Merge pull request #254 from davidz627/feature/enforceAccessModes

k8s-ci-robot · web-flow · commit 254e0afab17a · 2019-04-29T14:59:35.000-07:00
Statically validate volume capabilities for CreateVolume, ControllerPublish, NodeStage, NodePublish
diff --git a/pkg/gce-pd-csi-driver/controller.go b/pkg/gce-pd-csi-driver/controller.go
@@ -81,12 +81,9 @@ func (gceCS *GCEControllerServer) CreateVolume(ctx context.Context, req *csi.Cre
 		return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("CreateVolume Request Capacity is invalid: %v", err))
 	}
 
-	// TODO(#94): Validate AccessModes in VolumeCapabilities
-	for _, capability := range volumeCapabilities {
-		if blk := capability.GetBlock(); blk != nil {
-			// TODO(#64): Block volume support
-			return nil, status.Error(codes.Unimplemented, fmt.Sprintf("Block volume support is not yet implemented"))
-		}
+	err = validateVolumeCapabilities(volumeCapabilities)
+	if err != nil {
+		return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("VolumeCapabilities is invalid: %v", err))
 	}
 
 	// Apply Parameters (case-insensitive). We leave validation of
@@ -251,7 +248,11 @@ func (gceCS *GCEControllerServer) ControllerPublishVolume(ctx context.Context, r
 	if err != nil {
 		return nil, status.Error(codes.NotFound, fmt.Sprintf("Could not find volume with ID %v: %v", volumeID, err))
 	}
-	// TODO(#94): Check volume capability matches
+
+	// TODO(#253): Check volume capability matches for ALREADY_EXISTS
+	if err = validateVolumeCapability(volumeCapability); err != nil {
+		return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("VolumeCapabilities is invalid: %v", err))
+	}
 
 	pubVolResp := &csi.ControllerPublishVolumeResponse{
 		PublishContext: nil,
@@ -364,7 +365,6 @@ func (gceCS *GCEControllerServer) ControllerUnpublishVolume(ctx context.Context,
 }
 
 func (gceCS *GCEControllerServer) ValidateVolumeCapabilities(ctx context.Context, req *csi.ValidateVolumeCapabilitiesRequest) (*csi.ValidateVolumeCapabilitiesResponse, error) {
-	// TODO(#94): Factor out the volume capability functionality and use as validation in all other functions as well
 	// TODO(#162): Implement ValidateVolumeCapabilities
 
 	glog.V(5).Infof("Using default ValidateVolumeCapabilities")
@@ -744,7 +744,7 @@ func diskIsAttachedAndCompatible(deviceName string, instance *compute.Instance,
 			if disk.Mode != readWrite {
 				return true, fmt.Errorf("disk mode does not match. Got %v. Want %v", disk.Mode, readWrite)
 			}
-			// TODO(#94): Check volume_capability.
+			// TODO(#253): Check volume capability matches for ALREADY_EXISTS
 			return true, nil
 		}
 	}
diff --git a/pkg/gce-pd-csi-driver/controller_test.go b/pkg/gce-pd-csi-driver/controller_test.go
@@ -46,16 +46,6 @@ const (
 
 var (
 	// Define "normal" parameters
-	stdVolCap = []*csi.VolumeCapability{
-		{
-			AccessType: &csi.VolumeCapability_Mount{
-				Mount: &csi.VolumeCapability_MountVolume{},
-			},
-			AccessMode: &csi.VolumeCapability_AccessMode{
-				Mode: csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER,
-			},
-		},
-	}
 	stdCapRange = &csi.CapacityRange{
 		RequiredBytes: common.GbToBytes(20),
 	}
@@ -304,7 +294,6 @@ func TestListSnapshotsArguments(t *testing.T) {
 }
 
