From db1d18688caae1bc77bb419ca946b95321ba8aa6 Mon Sep 17 00:00:00 2001 From: Vivek Vishnu Narayanan Date: Mon, 30 Sep 2024 12:50:42 +0000 Subject: [PATCH] Add RevokeAccessContext to DriverRevokeBucketAccess API --- go.mod | 3 +- go.sum | 11 ++++- pkg/bucketaccess/bucketaccess_controller.go | 16 +++++-- .../bucketaccess_controller_test.go | 42 +++++++++++++++++++ 4 files changed, 66 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 3253e4d..945ea2c 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module sigs.k8s.io/container-object-storage-interface-provisioner-sidecar go 1.18 require ( + github.com/agiledragon/gomonkey/v2 v2.12.0 github.com/pkg/errors v0.9.1 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 @@ -13,7 +14,7 @@ require ( k8s.io/client-go v0.24.2 k8s.io/klog/v2 v2.70.1 sigs.k8s.io/container-object-storage-interface-api v0.1.1-0.20240208184109-05444273ee49 - sigs.k8s.io/container-object-storage-interface-spec v0.1.1-0.20221006174327-ec782953b8ac + sigs.k8s.io/container-object-storage-interface-spec v0.1.1-0.20230824172359-684d40bf7217 sigs.k8s.io/controller-runtime v0.12.3 ) diff --git a/go.sum b/go.sum index 78b5d04..778deb4 100644 --- a/go.sum +++ b/go.sum @@ -48,6 +48,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/agiledragon/gomonkey/v2 v2.12.0 h1:ek0dYu9K1rSV+TgkW5LvNNPRWyDZVIxGMCFI6Pz9o38= +github.com/agiledragon/gomonkey/v2 v2.12.0/go.mod h1:ap1AmDzcVOAz1YpeJ3TCzIgstoaWLA6jbbgxfB4w2iY= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -184,6 +186,7 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= @@ -206,6 +209,7 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -269,6 +273,8 @@ github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6ke github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= @@ -508,6 +514,7 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= @@ -722,8 +729,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/container-object-storage-interface-api v0.1.1-0.20240208184109-05444273ee49 h1:Ax4j3ThWolmk6yH6jvL3Yf0Fzxe0ZfVuDlSLNILU3GA= sigs.k8s.io/container-object-storage-interface-api v0.1.1-0.20240208184109-05444273ee49/go.mod h1:YiB+i/UGkzqgODDhRG3u7jkbWkQcoUeLEJ7hwOT/2Qk= -sigs.k8s.io/container-object-storage-interface-spec v0.1.1-0.20221006174327-ec782953b8ac h1:M1ZBBDJVWw3gDmE+kZZmwQ6+29GbWhG9RMqx9oV0tEs= -sigs.k8s.io/container-object-storage-interface-spec v0.1.1-0.20221006174327-ec782953b8ac/go.mod h1:SzF/yVSh88TgYdBOAXqhT96XjU8pCQtoeQKxzIOOmWQ= +sigs.k8s.io/container-object-storage-interface-spec v0.1.1-0.20230824172359-684d40bf7217 h1:pKZQKRcx+WwT/AYHPFEcDGppS8qKEVpnIYbbHAPRkA8= +sigs.k8s.io/container-object-storage-interface-spec v0.1.1-0.20230824172359-684d40bf7217/go.mod h1:SzF/yVSh88TgYdBOAXqhT96XjU8pCQtoeQKxzIOOmWQ= sigs.k8s.io/controller-runtime v0.12.3 h1:FCM8xeY/FI8hoAfh/V4XbbYMY20gElh9yh+A98usMio= sigs.k8s.io/controller-runtime v0.12.3/go.mod h1:qKsk4WE6zW2Hfj0G4v10EnNB2jMG1C+NTb8h+DwCoU0= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y= diff --git a/pkg/bucketaccess/bucketaccess_controller.go b/pkg/bucketaccess/bucketaccess_controller.go index c441b6b..bcb3ead 100644 --- a/pkg/bucketaccess/bucketaccess_controller.go +++ b/pkg/bucketaccess/bucketaccess_controller.go @@ -13,6 +13,8 @@ * limitations under the License. */ + // Copyright 2024 Hewlett Packard Enterprise Development LP. + package bucketaccess import ( @@ -350,10 +352,18 @@ func (bal *BucketAccessListener) deleteBucketAccessOp(ctx context.Context, bucke klog.V(3).ErrorS(err, "Failed to fetch bucket", "bucket", bucketClaim.Status.BucketName) return fmt.Errorf("failed to fetch bucket: %w", err) } - + bucketAccessClassName := bucketAccess.Spec.BucketAccessClassName + bucketAccessClass, err := bal.bucketAccessClasses().Get(ctx, bucketAccessClassName, metav1.GetOptions{}) + if kubeerrors.IsNotFound(err) { + return bal.recordError(bucketAccess, v1.EventTypeWarning, events.FailedGrantAccess, err) + } else if err != nil { + klog.V(3).ErrorS(err, "Failed to fetch bucketAccessClass", "bucketAccessClass", bucketAccessClassName) + return fmt.Errorf("failed to fetch BucketAccessClass: %w", err) + } req := &cosi.DriverRevokeBucketAccessRequest{ - BucketId: bucket.Status.BucketID, - AccountId: bucketAccess.Status.AccountID, + BucketId: bucket.Status.BucketID, + AccountId: bucketAccess.Status.AccountID, + RevokeAccessContext: bucketAccessClass.Parameters, } // First we revoke the bucketAccess from the driver diff --git a/pkg/bucketaccess/bucketaccess_controller_test.go b/pkg/bucketaccess/bucketaccess_controller_test.go index 3f07ae7..3f93800 100644 --- a/pkg/bucketaccess/bucketaccess_controller_test.go +++ b/pkg/bucketaccess/bucketaccess_controller_test.go @@ -13,6 +13,8 @@ * limitations under the License. */ + // Copyright 2024 Hewlett Packard Enterprise Development LP. + package bucketaccess import ( @@ -23,6 +25,7 @@ import ( "testing" "time" + "github.com/agiledragon/gomonkey/v2" "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -500,6 +503,45 @@ func TestRecordEvents(t *testing.T) { } } +func TestMissingBucketAccessClass(t *testing.T) { + driver := "driver1" + mpc := struct{ fakespec.FakeProvisionerClient }{} + mpc.FakeDriverRevokeBucketAccess = func(ctx context.Context, + in *cosi.DriverRevokeBucketAccessRequest, + opts ...grpc.CallOption) (*cosi.DriverRevokeBucketAccessResponse, error) { + t.Errorf("grpc client called") + return nil, nil + } + + bl := BucketAccessListener{ + driverName: driver, + provisionerClient: &mpc, + bucketClient: &fakebucketclientset.Clientset{}, + kubeClient: &fakekubeclientset.Clientset{}, + } + + new := v1alpha1.BucketAccess{ + ObjectMeta: metav1.ObjectMeta{ + Name: "testbucket_access", + DeletionTimestamp: &metav1.Time{Time: time.Now()}, + }, + Spec: v1alpha1.BucketAccessSpec{ + BucketClaimName: "testbucket_claim", + BucketAccessClassName: "testbucket_access_class", + }, + } + e := fmt.Errorf("access class with name %s, not found", new.Spec.BucketAccessClassName) + m := gomonkey.ApplyMethodReturn(bl.bucketAccessClasses(), "Get", nil, e) + defer m.Reset() + + ctx := context.TODO() + err := bl.Update(ctx, &new, &new) + expectedErr := errors.New("failed to fetch BucketAccessClass: " + e.Error()) + if err == nil || err.Error() != expectedErr.Error() { + t.Errorf("expecter error: %+v \n returned error: %+v", expectedErr, err) + } +} + func newEvent(eventType, reason, message string) string { return fmt.Sprintf("%s %s %s", eventType, reason, message) }