You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@uniffle.apache.org by ro...@apache.org on 2022/11/16 08:40:48 UTC

[incubator-uniffle] branch master updated: [Bug] Fix invalid owner of host path volumes (#323) (#330)

This is an automated email from the ASF dual-hosted git repository.

roryqi pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-uniffle.git


The following commit(s) were added to refs/heads/master by this push:
     new 87361da6 [Bug] Fix invalid owner of host path volumes (#323) (#330)
87361da6 is described below

commit 87361da66a467fabbdbecf25061b8e2782c5d9ce
Author: jasonawang <ja...@tencent.com>
AuthorDate: Wed Nov 16 16:40:43 2022 +0800

    [Bug] Fix invalid owner of host path volumes (#323) (#330)
    
    ### What changes were proposed in this pull request?
    fix #323
    I have modified it for time reasons, thanks for pointing this out.
    I changed the owner of host paths as UID:GID.
    
    ### Why are the changes needed?
    Fix bug
    
    ### Does this PR introduce _any_ user-facing change?
    No
    
    ### How was this patch tested?
    UT
---
 .../pkg/controller/controller/process_rss_test.go  | 44 +++++-----
 .../operator/pkg/controller/util/util.go           | 14 ++-
 .../operator/pkg/controller/util/util_test.go      | 99 ++++++++++++++++++++++
 deploy/kubernetes/operator/pkg/utils/util.go       | 15 ----
 4 files changed, 134 insertions(+), 38 deletions(-)

diff --git a/deploy/kubernetes/operator/pkg/controller/controller/process_rss_test.go b/deploy/kubernetes/operator/pkg/controller/controller/process_rss_test.go
index a867bb62..a5ac8748 100644
--- a/deploy/kubernetes/operator/pkg/controller/controller/process_rss_test.go
+++ b/deploy/kubernetes/operator/pkg/controller/controller/process_rss_test.go
@@ -76,26 +76,28 @@ func TestProcessEmptyPhaseRss(t *testing.T) {
 			expectedNeedRetry: false,
 		},
 	} {
-		needRetry, err := rc.processNormal(rss)
-		if err != nil {
-			t.Errorf("process rss object failed: %v", err)
-			return
-		}
-		if needRetry != tt.expectedNeedRetry {
-			t.Errorf("unexpected result indicates whether to retrys: %v, expected: %v",
-				needRetry, tt.expectedNeedRetry)
-			return
-		}
-		updatedRss, getErr := rssClient.UniffleV1alpha1().RemoteShuffleServices(rss.Namespace).
-			Get(context.TODO(), rss.Name, metav1.GetOptions{})
-		if getErr != nil {
-			t.Errorf("get updated rss object failed: %v", err)
-			return
-		}
-		if !reflect.DeepEqual(updatedRss.Status, tt.expectedRssStatus) {
-			t.Errorf("unexpected status of updated rss object: %+v, expected: %+v",
-				updatedRss.Status, tt.expectedRssStatus)
-			return
-		}
+		t.Run(tt.name, func(tc *testing.T) {
+			needRetry, err := rc.processNormal(rss)
+			if err != nil {
+				tc.Errorf("process rss object failed: %v", err)
+				return
+			}
+			if needRetry != tt.expectedNeedRetry {
+				tc.Errorf("unexpected result indicates whether to retrys: %v, expected: %v",
+					needRetry, tt.expectedNeedRetry)
+				return
+			}
+			updatedRss, getErr := rssClient.UniffleV1alpha1().RemoteShuffleServices(rss.Namespace).
+				Get(context.TODO(), rss.Name, metav1.GetOptions{})
+			if getErr != nil {
+				tc.Errorf("get updated rss object failed: %v", err)
+				return
+			}
+			if !reflect.DeepEqual(updatedRss.Status, tt.expectedRssStatus) {
+				tc.Errorf("unexpected status of updated rss object: %+v, expected: %+v",
+					updatedRss.Status, tt.expectedRssStatus)
+				return
+			}
+		})
 	}
 }
diff --git a/deploy/kubernetes/operator/pkg/controller/util/util.go b/deploy/kubernetes/operator/pkg/controller/util/util.go
index 6f588681..bc1f3ccb 100644
--- a/deploy/kubernetes/operator/pkg/controller/util/util.go
+++ b/deploy/kubernetes/operator/pkg/controller/util/util.go
@@ -209,9 +209,19 @@ func generateLogVolumeMount(rssPodSpec *v1alpha1.RSSPodSpec) *corev1.VolumeMount
 