 func TestCreateVolumeArguments(t *testing.T) {
-
 	// Define test cases
 	testCases := []struct {
 		name       string
@@ -317,7 +306,7 @@ func TestCreateVolumeArguments(t *testing.T) {
 			req: &csi.CreateVolumeRequest{
 				Name:               "test-name",
 				CapacityRange:      stdCapRange,
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 				Parameters:         stdParams,
 			},
 			expVol: &csi.Volume{
@@ -327,12 +316,37 @@ func TestCreateVolumeArguments(t *testing.T) {
 				AccessibleTopology: stdTopology,
 			},
 		},
+		{
+			name: "success with MULTI_NODE_READER_ONLY",
+			req: &csi.CreateVolumeRequest{
+				Name:               "test-name",
+				CapacityRange:      stdCapRange,
+				VolumeCapabilities: createVolumeCapabilities(csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY),
+				Parameters:         stdParams,
+			},
+			expVol: &csi.Volume{
+				CapacityBytes:      common.GbToBytes(20),
+				VolumeId:           testVolumeId,
+				VolumeContext:      nil,
+				AccessibleTopology: stdTopology,
+			},
+		},
+		{
+			name: "fail with MULTI_NODE_MULTI_WRITER capability",
+			req: &csi.CreateVolumeRequest{
+				Name:               "test-name",
+				CapacityRange:      stdCapRange,
+				VolumeCapabilities: createVolumeCapabilities(csi.VolumeCapability_AccessMode_MULTI_NODE_MULTI_WRITER),
+				Parameters:         stdParams,
+			},
+			expErrCode: codes.InvalidArgument,
+		},
 		{
 			name: "fail no name",
 			req: &csi.CreateVolumeRequest{
 				Name:               "",
 				CapacityRange:      stdCapRange,
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 				Parameters:         stdParams,
 			},
 			expErrCode: codes.InvalidArgument,
@@ -341,7 +355,7 @@ func TestCreateVolumeArguments(t *testing.T) {
 			name: "success no capacity range",
 			req: &csi.CreateVolumeRequest{
 				Name:               "test-name",
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 				Parameters:         stdParams,
 			},
 			expVol: &csi.Volume{
@@ -365,7 +379,7 @@ func TestCreateVolumeArguments(t *testing.T) {
 			req: &csi.CreateVolumeRequest{
 				Name:               "test-name",
 				CapacityRange:      stdCapRange,
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 			},
 			expVol: &csi.Volume{
 				CapacityBytes:      common.GbToBytes(20),
@@ -379,7 +393,7 @@ func TestCreateVolumeArguments(t *testing.T) {
 			req: &csi.CreateVolumeRequest{
 				Name:               "test-name",
 				CapacityRange:      stdCapRange,
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 				Parameters:         stdParams,
 				Secrets:            map[string]string{"key1": "this is a random", "crypto": "secret"},
 			},
@@ -395,7 +409,7 @@ func TestCreateVolumeArguments(t *testing.T) {
 			req: &csi.CreateVolumeRequest{
 				Name:               "test-name",
 				CapacityRange:      stdCapRange,
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 				Parameters:         map[string]string{"type": "test-type"},
 				AccessibilityRequirements: &csi.TopologyRequirement{
 					Requisite: []*csi.Topology{
@@ -421,7 +435,7 @@ func TestCreateVolumeArguments(t *testing.T) {
 			req: &csi.CreateVolumeRequest{
 				Name:               "test-name",
 				CapacityRange:      stdCapRange,
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 				Parameters:         map[string]string{"type": "test-type"},
 				AccessibilityRequirements: &csi.TopologyRequirement{
 					Requisite: []*csi.Topology{
@@ -464,7 +478,7 @@ func TestCreateVolumeArguments(t *testing.T) {
 			req: &csi.CreateVolumeRequest{
 				Name:               "test-name",
 				CapacityRange:      stdCapRange,
