volume: use GetHostIDsForPod()

This commit only changes the UID/GID if user namespaces is enabled. When
it is enabled, it changes it so the hostUID and hostGID that are mapped
to the currently used UID/GID. This is needed so volumes are created
with the hostUID/hostGID and the user inside the container can read
them.

If user namespaces are disabled for this pod, this is a no-op: there is
no user namespace mapping, so the hostUID/hostGID are the same as inside
the container.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>

pkg/volume/util/operationexecutor/operation_generator.go

@@ -669,10 +669,23 @@ func (og *operationGenerator) GenerateMountVolumeFunc(
 			resizeOptions.DeviceStagePath = deviceMountPath
 		}
 
+		kvh, ok := og.GetVolumePluginMgr().Host.(volume.KubeletVolumeHost)
+		if !ok {
+			eventErr, detailedErr := volumeToMount.GenerateError("MountVolume type assertion error", fmt.Errorf("volume host does not implement KubeletVolumeHost interface"))
+			return volumetypes.NewOperationContext(eventErr, detailedErr, migrated)
+		}
+		uid := util.FsUserFrom(volumeToMount.Pod)
+		hostUID, hostGID, err := kvh.GetHostIDsForPod(volumeToMount.Pod, uid, fsGroup)
+		if err != nil {
+			msg := fmt.Sprintf("MountVolume.GetHostIDsForPod failed to find host ID in user namespace (UID: %v GID: %v)", uid, fsGroup)
+			eventErr, detailedErr := volumeToMount.GenerateError(msg, err)
+			return volumetypes.NewOperationContext(eventErr, detailedErr, migrated)
+		}
+
 		// Execute mount
 		mountErr := volumeMounter.SetUp(volume.MounterArgs{
-			FsUser:              util.FsUserFrom(volumeToMount.Pod),
-			FsGroup:             fsGroup,
+			FsUser:              hostUID,
+			FsGroup:             hostGID,
 			DesiredSize:         volumeToMount.DesiredSizeLimit,
 			FSGroupChangePolicy: fsGroupChangePolicy,
 		})