From b13cc14536de0ba056d083379583a4abb3e57df8 Mon Sep 17 00:00:00 2001 From: M Date: Thu, 24 Feb 2022 10:23:34 +0530 Subject: [PATCH 1/3] POSIX and NFSv4 ACL support --- config/samples/storage_v1_csipowerstore.yaml | 19 +++++++++++++++++ samples/powerstore_v220_k8s_121.yaml | 18 ++++++++++++++++ samples/powerstore_v220_k8s_122.yaml | 18 ++++++++++++++++ samples/powerstore_v220_k8s_123.yaml | 19 +++++++++++++++++ samples/powerstore_v220_ops_48.yaml | 21 ++++++++++++++++++- samples/powerstore_v220_ops_49.yaml | 21 ++++++++++++++++++- .../in-csipowerstore.yaml | 19 +++++++++++++++++ 7 files changed, 133 insertions(+), 2 deletions(-) diff --git a/config/samples/storage_v1_csipowerstore.yaml b/config/samples/storage_v1_csipowerstore.yaml index 6c8e6db..1461b99 100644 --- a/config/samples/storage_v1_csipowerstore.yaml +++ b/config/samples/storage_v1_csipowerstore.yaml @@ -20,6 +20,25 @@ spec: value: "csi" - name: X_CSI_FC_PORTS_FILTER_FILE_PATH value: "/etc/fc-ports-filter" + controller: + envs: + # X_CSI_NFS_ACLS: enables setting permissions on NFS mount directory + # This value will be the default value if a storage class and array config in secret + # do not contain the NFS ACL (nfsAcls) parameter specified + # Permissions can be specified in two formats: + # 1) Unix mode (NFSv3) + # 2) NFSv4 ACLs (NFSv4) + # NFSv4 ACLs are supported on NFSv4 share only. + # Allowed values: + # 1) Unix mode: valid octal mode number + # Examples: "0777", "777", "0755" + # 2) NFSv4 acls: valid NFSv4 acls, seperated by comma + # Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" + # Optional: true + # Default value: "0777" + # nfsAcls: "0777" + - name: X_CSI_NFS_ACLS + value: "0777" node: envs: # Set to "true" to enable ISCSI CHAP Authentication diff --git a/samples/powerstore_v220_k8s_121.yaml b/samples/powerstore_v220_k8s_121.yaml index 155cf66..3726328 100644 --- a/samples/powerstore_v220_k8s_121.yaml +++ b/samples/powerstore_v220_k8s_121.yaml @@ -37,6 +37,24 @@ spec: # Default value: false - name: X_CSI_HEALTH_MONITOR_ENABLED value: "false" + + # X_CSI_NFS_ACLS: enables setting permissions on NFS mount directory + # This value will be the default value if a storage class and array config in secret + # do not contain the NFS ACL (nfsAcls) parameter specified + # Permissions can be specified in two formats: + # 1) Unix mode (NFSv3) + # 2) NFSv4 ACLs (NFSv4) + # NFSv4 ACLs are supported on NFSv4 share only. + # Allowed values: + # 1) Unix mode: valid octal mode number + # Examples: "0777", "777", "0755" + # 2) NFSv4 acls: valid NFSv4 acls, seperated by comma + # Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" + # Optional: true + # Default value: "0777" + # nfsAcls: "0777" + - name: X_CSI_NFS_ACLS + value: "0777" # nodeSelector: Define node selection constraints for controller pods. # For the pod to be eligible to run on a node, the node must have each diff --git a/samples/powerstore_v220_k8s_122.yaml b/samples/powerstore_v220_k8s_122.yaml index db122e8..dd40163 100644 --- a/samples/powerstore_v220_k8s_122.yaml +++ b/samples/powerstore_v220_k8s_122.yaml @@ -37,6 +37,24 @@ spec: # Default value: false - name: X_CSI_HEALTH_MONITOR_ENABLED value: "false" + + # X_CSI_NFS_ACLS: enables setting permissions on NFS mount directory + # This value will be the default value if a storage class and array config in secret + # do not contain the NFS ACL (nfsAcls) parameter specified + # Permissions can be specified in two formats: + # 1) Unix mode (NFSv3) + # 2) NFSv4 ACLs (NFSv4) + # NFSv4 ACLs are supported on NFSv4 share only. + # Allowed values: + # 1) Unix mode: valid octal mode number + # Examples: "0777", "777", "0755" + # 2) NFSv4 acls: valid NFSv4 acls, seperated by comma + # Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" + # Optional: true + # Default value: "0777" + # nfsAcls: "0777" + - name: X_CSI_NFS_ACLS + value: "0777" # nodeSelector: Define node selection constraints for controller pods. # For the pod to be eligible to run on a node, the node must have each diff --git a/samples/powerstore_v220_k8s_123.yaml b/samples/powerstore_v220_k8s_123.yaml index f6fc4b3..6d14ef4 100644 --- a/samples/powerstore_v220_k8s_123.yaml +++ b/samples/powerstore_v220_k8s_123.yaml @@ -38,6 +38,25 @@ spec: - name: X_CSI_HEALTH_MONITOR_ENABLED value: "false" + # X_CSI_NFS_ACLS: enables setting permissions on NFS mount directory + # This value will be the default value if a storage class and array config in secret + # do not contain the NFS ACL (nfsAcls) parameter specified + # Permissions can be specified in two formats: + # 1) Unix mode (NFSv3) + # 2) NFSv4 ACLs (NFSv4) + # NFSv4 ACLs are supported on NFSv4 share only. + # Allowed values: + # 1) Unix mode: valid octal mode number + # Examples: "0777", "777", "0755" + # 2) NFSv4 acls: valid NFSv4 acls, seperated by comma + # Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" + # Optional: true + # Default value: "0777" + # nfsAcls: "0777" + - name: X_CSI_NFS_ACLS + value: "0777" + + # nodeSelector: Define node selection constraints for controller pods. # For the pod to be eligible to run on a node, the node must have each # of the indicated key-value pairs as labels. diff --git a/samples/powerstore_v220_ops_48.yaml b/samples/powerstore_v220_ops_48.yaml index 96a2c2f..2cbb881 100644 --- a/samples/powerstore_v220_ops_48.yaml +++ b/samples/powerstore_v220_ops_48.yaml @@ -21,7 +21,26 @@ spec: value: "csi" - name: X_CSI_FC_PORTS_FILTER_FILE_PATH value: "/etc/fc-ports-filter" - controller: + controller: + envs: + # X_CSI_NFS_ACLS: enables setting permissions on NFS mount directory + # This value will be the default value if a storage class and array config in secret + # do not contain the NFS ACL (nfsAcls) parameter specified + # Permissions can be specified in two formats: + # 1) Unix mode (NFSv3) + # 2) NFSv4 ACLs (NFSv4) + # NFSv4 ACLs are supported on NFSv4 share only. + # Allowed values: + # 1) Unix mode: valid octal mode number + # Examples: "0777", "777", "0755" + # 2) NFSv4 acls: valid NFSv4 acls, seperated by comma + # Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" + # Optional: true + # Default value: "0777" + # nfsAcls: "0777" + - name: X_CSI_NFS_ACLS + value: "0777" + # nodeSelector: Define node selection constraints for controller pods. # For the pod to be eligible to run on a node, the node must have each # of the indicated key-value pairs as labels. diff --git a/samples/powerstore_v220_ops_49.yaml b/samples/powerstore_v220_ops_49.yaml index 7502ffe..6a57dfd 100644 --- a/samples/powerstore_v220_ops_49.yaml +++ b/samples/powerstore_v220_ops_49.yaml @@ -21,7 +21,26 @@ spec: value: "csi" - name: X_CSI_FC_PORTS_FILTER_FILE_PATH value: "/etc/fc-ports-filter" - controller: + controller: + envs: + # X_CSI_NFS_ACLS: enables