 func generateMakeDataDirCommand(rssPodSpec *v1alpha1.RSSPodSpec) []string {
 	var commands []string
-	fsGroup := *rssPodSpec.SecurityContext.FSGroup
+
+	var runAsUser int64
+	if rssPodSpec.SecurityContext != nil && rssPodSpec.SecurityContext.RunAsUser != nil {
+		runAsUser = *rssPodSpec.SecurityContext.RunAsUser
+	}
+
+	var fsGroup int64
+	if rssPodSpec.SecurityContext != nil && rssPodSpec.SecurityContext.FSGroup != nil {
+		fsGroup = *rssPodSpec.SecurityContext.FSGroup
+	}
+
 	for _, mountPath := range rssPodSpec.HostPathMounts {
-		commands = append(commands, fmt.Sprintf("chown -R %v:%v %v", fsGroup, fsGroup, mountPath))
+		commands = append(commands, fmt.Sprintf("chown -R %v:%v %v", runAsUser, fsGroup, mountPath))
 	}
 	return commands
 }
diff --git a/deploy/kubernetes/operator/pkg/controller/util/util_test.go b/deploy/kubernetes/operator/pkg/controller/util/util_test.go
new file mode 100644
index 00000000..5a49c5ef
--- /dev/null
+++ b/deploy/kubernetes/operator/pkg/controller/util/util_test.go
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package util
+
+import (
+	"sort"
+	"testing"
+
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/utils/pointer"
+
+	"github.com/apache/incubator-uniffle/deploy/kubernetes/operator/api/uniffle/v1alpha1"
+)
+
+func TestGenerateMakeDataDirCommand(t *testing.T) {
+	for _, tt := range []struct {
+		name             string
+		rssPodSpec       *v1alpha1.RSSPodSpec
+		expectedCommands []string
+	}{
+		{
+			name: "empty security context",
+			rssPodSpec: &v1alpha1.RSSPodSpec{
+				HostPathMounts: map[string]string{
+					"/data1": "/mnt/data1",
+				},
+			},
+			expectedCommands: []string{
+				"chown -R 0:0 /mnt/data1",
+			},
+		},
+		{
+			name: "empty runAsUser field in security context",
+			rssPodSpec: &v1alpha1.RSSPodSpec{
+				HostPathMounts: map[string]string{
+					"/data2": "/mnt/data2",
+				},
+				SecurityContext: &corev1.PodSecurityContext{
+					FSGroup: pointer.Int64(1000),
+				},
+			},
+			expectedCommands: []string{
+				"chown -R 0:1000 /mnt/data2",
+			},
+		},
+		{
+			name: "non empty field of runAsUser and fsGroup in security context",
+			rssPodSpec: &v1alpha1.RSSPodSpec{
+				HostPathMounts: map[string]string{
+					"/data3": "/mnt/data3",
+				},
+				SecurityContext: &corev1.PodSecurityContext{
+					RunAsUser: pointer.Int64(2000),
+					FSGroup:   pointer.Int64(1000),
+				},
+			},
+			expectedCommands: []string{
+				"chown -R 2000:1000 /mnt/data3",
+			},
+		},
+	} {
+		t.Run(tt.name, func(tc *testing.T) {
+			commands := generateMakeDataDirCommand(tt.rssPodSpec)
+			if !isEqualStringSlice(commands, tt.expectedCommands) {
+				tc.Errorf("unexpected commands: %+v, expected: %+v", commands, tt.expectedCommands)
+				return
+			}
+		})
+	}
+}
+
+func isEqualStringSlice(a, b []string) bool {
+	if len(a) != len(b) {
+		return false
+	}
+	sort.Strings(a)
+	sort.Strings(b)
+	for i := range a {
+		if a[i] != b[i] {
+			return false
+		}
+	}
+	return true
+}
diff --git a/deploy/kubernetes/operator/pkg/utils/util.go b/deploy/kubernetes/operator/pkg/utils/util.go
index bd336f48..4c609441 100644
--- a/deploy/kubernetes/operator/pkg/utils/util.go
+++ b/deploy/kubernetes/operator/pkg/utils/util.go
@@ -26,7 +26,6 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
-	"k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/util/retry"
 	"k8s.io/klog/v2"
@@ -35,20 +34,6 @@ import (
 	"github.com/apache/incubator-uniffle/deploy/kubernetes/operator/pkg/constants"
 )
 
-// CreatePodInformerFactory creates pod informer factory by label selector.
-func CreatePodInformerFactory(kubeClient kubernetes.Interface,
-	key, value string) informers.SharedInformerFactory {
-	option := func(options *metav1.ListOptions) {
-		if len(value) > 0 {
-			options.LabelSelector = key + "=" + value
-		} else {
-			options.LabelSelector = key
-		}
-	}
-	return informers.NewSharedInformerFactoryWithOptions(kubeClient, 0,
-		informers.WithTweakListOptions(option))
-}
-
 // GetCurrentNamespace returns current namespace.
 func GetCurrentNamespace() string {
 	namespace := os.Getenv(constants.PodNamespaceEnv)