Updates (#16)

majst01 · Feb 24, 2021 · 9475653 · 9475653
1 parent 0e745a5
commit 9475653
Show file tree

Hide file tree

Showing 11 changed files with 149 additions and 60 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
-FROM alpine:3.12 AS s3fs-builder
+FROM alpine:3.13 AS s3fs-builder
 
-ARG S3FS_VERSION=v1.86
+ARG S3FS_VERSION=v1.89
 
 RUN apk --no-cache add \
         ca-certificates \
@@ -23,13 +23,13 @@ RUN apk --no-cache add \
  && make install \
  && strip /usr/bin/s3fs
 
-FROM golang:1.15-alpine as builder
+FROM golang:1.16-alpine as builder
 RUN apk add git make binutils
 COPY / /work
 WORKDIR /work
 RUN make
 
-FROM alpine:3.12
+FROM alpine:3.13
 RUN apk --no-cache add \
     ca-certificates \
     fuse \

diff --git a/deploy/kubernetes/attacher.yaml b/deploy/kubernetes/attacher.yaml
@@ -24,6 +24,9 @@ rules:
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments"]
     verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments/status"]
+    verbs: ["get", "list", "watch", "update", "patch"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -72,7 +75,7 @@ spec:
       serviceAccount: csi-attacher-sa
       containers:
         - name: csi-attacher
-          image: quay.io/k8scsi/csi-attacher:v2.2.0
+          image: quay.io/k8scsi/csi-attacher:v3.1.0
           args:
             - "--v=4"
             - "--csi-address=$(ADDRESS)"

diff --git a/deploy/kubernetes/csi-driver-s3.yaml b/deploy/kubernetes/csi-driver-s3.yaml
@@ -56,7 +56,7 @@ spec:
       hostNetwork: true
       containers:
         - name: driver-registrar
-          image: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0
+          image: quay.io/k8scsi/csi-node-driver-registrar:v2.1.0
           args:
             - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
             - "--v=4"
@@ -81,7 +81,7 @@ spec:
             capabilities:
               add: ["SYS_ADMIN"]
             allowPrivilegeEscalation: true
-          image: majst01/csi-driver-s3:v0.2.0
+          image: majst01/csi-driver-s3:v0.3.0
           args:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(NODE_ID)"

diff --git a/deploy/kubernetes/provisioner.yaml b/deploy/kubernetes/provisioner.yaml
@@ -71,9 +71,8 @@ spec:
       serviceAccount: csi-provisioner-sa
       containers:
         - name: csi-provisioner
-          image: quay.io/k8scsi/csi-provisioner:v1.6.0
+          image: quay.io/k8scsi/csi-provisioner:v2.1.0
           args:
-            - "--provisioner=s3.csi.metal-stack.io"
             - "--csi-address=$(ADDRESS)"
             - "--v=4"
           env:
@@ -84,7 +83,7 @@ spec:
             - name: socket-dir
               mountPath: /var/lib/kubelet/plugins/s3.csi.metal-stack.io
         - name: csi-driver-s3
-          image: majst01/csi-driver-s3:v0.2.0
+          image: majst01/csi-driver-s3:v0.3.0
           args:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(NODE_ID)"

diff --git a/go.mod b/go.mod
@@ -1,17 +1,18 @@
 module github.com/majst01/csi-driver-s3
 
-go 1.15
+go 1.16
 
 require (
 	github.com/container-storage-interface/spec v1.3.0
-	github.com/kubernetes-csi/csi-lib-utils v0.9.0 // indirect
+	github.com/google/go-cmp v0.5.4 // indirect
+	github.com/kubernetes-csi/csi-lib-utils v0.9.1 // indirect
 	github.com/kubernetes-csi/csi-test v2.2.0+incompatible
 	github.com/kubernetes-csi/drivers v1.0.2
 	github.com/metal-stack/v v1.0.2
-	github.com/minio/minio-go/v7 v7.0.7
-	github.com/onsi/ginkgo v1.14.2
-	github.com/onsi/gomega v1.10.4
-	golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb
+	github.com/minio/minio-go/v7 v7.0.10
+	github.com/onsi/ginkgo v1.15.0
+	github.com/onsi/gomega v1.10.5
+	golang.org/x/net v0.0.0-20210222171744-9060382bd457
 	google.golang.org/grpc v1.35.0
-	k8s.io/klog/v2 v2.4.0
+	k8s.io/klog/v2 v2.5.0
 )
diff --git a/go.sum b/go.sum
diff --git a/pkg/s3/controllerserver.go b/pkg/s3/controllerserver.go
@@ -17,7 +17,7 @@ limitations under the License.
 package s3
 
