Merge pull request oracle#384 in OKE/oci-cloud-controller-manager from task/OKE-22636-1.24 to release-1.24

* commit 'c4224b27b8abcfab56599b4fc60bcaad4e7c5239':
  JIRA:task/OKE-22216 Add mount option support to FSS CSI driver

Author: vbhargav875

Dockerfile

@@ -17,6 +17,7 @@ RUN yum-config-manager --disable \* && yum-config-manager --add-repo https://art
 
 RUN yum install -y util-linux \
   && yum install -y e2fsprogs \
+  && yum install -y xfsprogs \
   && yum clean all
 
 COPY --from=0 /go/src/github.com/oracle/oci-cloud-controller-manager/dist/* /usr/local/bin/

Dockerfile_arm

@@ -18,6 +18,7 @@ RUN yum-config-manager --disable \* && yum-config-manager --add-repo https://art
 
 RUN yum install -y util-linux \
   && yum install -y e2fsprogs \
+  && yum install -y xfsprogs \
   && yum clean all
 
 COPY --from=0 /go/src/github.com/oracle/oci-cloud-controller-manager/dist/arm/oci-csi-node-driver /usr/local/bin/

pkg/csi/driver/fss_node.go

@@ -46,9 +46,14 @@ func (d FSSNodeDriver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVo
 	var fsType = ""
 
 	accessType := req.VolumeCapability.GetMount()
-
-	if accessType != nil && accessType.FsType != "" {
-		fsType = accessType.FsType
+	var options []string
+	if accessType != nil {
+		if accessType.MountFlags != nil {
+			options = accessType.MountFlags
+		}
+		if accessType.FsType != "" {
+			fsType = accessType.FsType
+		}
 	}
 	encryptInTransit, err := isInTransitEncryptionEnabled(req.VolumeContext)
 	if err != nil {
@@ -57,7 +62,6 @@ func (d FSSNodeDriver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVo
 
 	mounter := mount.New(mountPath)
 
-	var options []string
 	if encryptInTransit {
 		isPackageInstalled, err := csi_util.IsInTransitEncryptionPackageInstalled()
 		if err != nil {

test/e2e/cloud-provider-oci/fss.go renamed to test/e2e/cloud-provider-oci/fss_static.go

@@ -21,47 +21,70 @@ import (
 	v12 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-var _ = Describe("Basic FSS test", func() {
+var _ = Describe("Basic Static FSS test", func() {
 	f := framework.NewDefaultFramework("fss-basic")
-	Context("[cloudprovider][storage][csi][fss]", func() {
+	Context("[cloudprovider][storage][csi][fss][static]", func() {
 		It("Create PVC and POD for CSI-FSS", func() {
 			pvcJig := framework.NewPVCTestJig(f.ClientSet, "csi-fss-e2e-test")
-			pv := pvcJig.CreatePVorFailFSS(f.Namespace.Name, setupF.VolumeHandle, "false")
+			pv := pvcJig.CreatePVorFailFSS(f.Namespace.Name, setupF.VolumeHandle, "false", []string{})
 			pvc := pvcJig.CreateAndAwaitPVCOrFailFSS(f.Namespace.Name, pv.Name, "50Gi", nil)
 			f.VolumeIds = append(f.VolumeIds, pvc.Spec.VolumeName)
-			pvcJig.CheckSinglePodReadWrite(f.Namespace.Name, pvc.Name, false)
+			pvcJig.CheckSinglePodReadWrite(f.Namespace.Name, pvc.Name, false, []string{})
 		})
 	})
 })
 
-var _ = Describe("FSS in-transit encryption test", func() {
+var _ = Describe("FSS Static in-transit encryption test", func() {
 	f := framework.NewDefaultFramework("fss-basic")
-	Context("[cloudprovider][storage][csi][fss]", func() {
+	Context("[cloudprovider][storage][csi][fss][static]", func() {
 		It("Create PVC and POD for FSS in-transit encryption", func() {
 			if setupF.Architecture == "AMD" {
 				checkNodeAvailability(f)
-				TestEncryptionType(f)
+				TestEncryptionType(f, []string{})
 			} else {
 				framework.Logf("CSI-FSS Intransit Encryption is not supported on ARM architecture")
 			}
 		})
 	})
 })
 