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 				Parameters:         stdParams,
 				AccessibilityRequirements: &csi.TopologyRequirement{
 					Requisite: []*csi.Topology{
@@ -481,7 +495,7 @@ func TestCreateVolumeArguments(t *testing.T) {
 			req: &csi.CreateVolumeRequest{
 				Name:               "test-name",
 				CapacityRange:      stdCapRange,
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 				Parameters:         stdParams,
 				AccessibilityRequirements: &csi.TopologyRequirement{
 					Requisite: []*csi.Topology{
@@ -499,7 +513,7 @@ func TestCreateVolumeArguments(t *testing.T) {
 			req: &csi.CreateVolumeRequest{
 				Name:               name,
 				CapacityRange:      stdCapRange,
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 				Parameters:         map[string]string{common.ParameterKeyReplicationType: replicationTypeRegionalPD},
 				AccessibilityRequirements: &csi.TopologyRequirement{
 					Preferred: []*csi.Topology{
@@ -531,7 +545,7 @@ func TestCreateVolumeArguments(t *testing.T) {
 			req: &csi.CreateVolumeRequest{
 				Name:               name,
 				CapacityRange:      stdCapRange,
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 				Parameters: map[string]string{
 					common.ParameterKeyReplicationType: replicationTypeRegionalPD,
 				},
@@ -555,7 +569,7 @@ func TestCreateVolumeArguments(t *testing.T) {
 			req: &csi.CreateVolumeRequest{
 				Name:               name,
 				CapacityRange:      stdCapRange,
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 				Parameters: map[string]string{
 					common.ParameterKeyReplicationType: replicationTypeRegionalPD,
 				},
@@ -579,7 +593,7 @@ func TestCreateVolumeArguments(t *testing.T) {
 			req: &csi.CreateVolumeRequest{
 				Name:               "test-name",
 				CapacityRange:      stdCapRange,
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 				VolumeContentSource: &csi.VolumeContentSource{
 					Type: &csi.VolumeContentSource_Snapshot{
 						Snapshot: &csi.VolumeContentSource_SnapshotSource{
@@ -618,7 +632,7 @@ func TestCreateVolumeArguments(t *testing.T) {
 					},
 				},
 			},
-			expErrCode: codes.Unimplemented,
+			expErrCode: codes.InvalidArgument,
 		},
 		{
 			name: "fail with both mount and block volume capability",
@@ -644,14 +658,14 @@ func TestCreateVolumeArguments(t *testing.T) {
 					},
 				},
 			},
-			expErrCode: codes.Unimplemented, // once block support is implemented, this error should be InvalidArgument
+			expErrCode: codes.InvalidArgument,
 		},
 		{
 			name: "success with disk encryption kms key",
 			req: &csi.CreateVolumeRequest{
 				Name:               name,
 				CapacityRange:      stdCapRange,
-				VolumeCapabilities: stdVolCap,
+				VolumeCapabilities: stdVolCaps,
 				Parameters: map[string]string{
 					common.ParameterKeyDiskEncryptionKmsKey: "projects/KMS_PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY",
 				},
@@ -713,7 +727,7 @@ func TestCreateVolumeRandomRequisiteTopology(t *testing.T) {
 	req := &csi.CreateVolumeRequest{
 		Name:               "test-name",
 		CapacityRange:      stdCapRange,
-		VolumeCapabilities: stdVolCap,
+		VolumeCapabilities: stdVolCaps,
 		Parameters:         map[string]string{"type": "test-type"},
 		AccessibilityRequirements: &csi.TopologyRequirement{
 			Requisite: []*csi.Topology{
diff --git a/pkg/gce-pd-csi-driver/node.go b/pkg/gce-pd-csi-driver/node.go
@@ -75,6 +75,10 @@ func (ns *GCENodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePub
 		return nil, status.Error(codes.InvalidArgument, "NodePublishVolume Volume Capability must be provided")
 	}
 
