From bbfca710e8da9f08f5f43d6b48caeb48ebb3dca0 Mon Sep 17 00:00:00 2001 From: Tim Gross Date: Mon, 24 May 2021 11:33:23 -0400 Subject: [PATCH] csi: validate `volume` block has `attachment_mode` and `access_mode` The `attachment_mode` and `access_mode` fields are required for CSI volumes. The `mount_options` block is only allowed for CSI volumes. --- CHANGELOG.md | 1 + nomad/job_endpoint_test.go | 6 ++++-- nomad/structs/volumes.go | 12 ++++++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09831d40132..fa39b5931b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ IMPROVEMENTS: * cli: Cross-namespace `nomad job` commands will now select exact matches if the selection is unambiguous. [[GH-10648](https://github.com/hashicorp/nomad/issues/10648)] +* csi: Validate that `volume` blocks for CSI volumes include the required `attachment_mode` and `access_mode` fields. [[GH-10651](https://github.com/hashicorp/nomad/issues/10651)] BUG FIXES: * api: Fixed event stream connection initialization when there are no events to send [[GH-10637](https://github.com/hashicorp/nomad/issues/10637)] diff --git a/nomad/job_endpoint_test.go b/nomad/job_endpoint_test.go index 2221771a504..010b0578425 100644 --- a/nomad/job_endpoint_test.go +++ b/nomad/job_endpoint_test.go @@ -811,8 +811,10 @@ func TestJobEndpoint_Register_ACL(t *testing.T) { ReadOnly: readonlyVolume, }, "csi": { - Type: structs.VolumeTypeCSI, - Source: "prod-db", + Type: structs.VolumeTypeCSI, + Source: "prod-db", + AttachmentMode: structs.CSIVolumeAttachmentModeBlockDevice, + AccessMode: structs.CSIVolumeAccessModeSingleNodeWriter, }, } diff --git a/nomad/structs/volumes.go b/nomad/structs/volumes.go index a663c3515e7..5fe5238732d 100644 --- a/nomad/structs/volumes.go +++ b/nomad/structs/volumes.go @@ -117,6 +117,18 @@ func (v *VolumeRequest) Validate(canaries int) error { mErr.Errors = append(mErr.Errors, fmt.Errorf("host volumes cannot have an access mode")) } + if v.Type == VolumeTypeHost && v.MountOptions != nil { + mErr.Errors = append(mErr.Errors, + fmt.Errorf("host volumes cannot have mount options")) + } + if v.Type == VolumeTypeCSI && v.AttachmentMode == CSIVolumeAttachmentModeUnknown { + mErr.Errors = append(mErr.Errors, + fmt.Errorf("CSI volumes must have an attachment mode")) + } + if v.Type == VolumeTypeCSI && v.AccessMode == CSIVolumeAccessModeUnknown { + mErr.Errors = append(mErr.Errors, + fmt.Errorf("CSI volumes must have an access mode")) + } if v.AccessMode == CSIVolumeAccessModeSingleNodeReader || v.AccessMode == CSIVolumeAccessModeMultiNodeReader { if !v.ReadOnly {