x71, 0x12, 0x07, 0xf1, 0x15, 0x42, + 0x55, 0x6a, 0x31, 0xb3, 0x3a, 0x75, 0xb9, 0xcd, 0xb4, 0xb9, 0xca, 0x9d, 0x48, 0xc6, 0xc2, 0xfa, + 0xb1, 0x69, 0x13, 0x77, 0x58, 0x77, 0x4e, 0xba, 0x9c, 0xe0, 0xd5, 0x2d, 0xc2, 0x70, 0x96, 0x56, + 0x7d, 0x9a, 0x96, 0xdb, 0xb7, 0x99, 0x69, 0x91, 0x09, 0x85, 0xbb, 0x67, 0x29, 0x78, 0xfa, 0x31, + 0xb1, 0x70, 0x5a, 0xaf, 0xf6, 0x93, 0x02, 0x16, 0x77, 0xda, 0xcd, 0x87, 0xae, 0x39, 0x20, 0x2e, + 0xfc, 0x0c, 0x2c, 0x70, 0x8f, 0x0c, 0xcc, 0x70, 0x59, 0xd9, 0x50, 0x36, 0x8b, 0x5b, 0xb7, 0xb4, + 0x28, 0x5d, 0x63, 0x60, 0xcd, 0x39, 0xe9, 0x72, 0x82, 0xa7, 0x71, 0x69, 0x6d, 0x70, 0x5b, 0x7b, + 0xda, 0x79, 0x41, 0x74, 0xd6, 0x22, 0x0c, 0x37, 0xe0, 0x2b, 0x5f, 0x9d, 0x09, 0x7c, 0x15, 0x44, + 0x34, 0x34, 0x46, 0x85, 0x4f, 0x40, 0xde, 0x73, 0x88, 0x5e, 0x9e, 0x15, 0xe8, 0xd7, 0xb4, 0xe9, + 0xc5, 0xd0, 0xc6, 0x6e, 0xb5, 0x1d, 0xa2, 0x37, 0x96, 0x24, 0x6c, 0x9e, 0x9f, 0x90, 0x00, 0xa9, + 0xfd, 0xa8, 0x80, 0xe5, 0xb1, 0xd4, 0x9e, 0xe9, 0x31, 0xf8, 0xe9, 0x44, 0x00, 0xda, 0xf9, 0x02, + 0xe0, 0xda, 0xc2, 0xfd, 0x92, 0xb4, 0xb3, 0x30, 0xa2, 0xc4, 0x9c, 0x7f, 0x0c, 0x0a, 0x26, 0x23, + 0x96, 0x57, 0x9e, 0xdd, 0xc8, 0x6d, 0x16, 0xb7, 0xde, 0x3b, 0x97, 0xf7, 0x8d, 0x65, 0x89, 0x58, + 0x68, 0x72, 0x5d, 0x14, 0x42, 0xd4, 0xfe, 0x9a, 0x8d, 0xf9, 0xce, 0x63, 0x82, 0xf7, 0xc1, 0x15, + 0xcc, 0x18, 0xd6, 0x8f, 0x11, 0x79, 0xd9, 0x37, 0x5d, 0x62, 0x88, 0x08, 0x16, 0x1a, 0x30, 0xf0, + 0xd5, 0x2b, 0xdb, 0x09, 0x0e, 0x4a, 0x49, 0x72, 0x5d, 0x87, 0x1a, 0x4d, 0xfb, 0x88, 0x3e, 0xb5, + 0x5b, 0xb4, 0x6f, 0x33, 0x91, 0x60, 0xa9, 0x7b, 0x90, 0xe0, 0xa0, 0x94, 0x24, 0xd4, 0xc1, 0xfa, + 0x80, 0xf6, 0xfa, 0x16, 0xd9, 0x33, 0x8f, 0x88, 0x3e, 0xd4, 0x7b, 0xa4, 0x45, 0x0d, 0xe2, 0x95, + 0x73, 0x1b, 0xb9, 0xcd, 0xc5, 0x46, 0x3d, 0xf0, 0xd5, 0xf5, 0x67, 0x19, 0xfc, 0x53, 0x5f, 0x5d, + 0xcb, 0xa0, 0xa3, 0x4c, 0x30, 0xf8, 0x00, 0xac, 0xc8, 0x0c, 0xed, 0x60, 0x07, 0xeb, 0x26, 0x1b, + 0x96, 0xf3, 0xc2, 0xc3, 0xb5, 0xc0, 0x57, 0x57, 0xda, 0x49, 0x16, 0x4a, 0xcb, 0xc2, 0x47, 0x60, + 0xf9, 0xc8, 0xfb, 0xc8, 0xa5, 0x7d, 0xe7, 0x80, 0xf6, 0x4c, 0x7d, 0x58, 0x2e, 0x6c, 0x28, 0x9b, + 0x8b, 0x8d, 0x5a, 0xe0, 0xab, 0xcb, 0x1f, 0xb6, 0x63, 0x8c, 0xd3, 0x34, 0x01, 0x25, 0x15, 0x6b, + 0x3f, 0x28, 0x60, 0x7e, 0xa7, 0xdd, 0xdc, 0xa7, 0x06, 0xb9, 0x84, 0x76, 0x6f, 0x26, 0xda, 0xfd, + 0xea, 0x19, 0x0d, 0xc3, 0x9d, 0x9a, 0xda, 0xec, 0x7f, 0x86, 0xcd, 0xce, 0x65, 0xe4, 0xb4, 0x6e, + 0x80, 0xbc, 0x8d, 0x2d, 0x22, 0x5c, 0x5f, 0x8c, 0x74, 0xf6, 0xb1, 0x45, 0x90, 0xe0, 0xc0, 0xf7, + 0xc1, 0x9c, 0x4d, 0x0d, 0xd2, 0x7c, 0x28, 0x1c, 0x58, 0x6c, 0x5c, 0x91, 0x32, 0x73, 0xfb, 0x82, + 0x8a, 0x24, 0x17, 0xde, 0x01, 0x4b, 0x8c, 0x3a, 0xb4, 0x47, 0xbb, 0xc3, 0x27, 0x64, 0x38, 0x2a, + 0x7d, 0x29, 0xf0, 