+	if err := validateVolumeCapability(volumeCapability); err != nil {
+		return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("VolumeCapability is invalid: %v", err))
+	}
+
 	notMnt, err := ns.Mounter.Interface.IsLikelyNotMountPoint(targetPath)
 	if err != nil && !os.IsNotExist(err) {
 		glog.Errorf("cannot validate mount point: %s %v", targetPath, err)
@@ -84,7 +88,7 @@ func (ns *GCENodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePub
 		// TODO(#95): check if mount is compatible. Return OK if it is, or appropriate error.
 		/*
 			1) Target Path MUST be the vol referenced by vol ID
-			2) VolumeCapability MUST match
+			2) TODO(#253): Check volume capability matches for ALREADY_EXISTS
 			3) Readonly MUST match
 
 		*/
@@ -175,6 +179,12 @@ func (ns *GCENodeServer) NodeStageVolume(ctx context.Context, req *csi.NodeStage
 		return nil, status.Error(codes.InvalidArgument, "NodeStageVolume Volume Capability must be provided")
 	}
 
+	if err := validateVolumeCapability(volumeCapability); err != nil {
+		return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("VolumeCapability is invalid: %v", err))
+	}
+
+	// TODO(#253): Check volume capability matches for ALREADY_EXISTS
+
 	volumeKey, err := common.VolumeIDToKey(volumeID)
 	if err != nil {
 		return nil, err
diff --git a/pkg/gce-pd-csi-driver/node_test.go b/pkg/gce-pd-csi-driver/node_test.go
@@ -108,16 +108,27 @@ func TestNodePublishVolume(t *testing.T) {
 				TargetPath:        defaultTargetPath,
 				StagingTargetPath: defaultStagingPath,
 				Readonly:          false,
-				VolumeCapability:  &csi.VolumeCapability{},
+				VolumeCapability:  stdVolCap,
 			},
 		},
+		{
+			name: "Invalid request (invalid access mode)",
+			req: &csi.NodePublishVolumeRequest{
+				VolumeId:          defaultVolumeID,
+				TargetPath:        defaultTargetPath,
+				StagingTargetPath: defaultStagingPath,
+				Readonly:          false,
+				VolumeCapability:  createVolumeCapability(csi.VolumeCapability_AccessMode_MULTI_NODE_MULTI_WRITER),
+			},
+			expErrCode: codes.InvalidArgument,
+		},
 		{
 			name: "Invalid request (No VolumeId)",
 			req: &csi.NodePublishVolumeRequest{
 				TargetPath:        defaultTargetPath,
 				StagingTargetPath: defaultStagingPath,
 				Readonly:          false,
-				VolumeCapability:  &csi.VolumeCapability{},
+				VolumeCapability:  stdVolCap,
 			},
 			expErrCode: codes.InvalidArgument,
 		},
@@ -127,7 +138,7 @@ func TestNodePublishVolume(t *testing.T) {
 				VolumeId:          defaultVolumeID,
 				StagingTargetPath: defaultStagingPath,
 				Readonly:          false,
-				VolumeCapability:  &csi.VolumeCapability{},
+				VolumeCapability:  stdVolCap,
 			},
 			expErrCode: codes.InvalidArgument,
 		},
@@ -137,7 +148,7 @@ func TestNodePublishVolume(t *testing.T) {
 				VolumeId:         defaultVolumeID,
 				TargetPath:       defaultTargetPath,
 				Readonly:         false,
-				VolumeCapability: &csi.VolumeCapability{},
+				VolumeCapability: stdVolCap,
 			},
 			expErrCode: codes.InvalidArgument,
 		},
@@ -242,22 +253,31 @@ func TestNodeStageVolume(t *testing.T) {
 			req: &csi.NodeStageVolumeRequest{
 				VolumeId:          volumeID,
 				StagingTargetPath: defaultStagingPath,
-				VolumeCapability:  &csi.VolumeCapability{},
+				VolumeCapability:  stdVolCap,
 			},
 		},
+		{
+			name: "Invalid request (Bad Access Mode)",
+			req: &csi.NodeStageVolumeRequest{
+				VolumeId:          volumeID,
+				StagingTargetPath: defaultStagingPath,
+				VolumeCapability:  createVolumeCapability(csi.VolumeCapability_AccessMode_MULTI_NODE_MULTI_WRITER),
+			},
+			expErrCode: codes.InvalidArgument,
+		},
 		{
 			name: "Invalid request (No VolumeId)",
 			req: &csi.NodeStageVolumeRequest{
 				StagingTargetPath: defaultStagingPath,
-				VolumeCapability:  &csi.VolumeCapability{},
+				VolumeCapability:  stdVolCap,
 			},
 			expErrCode: codes.InvalidArgument,
 		},
 		{
 			name: "Invalid request (No StagingTargetPath)",
 			req: &csi.NodeStageVolumeRequest{
 				VolumeId:         volumeID,
-				VolumeCapability: &csi.VolumeCapability{},
+				VolumeCapability: stdVolCap,
 			},
 			expErrCode: codes.InvalidArgument,
 		},
@@ -277,9 +297,8 @@ func TestNodeStageVolume(t *testing.T) {
 				StagingTargetPath: defaultStagingPath,
 				VolumeCapability:  cap,
 			},
-			expErrCode: codes.Unimplemented,
+			expErrCode: codes.InvalidArgument,
 		},
-		// Capability Mount. codes.Unimplemented
 	}
 	for _, tc := range testCases {
 		t.Logf("Test case: %s", tc.name)
diff --git a/pkg/gce-pd-csi-driver/utils.go b/pkg/gce-pd-csi-driver/utils.go
diff --git a/pkg/gce-pd-csi-driver/utils_test.go b/pkg/gce-pd-csi-driver/utils_test.go

