diff --git a/cmd/gce-pd-csi-driver/main.go b/cmd/gce-pd-csi-driver/main.go index 6068d63a..b2263074 100644 --- a/cmd/gce-pd-csi-driver/main.go +++ b/cmd/gce-pd-csi-driver/main.go @@ -41,7 +41,6 @@ import ( "math/rand" "net/url" "os" - "path/filepath" "runtime" "strings" "time" @@ -256,7 +255,7 @@ func handle() { &cryptmapper.CryptDevice{}, ) - nodeServer = driver.NewNodeServer(gceDriver, mounter, deviceUtils, meta, statter, mapper, filepath.EvalSymlinks) + nodeServer = driver.NewNodeServer(gceDriver, mounter, deviceUtils, meta, statter, mapper) if *maxConcurrentFormatAndMount > 0 { nodeServer = nodeServer.WithSerializedFormatAndMount(*formatAndMountTimeout, *maxConcurrentFormatAndMount) } diff --git a/edgeless/pod-test.yaml b/edgeless/pod-test.yaml index a205c231..ae139d6f 100644 --- a/edgeless/pod-test.yaml +++ b/edgeless/pod-test.yaml @@ -5,7 +5,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: encrypted-storage + storageClassName: encrypted-rwo resources: requests: storage: 20Gi diff --git a/edgeless/storageclass-test.yaml b/edgeless/storageclass-test.yaml index 96a22422..c0e13195 100644 --- a/edgeless/storageclass-test.yaml +++ b/edgeless/storageclass-test.yaml @@ -1,7 +1,7 @@ apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: - name: encrypted-storage + name: encrypted-rwo provisioner: gcp.csi.confidential.cloud parameters: type: pd-standard diff --git a/pkg/gce-pd-csi-driver/gce-pd-driver.go b/pkg/gce-pd-csi-driver/gce-pd-driver.go index b174a4e5..c40bd696 100644 --- a/pkg/gce-pd-csi-driver/gce-pd-driver.go +++ b/pkg/gce-pd-csi-driver/gce-pd-driver.go @@ -161,7 +161,7 @@ func NewIdentityServer(gceDriver *GCEDriver) *GCEIdentityServer { } } -func NewNodeServer(gceDriver *GCEDriver, mounter *mount.SafeFormatAndMount, deviceUtils deviceutils.DeviceUtils, meta metadataservice.MetadataService, statter mountmanager.Statter, mapper cryptMapper, evalSymLinks func(string) (string, error)) *GCENodeServer { +func NewNodeServer(gceDriver *GCEDriver, mounter *mount.SafeFormatAndMount, deviceUtils deviceutils.DeviceUtils, meta metadataservice.MetadataService, statter mountmanager.Statter, mapper cryptMapper) *GCENodeServer { return &GCENodeServer{ Driver: gceDriver, Mounter: mounter, @@ -170,7 +170,6 @@ func NewNodeServer(gceDriver *GCEDriver, mounter *mount.SafeFormatAndMount, devi volumeLocks: common.NewVolumeLocks(), VolumeStatter: statter, CryptMapper: mapper, - evalSymLinks: evalSymLinks, } } diff --git a/pkg/gce-pd-csi-driver/node.go b/pkg/gce-pd-csi-driver/node.go index bfeb3338..39891f24 100644 --- a/pkg/gce-pd-csi-driver/node.go +++ b/pkg/gce-pd-csi-driver/node.go @@ -76,8 +76,7 @@ type GCENodeServer struct { // A map storing all volumes with ongoing operations so that additional operations // for that same volume (as defined by VolumeID) return an Aborted error - volumeLocks *common.VolumeLocks - evalSymLinks func(string) (string, error) + volumeLocks *common.VolumeLocks // If set, this semaphore will be used to serialize formatAndMount. It will be raised // when the operation starts, and lowered either when finished, or when @@ -207,10 +206,8 @@ func (ns *GCENodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePub if err != nil { return nil, status.Error(codes.Internal, fmt.Sprintf("Error when getting device path: %v", err.Error())) } - sourcePath, err = ns.evalSymLinks(filepath.Join("/dev/mapper", volumeKey.Name)) - if err != nil { - return nil, status.Error(codes.Internal, fmt.Sprintf("NodePublishVolume can not evaluate source path: %v", err.Error())) - } + + sourcePath = filepath.Join("/dev/mapper", volumeKey.Name) // Expose block volume as file at target path err = makeFile(targetPath) @@ -372,12 +369,9 @@ func (ns *GCENodeServer) NodeStageVolume(ctx context.Context, req *csi.NodeStage if integrity { klog.V(4).Infof("Integrity protected FS requested. Preparing to wipe device...") } - devicePathReal, err := ns.evalSymLinks(devicePath) - if err != nil { - return nil, status.Error(codes.Internal, fmt.Sprintf("could not evaluate device path for device %q: %v", devicePath, err)) - } - klog.V(4).Infof("Creating LUKS2 device on %s", devicePathReal) - devicePath, err = ns.CryptMapper.OpenCryptDevice(ctx, devicePathReal, volumeKey.Name, integrity) + + klog.V(4).Infof("Creating LUKS2 device on %s", devicePath) + devicePath, err = ns.CryptMapper.OpenCryptDevice(ctx, devicePath, volumeKey.Name, integrity) if err != nil { return nil, status.Error(codes.Internal, fmt.Sprintf("NodeStageVolume failed on volume %v to %s, open crypt device failed (%v)", devicePath, stagingTargetPath, err)) } diff --git a/pkg/gce-pd-csi-driver/node_test.go b/pkg/gce-pd-csi-driver/node_test.go index f714ba1b..ef4e1b6c 100644 --- a/pkg/gce-pd-csi-driver/node_test.go +++ b/pkg/gce-pd-csi-driver/node_test.go @@ -80,10 +80,6 @@ func (s *fakeCryptMapper) GetDevicePath(volumeID string) (string, error) { return s.deviceName, nil } -func fakeEvalSymlinks(path string) (string, error) { - return path, nil -} - func getTestGCEDriver(t *testing.T) *GCEDriver { return getCustomTestGCEDriver(t, mountmanager.NewFakeSafeMounter(), deviceutils.NewFakeDeviceUtils(false), metadataservice.NewFakeService()) } @@ -94,7 +90,7 @@ func getTestGCEDriverWithCustomMounter(t *testing.T, mounter *mount.SafeFormatAn func getCustomTestGCEDriver(t *testing.T, mounter *mount.SafeFormatAndMount, deviceUtils deviceutils.DeviceUtils, metaService metadataservice.MetadataService) *GCEDriver { gceDriver := GetGCEDriver() - nodeServer := NewNodeServer(gceDriver, mounter, deviceUtils, metaService, mountmanager.NewFakeStatter(mounter), &fakeCryptMapper{}, fakeEvalSymlinks) + nodeServer := NewNodeServer(gceDriver, mounter, deviceUtils, metaService, mountmanager.NewFakeStatter(mounter), &fakeCryptMapper{}) err := gceDriver.SetupGCEDriver(driver, "test-vendor", nil, nil, nil, nil, nodeServer) if err != nil { t.Fatalf("Failed to setup GCE Driver: %v", err) @@ -105,7 +101,7 @@ func getCustomTestGCEDriver(t *testing.T, mounter *mount.SafeFormatAndMount, dev func getTestBlockingMountGCEDriver(t *testing.T, readyToExecute chan chan struct{}) *GCEDriver { gceDriver := GetGCEDriver() mounter := mountmanager.NewFakeSafeBlockingMounter(readyToExecute) - nodeServer := NewNodeServer(gceDriver, mounter, deviceutils.NewFakeDeviceUtils(false), metadataservice.NewFakeService(), mountmanager.NewFakeStatter(mounter), &fakeCryptMapper{}, fakeEvalSymlinks) + nodeServer := NewNodeServer(gceDriver, mounter, deviceutils.NewFakeDeviceUtils(false), metadataservice.NewFakeService(), mountmanager.NewFakeStatter(mounter), &fakeCryptMapper{}) err := gceDriver.SetupGCEDriver(driver, "test-vendor", nil, nil, nil, nil, nodeServer) if err != nil { t.Fatalf("Failed to setup GCE Driver: %v", err) @@ -116,7 +112,7 @@ func getTestBlockingMountGCEDriver(t *testing.T, readyToExecute chan chan struct func getTestBlockingFormatAndMountGCEDriver(t *testing.T, readyToExecute chan chan struct{}) *GCEDriver { gceDriver := GetGCEDriver() mounter := mountmanager.NewFakeSafeBlockingMounter(readyToExecute) - nodeServer := NewNodeServer(gceDriver, mounter, deviceutils.NewFakeDeviceUtils(false), metadataservice.NewFakeService(), mountmanager.NewFakeStatter(mounter), &fakeCryptMapper{}, fakeEvalSymlinks).WithSerializedFormatAndMount(5*time.Second, 1) + nodeServer := NewNodeServer(gceDriver, mounter, deviceutils.NewFakeDeviceUtils(false), metadataservice.NewFakeService(), mountmanager.NewFakeStatter(mounter), &fakeCryptMapper{}).WithSerializedFormatAndMount(5*time.Second, 1) err := gceDriver.SetupGCEDriver(driver, "test-vendor", nil, nil, nil, nil, nodeServer) if err != nil { diff --git a/test/sanity/sanity_test.go b/test/sanity/sanity_test.go index a349be87..398c457b 100644 --- a/test/sanity/sanity_test.go +++ b/test/sanity/sanity_test.go @@ -92,7 +92,7 @@ func TestSanity(t *testing.T) { identityServer := driver.NewIdentityServer(gceDriver) controllerServer := driver.NewControllerServer(gceDriver, cloudProvider, 0, 5*time.Minute, fallbackRequisiteZones, enableStoragePools, multiZoneVolumeHandleConfig, listVolumesConfig) fakeStatter := mountmanager.NewFakeStatterWithOptions(mounter, mountmanager.FakeStatterOptions{IsBlock: false}) - nodeServer := driver.NewNodeServer(gceDriver, mounter, deviceUtils, metadataservice.NewFakeService(), fakeStatter, &fakeCryptMapper{}, func(s string) (string, error) { return s, nil }) + nodeServer := driver.NewNodeServer(gceDriver, mounter, deviceUtils, metadataservice.NewFakeService(), fakeStatter, &fakeCryptMapper{}) err = gceDriver.SetupGCEDriver(driverName, vendorVersion, extraLabels, nil, identityServer, controllerServer, nodeServer) if err != nil { t.Fatalf("Failed to initialize GCE CSI Driver: %v", err.Error())