Merge pull request #15 from aniszosc/OSC-MIGRATION

Add e2e test for fsgroup

Author: cciosc

CHANGELOG-0.x.md

@@ -22,3 +22,7 @@
 # v0.0.10beta
 ## Notable changes
 * Add fsGroupPolicy field to CSIDriver object and customize it with chart values
+
+# v0.0.11beta
+## Notable changes
+* Add fsGroupPolicy specific e2e test

go.sum

@@ -688,6 +688,8 @@ github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2/go.m
 github.com/opencontainers/selinux v1.3.1-0.20190929122143-5215b1806f52/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs=
 github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
 github.com/opencontainers/selinux v1.5.2/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
+github.com/outscale/osc-sdk-go/osc v0.0.0-20210317154930-f27e09c295b2 h1:gmvYTtBR5+erBu7PrPywmQhTSBN0b+PULYCB4rGjJUE=
+github.com/outscale/osc-sdk-go/osc v0.0.0-20210317154930-f27e09c295b2/go.mod h1:5AqqNH1X8zCHescKVlpSHRzrat1KCKDXqZoQPe8fY3A=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=

tests/e2e/dynamic_provisioning.go

@@ -16,6 +16,7 @@ package e2e
 
 import (
 	"fmt"
+	"log"
 	"math/rand"
 	"os"
 	"strings"
@@ -426,6 +427,67 @@ var _ = Describe("[ebs-csi-e2e] [single-az] Dynamic Provisioning", func() {
 		}
 		test.Run(cs, ns)
 	})
+
+	It("FSGROUP test should create a volume and check if pod security context is applied", func() {
+		fsGroup := int64(5000)
+		runAsGroup := int64(4000)
+		runAsUser := int64(2000)
+		podSecurityContext := v1.PodSecurityContext{
+			RunAsUser:  &runAsUser,
+			RunAsGroup: &runAsGroup,
+			FSGroup:    &fsGroup,
+		}
+		podSc, err := podSecurityContext.Marshal()
+		if err != nil {
+			Fail(fmt.Sprintf("error encoding: %v, %v", podSecurityContext, err))
+		}
+		allowPrivilegeEscalation := false
+		securityContext := v1.SecurityContext{
+			AllowPrivilegeEscalation: &allowPrivilegeEscalation,
+		}
+		sc, err := securityContext.Marshal()
+		if err != nil {
+			Fail(fmt.Sprintf("error encoding: %v, %v", securityContext, err))
+		}
+
+		pod := testsuites.PodDetails{
+			Cmd: "echo 'hello world' > /mnt/test-1/data && grep 'hello world' /mnt/test-1/data && while true; do echo running ; sleep 1; done",
+			Volumes: []testsuites.VolumeDetails{
+				{
+					VolumeType: osccloud.VolumeTypeGP2,
+					FSType:     bsucsidriver.FSTypeExt4,
+					ClaimSize:  driver.MinimumSizeForVolumeType(osccloud.VolumeTypeGP2),
+					VolumeMount: testsuites.VolumeMountDetails{
+						NameGenerate:      "test-volume-",
+						MountPathGenerate: "/mnt/test-",
+					},
+				},
+			},
+			CustomizedPod: []string{
+				string(podSc),
+				string(sc),
+			},
+		}
+		podCmds := []testsuites.PodCmds{
+			{
+				Cmd: []string{
+					"stat",
+					"-c",
+					"%g",
+					"/mnt/test-1",
+				},
+				ExpectedString: fmt.Sprintf("%d", fsGroup),
+			},
+		}
+		test := testsuites.DynamicallyProvisionedCustomPodTest{
+			CSIDriver: ebsDriver,
+			Pod:       pod,
+			PodCmds:   podCmds,
+		}
+		log.Printf("test: %+v\n", test)
+
+		test.Run(cs, ns, f)
+	})
 })
 
