Skip to content
This repository has been archived by the owner on Dec 3, 2024. It is now read-only.

Add RevokeAccessContext to DriverRevokeBucketAccess API #147

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add RevokeAccessContext to DriverRevokeBucketAccess API #147

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ module sigs.k8s.io/container-object-storage-interface-provisioner-sidecar
go 1.18

require (
github.com/agiledragon/gomonkey/v2 v2.12.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have reservations about using a monkey patch library. I realize that monkey patching is a common trend in python and ruby development (and other similar scripting languages), but my understanding is that the Golang devs specifically didn't allow for similar functionality.

When I have investigated monkey patching for unit tests in Go, the advice I have seen is to instead use interfaces (even defining custom ones for unit tests if needed) and mocking using Go's builtin language tools.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, will incorporate this in my next commit.

github.com/pkg/errors v0.9.1
github.com/spf13/cobra v1.8.0
github.com/spf13/pflag v1.0.5
Expand All @@ -13,7 +14,7 @@ require (
k8s.io/client-go v0.24.2
k8s.io/klog/v2 v2.70.1
sigs.k8s.io/container-object-storage-interface-api v0.1.1-0.20240208184109-05444273ee49
sigs.k8s.io/container-object-storage-interface-spec v0.1.1-0.20221006174327-ec782953b8ac
sigs.k8s.io/container-object-storage-interface-spec v0.1.1-0.20230824172359-684d40bf7217
sigs.k8s.io/controller-runtime v0.12.3
)

Expand Down
11 changes: 9 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/agiledragon/gomonkey/v2 v2.12.0 h1:ek0dYu9K1rSV+TgkW5LvNNPRWyDZVIxGMCFI6Pz9o38=
github.com/agiledragon/gomonkey/v2 v2.12.0/go.mod h1:ap1AmDzcVOAz1YpeJ3TCzIgstoaWLA6jbbgxfB4w2iY=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
Expand Down Expand Up @@ -184,6 +186,7 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
Expand All @@ -206,6 +209,7 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
Expand Down Expand Up @@ -269,6 +273,8 @@ github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6ke
github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
Expand Down Expand Up @@ -508,6 +514,7 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
Expand Down Expand Up @@ -722,8 +729,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/container-object-storage-interface-api v0.1.1-0.20240208184109-05444273ee49 h1:Ax4j3ThWolmk6yH6jvL3Yf0Fzxe0ZfVuDlSLNILU3GA=
sigs.k8s.io/container-object-storage-interface-api v0.1.1-0.20240208184109-05444273ee49/go.mod h1:YiB+i/UGkzqgODDhRG3u7jkbWkQcoUeLEJ7hwOT/2Qk=
sigs.k8s.io/container-object-storage-interface-spec v0.1.1-0.20221006174327-ec782953b8ac h1:M1ZBBDJVWw3gDmE+kZZmwQ6+29GbWhG9RMqx9oV0tEs=
sigs.k8s.io/container-object-storage-interface-spec v0.1.1-0.20221006174327-ec782953b8ac/go.mod h1:SzF/yVSh88TgYdBOAXqhT96XjU8pCQtoeQKxzIOOmWQ=
sigs.k8s.io/container-object-storage-interface-spec v0.1.1-0.20230824172359-684d40bf7217 h1:pKZQKRcx+WwT/AYHPFEcDGppS8qKEVpnIYbbHAPRkA8=
sigs.k8s.io/container-object-storage-interface-spec v0.1.1-0.20230824172359-684d40bf7217/go.mod h1:SzF/yVSh88TgYdBOAXqhT96XjU8pCQtoeQKxzIOOmWQ=
sigs.k8s.io/controller-runtime v0.12.3 h1:FCM8xeY/FI8hoAfh/V4XbbYMY20gElh9yh+A98usMio=
sigs.k8s.io/controller-runtime v0.12.3/go.mod h1:qKsk4WE6zW2Hfj0G4v10EnNB2jMG1C+NTb8h+DwCoU0=
sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y=
Expand Down
16 changes: 13 additions & 3 deletions pkg/bucketaccess/bucketaccess_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@
* limitations under the License.
*/

// Copyright 2024 Hewlett Packard Enterprise Development LP.

