Enforce ReadWriteOncePod can only be used by itself

kubernetes-csi · Jun 16, 2021 · 8f8e9b8 · 8f8e9b8
1 parent 48c8713
commit 8f8e9b8
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 38 deletions.
diff --git a/accessmodes/access_modes.go b/accessmodes/access_modes.go
@@ -39,6 +39,15 @@ func toCSIAccessMode(pvAccessModes []v1.PersistentVolumeAccessMode) (csi.VolumeC
 	m := uniqueAccessModes(pvAccessModes)
 
 	switch {
+	// This mapping exists to enable CSI drivers that lack the
+	// SINGLE_NODE_MULTI_WRITER capability to work with the
+	// ReadWriteOncePod access mode.
+	case m[v1.ReadWriteOncePod]:
+		if len(m) > 1 {
+			return csi.VolumeCapability_AccessMode_UNKNOWN, fmt.Errorf("Kubernetes does not support use of ReadWriteOncePod with other access modes on the same PersistentVolume")
+		}
+		return csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER, nil
+
 	case m[v1.ReadWriteMany]:
 		// ReadWriteMany takes precedence, regardless of what other
 		// modes are set.
@@ -48,26 +57,12 @@ func toCSIAccessMode(pvAccessModes []v1.PersistentVolumeAccessMode) (csi.VolumeC
 		// This is not possible in the CSI spec.
 		return csi.VolumeCapability_AccessMode_UNKNOWN, fmt.Errorf("CSI does not support ReadOnlyMany and ReadWriteOnce on the same PersistentVolume")
 
-	case m[v1.ReadOnlyMany] && m[v1.ReadWriteOncePod]:
-		// This is not possible in the CSI spec.
-		return csi.VolumeCapability_AccessMode_UNKNOWN, fmt.Errorf("CSI does not support ReadOnlyMany and ReadWriteOncePod on the same PersistentVolume")
-
-	case m[v1.ReadWriteOnce] && m[v1.ReadWriteOncePod]:
-		// This is not possible in the CSI spec.
-		return csi.VolumeCapability_AccessMode_UNKNOWN, fmt.Errorf("CSI does not support ReadWriteOnce and ReadWriteOncePod on the same PersistentVolume")
-
 	case m[v1.ReadOnlyMany]:
 		return csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY, nil
 
 	case m[v1.ReadWriteOnce]:
 		return csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER, nil
 
-	// This mapping exists to enable CSI drivers that lack the
-	// SINGLE_NODE_MULTI_WRITER capability to work with the
-	// ReadWriteOncePod access mode.
-	case m[v1.ReadWriteOncePod]:
-		return csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER, nil
-
 	default:
 		return csi.VolumeCapability_AccessMode_UNKNOWN, fmt.Errorf("unsupported AccessMode combination: %+v", pvAccessModes)
 	}
@@ -80,6 +75,12 @@ func toSingleNodeMultiWriterCapableCSIAccessMode(pvAccessModes []v1.PersistentVo
 	m := uniqueAccessModes(pvAccessModes)
 
 	switch {
+	case m[v1.ReadWriteOncePod]:
+		if len(m) > 1 {
+			return csi.VolumeCapability_AccessMode_UNKNOWN, fmt.Errorf("Kubernetes does not support use of ReadWriteOncePod with other access modes on the same PersistentVolume")
+		}
+		return csi.VolumeCapability_AccessMode_SINGLE_NODE_SINGLE_WRITER, nil
+
 	case m[v1.ReadWriteMany]:
 		// ReadWriteMany trumps everything, regardless of what other
 		// modes are set.
@@ -89,23 +90,12 @@ func toSingleNodeMultiWriterCapableCSIAccessMode(pvAccessModes []v1.PersistentVo
 		// This is not possible in the CSI spec.
 		return csi.VolumeCapability_AccessMode_UNKNOWN, fmt.Errorf("CSI does not support ReadOnlyMany and ReadWriteOnce on the same PersistentVolume")
 
-	case m[v1.ReadOnlyMany] && m[v1.ReadWriteOncePod]:
-		// This is not possible in the CSI spec.
-		return csi.VolumeCapability_AccessMode_UNKNOWN, fmt.Errorf("CSI does not support ReadOnlyMany and ReadWriteOncePod on the same PersistentVolume")
-
-	case m[v1.ReadWriteOnce] && m[v1.ReadWriteOncePod]:
-		// This is not possible in the CSI spec.
-		return csi.VolumeCapability_AccessMode_UNKNOWN, fmt.Errorf("CSI does not support ReadWriteOnce and ReadWriteOncePod on the same PersistentVolume")
-
 	case m[v1.ReadOnlyMany]:
 		return csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY, nil
 
 	case m[v1.ReadWriteOnce]:
 		return csi.VolumeCapability_AccessMode_SINGLE_NODE_MULTI_WRITER, nil
 
-	case m[v1.ReadWriteOncePod]:
-		return csi.VolumeCapability_AccessMode_SINGLE_NODE_SINGLE_WRITER, nil
-
 	default:
 		return csi.VolumeCapability_AccessMode_UNKNOWN, fmt.Errorf("unsupported AccessMode combination: %+v", pvAccessModes)
 	}

diff --git a/accessmodes/access_modes_test.go b/accessmodes/access_modes_test.go
@@ -48,12 +48,6 @@ func TestToCSIAccessMode(t *testing.T) {
 			expectedCSIAccessMode: csi.VolumeCapability_AccessMode_UNKNOWN,
 			expectError:           true,
 		},
-		{
-			name:                  "RWO + RWOP",
-			pvAccessModes:         []v1.PersistentVolumeAccessMode{v1.ReadWriteOnce, v1.ReadWriteOncePod},
-			expectedCSIAccessMode: csi.VolumeCapability_AccessMode_UNKNOWN,
-			expectError:           true,
-		},
 		{
 			name:                  "ROX",
 			pvAccessModes:         []v1.PersistentVolumeAccessMode{v1.ReadOnlyMany},
@@ -95,13 +89,6 @@ func TestToCSIAccessMode(t *testing.T) {
 			expectError:                   true,
 			supportsSingleNodeMultiWriter: true,
 		},
-		{
-			name:                          "RWO + RWOP with SINGLE_NODE_MULTI_WRITER capable driver",
-			pvAccessModes:                 []v1.PersistentVolumeAccessMode{v1.ReadWriteOnce, v1.ReadWriteOncePod},
-			expectedCSIAccessMode:         csi.VolumeCapability_AccessMode_UNKNOWN,
-			expectError:                   true,
-			supportsSingleNodeMultiWriter: true,
-		},
 		{
 			name:                          "ROX with SINGLE_NODE_MULTI_WRITER capable driver",
 			pvAccessModes:                 []v1.PersistentVolumeAccessMode{v1.ReadOnlyMany},