 import (
-	"crypto/sha1"
+	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
 	"io"
@@ -64,28 +64,28 @@ func (cs *controllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
 
 	s3, err := newS3ClientFromSecrets(req.GetSecrets())
 	if err != nil {
-		return nil, fmt.Errorf("failed to initialize S3 client: %s", err)
+		return nil, fmt.Errorf("failed to initialize S3 client: %w", err)
 	}
 	exists, err := s3.bucketExists(volumeID)
 	if err != nil {
-		return nil, fmt.Errorf("failed to check if bucket %s exists: %v", volumeID, err)
+		return nil, fmt.Errorf("failed to check if bucket %s exists: %w", volumeID, err)
 	}
 	if exists {
 		var b *bucket
 		b, err = s3.getBucket(volumeID)
 		if err != nil {
-			return nil, fmt.Errorf("failed to get bucket metadata of bucket %s: %v", volumeID, err)
+			return nil, fmt.Errorf("failed to get bucket metadata of bucket %s: %w", volumeID, err)
 		}
 		// Check if volume capacity requested is bigger than the already existing capacity
 		if capacityBytes > b.CapacityBytes {
 			return nil, status.Error(codes.AlreadyExists, fmt.Sprintf("Volume with the same name: %s but with smaller size already exist", volumeID))
 		}
 	} else {
 		if err = s3.createBucket(volumeID); err != nil {
-			return nil, fmt.Errorf("failed to create volume %s: %v", volumeID, err)
+			return nil, fmt.Errorf("failed to create volume %s: %w", volumeID, err)
 		}
 		if err = s3.createPrefix(volumeID, fsPrefix); err != nil {
-			return nil, fmt.Errorf("failed to create prefix %s: %v", fsPrefix, err)
+			return nil, fmt.Errorf("failed to create prefix %s: %w", fsPrefix, err)
 		}
 	}
 	b := &bucket{
@@ -95,7 +95,7 @@ func (cs *controllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
 		FSPath:        fsPrefix,
 	}
 	if err := s3.setBucket(b); err != nil {
-		return nil, fmt.Errorf("Error setting bucket metadata: %v", err)
+		return nil, fmt.Errorf("Error setting bucket metadata: %w", err)
 	}
 
 	klog.Infof("create volume %s", volumeID)
@@ -124,15 +124,15 @@ func (cs *controllerServer) DeleteVolume(ctx context.Context, req *csi.DeleteVol
 
 	s3, err := newS3ClientFromSecrets(req.GetSecrets())
 	if err != nil {
-		return nil, fmt.Errorf("failed to initialize S3 client: %s", err)
+		return nil, fmt.Errorf("failed to initialize S3 client: %w", err)
 	}
 	exists, err := s3.bucketExists(volumeID)
 	if err != nil {
 		return nil, err
 	}
 	if exists {
 		if err := s3.removeBucket(volumeID); err != nil {
-			klog.Errorf("Failed to remove volume %s: %v", volumeID, err)
+			klog.Errorf("Failed to remove volume %s: %w", volumeID, err)
 			return nil, err
 		}
 	} else {
@@ -154,7 +154,7 @@ func (cs *controllerServer) ValidateVolumeCapabilities(ctx context.Context, req
 
 	s3, err := newS3ClientFromSecrets(req.GetSecrets())
 	if err != nil {
-		return nil, fmt.Errorf("failed to initialize S3 client: %s", err)
+		return nil, fmt.Errorf("failed to initialize S3 client: %w", err)
 	}
 	exists, err := s3.bucketExists(req.GetVolumeId())
 	if err != nil {
@@ -194,7 +194,7 @@ func (cs *controllerServer) ControllerExpandVolume(ctx context.Context, req *csi
 func sanitizeVolumeID(volumeID string) string {
 	volumeID = strings.ToLower(volumeID)
 	if len(volumeID) > 63 {
-		h := sha1.New()
+		h := sha256.New()
 		_, _ = io.WriteString(h, volumeID)
 		volumeID = hex.EncodeToString(h.Sum(nil))
 	}

