Add FSGroup check to e2e of applicable volumes
This commit is contained in:
Sami Wagiaalla
@@ -42,6 +42,7 @@ package e2e
|
|||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@@ -167,16 +168,19 @@ func volumeTestCleanup(client *client.Client, config VolumeTestConfig) {
|
|||||||
glog.Warningf("Failed to delete client pod: %v", err)
|
glog.Warningf("Failed to delete client pod: %v", err)
|
||||||
expectNoError(err, "Failed to delete client pod: %v", err)
|
expectNoError(err, "Failed to delete client pod: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if config.serverImage != "" {
|
||||||
err = podClient.Delete(config.prefix+"-server", nil)
|
err = podClient.Delete(config.prefix+"-server", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
glog.Warningf("Failed to delete server pod: %v", err)
|
glog.Warningf("Failed to delete server pod: %v", err)
|
||||||
expectNoError(err, "Failed to delete server pod: %v", err)
|
expectNoError(err, "Failed to delete server pod: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Start a client pod using given VolumeSource (exported by startVolumeServer())
|
// Start a client pod using given VolumeSource (exported by startVolumeServer())
|
||||||
// and check that the pod sees the data from the server pod.
|
// and check that the pod sees the data from the server pod.
|
||||||
func testVolumeClient(client *client.Client, config VolumeTestConfig, volume api.VolumeSource, expectedContent string) {
|
func testVolumeClient(client *client.Client, config VolumeTestConfig, volume api.VolumeSource, fsGroup *int64, expectedContent string) {
|
||||||
By(fmt.Sprint("starting ", config.prefix, " client"))
|
By(fmt.Sprint("starting ", config.prefix, " client"))
|
||||||
podClient := client.Pods(config.namespace)
|
podClient := client.Pods(config.namespace)
|
||||||
|
|
||||||
@@ -211,6 +215,11 @@ func testVolumeClient(client *client.Client, config VolumeTestConfig, volume api
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
SecurityContext: &api.PodSecurityContext{
|
||||||
|
SELinuxOptions: &api.SELinuxOptions{
|
||||||
|
Level: "s0:c0,c1",
|
||||||
|
},
|
||||||
|
},
|
||||||
Volumes: []api.Volume{
|
Volumes: []api.Volume{
|
||||||
{
|
{
|
||||||
Name: config.prefix + "-volume",
|
Name: config.prefix + "-volume",
|
||||||
@@ -219,6 +228,10 @@ func testVolumeClient(client *client.Client, config VolumeTestConfig, volume api
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
if fsGroup != nil {
|
||||||
|
clientPod.Spec.SecurityContext.FSGroup = fsGroup
|
||||||
|
}
|
||||||
|
|
||||||
if _, err := podClient.Create(clientPod); err != nil {
|
if _, err := podClient.Create(clientPod); err != nil {
|
||||||
Failf("Failed to create %s pod: %v", clientPod.Name, err)
|
Failf("Failed to create %s pod: %v", clientPod.Name, err)
|
||||||
}
|
}
|
||||||
@@ -250,6 +263,12 @@ func testVolumeClient(client *client.Client, config VolumeTestConfig, volume api
|
|||||||
|
|
||||||
By("checking the page content")
|
By("checking the page content")
|
||||||
Expect(body).To(ContainSubstring(expectedContent))
|
Expect(body).To(ContainSubstring(expectedContent))
|
||||||
|
|
||||||
|
if fsGroup != nil {
|
||||||
|
By("Checking fsGroup")
|
||||||
|
_, err = lookForStringInPodExec(config.namespace, clientPod.Name, []string{"ls", "-ld", "/usr/share/nginx/html"}, strconv.Itoa(int(*fsGroup)), time.Minute)
|
||||||
|
Expect(err).NotTo(HaveOccurred(), "waiting for output from pod exec")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Insert index.html with given content into given volume. It does so by
|
// Insert index.html with given content into given volume. It does so by
|
||||||
@@ -285,6 +304,11 @@ func injectHtml(client *client.Client, config VolumeTestConfig, volume api.Volum
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
SecurityContext: &api.PodSecurityContext{
|
||||||
|
SELinuxOptions: &api.SELinuxOptions{
|
||||||
|
Level: "s0:c0,c1",
|
||||||
|
},
|
||||||
|
},
|
||||||
RestartPolicy: api.RestartPolicyNever,
|
RestartPolicy: api.RestartPolicyNever,
|
||||||
Volumes: []api.Volume{
|
Volumes: []api.Volume{
|
||||||
{
|
{
|
||||||
@@ -374,7 +398,7 @@ var _ = Describe("Volumes [Skipped]", func() {
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
// Must match content of test/images/volumes-tester/nfs/index.html
|
// Must match content of test/images/volumes-tester/nfs/index.html
|
||||||
testVolumeClient(c, config, volume, "Hello from NFS!")