Comment on lines +16 to +17
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xing-yang do you know if there is a K8s/SIG policy about adding copyright attributions like this?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will wait for @xing-yang response as well & address this.

package bucketaccess

import (
Expand Down Expand Up @@ -350,10 +352,18 @@ func (bal *BucketAccessListener) deleteBucketAccessOp(ctx context.Context, bucke
klog.V(3).ErrorS(err, "Failed to fetch bucket", "bucket", bucketClaim.Status.BucketName)
return fmt.Errorf("failed to fetch bucket: %w", err)
}

bucketAccessClassName := bucketAccess.Spec.BucketAccessClassName
bucketAccessClass, err := bal.bucketAccessClasses().Get(ctx, bucketAccessClassName, metav1.GetOptions{})
if kubeerrors.IsNotFound(err) {
return bal.recordError(bucketAccess, v1.EventTypeWarning, events.FailedGrantAccess, err)
} else if err != nil {
klog.V(3).ErrorS(err, "Failed to fetch bucketAccessClass", "bucketAccessClass", bucketAccessClassName)
return fmt.Errorf("failed to fetch BucketAccessClass: %w", err)
}
Comment on lines +355 to +362
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have seen issues with this approach in CSI drivers. This leads to drivers implementing code that looks to the StorageClass (approx equivalent to BucketAccessClass), which is mutable and can change over time (or be deleted). This then results in a situation where the driver is unable to proceed with the latest operation.

Instead, the best pattern I have seen is to have the StorageClass data (including opaque params) copied to the PV so that the PV can be managed regardless of whether the StorageClass has been mutated.

I would suggest that the resolution follow the suggested pattern rather than adding the class name, which in my experience encourages inconsistent expectations.

@xing-yang or @shanduur do you have other thoughts?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @BlaineEXE ,

Thanks for your suggestion.

Certainly agree with your point here.
As per your suggestion, there's 2 ways (which I can think of), through which Parameters can be made available to the 'DriverRevokeBucketAccess' API.

I am more in-favor of 'Approach-2', but kindly do guide me if there's another way to retrieve 'Parameters' before 'DriverRevokeBucketAccess' API is invoked.

Will wait for your, suggestion & incorporate changes accordingly.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think approach 2 is also the more correct one. That means a change to the API in addition to the sidecar.

The next question I have is a matter of SIG/KEP process. With a CRD change, we may need to change the KEP. @xing-yang is it okay to make this change (what I consider a minor change) to the repos, or should we update the KEP first?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @BlaineEXE , @xing-yang,
Any update on this..?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I can add my 5-cents, I am also in favor of the approach 2. Unfortunately, I think those changes will be required to be added to the KEP for v1alpha2, as this is pretty major breaking change in the controller behavior.

req := &cosi.DriverRevokeBucketAccessRequest{
BucketId: bucket.Status.BucketID,
AccountId: bucketAccess.Status.AccountID,
BucketId: bucket.Status.BucketID,
AccountId: bucketAccess.Status.AccountID,
RevokeAccessContext: bucketAccessClass.Parameters,
}

// First we revoke the bucketAccess from the driver
Expand Down
42 changes: 42 additions & 0 deletions pkg/bucketaccess/bucketaccess_controller_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@
* limitations under the License.
*/

// Copyright 2024 Hewlett Packard Enterprise Development LP.

package bucketaccess

import (
Expand All @@ -23,6 +25,7 @@ import (
"testing"
"time"

"github.com/agiledragon/gomonkey/v2"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
Expand Down Expand Up @@ -500,6 +503,45 @@ func TestRecordEvents(t *testing.T) {
}
}

func TestMissingBucketAccessClass(t *testing.T) {
driver := "driver1"
mpc := struct{ fakespec.FakeProvisionerClient }{}
mpc.FakeDriverRevokeBucketAccess = func(ctx context.Context,
in *cosi.DriverRevokeBucketAccessRequest,
opts ...grpc.CallOption) (*cosi.DriverRevokeBucketAccessResponse, error) {
t.Errorf("grpc client called")
return nil, nil
}

bl := BucketAccessListener{
driverName: driver,
provisionerClient: &mpc,
bucketClient: &fakebucketclientset.Clientset{},
kubeClient: &fakekubeclientset.Clientset{},
}

new := v1alpha1.BucketAccess{
ObjectMeta: metav1.ObjectMeta{
Name: "testbucket_access",
DeletionTimestamp: &metav1.Time{Time: time.Now()},
},
Spec: v1alpha1.BucketAccessSpec{
BucketClaimName: "testbucket_claim",
BucketAccessClassName: "testbucket_access_class",
},
}
e := fmt.Errorf("access class with name %s, not found", new.Spec.BucketAccessClassName)
m := gomonkey.ApplyMethodReturn(bl.bucketAccessClasses(), "Get", nil, e)
defer m.Reset()

ctx := context.TODO()
err := bl.Update(ctx, &new, &new)
expectedErr := errors.New("failed to fetch BucketAccessClass: " + e.Error())
if err == nil || err.Error() != expectedErr.Error() {
t.Errorf("expecter error: %+v \n returned error: %+v", expectedErr, err)
}
}

func newEvent(eventType, reason, message string) string {
return fmt.Sprintf("%s %s %s", eventType, reason, message)
}