Add Repository Validation for local backend mountPath (#947)

stashed · Dec 26, 2019 · c851318 · c851318
1 parent 11f4c5e
commit c851318
Show file tree

Hide file tree

Showing 3 changed files with 171 additions and 2 deletions.
diff --git a/apis/stash/v1alpha1/validator.go b/apis/stash/v1alpha1/validator.go
@@ -89,5 +89,15 @@ func (r Repository) IsValid() error {
 			return fmt.Errorf("wipe out operation is not supported for B2 backend")
 		}
 	}
+
+	if r.Spec.Backend.Local != nil && r.Spec.Backend.Local.MountPath != "" {
+		parts := strings.Split(r.Spec.Backend.Local.MountPath, "/")
+		if len(parts) >= 2 && parts[1] == "stash" {
+			return fmt.Errorf("\n\t" +
+				"Error: Invalid `mountPath` specification for local backend.\n\t" +
+				"Reason: We have put `stash` binary  in the root directory. Hence, you can not use `/stash` or `/stash/*` as `mountPath` \n\t" +
+				"Hints: Use `/stash-backup` or anything else except the forbidden ones as `mountPath`.")
+		}
+	}
 	return nil
 }
diff --git a/pkg/controller/backup.go b/pkg/controller/backup.go
@@ -418,7 +418,7 @@ func (c *StashController) handleAutoBackupResourcesCreationSuccess(ref *core.Obj
 		c.kubeClient,
 		eventer.EventSourceAutoBackupHandler,
 		ref,
-		core.EventTypeWarning,
+		core.EventTypeNormal,
 		eventer.EventReasonAutoBackupResourcesCreationSucceeded,
 		fmt.Sprintf("Successfully created auto backup resources for %s %s/%s.", ref.Kind, ref.Namespace, ref.Name),
 	)
@@ -448,7 +448,7 @@ func (c *StashController) handleAutoBackupResourcesDeletionSuccess(ref *core.Obj
 		c.kubeClient,
 		eventer.EventSourceAutoBackupHandler,
 		ref,
-		core.EventTypeWarning,
+		core.EventTypeNormal,
 		eventer.EventReasonAutoBackupResourcesDeletionSucceeded,
 		fmt.Sprintf("Successfully deleted auto backup resources for %s %s/%s.", ref.Kind, ref.Namespace, ref.Name),
 	)

