fix(WEKAPP-365056): acl mount option not passed to CSI controller

charts/csi-wekafsplugin/values.yaml

@@ -8,17 +8,17 @@ csiDriverName: "csi.weka.io"
 csiDriverVersion: &csiDriverVersion 2.3.3-SNAPSHOT.8.150f4fb
 images:
   # -- CSI liveness probe sidecar image URL
-  livenessprobesidecar: registry.k8s.io/sig-storage/livenessprobe:v2.11.0
+  livenessprobesidecar: registry.k8s.io/sig-storage/livenessprobe:v2.12.0
   # -- CSI attacher sidecar image URL
-  attachersidecar: registry.k8s.io/sig-storage/csi-attacher:v4.4.2
+  attachersidecar: registry.k8s.io/sig-storage/csi-attacher:v4.5.0
   # -- CSI provisioner sidecar image URL
-  provisionersidecar: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2
+  provisionersidecar: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0
   # -- CSI registrar sidercar
-  registrarsidecar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.2
+  registrarsidecar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0
   # -- CSI resizer sidecar image URL
-  resizersidecar: registry.k8s.io/sig-storage/csi-resizer:v1.9.2
+  resizersidecar: registry.k8s.io/sig-storage/csi-resizer:v1.9.3
   # -- CSI snapshotter sidecar image URL
-  snapshottersidecar: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2
+  snapshottersidecar: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.3
   # -- CSI driver main image URL
   csidriver: quay.io/weka.io/csi-wekafs
   # -- CSI driver tag

examples/mount_options/storageclass-wekafs-mountoptions.yaml

@@ -1,7 +1,7 @@
 apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
-  name: storageclass-wekafs-fs-api
+  name: storageclass-wekafs-fs-mountoptions
 provisioner: csi.weka.io
 reclaimPolicy: Delete
 volumeBindingMode: Immediate

pkg/wekafs/controllerserver.go

@@ -37,7 +37,7 @@ const (
 	deviceID                            = "deviceID"
 	maxVolumeIdLength                   = 1920
 	TracerName                          = "weka-csi"
-	ControlServerAdditionalMountOptions = "writecache,acl"
+	ControlServerAdditionalMountOptions = MountOptionWriteCache + "," + MountOptionAcl
 )
 
 type ControllerServer struct {
@@ -260,8 +260,8 @@ func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
 	// IDEMPOTENCE FLOW: If directory already exists, return the createResponse if size matches, or error
 	volExists, volMatchesCapacity, err := volumeExistsAndMatchesCapacity(ctx, volume, capacity)
 
-	// set params to have all relevant mount options (default + those received in params) to be passed as part of volumeContext
-	params["mountOptions"] = volume.getMountOptions(ctx).String()
+	// set params to have all relevant mount options (global default + those received in params) to be passed as part of volumeContext
+	//params["mountOptions"] = volume.getMountOptions(ctx).String()
 
 	if err != nil {
 		if !volExists {
@@ -305,7 +305,8 @@ func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
 	}
 
 	// Actually try to create the volume here
-	logger.Info().Int64("capacity", capacity).Str("volume_id", volume.GetId()).Msg("Creating volume")
+	logger.Info().Int64("capacity", capacity).Str("mount_options", volume.getMountOptions(ctx).String()).
+		Str("volume_id", volume.GetId()).Msg("Creating volume")
 	if err := volume.Create(ctx, capacity); err != nil {
 		return nil, err
 	}

pkg/wekafs/mountoptions.go

@@ -14,6 +14,7 @@ const (
 	MountOptionWriteCache  = "writecache"
 	MountOptionCoherent    = "coherent"
 	MountOptionReadCache   = "readcache"
+	MountOptionAcl         = "acl"
 )
 
 type mountOption struct {
@@ -149,6 +150,7 @@ func (opts MountOptions) setSelinux(selinuxSupport bool) {
 	if selinuxSupport {
 		o := newMountOptionFromString(fmt.Sprintf("fscontext=\"system_u:object_r:%s_t:s0\"", selinuxContext))
 		opts.customOptions[o.option] = o
+		opts.AddOption(MountOptionAcl)
 	} else {
 		delete(opts.customOptions, "fscontext")
 	}
@@ -182,7 +184,7 @@ func getDefaultMountOptions() MountOptions {
 