setting permissions on NFS mount directory + # This value will be the default value if a storage class and array config in secret + # do not contain the NFS ACL (nfsAcls) parameter specified + # Permissions can be specified in two formats: + # 1) Unix mode (NFSv3) + # 2) NFSv4 ACLs (NFSv4) + # NFSv4 ACLs are supported on NFSv4 share only. + # Allowed values: + # 1) Unix mode: valid octal mode number + # Examples: "0777", "777", "0755" + # 2) NFSv4 acls: valid NFSv4 acls, seperated by comma + # Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" + # Optional: true + # Default value: "0777" + # nfsAcls: "0777" + - name: X_CSI_NFS_ACLS + value: "0777" + # nodeSelector: Define node selection constraints for controller pods. # For the pod to be eligible to run on a node, the node must have each # of the indicated key-value pairs as labels. diff --git a/test/testdata/csipowerstore/01-simple-deployment/in-csipowerstore.yaml b/test/testdata/csipowerstore/01-simple-deployment/in-csipowerstore.yaml index a09366c..ca74d76 100644 --- a/test/testdata/csipowerstore/01-simple-deployment/in-csipowerstore.yaml +++ b/test/testdata/csipowerstore/01-simple-deployment/in-csipowerstore.yaml @@ -23,6 +23,25 @@ spec: sideCars: - name: external-health-monitor args: ["--monitor-interval=60s"] + controller: + envs: + # X_CSI_NFS_ACLS: enables setting permissions on NFS mount directory + # This value will be the default value if a storage class and array config in secret + # do not contain the NFS ACL (nfsAcls) parameter specified + # Permissions can be specified in two formats: + # 1) Unix mode (NFSv3) + # 2) NFSv4 ACLs (NFSv4) + # NFSv4 ACLs are supported on NFSv4 share only. + # Allowed values: + # 1) Unix mode: valid octal mode number + # Examples: "0777", "777", "0755" + # 2) NFSv4 acls: valid NFSv4 acls, seperated by comma + # Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" + # Optional: true + # Default value: "0777" + # nfsAcls: "0777" + - name: X_CSI_NFS_ACLS + value: "0777" node: envs: # Set to "true" to enable ISCSI CHAP Authentication From 5568a3ab343119d6eb66fc2ecc49a6f6c62c1b44 Mon Sep 17 00:00:00 2001 From: M Date: Thu, 24 Feb 2022 16:09:20 +0530 Subject: [PATCH 2/3] Fixing unit tests --- .../dell-csi-operator.clusterserviceversion.yaml | 8 ++++++++ driverconfig/powerstore_v220_v121.json | 8 ++++++++ driverconfig/powerstore_v220_v122.json | 8 ++++++++ driverconfig/powerstore_v220_v123.json | 8 ++++++++ .../01-simple-deployment/out-csipowerstore.yaml | 4 ++++ .../01-simple-deployment/out-statefulset.yaml | 2 ++ 6 files changed, 38 insertions(+) diff --git a/community_bundle/manifests/dell-csi-operator.clusterserviceversion.yaml b/community_bundle/manifests/dell-csi-operator.clusterserviceversion.yaml index 4a27169..016f144 100644 --- a/community_bundle/manifests/dell-csi-operator.clusterserviceversion.yaml +++ b/community_bundle/manifests/dell-csi-operator.clusterserviceversion.yaml @@ -201,6 +201,14 @@ metadata: "configVersion": "v2.2.0", "dnsPolicy": "ClusterFirstWithHostNet", "forceUpdate": false, + "controller": { + "envs": [ + { + "name": "X_CSI_NFS_ACLS", + "value": "0777" + } + ] + }, "node": { "envs": [ { diff --git a/driverconfig/powerstore_v220_v121.json b/driverconfig/powerstore_v220_v121.json index 67d38f4..899359e 100644 --- a/driverconfig/powerstore_v220_v121.json +++ b/driverconfig/powerstore_v220_v121.json @@ -114,6 +114,14 @@ "SetForNode": true, "DefaultValueForController": "false", "DefaultValueForNode": "false" + }, + { + "Name": "X_CSI_NFS_ACLS", + "CSIEnvType": "String", + "SetForController": true, + "SetForNode": false, + "DefaultValueForController": "0777", + "DefaultValueForNode": "" } ], "driverNodeVolumes": [ diff --git a/driverconfig/powerstore_v220_v122.json b/driverconfig/powerstore_v220_v122.json index 67d38f4..899359e 100644 --- a/driverconfig/powerstore_v220_v122.json +++ b/driverconfig/powerstore_v220_v122.json @@ -114,6 +114,14 @@ "SetForNode": true, "DefaultValueForController": "false", "DefaultValueForNode": "false" + }, + { + "Name": "X_CSI_NFS_ACLS", + "CSIEnvType": "String", + "SetForController": true, + "SetForNode": false, + "DefaultValueForController": "0777", + "DefaultValueForNode": "" } ], "driverNodeVolumes": [ diff --git a/driverconfig/powerstore_v220_v123.json b/driverconfig/powerstore_v220_v123.json index 67d38f4..899359e 100644 --- a/driverconfig/powerstore_v220_v123.json +++ b/driverconfig/powerstore_v220_v123.json @@ -114,6 +114,14 @@ "SetForNode": true, "DefaultValueForController": "false", "DefaultValueForNode": "false" + }, + { + "Name": "X_CSI_NFS_ACLS", + "CSIEnvType": "String", + "SetForController": true, + "SetForNode": false, + "DefaultValueForController": "0777", + "DefaultValueForNode": "" } ], "driverNodeVolumes": [ diff --git a/test/testdata/csipowerstore/01-simple-deployment/out-csipowerstore.yaml b/test/testdata/csipowerstore/01-simple-deployment/out-csipowerstore.yaml index 57d0da3..0a242dc 100644 --- a/test/testdata/csipowerstore/01-simple-deployment/out-csipowerstore.yaml +++ b/test/testdata/csipowerstore/01-simple-deployment/out-csipowerstore.yaml @@ -31,6 +31,10 @@ spec: image: dellemc/csi-powerstore:v2.2.0 imagePullPolicy: IfNotPresent configVersion: v2.2.0 + controller: + envs: + - name: X_CSI_NFS_ACLS + value: "0777" node: envs: - name: "X_CSI_POWERSTORE_ENABLE_CHAP" diff --git a/test/testdata/csipowerstore/01-simple-deployment/out-statefulset.yaml b/test/testdata/csipowerstore/01-simple-deployment/out-statefulset.yaml index 66f1288..068356d 100644 --- a/test/testdata/csipowerstore/01-simple-deployment/out-statefulset.yaml +++ b/test/testdata/csipowerstore/01-simple-deployment/out-statefulset.yaml @@ -48,6 +48,8 @@ spec: value: /powerstore-config-params/driver-config-params.yaml - name: X_CSI_HEALTH_MONITOR_ENABLED value: "false" + - name: X_CSI_NFS_ACLS + value: "0777" - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX value: csi - name: X_CSI_FC_PORTS_FILTER_FILE_PATH From 4a30c8e3b6c1ecf79e61c4210db305357d9b9327 Mon Sep 17 00:00:00 2001 From: M Date: Thu, 24 Feb 2022 16:26:10 +0530 Subject: [PATCH 3/3] Fixing unit tests --- .../dell-csi-operator.clusterserviceversion.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/community_bundle/manifests/dell-csi-operator.clusterserviceversion.yaml b/community_bundle/manifests/dell-csi-operator.clusterserviceversion.yaml index 016f144..4a27169 100644 --- a/community_bundle/manifests/dell-csi-operator.clusterserviceversion.yaml +++ b/community_bundle/manifests/dell-csi-operator.clusterserviceversion.yaml @@ -201,14 +201,6 @@ metadata: "configVersion": "v2.2.0", "dnsPolicy": "ClusterFirstWithHostNet", "forceUpdate": false, - "controller": { - "envs": [ - { - "name": "X_CSI_NFS_ACLS", - "value": "0777" - } - ] - }, "node": { "envs": [ {