From 1df6ebf50292b8bfa457d166ace1b6862a8c052f Mon Sep 17 00:00:00 2001
From: Tim Gross <tgross@hashicorp.com>
Date: Mon, 24 May 2021 11:33:23 -0400
Subject: [PATCH] csi: validate `volume` block has `attachment_mode` and
 `access_mode`

The `attachment_mode` and `access_mode` fields are required for CSI
volumes. The `mount_options` block is only allowed for CSI volumes.
---
 CHANGELOG.md             |  4 ++++
 nomad/structs/volumes.go | 12 ++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b125a1691e57..5db5dff290a3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,10 +1,14 @@
 ## 1.1.1 (Unreleased)
 
+IMPROVEMENTS:
+* csi: Validate that `volume` blocks for CSI volumes include the required `attachment_mode` and `access_mode` fields. [[GH-10651](https://github.com/hashicorp/nomad/issues/10651)]
+
 BUG FIXES:
 * api: Fixed event stream connection initialization when there are no events to send [[GH-10637](https://github.com/hashicorp/nomad/issues/10637)]
 * cli: Fixed a bug where `quota status` and `namespace status` commands may panic if the CLI targets a pre-1.1.0 cluster
 * csi: Fixed a bug where `mount_options` were not passed to CSI controller plugins for validation during volume creation and mounting. [[GH-10643](https://github.com/hashicorp/nomad/issues/10643)]
 
+
 ## 1.1.0 (May 18, 2021)
 
 FEATURES:
diff --git a/nomad/structs/volumes.go b/nomad/structs/volumes.go
index a663c3515e7a..5fe5238732d3 100644
--- a/nomad/structs/volumes.go
+++ b/nomad/structs/volumes.go
@@ -117,6 +117,18 @@ func (v *VolumeRequest) Validate(canaries int) error {
 		mErr.Errors = append(mErr.Errors,
 			fmt.Errorf("host volumes cannot have an access mode"))
 	}
+	if v.Type == VolumeTypeHost && v.MountOptions != nil {
+		mErr.Errors = append(mErr.Errors,
+			fmt.Errorf("host volumes cannot have mount options"))
+	}
+	if v.Type == VolumeTypeCSI && v.AttachmentMode == CSIVolumeAttachmentModeUnknown {
+		mErr.Errors = append(mErr.Errors,
+			fmt.Errorf("CSI volumes must have an attachment mode"))
+	}
+	if v.Type == VolumeTypeCSI && v.AccessMode == CSIVolumeAccessModeUnknown {
+		mErr.Errors = append(mErr.Errors,
+			fmt.Errorf("CSI volumes must have an access mode"))
+	}
 
 	if v.AccessMode == CSIVolumeAccessModeSingleNodeReader || v.AccessMode == CSIVolumeAccessModeMultiNodeReader {
 		if !v.ReadOnly {