Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Release-1.25] local-storage: Fix permission #7473

Merged
merged 1 commit into from
May 10, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion manifests/local-storage.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ data:
esac
done
mkdir -m 0777 -p ${absolutePath}
chmod 701 ${absolutePath}/..
chmod 700 ${absolutePath}/..
teardown: |-
#!/bin/sh
while getopts "m:s:p:" opt
Expand Down
2 changes: 1 addition & 1 deletion pkg/deploy/zz_generated_bindata.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

23 changes: 18 additions & 5 deletions tests/integration/localstorage/localstorage_int_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ var _ = BeforeSuite(func() {
}
})

var _ = Describe("local storage", func() {
var _ = Describe("local storage", Ordered, func() {
BeforeEach(func() {
if testutil.IsExistingServer() && !testutil.ServerArgsPresent(localStorageServerArgs) {
Skip("Test needs k3s server with: " + strings.Join(localStorageServerArgs, " "))
Expand All @@ -39,9 +39,8 @@ var _ = Describe("local storage", func() {
}, "120s", "5s").Should(Succeed())
})
It("creates a new pvc", func() {
result, err := testutil.K3sCmd("kubectl create -f ./testdata/localstorage_pvc.yaml")
Expect(result).To(ContainSubstring("persistentvolumeclaim/local-path-pvc created"))
Expect(err).NotTo(HaveOccurred())
Expect(testutil.K3sCmd("kubectl create -f ./testdata/localstorage_pvc.yaml")).
To(ContainSubstring("persistentvolumeclaim/local-path-pvc created"))
})
It("creates a new pod", func() {
Expect(testutil.K3sCmd("kubectl create -f ./testdata/localstorage_pod.yaml")).
Expand All @@ -62,7 +61,7 @@ var _ = Describe("local storage", func() {
var k3sStorage = "/var/lib/rancher/k3s/storage"
fileStat, err := os.Stat(k3sStorage)
Expect(err).ToNot(HaveOccurred())
Expect(fmt.Sprintf("%04o", fileStat.Mode().Perm())).To(Equal("0701"))
Expect(fmt.Sprintf("%04o", fileStat.Mode().Perm())).To(Equal("0700"))

pvResult, err := testutil.K3sCmd("kubectl get --namespace=default pv")
Expect(err).ToNot(HaveOccurred())
Expand All @@ -72,6 +71,20 @@ var _ = Describe("local storage", func() {
fileStat, err = os.Stat(k3sStorage + "/" + volumeName)
Expect(err).ToNot(HaveOccurred())
Expect(fmt.Sprintf("%04o", fileStat.Mode().Perm())).To(Equal("0777"))

Eventually(func() error {
_, err = os.Stat(k3sStorage + "/" + volumeName + "/file1")
return err
}, "10s", "1s").Should(Succeed())
Expect(testutil.K3sCmd("kubectl --namespace=default exec volume-test -- stat -c %a /data/file1")).
To(Equal("644\n"))

})
It("allows non-root pods to write to the volume", func() {
Expect(testutil.K3sCmd("kubectl --namespace=default exec volume-test -- touch /data/file2")).
To(BeEmpty())
Expect(testutil.K3sCmd("kubectl --namespace=default exec volume-test -- stat -c %a /data/file2")).
To(Equal("644\n"))
})
It("deletes properly", func() {
Expect(testutil.K3sCmd("kubectl delete --namespace=default --force pod volume-test")).
Expand Down
11 changes: 8 additions & 3 deletions tests/integration/localstorage/testdata/localstorage_pod.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,18 @@ metadata:
spec:
containers:
- name: volume-test
image: nginx:stable-alpine
image: busybox:stable
imagePullPolicy: IfNotPresent
command:
- sh
- "-c"
- "touch /data/file1 && sleep infinity"
volumeMounts:
- name: volv
mountPath: /data
ports:
- containerPort: 80
securityContext:
runAsUser: 1000
runAsGroup: 1000
volumes:
- name: volv
persistentVolumeClaim:
Expand Down