Set READONLY flag in CSI PV based on PVC accessmode

Signed-off-by: Humble Chirammal <[email protected]>
kubernetes-csi · Aug 21, 2020 · b653dc2 · b653dc2
1 parent e909258
commit b653dc2
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 0 deletions.
diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go
@@ -689,6 +689,17 @@ func (p *csiProvisioner) Provision(ctx context.Context, options controller.Provi
 		}
 	}
 
+	pvReadOnly := false
+	volCaps := req.GetVolumeCapabilities()
+	// if the request only has one accessmode and if its ROX, set readonly to true
+	if req.VolumeContentSource == nil {
+		if len(volCaps) == 1 {
+			if volCaps[0].GetAccessMode().GetMode() != csi.VolumeCapability_AccessMode_SINGLE_NODE_READER_ONLY || volCaps[0].GetAccessMode().GetMode() != csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY {
+				pvReadOnly = true
+			}
+		}
+	}
+
 	pv := &v1.PersistentVolume{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: pvName,
@@ -703,6 +714,7 @@ func (p *csiProvisioner) Provision(ctx context.Context, options controller.Provi
 			PersistentVolumeSource: v1.PersistentVolumeSource{
 				CSI: &v1.CSIPersistentVolumeSource{
 					Driver:                     p.driverName,
+					ReadOnly:                   pvReadOnly,
 					VolumeHandle:               p.volumeIdToHandle(rep.Volume.VolumeId),
 					VolumeAttributes:           volumeAttributes,
 					ControllerPublishSecretRef: controllerPublishSecretRef,

diff --git a/pkg/controller/controller_test.go b/pkg/controller/controller_test.go
@@ -514,6 +514,36 @@ func createFakePVC(requestBytes int64) *v1.PersistentVolumeClaim {
 	return createFakeNamedPVC(requestBytes, "fake-pvc", nil)
 }
 
+func createFakeNamedROPVC(requestBytes int64, name string, userAnnotations map[string]string) *v1.PersistentVolumeClaim {
+	annotations := map[string]string{annStorageProvisioner: driverName}
+	for k, v := range userAnnotations {
+		annotations[k] = v
+	}
+
+	return &v1.PersistentVolumeClaim{
+		ObjectMeta: metav1.ObjectMeta{
+			UID:         "testid",
+			Name:        name,
+			Namespace:   "fake-ns",
+			Annotations: annotations,
+		},
+		Spec: v1.PersistentVolumeClaimSpec{
+			Selector: nil, // Provisioner doesn't support selector
+			Resources: v1.ResourceRequirements{
+				Requests: v1.ResourceList{
+					v1.ResourceName(v1.ResourceStorage): resource.MustParse(strconv.FormatInt(requestBytes, 10)),
+				},
+			},
+			AccessModes: []v1.PersistentVolumeAccessMode{v1.ReadOnlyMany},
+		},
+	}
+}
+
+// Minimal PVC required for tests to function
+func createFakeROPVC(requestBytes int64) *v1.PersistentVolumeClaim {
+	return createFakeNamedROPVC(requestBytes, "fake-pvc", nil)
+}
+
 // createFakePVCWithVolumeMode returns PVC with VolumeMode
 func createFakePVCWithVolumeMode(requestBytes int64, volumeMode v1.PersistentVolumeMode) *v1.PersistentVolumeClaim {
 	claim := createFakePVC(requestBytes)
@@ -1001,6 +1031,37 @@ func TestFSTypeProvision(t *testing.T) {
 			},
 			expectState: controller.ProvisioningFinished,
 		},
+		"readonly PVC": {
+			volOpts: controller.ProvisionOptions{
+				StorageClass: &storagev1.StorageClass{
+					ReclaimPolicy: &deletePolicy,
+					Parameters: map[string]string{
+						"fstype": "xfs",
+					},
+				},
+				PVName: "test-name",
+				PVC:    createFakeROPVC(requestedBytes),
+			},
+			skipDefaultFSType: true,
+			expectedPVSpec: &pvSpec{
+				Name:          "test-testi",
+				ReclaimPolicy: v1.PersistentVolumeReclaimDelete,
+				Capacity: v1.ResourceList{
+					v1.ResourceName(v1.ResourceStorage): bytesToGiQuantity(requestedBytes),
+				},
+				CSIPVS: &v1.CSIPersistentVolumeSource{
+					Driver:       "test-driver",
+					VolumeHandle: "test-volume-id",
+					FSType:       "xfs",
+					ReadOnly:     true,
+					VolumeAttributes: map[string]string{
+						"storage.kubernetes.io/csiProvisionerIdentity": "test-provisioner",
+					},
+				},
+				AccessModes: []v1.PersistentVolumeAccessMode{v1.ReadOnlyMany},
+			},
+			expectState: controller.ProvisioningFinished,
+		},
 	}
 
 	for k, tc := range testcases {
@@ -1216,6 +1277,7 @@ func TestProvision(t *testing.T) {
 					Driver:       "test-driver",
 					VolumeHandle: "test-volume-id",
 					FSType:       "ext4",
+					ReadOnly:     true,
 					VolumeAttributes: map[string]string{
 						"storage.kubernetes.io/csiProvisionerIdentity": "test-provisioner",
 					},
@@ -1320,6 +1382,7 @@ func TestProvision(t *testing.T) {
 					Driver:       "test-driver",
 					VolumeHandle: "test-volume-id",
 					FSType:       "ext4",
+					ReadOnly:     false,
 					VolumeAttributes: map[string]string{
 						"storage.kubernetes.io/csiProvisionerIdentity": "test-provisioner",
 					},