 var _ = Describe("[ebs-csi-e2e] [single-az] Snapshot", func() {

tests/e2e/testsuites/dynamically_provisioned_custom_pod_tester.go

@@ -0,0 +1,94 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+   http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package testsuites
+
+import (
+	"fmt"
+	"regexp"
+
+	. "github.com/onsi/ginkgo"
+	v1 "k8s.io/api/core/v1"
+	clientset "k8s.io/client-go/kubernetes"
+	"k8s.io/kubernetes/test/e2e/framework"
+	e2edeployment "k8s.io/kubernetes/test/e2e/framework/deployment"
+
+	"github.com/outscale-dev/osc-bsu-csi-driver/tests/e2e/driver"
+)
+
+type DynamicallyProvisionedCustomPodTest struct {
+	CSIDriver driver.DynamicPVTestDriver
+	Pod       PodDetails
+	PodCmds   []PodCmds
+}
+
+type PodCmds struct {
+	Cmd            []string
+	ExpectedString string
+}
+
+func customizePod(customizePod []string, deployment *TestDeployment) *TestDeployment {
+	podSc := v1.PodSecurityContext{}
+	sc := v1.SecurityContext{}
+	for _, custom := range customizePod {
+		fmt.Printf("custom: %+v\n", custom)
+		err := podSc.Unmarshal([]byte(custom))
+		if err == nil {
+			fmt.Printf("add PodSecurityContext\n")
+			deployment.deployment.Spec.Template.Spec.SecurityContext = &podSc
+		} else {
+			err := sc.Unmarshal([]byte(custom))
+			if err == nil {
+				fmt.Printf("add SecurityContext\n")
+				deployment.deployment.Spec.Template.Spec.Containers[0].SecurityContext = &sc
+			} else {
+				fmt.Printf("ignore custom: %+v\n", custom)
+			}
+		}
+	}
+	return deployment
+}
+
+func (t *DynamicallyProvisionedCustomPodTest) Run(client clientset.Interface, namespace *v1.Namespace, f *framework.Framework) {
+	customImage := "busybox"
+	tDeployment, cleanup := t.Pod.SetupDeployment(client, namespace, t.CSIDriver, customImage)
+	// defer must be called here for resources not get removed before using them
+	for i := range cleanup {
+		defer cleanup[i]()
+	}
+
+	By("customize Pod Deployment")
+	fmt.Printf("Before tDeployment: %+v\n", tDeployment)
+	customizePod(t.Pod.CustomizedPod, tDeployment)
+	fmt.Printf("After tDeployment: %+v\n", tDeployment)
+
+	By("deploying the deployment")
+	tDeployment.Create()
+
+	By("checking that the pod is running")
+	tDeployment.WaitForPodReady()
+
+	pods, err := e2edeployment.GetPodsForDeployment(client, tDeployment.deployment)
+	framework.ExpectNoError(err)
+	singleSpacePattern := regexp.MustCompile(`\s+`)
+	for _, podCmd := range t.PodCmds {
+		By(fmt.Sprintf("Extended pod and volumes checks: %v", podCmd.Cmd))
+		stdout, stderr, err := f.ExecCommandInContainerWithFullOutput(tDeployment.podName, pods.Items[0].Spec.Containers[0].Name, podCmd.Cmd...)
+		fmt.Printf("stdout %v, stderr %v, err %v\n", stdout, stderr, err)
+		if err != nil {
+			panic(err.Error())
+		}
+		framework.ExpectEqual(singleSpacePattern.ReplaceAllString(stdout, " "), podCmd.ExpectedString)
+	}
+}

tests/e2e/testsuites/dynamically_provisioned_resize_volume_tester.go

@@ -46,7 +46,7 @@ func (t *DynamicallyProvisionedResizeVolumeTest) Run(client clientset.Interface,
 	defer tpvc.Cleanup()
 
 	pvcName := tpvc.persistentVolumeClaim.Name
-	pvc, err := client.CoreV1().PersistentVolumeClaims(namespace.Name).Get(context.TODO(), pvcName, metav1.GetOptions{})
+	pvc, _ := client.CoreV1().PersistentVolumeClaims(namespace.Name).Get(context.TODO(), pvcName, metav1.GetOptions{})
 	By(fmt.Sprintf("Get pvc name: %v", pvc.Name))
 	originalSize := pvc.Spec.Resources.Requests["storage"]
 	delta := resource.Quantity{}

tests/e2e/testsuites/specs.go

@@ -28,8 +28,9 @@ import (
 )
 
 type PodDetails struct {
-	Cmd     string
-	Volumes []VolumeDetails
+	Cmd           string
+	Volumes       []VolumeDetails
+	CustomizedPod []string
 }
 
 type VolumeDetails struct {
@@ -131,7 +132,6 @@ func (pod *PodDetails) SetupDeployment(client clientset.Interface, namespace *v1
 	cleanupFuncs = append(cleanupFuncs, tpvc.Cleanup)
 	By("setting up the Deployment")
 	tDeployment := NewTestDeployment(client, namespace, pod.Cmd, tpvc.persistentVolumeClaim, fmt.Sprintf("%s%d", volume.VolumeMount.NameGenerate, 1), fmt.Sprintf("%s%d", volume.VolumeMount.MountPathGenerate, 1), volume.VolumeMount.ReadOnly, customImage...)
-
 	cleanupFuncs = append(cleanupFuncs, tDeployment.Cleanup)
 	return tDeployment, cleanupFuncs
 }