-func TestEncryptionType(f *framework.CloudProviderFramework) {
+var _ = Describe("Mount Options Static FSS test", func() {
+	f := framework.NewDefaultFramework("fss-mnt-opt")
+	Context("[cloudprovider][storage][csi][fss][static]", func() {
+		It("Create PV PVC and POD for CSI-FSS with mount options", func() {
+			pvcJig := framework.NewPVCTestJig(f.ClientSet, "csi-fss-e2e-test")
+			mountOptions := []string{"sync", "hard", "noac", "nolock"}
+			pv := pvcJig.CreatePVorFailFSS(f.Namespace.Name, setupF.VolumeHandle, "false", mountOptions)
+			pvc := pvcJig.CreateAndAwaitPVCOrFailFSS(f.Namespace.Name, pv.Name, "50Gi", nil)
+			f.VolumeIds = append(f.VolumeIds, pvc.Spec.VolumeName)
+			pvcJig.CheckSinglePodReadWrite(f.Namespace.Name, pvc.Name, false, mountOptions)
+		})
+		// TODO : Uncomment the below test once https://jira-sd.mc1.oracleiaas.com/browse/FSS-132761 is Done.
+		/*It("Create PV PVC and POD for FSS in-transit encryption with mount options", func() {
+			if setupF.Architecture == "AMD" {
+				checkNodeAvailability(f)
+				TestEncryptionType(f, []string{"sync", "hard", "noac", "nolock"})
+			} else {
+				framework.Logf("CSI-FSS Intransit Encryption is not supported on ARM architecture")
+			}
+		})*/
+	})
+})
+
+func TestEncryptionType(f *framework.CloudProviderFramework, mountOptions []string) {
 	pvcJig := framework.NewPVCTestJig(f.ClientSet, "csi-fss-e2e-test-intransit")
-	pv := pvcJig.CreatePVorFailFSS(f.Namespace.Name, setupF.VolumeHandle, "true")
+	pv := pvcJig.CreatePVorFailFSS(f.Namespace.Name, setupF.VolumeHandle, "true", mountOptions)
 	pvc := pvcJig.CreateAndAwaitPVCOrFailFSS(f.Namespace.Name, pv.Name, "50Gi", nil)
 	f.VolumeIds = append(f.VolumeIds, pvc.Spec.VolumeName)
-	pvcJig.CheckSinglePodReadWrite(f.Namespace.Name, pvc.Name, true)
+	pvcJig.CheckSinglePodReadWrite(f.Namespace.Name, pvc.Name, true, mountOptions)
 }
 
-var _ = Describe("Multiple Pods FSS test", func() {
+var _ = Describe("Multiple Pods Static FSS test", func() {
 	f := framework.NewDefaultFramework("multiple-pod")
-	Context("[cloudprovider][storage][csi][fss]", func() {
+	Context("[cloudprovider][storage][csi][fss][static]", func() {
 		It("Multiple Pods should be able to read write same file", func() {
 			pvcJig := framework.NewPVCTestJig(f.ClientSet, "csi-fss-e2e-test")
-			pv := pvcJig.CreatePVorFailFSS(f.Namespace.Name, setupF.VolumeHandle, "false")
+			pv := pvcJig.CreatePVorFailFSS(f.Namespace.Name, setupF.VolumeHandle, "false", []string{})
 			pvc := pvcJig.CreateAndAwaitPVCOrFailFSS(f.Namespace.Name, pv.Name, "50Gi", nil)
 			f.VolumeIds = append(f.VolumeIds, pvc.Spec.VolumeName)
 			pvcJig.CheckMultiplePodReadWrite(f.Namespace.Name, pvc.Name, false)
@@ -71,7 +94,7 @@ var _ = Describe("Multiple Pods FSS test", func() {
 			if setupF.Architecture == "AMD" {
 				checkNodeAvailability(f)
 				pvcJig := framework.NewPVCTestJig(f.ClientSet, "csi-fss-e2e-test")
-				pv := pvcJig.CreatePVorFailFSS(f.Namespace.Name, setupF.VolumeHandle, "true")
+				pv := pvcJig.CreatePVorFailFSS(f.Namespace.Name, setupF.VolumeHandle, "true", []string{})
 				pvc := pvcJig.CreateAndAwaitPVCOrFailFSS(f.Namespace.Name, pv.Name, "50Gi", nil)
 				f.VolumeIds = append(f.VolumeIds, pvc.Spec.VolumeName)
 				pvcJig.CheckMultiplePodReadWrite(f.Namespace.Name, pvc.Name, true)
@@ -82,9 +105,9 @@ var _ = Describe("Multiple Pods FSS test", func() {
 	})
 })
 
-func checkNodeAvailability(f *framework.CloudProviderFramework){
+func checkNodeAvailability(f *framework.CloudProviderFramework) {
 	pvcJig := framework.NewPVCTestJig(f.ClientSet, "csi-fss-e2e-test")
-	nodeList, err := pvcJig.KubeClient.CoreV1().Nodes().List(context.Background(),v12.ListOptions{LabelSelector: "oke.oraclecloud.com/e2e.oci-fss-util"})
+	nodeList, err := pvcJig.KubeClient.CoreV1().Nodes().List(context.Background(), v12.ListOptions{LabelSelector: "oke.oraclecloud.com/e2e.oci-fss-util"})
 	if err != nil {
 		framework.Logf("Error getting applicable nodes: %v", err)
 	}

test/e2e/framework/pod_util.go

@@ -88,6 +88,29 @@ func (j *PVCTestJig) CheckFileExists(namespace string, podName string, dir strin
 	}
 }
 
