Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revise awscredsuri validation to prefix check #762

Merged
merged 1 commit into from
Sep 9, 2022
Merged

Revise awscredsuri validation to prefix check #762

merged 1 commit into from
Sep 9, 2022

Conversation

Ashley-wenyizha
Copy link
Contributor

@Ashley-wenyizha Ashley-wenyizha commented Aug 31, 2022
edited
Loading

Is this a bug fix or adding new feature?
Revise awscredsuri validation to prefix check
What is this PR about? / Why do we need it?

What testing is done?
Manual test result - driver successfully rejected awscredsuri mount option and efs-utils is still able to mount success with this option filtered out

W0908 20:00:57.034174       1 node.go:169] awscredsuri mount option is not supported by efs-csi-driver.

I0908 20:00:57.034237       1 node.go:183] NodePublishVolume: mounting fs-0ed800ff4153f6ad8:/ at /var/lib/kubelet/pods/254909f8-1129-404f-bde4-85d922d645d4/volumes/kubernetes.io~csi/efs-pv/mount with options [tls iam]

wenyizha@test_credsuri % k get pods -A
NAMESPACE     NAME                                  READY   STATUS    RESTARTS   AGE

default       efs-app                               1/1     Running   0          8s

kube-system   aws-node-v6mhn                        1/1     Running   0          7d21h

kube-system   coredns-65bfc5645f-5dxfg              1/1     Running   0          7d21h

kube-system   coredns-65bfc5645f-s5kbl              1/1     Running   0          7d21h
kube-system   efs-csi-controller-665fbb9b55-4r8xl   3/3     Running   0          18s
kube-system   efs-csi-controller-665fbb9b55-bz6k2   3/3     Running   0          15s
kube-system   efs-csi-node-7jfsd                    3/3     Running   0          8s
kube-system   kube-proxy-b44jv                      1/1     Running   0          7d21h

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Aug 31, 2022
@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 31, 2022
wongma7
wongma7 reviewed Sep 6, 2022
View reviewed changes
pkg/driver/node.go Outdated
@@ -165,7 +165,7 @@ func (d *Driver) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolu
}
}

if f == "awscredsuri" {
if strings.HasPrefix(f, "awscredsuri") {
klog.Warning("awscredsuri mount option is not supported by efs-csi-driver.")
return nil, nil
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i know this was already here but it doesnt look right, return nil nil? no response, no error? should it return nil ,err?

Copy link

@rsumukha rsumukha Sep 7, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, return nil nil causes FailedMount.

Warning  FailedMount      14s                 kubelet            Unable to attach or mount volumes: unmounted volumes=[persistent-storage], unattached volumes=[kube-api-access-9c7nq persistent-storage]: timed out waiting for the condition
Warning  FailedMount      9s (x9 over 2m17s)  kubelet            MountVolume.SetUp failed for volume "efs-pv" : rpc error: code = Internal desc = grpc: error while marshaling: proto: Marshal called with nil

@Ashley-wenyizha Ashley-wenyizha force-pushed the master branch 4 times, most recently from 0924b0f to 5ed6973 Compare September 8, 2022 19:52
@rsumukha
Copy link

rsumukha commented Sep 9, 2022

/lgtm

@k8s-ci-robot
Copy link
Contributor

@rsumukha: changing LGTM is restricted to collaborators

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@wangnyue
Copy link

wangnyue commented Sep 9, 2022

/lgtm

@k8s-ci-robot
Copy link
Contributor

@wangnyue: changing LGTM is restricted to collaborators

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Ashley-wenyizha, wangnyue

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@wongma7
Copy link
Contributor

wongma7 commented Sep 9, 2022

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 9, 2022
@k8s-ci-robot k8s-ci-robot merged commit 21224b7 into kubernetes-sigs:master Sep 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rsumukha rsumukha rsumukha left review comments

@wongma7 wongma7 wongma7 left review comments

@wangnyue wangnyue wangnyue approved these changes

@d-nishi d-nishi Awaiting requested review from d-nishi

Assignees

@wongma7 wongma7

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Ashley-wenyizha @rsumukha @k8s-ci-robot @wangnyue @wongma7