scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-03 19:58:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #31146 from pmorie/recycle-hostpath-slash

Browse Source 
Automatic merge from submit-queue

Add validation preventing recycle of / in a hostPath PV

Adds a validation that prevents a user from recycling `/` when it is used in a hostPath PV

cc @kubernetes/sig-storage
This commit is contained in:
Kubernetes Submit Queue
2016-08-26 18:09:32 -07:00
committed by GitHub
parent 4dc5d44879 d22ffb0402
commit 8e93fec7fa
2 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/api/validation/validation.go
View File

@@ -1147,6 +1147,12 @@ func ValidatePersistentVolume(pv *api.PersistentVolume) field.ErrorList {
if numVolumes == 0 { if numVolumes == 0 {
allErrs = append(allErrs, field.Required(specPath, "must specify a volume type")) allErrs = append(allErrs, field.Required(specPath, "must specify a volume type"))
} }
// do not allow hostPath mounts of '/' to have a 'recycle' reclaim policy
if pv.Spec.HostPath != nil && path.Clean(pv.Spec.HostPath.Path) == "/" && pv.Spec.PersistentVolumeReclaimPolicy == api.PersistentVolumeReclaimRecycle {
allErrs = append(allErrs, field.Forbidden(specPath.Child("persistentVolumeReclaimPolicy"), "may not be 'recycle' for a hostPath mount of '/'"))
}
return allErrs return allErrs
} }

26
pkg/api/validation/validation_test.go
View File

@@ -549,6 +549,32 @@ func TestValidatePersistentVolumes(t *testing.T) {
}, },
}), }),
}, },
"host mount of / with recycle reclaim policy": {
isExpectedFailure: true,
volume: testVolume("bad-recycle-do-not-want", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
HostPath: &api.HostPathVolumeSource{Path: "/"},
},
PersistentVolumeReclaimPolicy: api.PersistentVolumeReclaimRecycle,
}),
},
"host mount of / with recycle reclaim policy 2": {
isExpectedFailure: true,
volume: testVolume("bad-recycle-do-not-want", "", api.PersistentVolumeSpec{
Capacity: api.ResourceList{
api.ResourceName(api.ResourceStorage): resource.MustParse("10G"),
},
AccessModes: []api.PersistentVolumeAccessMode{api.ReadWriteOnce},
PersistentVolumeSource: api.PersistentVolumeSource{
HostPath: &api.HostPathVolumeSource{Path: "/a/.."},
},
PersistentVolumeReclaimPolicy: api.PersistentVolumeReclaimRecycle,
}),
},
} }
for name, scenario := range scenarios { for name, scenario := range scenarios {