From 27afec8077ca67d43366a6f6be19e13556714b8e Mon Sep 17 00:00:00 2001
From: Tim Gross <tgross@hashicorp.com>
Date: Mon, 24 May 2021 11:33:23 -0400
Subject: [PATCH] csi: validate `volume` block has `attachment_mode` and
 `access_mode`

The `attachment_mode` and `access_mode` fields are required for CSI
volumes. The `mount_options` block is only allowed for CSI volumes.
---
 CHANGELOG.md             |  1 +
 nomad/structs/volumes.go | 12 ++++++++++++
 2 files changed, 13 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8e130ee0f3a4..57e921e90091 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 IMPROVEMENTS:
 * cli: Cross-namespace `nomad job` commands will now select exact matches if the selection is unambiguous. [[GH-10648](https://github.com/hashicorp/nomad/issues/10648)]
+* csi: Validate that `volume` blocks for CSI volumes include the required `attachment_mode` and `access_mode` fields. [[GH-10651](https://github.com/hashicorp/nomad/issues/10651)]
 
 BUG FIXES:
 * api: Fixed event stream connection initialization when there are no events to send [[GH-10637](https://github.com/hashicorp/nomad/issues/10637)]
diff --git a/nomad/structs/volumes.go b/nomad/structs/volumes.go
index a663c3515e7a..5fe5238732d3 100644
--- a/nomad/structs/volumes.go
+++ b/nomad/structs/volumes.go
@@ -117,6 +117,18 @@ func (v *VolumeRequest) Validate(canaries int) error {
 		mErr.Errors = append(mErr.Errors,
 			fmt.Errorf("host volumes cannot have an access mode"))
 	}
+	if v.Type == VolumeTypeHost && v.MountOptions != nil {
+		mErr.Errors = append(mErr.Errors,
+			fmt.Errorf("host volumes cannot have mount options"))
+	}
+	if v.Type == VolumeTypeCSI && v.AttachmentMode == CSIVolumeAttachmentModeUnknown {
+		mErr.Errors = append(mErr.Errors,
+			fmt.Errorf("CSI volumes must have an attachment mode"))
+	}
+	if v.Type == VolumeTypeCSI && v.AccessMode == CSIVolumeAccessModeUnknown {
+		mErr.Errors = append(mErr.Errors,
+			fmt.Errorf("CSI volumes must have an access mode"))
+	}
 
 	if v.AccessMode == CSIVolumeAccessModeSingleNodeReader || v.AccessMode == CSIVolumeAccessModeMultiNodeReader {
 		if !v.ReadOnly {