diff --git a/test/e2e/miscellaneous-use-cases/repository.go b/test/e2e/miscellaneous-use-cases/repository.go
@@ -0,0 +1,159 @@
+/*
+Copyright The Stash Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package miscellaneous_use_cases
+
+import (
+	"fmt"
+
+	"stash.appscode.dev/stash/apis"
+	"stash.appscode.dev/stash/apis/stash/v1beta1"
+	"stash.appscode.dev/stash/pkg/eventer"
+	"stash.appscode.dev/stash/test/e2e/framework"
+	"stash.appscode.dev/stash/test/e2e/matcher"
+
+	"github.com/appscode/go/crypto/rand"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	core "k8s.io/api/core/v1"
+	store "kmodules.xyz/objectstore-api/api/v1"
+)
+
+var _ = Describe("Repository", func() {
+
+	var f *framework.Invocation
+
+	BeforeEach(func() {
+		f = framework.NewInvocation()
+	})
+
+	JustAfterEach(func() {
+		f.PrintDebugInfoOnFailure()
+	})
+
+	AfterEach(func() {
+		err := f.CleanupTestResources()
+		Expect(err).NotTo(HaveOccurred())
+	})
+
+	Context("Local Backend", func() {
+		Context("Invalid MountPath", func() {
+			It("should reject to create Repository for using `/stash` as `mountPath`", func() {
+				// Deploy a Deployment
+				_, err := f.DeployDeployment(framework.SourceDeployment, int32(1), framework.SourceVolume)
+				Expect(err).NotTo(HaveOccurred())
+
+				// Create Storage Secret
+				By("Creating Storage Secret")
+				cred := f.SecretForLocalBackend()
+				_, err = f.CreateSecret(cred)
+				Expect(err).NotTo(HaveOccurred())
+				f.AppendToCleanupList(&cred)
+
+				// We are going to use an PVC as backend
+				pvc, err := f.CreateNewPVC(rand.WithUniqSuffix("backend-pvc"))
+				Expect(err).NotTo(HaveOccurred())
+
+				// Generate Repository Definition
+				repo := f.NewLocalRepositoryWithPVC(cred.Name, pvc.Name)
+
+				// Use `/stash` as `mountPath`
+				repo.Spec.Backend.Local.MountPath = "/stash"
+
+				// reject to create Repository
+				By("reject to create Repository")
+				_, err = f.StashClient.StashV1alpha1().Repositories(repo.Namespace).Create(repo)
+				Expect(err).To(HaveOccurred())
+			})
+
+			It("should reject to create Repository for using `/stash/data` as `mountPath`", func() {
+				// Deploy a Deployment
+				_, err := f.DeployDeployment(framework.SourceDeployment, int32(1), framework.SourceVolume)
+				Expect(err).NotTo(HaveOccurred())
+
+				// Create Storage Secret
+				By("Creating Storage Secret")
+				cred := f.SecretForLocalBackend()
+				_, err = f.CreateSecret(cred)
+				Expect(err).NotTo(HaveOccurred())
+				f.AppendToCleanupList(&cred)
+
+				// We are going to use an PVC as backend
+				pvc, err := f.CreateNewPVC(rand.WithUniqSuffix("backend-pvc"))
+				Expect(err).NotTo(HaveOccurred())
+
+				// Generate Repository Definition
+				repo := f.NewLocalRepositoryWithPVC(cred.Name, pvc.Name)
+
+				// Use `/stash` as `mountPath`
+				repo.Spec.Backend.Local.MountPath = "/stash/data"
+
+				// reject to create Repository
+				By("reject to create Repository")
+				_, err = f.StashClient.StashV1alpha1().Repositories(repo.Namespace).Create(repo)
+				Expect(err).To(HaveOccurred())
+			})
+		})
+
+		Context("Invalid MountPath in Auto-Backup", func() {
+			annotations := func(backupBlueprintName string) map[string]string {
+				return map[string]string{
+					v1beta1.KeyBackupBlueprint: backupBlueprintName,
+					v1beta1.KeyTargetPaths:     framework.TestSourceDataTargetPath,
+					v1beta1.KeyVolumeMounts:    framework.TestSourceVolumeAndMount,
+				}
+			}
+
+			It("should reject to create auto-backup resources for using `/stash` as `mountPath`", func() {
+				// Create Secret for BackupBlueprint
+				cred := f.SecretForLocalBackend()
+				_, err := f.CreateSecret(cred)
+				Expect(err).NotTo(HaveOccurred())
+				f.AppendToCleanupList(&cred)
+
+				// We are going to use an PVC as backend
+				pvc, err := f.CreateNewPVC(rand.WithUniqSuffix("backend-pvc"))
+				Expect(err).NotTo(HaveOccurred())
+
+				// Generate BackupBlueprint definition
+				bb := f.BackupBlueprint(cred.Name)
+				bb.Spec.Backend.Local = &store.LocalSpec{
+					VolumeSource: core.VolumeSource{
+						PersistentVolumeClaim: &core.PersistentVolumeClaimVolumeSource{
+							ClaimName: pvc.Name,
+						},
+					},
+					MountPath: "/stash", // Use `/stash` as `mountPath`, same thing happened if you use `/stash/data` as `mountPath`
+				}
+
+				By(fmt.Sprintf("Creating BackupBlueprint: %s", bb.Name))
+				createdBB, err := f.CreateBackupBlueprint(bb)
+				Expect(err).NotTo(HaveOccurred())
+				f.AppendToCleanupList(createdBB)
+
+				// Deploy a DaemonSet
+				deployment, err := f.DeployDeployment(framework.SourceDeployment, int32(1), framework.SourceVolume)
+				Expect(err).NotTo(HaveOccurred())
+
+				// Add auto-backup annotations to Target
+				err = f.AddAutoBackupAnnotations(annotations(bb.Name), deployment)
+				Expect(err).NotTo(HaveOccurred())
+
+				// AutoBackup Resource creation failed
+				f.EventuallyEvent(deployment.ObjectMeta, apis.KindDeployment).Should(matcher.HaveEvent(eventer.EventReasonAutoBackupResourcesCreationFailed))
+			})
+		})
+	})
+})