Skip to content

Commit

Permalink
nfs: add support for clients in the StorageClass
Browse files Browse the repository at this point in the history
The clients parameter in the storage class is used to limit access to
the export to the set of hostnames, networks or ip addresses specified.

Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
  • Loading branch information
spuiuk committed Jun 16, 2023
1 parent 37f1d72 commit b690dc4
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 0 deletions.
37 changes: 37 additions & 0 deletions e2e/nfs.go
Original file line number Diff line number Diff line change
Expand Up @@ -440,6 +440,43 @@ var _ = Describe("nfs", func() {
}
})

By("create a storageclass with a restricted set of clients allowed to mount it. This is expected to fail", func() {
err := createNFSStorageClass(f.ClientSet, f, false, map[string]string{
"clients": "192.168.49.29,192.168.132.30",
})
if err != nil {
framework.Failf("failed to create NFS storageclass: %v", err)
}
err_mount_pass := false
err = validatePVCAndAppBinding(pvcPath, appPath, f)
if err == nil {
err_mount_pass = true
}
err = deleteResource(nfsExamplePath + "storageclass.yaml")
if err != nil {
framework.Failf("failed to delete NFS storageclass: %v", err)
}
if err_mount_pass == true {
framework.Failf("Mount expected to fail but didn't: %v", err)
}
})
By("create a storageclass with a wide range of network address to encompass all clients.This is expected to pass", func() {
err := createNFSStorageClass(f.ClientSet, f, false, map[string]string{
"clients": "*",
})
if err != nil {
framework.Failf("failed to create NFS storageclass: %v", err)
}
err = validatePVCAndAppBinding(pvcPath, appPath, f)
if err != nil {
framework.Failf("NFS clients were not able to mount: %v", err)
}
err = deleteResource(nfsExamplePath + "storageclass.yaml")
if err != nil {
framework.Failf("failed to delete NFS storageclass: %v", err)
}
})

By("create a PVC and bind it to an app", func() {
err := createNFSStorageClass(f.ClientSet, f, false, nil)
if err != nil {
Expand Down
6 changes: 6 additions & 0 deletions examples/nfs/storageclass.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -51,5 +51,11 @@ parameters:
# This option is available with Ceph v17.2.6 and newer.
# secTypes: <sectype-list>

# (optional) The clients parameter in the storage class is used to limit
# access to the export to the set of hostnames, networks or ip addresses
# specified. The <client-list> is a comma delimited string,
# for example: "192.168.0.10,192.168.1.0/8"
# clients: <client-list>

reclaimPolicy: Delete
allowVolumeExpansion: true
5 changes: 5 additions & 0 deletions internal/nfs/controller/volume.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ func (nv *NFSVolume) CreateExport(backend *csi.Volume) error {
nfsCluster := backend.VolumeContext["nfsCluster"]
path := backend.VolumeContext["subvolumePath"]
secTypes := backend.VolumeContext["secTypes"]
clients := backend.VolumeContext["clients"]

err := nv.setNFSCluster(nfsCluster)
if err != nil {
Expand All @@ -157,6 +158,10 @@ func (nv *NFSVolume) CreateExport(backend *csi.Volume) error {
}
}

if clients != "" {
export.ClientAddr = strings.Split(clients, ",")
}

_, err = nfsa.CreateCephFSExport(export)
switch {
case err == nil:
Expand Down

0 comments on commit b690dc4

Please sign in to comment.