Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nfs: add support for clients in the StorageClass #166

Merged
merged 1 commit into from
Jul 6, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions e2e/nfs.go
Original file line number Diff line number Diff line change
Expand Up @@ -459,6 +459,38 @@ var _ = Describe("nfs", func() {
}
})

By("create a storageclass with a restricted set of clients allowed to mount it", func() {
clientExample := "192.168.49.29"
err := createNFSStorageClass(f.ClientSet, f, false, map[string]string{
"clients": clientExample,
})
if err != nil {
framework.Failf("failed to create NFS storageclass: %v", err)
}
pvc, err := loadPVC(pvcPath)
if err != nil {
framework.Failf("Could not create PVC: 1 %v", err)
}
pvc.Namespace = f.UniqueName
err = createPVCAndvalidatePV(f.ClientSet, pvc, deployTimeout)
if err != nil {
framework.Failf("failed to create PVC: %v", err)
}

if !checkExports(f, "my-nfs", clientExample) {
framework.Failf("failed in testing exports")
}

err = deletePVCAndValidatePV(f.ClientSet, pvc, deployTimeout)
if err != nil {
framework.Failf("failed to delete PVC: %v", err)
}
err = deleteResource(nfsExamplePath + "storageclass.yaml")
if err != nil {
framework.Failf("failed to delete NFS storageclass: %v", err)
}
})

By("create a PVC and bind it to an app", func() {
err := createNFSStorageClass(f.ClientSet, f, false, nil)
if err != nil {
Expand Down
101 changes: 101 additions & 0 deletions e2e/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -1743,3 +1743,104 @@ func getConfigFile(filename, preferred, fallback string) string {

return configFile
}

type nfsExportsFSAL struct {
Name string `json:"name"`
UserID string `json:"user_id"`
FSName string `json:"fs_name"`
}

type nfsExportsClients struct {
Addresses []string `json:"addresses"`
AccessType string `json:"access_type"`
Squash string `json:"squash"`
}

type cephNFSExport struct {
ExportID int `json:"export_id"`
Path string `json:"path"`
ClusterID string `json:"cluster_id"`
Pseudo string `json:"pseudo"`
AccessType string `json:"access_type"`
Squash string `json:"squash"`
SecurityLabel bool `json:"security_label"`
Protocols []int `json:"protocols"`
Transports []string `json:"transports"`
FSAL nfsExportsFSAL `json:"fsal"`
Clients []nfsExportsClients `json:"clients"`
SecTypes []string `json:"secTypes"`
}

// Get list of exports for a cluster_id.
func listExports(f *framework.Framework, clusterID string) (*[]cephNFSExport, error) {
var exportList []cephNFSExport

stdout, stdErr, err := execCommandInToolBoxPod(
f,
"ceph nfs export ls "+clusterID+" --detailed",
rookNamespace)
if err != nil {
return nil, err
}
if stdErr != "" {
return nil, fmt.Errorf("error listing exports in clusterID %v", stdErr)
}

err = json.Unmarshal([]byte(stdout), &exportList)
if err != nil {
return nil, err
}

return &exportList, nil
}

// Check the export for a listed ip address and confirm that the export has
// been setup correctly.
func checkExports(f *framework.Framework, clusterID, clientString string) bool {
exportList, err := listExports(f, clusterID)
if err != nil {
framework.Logf("failed to fetch list of exports: %v", err)

return false
}

found := false
for i := 0; i < len(*exportList); i++ {
export := (*exportList)[i]
for _, client := range export.Clients {
for _, address := range client.Addresses {
if address == clientString {
found = true

break
}
}
if found {
if client.AccessType != "rw" {
framework.Logf("Unexpected value for client AccessType: %s", client.AccessType)

return false
}

break
}
}
if found {
if export.AccessType != "none" {
framework.Logf("Unexpected value for default AccessType: %s", export.AccessType)

return false
}

break
}
}

if !found {
framework.Logf("Could not find the configured clients in the list of exports")

return false
}

return true
}
6 changes: 6 additions & 0 deletions examples/nfs/storageclass.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -51,5 +51,11 @@ parameters:
# This option is available with Ceph v17.2.6 and newer.
# secTypes: <sectype-list>

# (optional) The clients parameter in the storage class is used to limit
# access to the export to the set of hostnames, networks or ip addresses
# specified. The <client-list> is a comma delimited string,
# for example: "192.168.0.10,192.168.1.0/8"
# clients: <client-list>

reclaimPolicy: Delete
allowVolumeExpansion: true
5 changes: 5 additions & 0 deletions internal/nfs/controller/volume.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ func (nv *NFSVolume) CreateExport(backend *csi.Volume) error {
nfsCluster := backend.VolumeContext["nfsCluster"]
path := backend.VolumeContext["subvolumePath"]
secTypes := backend.VolumeContext["secTypes"]
clients := backend.VolumeContext["clients"]

err := nv.setNFSCluster(nfsCluster)
if err != nil {
Expand All @@ -157,6 +158,10 @@ func (nv *NFSVolume) CreateExport(backend *csi.Volume) error {
}
}

if clients != "" {
export.ClientAddr = strings.Split(clients, ",")
}

_, err = nfsa.CreateCephFSExport(export)
switch {
case err == nil:
Expand Down