Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

volume: Change owner of symlinks too #94895

Merged
merged 2 commits into from Feb 10, 2021
Merged

volume: Change owner of symlinks too #94895

merged 2 commits into from Feb 10, 2021

Conversation

mauriciovasquezbernal
Copy link
Contributor

What type of PR is this?
/kind cleanup

What this PR does / why we need it:
This commit uses Lchown instead of Chown to change the owner of symlinks too.
It doesn't change any behaviour. However, it could avoid some confusions as the
symlinks are updated to the correct owner too.

Please consider the following Pod with a configMap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: myconfigmap
  namespace: default
data:
  content: '"This is a ConfigMap"'
---
apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  securityContext:
    fsGroup: 2000
  containers:
  - name: container1
    image: busybox
    command: ["sh"]
    args: ["-c", "sleep infinity"]
    volumeMounts:
    - name: config-volume
      mountPath: /etc/configmap/content
  volumes:
  - name: config-volume
    configMap:
      name: myconfigmap
      defaultMode: 0400

The current behaviour shows that the group owner is 0 for the symlink point to the real content file:

$ kubectl exec -it mypod -- /bin/sh -c 'ls -la /etc/configmap/content/content'
lrwxrwxrwx    1 0     0            14 Sep 18 15:15 /etc/configmap/content/content -> ..data/content

The behaviour after this PR shows as group owner 2000 as specified in fsGroup:

kubectl exec -it mypod -- /bin/sh -c 'ls -la /etc/configmap/content/content'
lrwxrwxrwx    1 0     2000            14 Sep 18 15:15 /etc/configmap/content/content -> ..data/content

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Sep 18, 2020
@k8s-ci-robot
Copy link
Contributor

Welcome @mauriciovasquezbernal!

It looks like this is your first PR to kubernetes/kubernetes 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/kubernetes has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot
Copy link
Contributor

Hi @mauriciovasquezbernal. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. sig/storage Categorizes an issue or PR as relevant to SIG Storage. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Sep 18, 2020
@mauriciovasquezbernal
Copy link
Contributor Author

/sig storage
/release-note-none

@k8s-ci-robot
Copy link
Contributor

@mauriciovasquezbernal: The label(s) sig/ cannot be applied, because the repository doesn't have them

In response to this:

/sig storage
/release-note-none

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Sep 18, 2020
@gnufied
Copy link
Member

gnufied commented Sep 18, 2020

/assign @sjenning @gnufied

@gnufied
Copy link
Member

gnufied commented Sep 18, 2020

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 18, 2020
@jingxu97
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 22, 2020
@jingxu97
Copy link
Contributor

jingxu97 commented Nov 4, 2020

could you add unit test? Thanks!

cc @msau42

@mauriciovasquezbernal
volume: Change owner of symlinks too
7d293e3 
This commit uses Lchown instead of Chown to change the owner of symlinks too.
It doesn't change any behaviour. However, it could avoid some confusions as the
symlinks are updated to the correct owner too.
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Nov 11, 2020
@mauriciovasquezbernal
Copy link
Contributor Author

@jingxu97 I added the unit test.

@mauriciovasquezbernal
Copy link
Contributor Author

/retest

@mauriciovasquezbernal
volume: Add unit test for SetVolumeOwnership owners
119040a 
Former TestSetVolumeOwnership only checks the mode of the files. This commit
adds a new TestSetVolumeOwnershipOwner that checks the ownership of the files.
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 9, 2021
@mauriciovasquezbernal
Copy link
Contributor Author

@gnufied @sjenning any chance you can give it a look?

@gnufied
Copy link
Member

gnufied commented Feb 9, 2021

It looks good to me as well. But it would be nice to have a confirmation from @sjenning because he originally made the change that prevented permissions of symlinks from being changed. But at that time - we were calling plain chown which evaluates the symlink and now you are using lchown.

@joelsmith
Copy link
Contributor

Nice that you were able to get rid of an extra stat syscall by using -1 for the UID!

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 9, 2021
@sjenning
Copy link
Contributor

sjenning commented Feb 9, 2021

/approve

1 similar comment
@gnufied
Copy link
Member

gnufied commented Feb 9, 2021

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gnufied, mauriciovasquezbernal, sjenning

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 9, 2021
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

3 similar comments
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@k8s-ci-robot k8s-ci-robot merged commit 11a05eb into kubernetes:master Feb 10, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.21 milestone Feb 10, 2021
@mauriciovasquezbernal mauriciovasquezbernal deleted the mauricio/fix-setvolumeownership branch February 10, 2021 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gnufied gnufied gnufied left review comments

@jsafrane jsafrane Awaiting requested review from jsafrane

Assignees

@gnufied gnufied

@joelsmith joelsmith

@sjenning sjenning

@jingxu97 jingxu97

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.21
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@mauriciovasquezbernal @k8s-ci-robot @gnufied @jingxu97 @fejta-bot @joelsmith @sjenning