 	ret := MountOptions{
 		customOptions:  make(map[string]mountOption),
-		excludeOptions: []string{""},
+		excludeOptions: []string{},
 	}
 	for _, optstring := range defaultOptions {
 		opt := newMountOptionFromString(optstring)

pkg/wekafs/nodeserver.go

@@ -59,7 +59,7 @@ func (ns *NodeServer) getNodeId() string {
 }
 
 func (ns *NodeServer) getDefaultMountOptions() MountOptions {
-	return getDefaultMountOptions().RemoveOption("acl").MergedWith(NewMountOptionsFromString(NodeServerAdditionalMountOptions), ns.getConfig().mutuallyExclusiveOptions)
+	return getDefaultMountOptions().MergedWith(NewMountOptionsFromString(NodeServerAdditionalMountOptions), ns.getConfig().mutuallyExclusiveOptions)
 }
 
 func (ns *NodeServer) isInDevMode() bool {
@@ -235,7 +235,7 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
 
 	attrib := req.GetVolumeContext()
 	mountFlags := req.GetVolumeCapability().GetMount().GetMountFlags()
-	volume.mountOptions.RemoveOption("acl").Merge(NewMountOptionsFromString(strings.Join(mountFlags, ",")), ns.getConfig().mutuallyExclusiveOptions)
+	volume.mountOptions.Merge(NewMountOptionsFromString(strings.Join(mountFlags, ",")), ns.getConfig().mutuallyExclusiveOptions)
 
 	logger.Debug().Str("target_path", targetPath).
 		Str("fs_type", fsType).

pkg/wekafs/volume.go

@@ -81,11 +81,14 @@ func (v *Volume) getCsiContentSource(ctx context.Context) *csi.VolumeContentSour
 	return nil
 }
 
-func (v *Volume) initMountOptions(ctx context.Context) {
-	v.mountOptions = v.server.getDefaultMountOptions()
+func (v *Volume) sanitizeMountOptions(ctx context.Context) {
 	v.pruneUnsupportedMountOptions(ctx)
 }
 
+func (v *Volume) initMountOptions(ctx context.Context) {
+	v.mountOptions = getDefaultMountOptions()
+}
+
 func (v *Volume) pruneUnsupportedMountOptions(ctx context.Context) {
 	logger := log.Ctx(ctx)
 	if v.mountOptions.hasOption(MountOptionSyncOnClose) && (v.apiClient == nil || !v.apiClient.SupportsSyncOnCloseMountOption()) {
@@ -113,7 +116,8 @@ func (v *Volume) MarshalZerologObject(e *zerolog.Event) {
 		Str("group_name", v.filesystemGroupName).
 		Str("snapshot_name", v.SnapshotName).
 		Str("snapshot_access_point", v.SnapshotAccessPoint).
-		Str("inner_path", v.innerPath)
+		Str("inner_path", v.innerPath).
+		Str("mount_options", v.mountOptions.String())
 
 	if v.srcVolume != nil {
 		srcVolID := v.srcVolume.GetId()
@@ -824,7 +828,7 @@ func (v *Volume) MountUnderlyingFS(ctx context.Context) (error, UnmountFunc) {
 		return errors.New("could not mount volume, mounter not in context"), func() {}
 	}
 
-	mountOpts := v.getMountOptions(ctx)
+	mountOpts := v.getMountOptions(ctx).MergedWith(v.server.getDefaultMountOptions(), v.server.getConfig().mutuallyExclusiveOptions)
 	mount, err, unmountFunc := v.server.getMounter().mountWithOptions(ctx, v.FilesystemName, mountOpts, v.apiClient)
 	retUmountFunc := func() {}
 	if err == nil {

pkg/wekafs/volumeconstructors.go

@@ -33,6 +33,7 @@ func NewVolumeFromId(ctx context.Context, volumeId string, apiClient *apiclient.
 		server:              server,
 	}
 	v.initMountOptions(ctx)
+	v.sanitizeMountOptions(ctx)
 	return v, nil
 }
 
@@ -91,9 +92,10 @@ func NewVolumeFromControllerCreateRequest(ctx context.Context, req *csi.CreateVo
 			return nil, err
 		}
 	}
-	volume.initMountOptions(ctx)
 	params := req.GetParameters()
+	volume.initMountOptions(ctx)
 	err = volume.ObtainRequestParams(ctx, params)
+	volume.sanitizeMountOptions(ctx)
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "Could not obtain volume parameters from request")
 	}