Original file line number	Diff line number	Diff line change
`@@ -81,12 +81,9 @@ func (gceCS GCEControllerServer) CreateVolume(ctx context.Context, req csi.Cre`
`81`	`81`	`return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("CreateVolume Request Capacity is invalid: %v", err))`
`82`	`82`	`}`
`83`	`83`
`84`		`- // TODO(#94): Validate AccessModes in VolumeCapabilities`
`85`		`- for _, capability := range volumeCapabilities {`
`86`		`- if blk := capability.GetBlock(); blk != nil {`
`87`		`- // TODO(#64): Block volume support`
`88`		`- return nil, status.Error(codes.Unimplemented, fmt.Sprintf("Block volume support is not yet implemented"))`
`89`		`- }`
	`84`	`+ err = validateVolumeCapabilities(volumeCapabilities)`
	`85`	`+ if err != nil {`
	`86`	`+ return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("VolumeCapabilities is invalid: %v", err))`
`90`	`87`	`}`
`91`	`88`
`92`	`89`	`// Apply Parameters (case-insensitive). We leave validation of`
`@@ -251,7 +248,11 @@ func (gceCS *GCEControllerServer) ControllerPublishVolume(ctx context.Context, r`
`251`	`248`	`if err != nil {`
`252`	`249`	`return nil, status.Error(codes.NotFound, fmt.Sprintf("Could not find volume with ID %v: %v", volumeID, err))`
`253`	`250`	`}`
`254`		`- // TODO(#94): Check volume capability matches`
	`251`	`+`
	`252`	`+ // TODO(#253): Check volume capability matches for ALREADY_EXISTS`
	`253`	`+ if err = validateVolumeCapability(volumeCapability); err != nil {`
	`254`	`+ return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("VolumeCapabilities is invalid: %v", err))`
	`255`	`+ }`
`255`	`256`
`256`	`257`	`pubVolResp := &csi.ControllerPublishVolumeResponse{`
`257`	`258`	`PublishContext: nil,`
`@@ -364,7 +365,6 @@ func (gceCS *GCEControllerServer) ControllerUnpublishVolume(ctx context.Context,`
`364`	`365`	`}`
`365`	`366`
`366`	`367`	`func (gceCS GCEControllerServer) ValidateVolumeCapabilities(ctx context.Context, req csi.ValidateVolumeCapabilitiesRequest) (*csi.ValidateVolumeCapabilitiesResponse, error) {`
`367`		`- // TODO(#94): Factor out the volume capability functionality and use as validation in all other functions as well`
`368`	`368`	`// TODO(#162): Implement ValidateVolumeCapabilities`
`369`	`369`
`370`	`370`	`glog.V(5).Infof("Using default ValidateVolumeCapabilities")`
`@@ -744,7 +744,7 @@ func diskIsAttachedAndCompatible(deviceName string, instance *compute.Instance,`
`744`	`744`	`if disk.Mode != readWrite {`
`745`	`745`	`return true, fmt.Errorf("disk mode does not match. Got %v. Want %v", disk.Mode, readWrite)`
`746`	`746`	`}`
`747`		`- // TODO(#94): Check volume_capability.`
	`747`	`+ // TODO(#253): Check volume capability matches for ALREADY_EXISTS`
`748`	`748`	`return true, nil`
`749`	`749`	`}`
`750`	`750`	`}`