diff --git a/pkg/s3/controllerserver_test.go b/pkg/s3/controllerserver_test.go
@@ -0,0 +1,50 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package s3
+
+import "testing"
+
+func Test_sanitizeVolumeID(t *testing.T) {
+	tests := []struct {
+		name     string
+		volumeID string
+		want     int
+	}{
+		{
+			name:     "smaller",
+			volumeID: "abcdef",
+			want:     6,
+		},
+		{
+			name:     "eqaul",
+			volumeID: "0123456789012345678901234567890123456789012345678901234567890123",
+			want:     64,
+		},
+		{
+			name:     "longer",
+			volumeID: "0123456789012345678901234567890123456789012345678901234567890123456789",
+			want:     64,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := len(sanitizeVolumeID(tt.volumeID)); got != tt.want {
+				t.Errorf("sanitizeVolumeID() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/pkg/s3/nodeserver.go b/pkg/s3/nodeserver.go
@@ -75,7 +75,7 @@ func (ns *nodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
 
 	s3, err := newS3ClientFromSecrets(req.GetSecrets())
 	if err != nil {
-		return nil, fmt.Errorf("failed to initialize S3 client: %s", err)
+		return nil, fmt.Errorf("failed to initialize S3 client: %w", err)
 	}
 	b, err := s3.getBucket(volumeID)
 	if err != nil {
@@ -140,7 +140,7 @@ func (ns *nodeServer) NodeStageVolume(ctx context.Context, req *csi.NodeStageVol
 	}
 	s3, err := newS3ClientFromSecrets(req.GetSecrets())
 	if err != nil {
-		return nil, fmt.Errorf("failed to initialize s3 client: %v", err)
+		return nil, fmt.Errorf("failed to initialize s3 client: %w", err)
 	}
 	b, err := s3.getBucket(volumeID)
 	if err != nil {

diff --git a/pkg/s3/s3-client.go b/pkg/s3/s3-client.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net/url"
@@ -77,10 +78,39 @@ func (client *s3Client) bucketExists(bucketName string) (bool, error) {
 
 func (client *s3Client) createBucket(bucketName string) error {
 	return client.minio.MakeBucket(context.Background(), bucketName, minio.MakeBucketOptions{Region: client.cfg.Region})
+	// policy := fmt.Sprintf(`
+	// {
+	// 	"Id": "ReadBucket",
+	// 	"Version": "2012-10-17",
+	// 	"Statement": [
+	// 	  {
+	// 		"Sid": "",
+	// 		"Action": "s3:*",
+	// 		"Effect": "Allow",
+	// 		"Resource": "arn:aws:s3:::%s/*",
+	// 		"Principal": {
+	// 		  "AWS": [
+	// 			"*"
+	// 		  ]
+	// 		}
+	// 	  }
+	// 	]
+	//   }
+	// `, bucketName)
+	// return client.minio.SetBucketPolicy(context.Background(), bucketName, policy)
 }
 
 func (client *s3Client) createPrefix(bucketName string, prefix string) error {
-	_, err := client.minio.PutObject(context.Background(), bucketName, prefix+"/", bytes.NewReader([]byte("")), 0, minio.PutObjectOptions{})
+	_, err := client.minio.PutObject(
+		context.Background(),
+		bucketName,
+		prefix+"/",
+		bytes.NewReader([]byte("")),
+		0,
+		minio.PutObjectOptions{
+			DisableMultipart: true,
+			UserMetadata:     map[string]string{"createdby": "csi-driver-s3"},
+		})
 	if err != nil {
 		return err
 	}
@@ -154,7 +184,7 @@ func (client *s3Client) getBucket(bucketName string) (*bucket, error) {
 	b := make([]byte, objInfo.Size)
 	_, err = obj.Read(b)
 
-	if err != nil && err != io.EOF {
+	if err != nil && !errors.Is(err, io.EOF) {
 		return nil, err
 	}
 	var meta bucket

diff --git a/test/Dockerfile b/test/Dockerfile
@@ -2,9 +2,9 @@ FROM majst01/csi-driver-s3:latest
 RUN apk add \
   git wget make
 
-RUN wget -q https://dl.google.com/go/go1.15.5.linux-amd64.tar.gz && \
-  tar -xf go1.15.5.linux-amd64.tar.gz && \
-  rm go1.15.5.linux-amd64.tar.gz && \
+RUN wget -q https://dl.google.com/go/go1.16.linux-amd64.tar.gz && \
+  tar -xf go1.16.linux-amd64.tar.gz && \
+  rm go1.16.linux-amd64.tar.gz && \
   mv go /usr/local
 
 ENV GOROOT /usr/local/go