0xd5, 0xa5, 0xc3, 0x18, 0x1d, 0x25, 0xa4, 0x60, 0x07, 0x14, 0x71, 0xaf, 0x47, + 0x75, 0xcc, 0x70, 0xa7, 0x47, 0x44, 0x3d, 0x8b, 0x5b, 0xf5, 0x77, 0xc5, 0x18, 0xf6, 0x0b, 0x37, + 0x8e, 0x88, 0x47, 0xfb, 0xae, 0x4e, 0xbc, 0xc6, 0x4a, 0xe0, 0xab, 0xc5, 0xed, 0x08, 0x07, 0xc5, + 0x41, 0x6b, 0xdf, 0x2b, 0xa0, 0x28, 0xa3, 0xbe, 0x84, 0x01, 0x7f, 0x94, 0x1c, 0xf0, 0xff, 0x9f, + 0xa3, 0x5e, 0x53, 0xc6, 0x5b, 0x1f, 0xbb, 0x2d, 0x66, 0xfb, 0x10, 0xcc, 0x1b, 0xa2, 0x68, 0x5e, + 0x59, 0x11, 0xd0, 0xd7, 0xce, 0x01, 0x2d, 0xf7, 0xc7, 0x8a, 0x34, 0x30, 0x1f, 0x9e, 0x3d, 0x34, + 0x82, 0xaa, 0x7d, 0x33, 0x07, 0x96, 0x46, 0xa3, 0xd3, 0xc3, 0x9e, 0x77, 0x09, 0x0d, 0xfd, 0x01, + 0x28, 0x3a, 0x2e, 0x1d, 0x98, 0x9e, 0x49, 0x6d, 0xe2, 0xca, 0xb6, 0x5a, 0x93, 0x2a, 0xc5, 0x83, + 0x88, 0x85, 0xe2, 0x72, 0xb0, 0x07, 0x80, 0x83, 0x5d, 0x6c, 0x11, 0xc6, 0x53, 0x90, 0x13, 0x29, + 0xb8, 0xf7, 0xae, 0x14, 0xc4, 0xc3, 0xd2, 0x0e, 0xc6, 0xaa, 0xbb, 0x36, 0x73, 0x87, 0x91, 0x8b, + 0x11, 0x03, 0xc5, 0xf0, 0xe1, 0x09, 0x58, 0x76, 0x89, 0xde, 0xc3, 0xa6, 0x25, 0xb7, 0x45, 0x5e, + 0xb8, 0xb9, 0xcb, 0xb7, 0x05, 0x8a, 0x33, 0x4e, 0x7d, 0xf5, 0xd6, 0xe4, 0x1d, 0xae, 0x1d, 0x10, + 0xd7, 0x33, 0x3d, 0x46, 0x6c, 0x16, 0x36, 0x6c, 0x42, 0x07, 0x25, 0xb1, 0xf9, 0xec, 0x58, 0x7c, + 0x8f, 0x3e, 0x75, 0x98, 0x49, 0x6d, 0xaf, 0x5c, 0x88, 0x66, 0xa7, 0x15, 0xa3, 0xa3, 0x84, 0x14, + 0xdc, 0x03, 0xeb, 0xbc, 0xcd, 0x3f, 0x0f, 0x0d, 0xec, 0x7e, 0xe1, 0x60, 0x9b, 0xa7, 0xaa, 0x3c, + 0x27, 0x96, 0x62, 0x99, 0x2f, 0xdd, 0xed, 0x0c, 0x3e, 0xca, 0xd4, 0x82, 0x9f, 0x80, 0xd5, 0x70, + 0xeb, 0x36, 0x4c, 0xdb, 0x30, 0xed, 0x2e, 0xdf, 0xb9, 0xe5, 0x79, 0x11, 0xf4, 0xf5, 0xc0, 0x57, + 0x57, 0x9f, 0xa5, 0x99, 0xa7, 0x59, 0x44, 0x34, 0x09, 0x02, 0x5f, 0x82, 0x55, 0x61, 0x91, 0x18, + 0x72, 0x11, 0x98, 0xc4, 0x2b, 0x2f, 0x88, 0xfa, 0x6d, 0xc6, 0xeb, 0xc7, 0x53, 0xc7, 0x1b, 0x69, + 0xb4, 0x2e, 0xda, 0xa4, 0x47, 0x74, 0x46, 0xdd, 0x43, 0xe2, 0x5a, 0x8d, 0xff, 0xc9, 0x7a, 0xad, + 0x6e, 0xa7, 0xa1, 0xd0, 0x24, 0x7a, 0xe5, 0x01, 0x58, 0x49, 0x15, 0x1c, 0x96, 0x40, 0xee, 0x84, + 0x0c, 0xc3, 0x45, 0x87, 0xf8, 0x27, 0x5c, 0x07, 0x85, 0x01, 0xee, 0xf5, 0x49, 0xd8, 0x81, 0x28, + 0x3c, 0xdc, 0x9f, 0xbd, 0xa7, 0xd4, 0x7e, 0x56, 0x40, 0x29, 0xde, 0x3d, 0x97, 0xb0, 0x36, 0x5a, + 0xc9, 0xb5, 0xb1, 0x79, 0xde, 0xc6, 0x9e, 0xb2, 0x3b, 0xbe, 0x9b, 0x05, 0xa5, 0xb0, 0x38, 0xe1, + 0xad, 0x6f, 0x11, 0x9b, 0x5d, 0xc2, 0x68, 0xa3, 0xc4, 0x5d, 0x75, 0xeb, 0xec, 0x3d, 0x1e, 0x79, + 0x37, 0xed, 0xd2, 0x82, 0xcf, 0xc1, 0x9c, 0xc7, 0x30, 0xeb, 0xf3, 0x99, 0xe7, 0xa8, 0x5b, 0x17, + 0x42, 0x15, 0x9a, 0xd1, 0xa5, 0x15, 0x9e, 0x91, 0x44, 0xac, 0xfd, 0xa2, 0x80, 0xf5, 0xb4, 0xca, + 0x25, 0x14, 0xfb, 0xe3, 0x64, 0xb1, 0x6f, 0x5c, 0x24, 0xa2, 0x29, 0x05, 0xff, 