|
testVolumeClient(c, config, volume, nil, "Hello from NFS!")
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
@@ -448,7 +472,7 @@ var _ = Describe("Volumes [Skipped]", func() {
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
// Must match content of test/images/volumes-tester/gluster/index.html
|
// Must match content of test/images/volumes-tester/gluster/index.html
|
||||||
testVolumeClient(c, config, volume, "Hello from GlusterFS!")
|
testVolumeClient(c, config, volume, nil, "Hello from GlusterFS!")
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
@@ -490,11 +514,12 @@ var _ = Describe("Volumes [Skipped]", func() {
|
|||||||
IQN: "iqn.2003-01.org.linux-iscsi.f21.x8664:sn.4b0aae584f7c",
|
IQN: "iqn.2003-01.org.linux-iscsi.f21.x8664:sn.4b0aae584f7c",
|
||||||
Lun: 0,
|
Lun: 0,
|
||||||
FSType: "ext2",
|
FSType: "ext2",
|
||||||
ReadOnly: true,
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fsGroup := int64(1234)
|
||||||
// Must match content of test/images/volumes-tester/iscsi/block.tar.gz
|
// Must match content of test/images/volumes-tester/iscsi/block.tar.gz
|
||||||
testVolumeClient(c, config, volume, "Hello from iSCSI")
|
testVolumeClient(c, config, volume, &fsGroup, "Hello from iSCSI")
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
@@ -562,11 +587,12 @@ var _ = Describe("Volumes [Skipped]", func() {
|
|||||||
Name: config.prefix + "-secret",
|
Name: config.prefix + "-secret",
|
||||||
},
|
},
|
||||||
FSType: "ext2",
|
FSType: "ext2",
|
||||||
ReadOnly: true,
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
fsGroup := int64(1234)
|
||||||
|
|
||||||
// Must match content of test/images/volumes-tester/gluster/index.html
|
// Must match content of test/images/volumes-tester/gluster/index.html
|
||||||
testVolumeClient(c, config, volume, "Hello from RBD")
|
testVolumeClient(c, config, volume, &fsGroup, "Hello from RBD")
|
||||||
|
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
@@ -632,7 +658,7 @@ var _ = Describe("Volumes [Skipped]", func() {
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
// Must match content of contrib/for-tests/volumes-ceph/ceph/index.html
|
// Must match content of contrib/for-tests/volumes-ceph/ceph/index.html
|
||||||
testVolumeClient(c, config, volume, "Hello Ceph!")
|
testVolumeClient(c, config, volume, nil, "Hello Ceph!")
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
@@ -705,7 +731,8 @@ var _ = Describe("Volumes [Skipped]", func() {
|
|||||||
content := "Hello from Cinder from namespace " + volumeName
|
content := "Hello from Cinder from namespace " + volumeName
|
||||||
injectHtml(c, config, volume, content)
|
injectHtml(c, config, volume, content)
|
||||||
|
|
||||||
testVolumeClient(c, config, volume, content)
|
fsGroup := int64(1234)
|
||||||
|
testVolumeClient(c, config, volume, &fsGroup, content)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|||||||
Reference in New Issue
Block a user