mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Merge pull request #54761 from ianchakeres/storage-read-only-pvSource
Automatic merge from submit-queue (batch tested with PRs 54761, 54748, 53991, 54485, 46951). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Validate that PersistentVolumeSource is not changed during PV Update **What this PR does / why we need it**: An administrator might change `PV.Spec.PersistentVolumeSource`, but Kubernetes does not have the ability perform this type of update. **Which issue this PR fixes** : fixes #54562 **Special notes for your reviewer**: N/A **Release note**: ``` Prevent updates to PV.Spec.PersistentVolumeSource. ```
This commit is contained in:
commit
e19d401d61
@ -1554,6 +1554,12 @@ func ValidatePersistentVolume(pv *api.PersistentVolume) field.ErrorList {
|
||||
func ValidatePersistentVolumeUpdate(newPv, oldPv *api.PersistentVolume) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
allErrs = ValidatePersistentVolume(newPv)
|
||||
|
||||
// PersistentVolumeSource should be immutable after creation.
|
||||
if !apiequality.Semantic.DeepEqual(newPv.Spec.PersistentVolumeSource, oldPv.Spec.PersistentVolumeSource) {
|
||||
allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "persistentvolumesource"), "is immutable after creation"))
|
||||
}
|
||||
|
||||
newPv.Status = oldPv.Status
|
||||
return allErrs
|
||||
}
|
||||
|
@ -349,6 +349,67 @@ func TestValidatePersistentVolumes(t *testing.T) {
|
||||
|
||||
}
|
||||
|
||||
func TestValidatePersistentVolumeSourceUpdate(t *testing.T) {
|
||||
validVolume := testVolume("foo", "", api.PersistentVolumeSpec{
|
||||
Capacity: api.ResourceList{
|
||||
api.ResourceName(api.ResourceStorage): resource.MustParse("1G"),
|
||||
},
|
||||
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
|
||||
PersistentVolumeSource: api.PersistentVolumeSource{
|
||||
HostPath: &api.HostPathVolumeSource{
|
||||
Path: "/foo",
|
||||
Type: newHostPathType(string(api.HostPathDirectory)),
|
||||
},
|
||||
},
|
||||
StorageClassName: "valid",
|
||||
})
|
||||
validPvSourceNoUpdate := validVolume.DeepCopy()
|
||||
invalidPvSourceUpdateType := validVolume.DeepCopy()
|
||||
invalidPvSourceUpdateType.Spec.PersistentVolumeSource = api.PersistentVolumeSource{
|
||||
FlexVolume: &api.FlexVolumeSource{
|
||||
Driver: "kubernetes.io/blue",
|
||||
FSType: "ext4",
|
||||
},
|
||||
}
|
||||
invalidPvSourceUpdateDeep := validVolume.DeepCopy()
|
||||
invalidPvSourceUpdateDeep.Spec.PersistentVolumeSource = api.PersistentVolumeSource{
|
||||
HostPath: &api.HostPathVolumeSource{
|
||||
Path: "/updated",
|
||||
Type: newHostPathType(string(api.HostPathDirectory)),
|
||||
},
|
||||
}
|
||||
scenarios := map[string]struct {
|
||||
isExpectedFailure bool
|
||||
oldVolume *api.PersistentVolume
|
||||
newVolume *api.PersistentVolume
|
||||
}{
|
||||
"condition-no-update": {
|
||||
isExpectedFailure: false,
|
||||
oldVolume: validVolume,
|
||||
newVolume: validPvSourceNoUpdate,
|
||||
},
|
||||
"condition-update-source-type": {
|
||||
isExpectedFailure: true,
|
||||
oldVolume: validVolume,
|
||||
newVolume: invalidPvSourceUpdateType,
|
||||
},
|
||||
"condition-update-source-deep": {
|
||||
isExpectedFailure: true,
|
||||
oldVolume: validVolume,
|
||||
newVolume: invalidPvSourceUpdateDeep,
|
||||
},
|
||||
}
|
||||
for name, scenario := range scenarios {
|
||||
errs := ValidatePersistentVolumeUpdate(scenario.newVolume, scenario.oldVolume)
|
||||
if len(errs) == 0 && scenario.isExpectedFailure {
|
||||
t.Errorf("Unexpected success for scenario: %s", name)
|
||||
}
|
||||
if len(errs) > 0 && !scenario.isExpectedFailure {
|
||||
t.Errorf("Unexpected failure for scenario: %s - %+v", name, errs)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateLocalVolumes(t *testing.T) {
|
||||
scenarios := map[string]struct {
|
||||
isExpectedFailure bool
|
||||
|
Loading…
Reference in New Issue
Block a user