0x4d, 0x01, 0xff, + 0x99, 0x08, 0x5e, 0x5c, 0x8f, 0x7c, 0x4f, 0x38, 0xa9, 0x6d, 0xb4, 0x1f, 0xdd, 0xf9, 0x62, 0x4f, + 0x1c, 0x64, 0xf0, 0x51, 0xa6, 0x16, 0x7c, 0x01, 0x4a, 0xa6, 0xdd, 0x33, 0x6d, 0x12, 0xd2, 0xda, + 0x51, 0xb9, 0x33, 0x87, 0x39, 0x8d, 0x2c, 0xca, 0xbc, 0x1e, 0xf8, 0x6a, 0xa9, 0x99, 0x42, 0x41, + 0x13, 0xb8, 0xb5, 0x5f, 0x33, 0xca, 0x23, 0xee, 0xc2, 0x1b, 0x60, 0x21, 0x7c, 0xbd, 0x12, 0x57, + 0x86, 0x31, 0x4e, 0xf7, 0xb6, 0xa4, 0xa3, 0xb1, 0x84, 0xe8, 0x20, 0x91, 0x0a, 0xe9, 0xe8, 0xc5, + 0x3a, 0x48, 0x68, 0xc6, 0x3a, 0x48, 0x9c, 0x91, 0x44, 0xe4, 0x9e, 0xf0, 0x07, 0x90, 0x48, 0x68, + 0x2e, 0xe9, 0xc9, 0xbe, 0xa4, 0xa3, 0xb1, 0x44, 0xed, 0xef, 0x5c, 0x46, 0x95, 0x44, 0x2b, 0xc6, + 0x42, 0x1a, 0x3d, 0xda, 0xd3, 0x21, 0x19, 0xe3, 0x90, 0x0c, 0xf8, 0xad, 0x02, 0x20, 0x1e, 0x43, + 0xb4, 0x46, 0xad, 0x1a, 0xf6, 0xd3, 0xe3, 0x8b, 0x4f, 0x88, 0xb6, 0x3d, 0x01, 0x16, 0xde, 0x93, + 0x15, 0xe9, 0x04, 0x9c, 0x14, 0x40, 0x19, 0x1e, 0x40, 0x13, 0x14, 0x43, 0xea, 0xae, 0xeb, 0x52, + 0x57, 0x8e, 0xec, 0xd5, 0xb3, 0x1d, 0x12, 0xe2, 0x8d, 0xaa, 0x78, 0xc8, 0x45, 0xfa, 0xa7, 0xbe, + 0x5a, 0x8c, 0xf1, 0x51, 0x1c, 0x9b, 0x9b, 0x32, 0x48, 0x64, 0x2a, 0xff, 0x2f, 0x4c, 0x3d, 0x24, + 0xd3, 0x4d, 0xc5, 0xb0, 0x2b, 0xbb, 0xe0, 0xbf, 0x53, 0x12, 0x74, 0xa1, 0x7b, 0xe5, 0x2b, 0x05, + 0xc4, 0x6d, 0xc0, 0x3d, 0x90, 0xe7, 0x3f, 0xd6, 0x72, 0xc3, 0x5c, 0x3f, 0xdf, 0x86, 0x39, 0x34, + 0x2d, 0x12, 0x2d, 0x4a, 0x7e, 0x42, 0x02, 0x05, 0x5e, 0x03, 0xf3, 0x16, 0xf1, 0x3c, 0xdc, 0x95, + 0x96, 0xa3, 0x57, 0x5f, 0x2b, 0x24, 0xa3, 0x11, 0xbf, 0x76, 0x17, 0xac, 0x65, 0xbc, 0xa3, 0xa1, + 0x0a, 0x0a, 0xba, 0xf8, 0xf3, 0xe3, 0x0e, 0x15, 0x1a, 0x8b, 0x7c, 0xcb, 0xec, 0x88, 0x1f, 0xbe, + 0x90, 0xde, 0xb8, 0xf9, 0xea, 0x6d, 0x75, 0xe6, 0xf5, 0xdb, 0xea, 0xcc, 0x9b, 0xb7, 0xd5, 0x99, + 0x2f, 0x83, 0xaa, 0xf2, 0x2a, 0xa8, 0x2a, 0xaf, 0x83, 0xaa, 0xf2, 0x26, 0xa8, 0x2a, 0xbf, 0x07, + 0x55, 0xe5, 0xeb, 0x3f, 0xaa, 0x33, 0xcf, 0xe7, 0x65, 0xbe, 0xff, 0x09, 0x00, 0x00, 0xff, 0xff, + 0x4b, 0x3f, 0x49, 0x6e, 0x6d, 0x11, 0x00, 0x00, } func (m *CSIDriver) Marshal() (dAtA []byte, err error) { @@ -719,6 +721,13 @@ func (m *CSIDriverSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.FSGroupPolicy != nil { + i -= len(*m.FSGroupPolicy) + copy(dAtA[i:], *m.FSGroupPolicy) + i = encodeVarintGenerated(dAtA, i, uint64(len(*m.FSGroupPolicy))) + i-- + dAtA[i] = 0x2a + } if m.StorageCapacity != nil { i-- if *m.StorageCapacity { @@ -1490,6 +1499,10 @@ func (m *CSIDriverSpec) Size() (n int) { if m.StorageCapacity != nil { n += 2 } + if m.FSGroupPolicy != nil { + l = len(*m.FSGroupPolicy) + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -1779,6 +1792,7 @@ func (this *CSIDriverSpec) String() string { `PodInfoOnMount:` + valueToStringGenerated(this.PodInfoOnMount) + `,`, `VolumeLifecycleModes:` + fmt.Sprintf("%v", this.VolumeLifecycleModes) + `,`, `StorageCapacity:` + valueToStringGenerated(this.StorageCapacity) + `,`, + `FSGroupPolicy:` + valueToStringGenerated(this.FSGroupPolicy) + `,`, `}`, }, "") return s @@ -2352,6 +2366,39 @@ func (m *CSIDriverSpec) Unmarshal(dAtA []byte) error { } b := bool(v != 0) m.StorageCapacity = &b + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field FSGroupPolicy", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := FSGroupPolicy(dAtA[iNdEx:postIndex]) + m.FSGroupPolicy = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/staging/src/k8s.io/api/storage/v1beta1/generated.proto b/staging/src/k8s.io/api/storage/v1beta1/generated.proto index 8d934a3c655..e61876ed566 100644 --- a/staging/src/k8s.io/api/storage/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/storage/v1beta1/generated.proto @@ -139,6 +139,14 @@ message CSIDriverSpec { // // +optional optional bool storageCapacity = 4; + + // Defines if the underlying volume supports changing ownership and + // permission of the volume before being mounted. + // Refer to the specific FSGroupPolicy values for additional details. + // This field is alpha-level, and is only honored by servers + // that enable the CSIVolumeFSGroupPolicy feature gate. + // +optional + optional string fsGroupPolicy = 5; } // DEPRECATED - This group version of CSINode is deprecated by storage/v1/CSINode. diff --git a/staging/src/k8s.io/api/storage/v1beta1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/storage/v1beta1/types_swagger_doc_generated.go index 278d73f1bfe..60cc4c6a45e 100644 --- a/staging/src/k8s.io/api/storage/v1beta1/types_swagger_doc_generated.go +++ b/staging/src/k8s.io/api/storage/v1beta1/types_swagger_doc_generated.go @@ -53,6 +53,7 @@ var map_CSIDriverSpec = map[string]string{ "podInfoOnMount": "If set to true, podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations. If set to false, pod information will not be passed on mount. Default is false. The CSI driver specifies podInfoOnMount as part of driver deployment. If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. The following VolumeConext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. \"csi.storage.k8s.io/pod.name\": pod.Name \"csi.storage.k8s.io/pod.namespace\": pod.Namespace \"csi.storage.k8s.io/pod.uid\": string(pod.UID) \"csi.storage.k8s.io/ephemeral\": \"true\" iff the volume is an ephemeral inline volume\n defined by a CSIVolumeSource, otherwise \"false\"\n\n\"csi.storage.k8s.io/ephemeral\" is a new feature in Kubernetes 1.16. It is only required for drivers which support both the \"Persistent\" and \"Ephemeral\" VolumeLifecycleMode. Other drivers can leave pod info disabled and/or ignore this field. As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when deployed on such a cluster and the deployment determines which mode that is, for example via a command line parameter of the driver.", "volumeLifecycleModes": "VolumeLifecycleModes defines what kind of volumes this CSI volume driver supports. The default if the list is empty is \"Persistent\", which is the usage defined by the CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. The other mode is \"Ephemeral\". In this mode, volumes are defined inline inside the pod spec with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. For more information about implementing this mode, see https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html A driver can support one or more of these modes and more modes may be added in the future.", "storageCapacity": "If set to true, storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information.\n\nThe check can be enabled immediately when deploying a driver. In that case, provisioning new volumes with late binding will pause until the driver deployment has published some suitable CSIStorageCapacity object.\n\nAlternatively, the driver can be deployed with the field unset or false and it can be flipped later when storage capacity information has been published.\n\nThis is an alpha field and only available when the CSIStorageCapacity feature is enabled. The default is false.", + "fsGroupPolicy": "Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. This field is alpha-level, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.", } func (CSIDriverSpec) SwaggerDoc() map[string]string { diff --git a/staging/src/k8s.io/api/storage/v1beta1/zz_generated.deepcopy.go b/staging/src/k8s.io/api/storage/v1beta1/zz_generated.deepcopy.go index 19979cf9733..a1538c13195 100644 --- a/staging/src/k8s.io/api/storage/v1beta1/zz_generated.deepcopy.go +++ b/staging/src/k8s.io/api/storage/v1beta1/zz_generated.deepcopy.go @@ -108,6 +108,11 @@ func (in *CSIDriverSpec) DeepCopyInto(out *CSIDriverSpec) { *out = new(bool) **out = **in } + if in.FSGroupPolicy != nil { + in, out := &in.FSGroupPolicy, &out.FSGroupPolicy + *out = new(FSGroupPolicy) + **out = **in + } return } diff --git a/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1.CSIDriver.json b/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1.CSIDriver.json index d590a43bb60..6fe7dbd2b46 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1.CSIDriver.json +++ b/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1.CSIDriver.json @@ -46,6 +46,7 @@ "volumeLifecycleModes": [ "r鯹)晿\u003co,c鮽ort昍řČ扷5ƗǸ" ], - "storageCapacity": true + "storageCapacity": true, + "fsGroupPolicy": "/ʕVŚ(ĿȊ甞谐颋DžSǡ" } } \ No newline at end of file diff --git a/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1.CSIDriver.pb b/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1.CSIDriver.pb index 8fe4cf4e5f811af406ae07d48789ced5069666b0..fd70e9d3998d786f719e036c9f594c86be093801 100644 GIT binary patch delta 48 zcmV-00MGw|0-XYoB?0o0CawWQk<}?5Dj6@zl~%=?D8#?WiszJ`=&+FKqKn6cQ^%ni G03rbY>J~u& delta 21 dcmbQs)WkGFmGSySwRMb|6R&ErNHHie002zH1`hxL diff --git a/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1.CSIDriver.yaml b/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1.CSIDriver.yaml index f942706f0ad..9e7b4cf89c2 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1.CSIDriver.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1.CSIDriver.yaml @@ -31,6 +31,7 @@ metadata: uid: "7" spec: attachRequired: false + fsGroupPolicy: /ʕVŚ(ĿȊ甞谐颋DžSǡ podInfoOnMount: false storageCapacity: true volumeLifecycleModes: diff --git a/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1beta1.CSIDriver.json b/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1beta1.CSIDriver.json index 81b422563b7..38d938f9ce5 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1beta1.CSIDriver.json +++ b/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1beta1.CSIDriver.json @@ -46,6 +46,7 @@ "volumeLifecycleModes": [ "r鯹)晿\u003co,c鮽ort昍řČ扷5ƗǸ" ], - "storageCapacity": true + "storageCapacity": true, + "fsGroupPolicy": "/ʕVŚ(ĿȊ甞谐颋DžSǡ" } } \ No newline at end of file diff --git a/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1beta1.CSIDriver.pb b/staging/src/k8s.io/api/testdata/HEAD/storage.k8s.io.v1beta1.CSIDriver.pb index ee51a4caeac84096650ddbdbcfaffcf990beef53..76d98ea818e64e85b7d629434905535695a6f00a 100644 GIT binary patch delta 48 zcmV-00MGx20-^$tDgpA5E3N@Vk=iLADj6@zl~%=?D8#?WiszJ`=&+FKqKn6cQ^%ni G03rYc6Bb$k delta 21 dcmZ3))Xp?Pi}CtI?RAWr6K`p Date: Mon, 22 Jun 2020 13:11:42 -0400 Subject: [PATCH 3/4] Updated fuzzer to get RoundTripTest passing --- pkg/apis/storage/fuzzer/fuzzer.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/apis/storage/fuzzer/fuzzer.go b/pkg/apis/storage/fuzzer/fuzzer.go index ed8621899ab..070e9579b4a 100644 --- a/pkg/apis/storage/fuzzer/fuzzer.go +++ b/pkg/apis/storage/fuzzer/fuzzer.go @@ -18,6 +18,7 @@ package fuzzer import ( "fmt" + fuzz "github.com/google/gofuzz" runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer" @@ -82,6 +83,10 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} { obj.Spec.StorageCapacity = new(bool) *(obj.Spec.StorageCapacity) = false } + if obj.Spec.FSGroupPolicy == nil { + obj.Spec.FSGroupPolicy = new(storage.FSGroupPolicy) + *obj.Spec.FSGroupPolicy = storage.ReadWriteOnceWithFSTypeFSGroupPolicy + } if len(obj.Spec.VolumeLifecycleModes) == 0 { obj.Spec.VolumeLifecycleModes = []storage.VolumeLifecycleMode{ storage.VolumeLifecyclePersistent, From ade2f83685faf1b1f869fe321c4fd9c8a002d3fc Mon Sep 17 00:00:00 2001 From: Hemant Kumar Date: Wed, 8 Jul 2020 15:25:03 -0400 Subject: [PATCH 4/4] Simplify the code --- pkg/volume/csi/csi_mounter.go | 83 +++++++++++------------------------ 1 file changed, 25 insertions(+), 58 deletions(-) diff --git a/pkg/volume/csi/csi_mounter.go b/pkg/volume/csi/csi_mounter.go index f30e02e5eeb..4195ab38759 100644 --- a/pkg/volume/csi/csi_mounter.go +++ b/pkg/volume/csi/csi_mounter.go @@ -28,7 +28,6 @@ import ( "k8s.io/klog/v2" api "k8s.io/api/core/v1" - v1 "k8s.io/api/core/v1" storage "k8s.io/api/storage/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/types" @@ -278,23 +277,8 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error klog.V(2).Info(log("error checking for SELinux support: %s", err)) } - fsGroupFeatureGateEnabled := utilfeature.DefaultFeatureGate.Enabled(features.CSIVolumeFSGroupPolicy) - // If the feature gate isn't enabled, then adjust the CSIDriver to use the ReadWriteOnceWithFSTypeFSGroupPolicy - // policy. This keeps the default behavior. - if !fsGroupFeatureGateEnabled { - c.fsGroupPolicy = storage.ReadWriteOnceWithFSTypeFSGroupPolicy - } - - // If the the FSGroupPolicy isn't NoneFSGroupPolicy, then we should attempt to modify - // the fsGroup. At this point the feature gate is enabled, so we should proceed, - // or it's disabled, at which point we should evaluate the fstype and pv.AccessMode - // and update the fsGroup appropriately. - if c.fsGroupPolicy != storage.NoneFSGroupPolicy { - - // The following logic is derived from https://github.com/kubernetes/kubernetes/issues/66323 - // if fstype is "", then skip fsgroup (could be indication of non-block filesystem) - // if fstype is provided and pv.AccessMode == ReadWriteOnly, then apply fsgroup - err = c.applyFSGroup(fsType, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy) + if c.supportsFSGroup(fsType, mounterArgs.FsGroup, c.fsGroupPolicy) { + err := volume.SetVolumeOwnership(c, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy) if err != nil { // At this point mount operation is successful: // 1. Since volume can not be used by the pod because of invalid permissions, we must return error @@ -302,6 +286,7 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error // cleaned up. return volumetypes.NewUncertainProgressError(fmt.Sprintf("applyFSGroup failed for vol %s: %v", c.volumeID, err)) } + klog.V(4).Info(log("mounter.SetupAt fsGroup [%d] applied