+func (j *PVCTestJig) CheckMountOptions(namespace string, podName string, expectedPath string, expectedOptions []string) {
+	By("check if NFS mount options are applied")
+	command := fmt.Sprintf("mount -t nfs")
+	if pollErr := wait.PollImmediate(K8sResourcePoll, DefaultTimeout, func() (bool, error) {
+		stdout, err := RunHostCmd(namespace, podName, command)
+		if err != nil {
+			Logf("got err: %v, retry until timeout", err)
+			return false, nil
+		}
+		if stdout == "" || !strings.Contains(stdout, expectedPath) {
+			return false, errors.Errorf("NFS Mount not found for path %s. Mounted as %s", expectedPath, stdout)
+		}
+		for _, option := range expectedOptions {
+			if !strings.Contains(stdout, option) {
+				return false, errors.Errorf("NFS Mount Options check failed. Mounted as %s", stdout)
+			}
+		}
+		return true, nil
+	}); pollErr != nil {
+		Failf("NFS mount with Mount Options failed in pod '%v'", podName)
+	}
+}
+
 func (j *PVCTestJig) CheckFileCorruption(namespace string, podName string, dir string, fileName string) {
 	By("check if the file is corrupt")
 	md5hash := "e59ff97941044f85df5297e1c302d260"

test/e2e/framework/pvc_util.go

@@ -377,13 +377,22 @@ func (j *PVCTestJig) pvAddPersistentVolumeSource(pv *v1.PersistentVolume,
 	return pv
 }
 
+func (j *PVCTestJig) pvAddMountOptions(pv *v1.PersistentVolume,
+	mountOptions []string) *v1.PersistentVolume {
+	if pv != nil {
+		pv.Spec.MountOptions = append(pv.Spec.MountOptions, mountOptions...)
+	}
+	return pv
+}
+
 // newPVTemplateFSS returns the default template for this jig, but
 // does not actually create the PV.  The default PV has the same name
 // as the jig
-func (j *PVCTestJig) newPVTemplateFSS(namespace, volumeHandle, enableIntransitEncrypt string) *v1.PersistentVolume {
+func (j *PVCTestJig) newPVTemplateFSS(namespace, volumeHandle, enableIntransitEncrypt string, mountOptions []string) *v1.PersistentVolume {
 	pv := j.CreatePVTemplate(namespace, "fss.csi.oraclecloud.com", "", "Retain")
 	pv = j.pvAddVolumeMode(pv, v1.PersistentVolumeFilesystem)
 	pv = j.pvAddAccessMode(pv, "ReadWriteMany")
+	pv = j.pvAddMountOptions(pv, mountOptions)
 	pv = j.pvAddPersistentVolumeSource(pv, v1.PersistentVolumeSource{
 		CSI: &v1.CSIPersistentVolumeSource{
 			Driver:       driver.FSSDriverName,
@@ -435,8 +444,8 @@ func (j *PVCTestJig) newPVTemplateCSIHighPerf(namespace string, scName string, o
 // CreatePVForFSSorFail creates a new claim based on the jig's
 // defaults. Callers can provide a function to tweak the claim object
 // before it is created.
-func (j *PVCTestJig) CreatePVorFailFSS(namespace, volumeHandle, encryptInTransit string) *v1.PersistentVolume {
-	pv := j.newPVTemplateFSS(namespace, volumeHandle, encryptInTransit)
+func (j *PVCTestJig) CreatePVorFailFSS(namespace, volumeHandle, encryptInTransit string, mountOptions []string) *v1.PersistentVolume {
+	pv := j.newPVTemplateFSS(namespace, volumeHandle, encryptInTransit, mountOptions)
 
 	result, err := j.KubeClient.CoreV1().PersistentVolumes().Create(context.Background(), pv, metav1.CreateOptions{})
 	if err != nil {
@@ -979,7 +988,7 @@ func (j *PVCTestJig) CheckEncryptionType(namespace, podName string) {
 	}
 }
 
-func (j *PVCTestJig) CheckSinglePodReadWrite(namespace string, pvcName string, checkEncryption bool) {
+func (j *PVCTestJig) CheckSinglePodReadWrite(namespace string, pvcName string, checkEncryption bool, expectedMountOptions []string) {
 
 	By("Creating Pod that can create and write to the file")
 	uid := uuid.NewUUID()
@@ -995,6 +1004,9 @@ func (j *PVCTestJig) CheckSinglePodReadWrite(namespace string, pvcName string, c
 	By("check if the file exists")
 	j.CheckFileExists(namespace, podName, "/data", fileName)
 
+	By("Check Mount Options")
+	j.CheckMountOptions(namespace, podName, "/data", expectedMountOptions)
+
 	By("Creating Pod that can read contents of existing file")
 	j.NewPodForCSIFSSRead(string(uid), namespace, pvcName, fileName, checkEncryption)
 }