Add FSGroup check to e2e of applicable volumes
This commit is contained in:
Sami Wagiaalla
@@ -42,6 +42,7 @@ package e2e
|
||||
import (
|
||||
"fmt"
|
||||
"os/exec"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
@@ -167,16 +168,19 @@ func volumeTestCleanup(client *client.Client, config VolumeTestConfig) {
|
||||
glog.Warningf("Failed to delete client pod: %v", err)
|
||||
expectNoError(err, "Failed to delete client pod: %v", err)
|
||||
}
|
||||
|
||||
if config.serverImage != "" {
|
||||
err = podClient.Delete(config.prefix+"-server", nil)
|
||||
if err != nil {
|
||||
glog.Warningf("Failed to delete server pod: %v", err)
|
||||
expectNoError(err, "Failed to delete server pod: %v", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Start a client pod using given VolumeSource (exported by startVolumeServer())
|
||||
// and check that the pod sees the data from the server pod.
|
||||
func testVolumeClient(client *client.Client, config VolumeTestConfig, volume api.VolumeSource, expectedContent string) {
|
||||
func testVolumeClient(client *client.Client, config VolumeTestConfig, volume api.VolumeSource, fsGroup *int64, expectedContent string) {
|
||||
By(fmt.Sprint("starting ", config.prefix, " client"))
|
||||
podClient := client.Pods(config.namespace)
|
||||
|
||||
@@ -211,6 +215,11 @@ func testVolumeClient(client *client.Client, config VolumeTestConfig, volume api
|
||||
},
|
||||
},
|
||||
},
|
||||
SecurityContext: &api.PodSecurityContext{
|
||||
SELinuxOptions: &api.SELinuxOptions{
|
||||
Level: "s0:c0,c1",
|
||||
},
|
||||
},
|
||||
Volumes: []api.Volume{
|
||||
{
|
||||
Name: config.prefix + "-volume",
|
||||
@@ -219,6 +228,10 @@ func testVolumeClient(client *client.Client, config VolumeTestConfig, volume api
|
||||
},
|
||||
},
|
||||
}
|
||||
if fsGroup != nil {
|
||||
clientPod.Spec.SecurityContext.FSGroup = fsGroup
|
||||
}
|
||||
|
||||
if _, err := podClient.Create(clientPod); err != nil {
|
||||
Failf("Failed to create %s pod: %v", clientPod.Name, err)
|
||||
}
|
||||
@@ -250,6 +263,12 @@ func testVolumeClient(client *client.Client, config VolumeTestConfig, volume api
|
||||
|
||||
By("checking the page content")
|
||||
Expect(body).To(ContainSubstring(expectedContent))
|
||||
|
||||
if fsGroup != nil {
|
||||
By("Checking fsGroup")
|
||||
_, err = lookForStringInPodExec(config.namespace, clientPod.Name, []string{"ls", "-ld", "/usr/share/nginx/html"}, strconv.Itoa(int(*fsGroup)), time.Minute)
|
||||
Expect(err).NotTo(HaveOccurred(), "waiting for output from pod exec")
|
||||
}
|
||||
}
|
||||
|
||||
// Insert index.html with given content into given volume. It does so by
|
||||
@@ -285,6 +304,11 @@ func injectHtml(client *client.Client, config VolumeTestConfig, volume api.Volum
|
||||
},
|
||||
},
|
||||
},
|
||||
SecurityContext: &api.PodSecurityContext{
|
||||
SELinuxOptions: &api.SELinuxOptions{
|
||||
Level: "s0:c0,c1",
|
||||
},
|
||||
},
|
||||
RestartPolicy: api.RestartPolicyNever,
|
||||
Volumes: []api.Volume{
|
||||
{
|
||||
@@ -374,7 +398,7 @@ var _ = Describe("Volumes [Skipped]", func() {
|
||||
},
|
||||
}
|
||||
// Must match content of test/images/volumes-tester/nfs/index.html
|
||||
testVolumeClient(c, config, volume, "Hello from NFS!")
|
||||
testVolumeClient(c, config, volume, nil, "Hello from NFS!")
|
||||
})
|
||||
})
|
||||
|
||||
@@ -448,7 +472,7 @@ var _ = Describe("Volumes [Skipped]", func() {
|
||||
},
|
||||
}
|
||||
// Must match content of test/images/volumes-tester/gluster/index.html
|
||||
testVolumeClient(c, config, volume, "Hello from GlusterFS!")
|
||||
testVolumeClient(c, config, volume, nil, "Hello from GlusterFS!")
|
||||
})
|
||||
})
|
||||
|
||||
@@ -490,11 +514,12 @@ var _ = Describe("Volumes [Skipped]", func() {
|
||||
IQN: "iqn.2003-01.org.linux-iscsi.f21.x8664:sn.4b0aae584f7c",
|
||||
Lun: 0,
|
||||
FSType: "ext2",
|
||||
ReadOnly: true,
|
||||
},
|
||||
}
|
||||
|
||||
fsGroup := int64(1234)
|
||||
// Must match content of test/images/volumes-tester/iscsi/block.tar.gz
|
||||
testVolumeClient(c, config, volume, "Hello from iSCSI")
|
||||
testVolumeClient(c, config, volume, &fsGroup, "Hello from iSCSI")
|
||||
})
|
||||
})
|
||||
|
||||
@@ -562,11 +587,12 @@ var _ = Describe("Volumes [Skipped]", func() {
|
||||
Name: config.prefix + "-secret",
|
||||
},
|
||||
FSType: "ext2",
|
||||
ReadOnly: true,
|
||||
},
|
||||
}
|
||||
fsGroup := int64(1234)
|
||||
|
||||
// Must match content of test/images/volumes-tester/gluster/index.html
|
||||
testVolumeClient(c, config, volume, "Hello from RBD")
|
||||
testVolumeClient(c, config, volume, &fsGroup, "Hello from RBD")
|
||||
|
||||
})
|
||||
})
|
||||
@@ -632,7 +658,7 @@ var _ = Describe("Volumes [Skipped]", func() {
|
||||
},
|
||||
}
|
||||
// Must match content of contrib/for-tests/volumes-ceph/ceph/index.html
|
||||
testVolumeClient(c, config, volume, "Hello Ceph!")
|
||||
testVolumeClient(c, config, volume, nil, "Hello Ceph!")
|
||||
})
|
||||
})
|
||||
|
||||
@@ -705,7 +731,8 @@ var _ = Describe("Volumes [Skipped]", func() {
|
||||
content := "Hello from Cinder from namespace " + volumeName
|
||||
injectHtml(c, config, volume, content)
|
||||
|
||||
testVolumeClient(c, config, volume, content)
|
||||
fsGroup := int64(1234)
|
||||
testVolumeClient(c, config, volume, &fsGroup, content)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user