successfully to %s", *mounterArgs.FsGroup, c.volumeID)) } klog.V(4).Infof(log("mounter.SetUp successfully requested NodePublish [%s]", dir)) @@ -386,48 +371,30 @@ func (c *csiMountMgr) TearDownAt(dir string) error { return nil } -// applyFSGroup applies the volume ownership it derives its logic -// from https://github.com/kubernetes/kubernetes/issues/66323 -// 1) if fstype is "", then skip fsgroup (could be indication of non-block filesystem) -// 2) if fstype is provided and pv.AccessMode == ReadWriteOnly and !c.spec.ReadOnly then apply fsgroup -func (c *csiMountMgr) applyFSGroup(fsType string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy) error { - if c.fsGroupPolicy == storage.FileFSGroupPolicy || fsGroup != nil { - - // If the FSGroupPolicy is ReadWriteOnceWithFSTypeFSGroupPolicy perform additional checks - // to determine if we should proceed with modifying the fsGroup. - if c.fsGroupPolicy == storage.ReadWriteOnceWithFSTypeFSGroupPolicy { - if fsType == "" { - klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, fsType not provided")) - return nil - } - - accessModes := c.spec.PersistentVolume.Spec.AccessModes - if c.spec.PersistentVolume.Spec.AccessModes == nil { - klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, access modes not provided")) - return nil - } - if !hasReadWriteOnce(accessModes) { - klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, only support ReadWriteOnce access mode")) - return nil - } - - if c.readOnly { - klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, volume is readOnly")) - return nil - } - } - - err := volume.SetVolumeOwnership(c, fsGroup, fsGroupChangePolicy) - if err != nil { - return err - } - - if fsGroup != nil { - klog.V(4).Info(log("mounter.SetupAt fsGroup [%d] applied successfully to %s", *fsGroup, c.volumeID)) - } +func (c *csiMountMgr) supportsFSGroup(fsType string, fsGroup *int64, driverPolicy storage.FSGroupPolicy) bool { + if fsGroup == nil || driverPolicy == storage.NoneFSGroupPolicy || c.readOnly { + return false } - return nil + if driverPolicy == storage.FileFSGroupPolicy { + return true + } + + if fsType == "" { + klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, fsType not provided")) + return false + } + + accessModes := c.spec.PersistentVolume.Spec.AccessModes + if c.spec.PersistentVolume.Spec.AccessModes == nil { + klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, access modes not provided")) + return false + } + if !hasReadWriteOnce(accessModes) { + klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, only support ReadWriteOnce access mode")) + return false + } + return true } // isDirMounted returns the !notMounted result from IsLikelyNotMountPoint check