Add test for supplemental gid annotation to pv e2e test

test/e2e/persistent_volumes.go

@@ -28,6 +28,7 @@ import (
 	"k8s.io/kubernetes/pkg/api/testapi"
 	"k8s.io/kubernetes/pkg/api/unversioned"
 	client "k8s.io/kubernetes/pkg/client/unversioned"
+	"k8s.io/kubernetes/pkg/volume/util/volumehelper"
 	"k8s.io/kubernetes/test/e2e/framework"
 )
 
@@ -343,8 +344,9 @@ var _ = framework.KubeDescribe("PersistentVolumes", func() {
 	NFSconfig = VolumeTestConfig{
 		namespace:   api.NamespaceDefault,
 		prefix:      "nfs",
-		serverImage: "gcr.io/google_containers/volume-nfs:0.6",
+		serverImage: "gcr.io/google_containers/volume-nfs:0.7",
 		serverPorts: []int{2049},
+		serverArgs:  []string{"-G", "777", "/exports"},
 	}
 
 	BeforeEach(func() {
@@ -486,6 +488,9 @@ func makePersistentVolume(serverIP string, pvc *api.PersistentVolumeClaim) *api.
 	return &api.PersistentVolume{
 		ObjectMeta: api.ObjectMeta{
 			GenerateName: "nfs-",
+			Annotations: map[string]string{
+				volumehelper.VolumeGidAnnotationKey: "777",
+			},
 		},
 		Spec: api.PersistentVolumeSpec{
 			PersistentVolumeReclaimPolicy: api.PersistentVolumeReclaimRecycle,
@@ -555,7 +560,7 @@ func makeWritePod(ns string, pvcName string) *api.Pod {
 					Name:    "write-pod",
 					Image:   "gcr.io/google_containers/busybox:1.24",
 					Command: []string{"/bin/sh"},
-					Args:    []string{"-c", "touch /mnt/SUCCESS && exit 0 || exit 1"},
+					Args:    []string{"-c", "touch /mnt/SUCCESS && (id -G | grep -E '\\b777\\b')"},
 					VolumeMounts: []api.VolumeMount{
 						{
 							Name:      "nfs-pvc",

test/e2e/volumes.go

@@ -68,6 +68,8 @@ type VolumeTestConfig struct {
 	serverImage string
 	// Ports to export from the server pod. TCP only.
 	serverPorts []int
+	// Arguments to pass to the container image.
+	serverArgs []string
 	// Volumes needed to be mounted to the server container from the host
 	// map <host (source) path> -> <container (dst.) path>
 	volumes map[string]string
@@ -134,6 +136,7 @@ func startVolumeServer(client *client.Client, config VolumeTestConfig) *api.Pod
 					SecurityContext: &api.SecurityContext{
 						Privileged: privileged,
 					},
+					Args:         config.serverArgs,
 					Ports:        serverPodPorts,
 					VolumeMounts: mounts,
 				},

test/images/volumes-tester/nfs/Dockerfile

@@ -23,4 +23,5 @@ RUN chmod 644 /tmp/index.html
 # expose mountd 20048/tcp and nfsd 2049/tcp
 EXPOSE 2049/tcp 20048/tcp
 
-ENTRYPOINT ["/usr/local/bin/run_nfs.sh", "/exports", "/"]
+ENTRYPOINT ["/usr/local/bin/run_nfs.sh"]
+CMD ["/exports", "/"]

test/images/volumes-tester/nfs/Makefile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-TAG = 0.6
+TAG = 0.7
 PREFIX = gcr.io/google_containers
 
 all: push

test/images/volumes-tester/nfs/README.md

@@ -2,6 +2,9 @@
 
 This container exports '/' directory with an index.html inside. NFSv4 only.
 
+Accepts a -G option for specifying a group id to give exported directories.
+Clients in the specified group will have full rwx permissions, others none.
+
 Inspired by https://github.com/cpuguy83/docker-nfs-server.
 
 Used by test/e2e/* to test NFSVolumeSource. Not for production use!

test/images/volumes-tester/nfs/run_nfs.sh

@@ -17,10 +17,23 @@
 function start()
 {
 
+    unset gid
+    # accept "-G gid" option
+    while getopts "G:" opt; do
+        case ${opt} in
+            G) gid=${OPTARG};;
+        esac
+    done
+    shift $(($OPTIND - 1))
+
     # prepare /etc/exports
     for i in "$@"; do
         # fsid=0: needed for NFSv4
         echo "$i *(rw,fsid=0,insecure,no_root_squash)" >> /etc/exports
+        if [ -v gid ] ; then
+            chmod 070 $i
+            chgrp $gid $i
+        fi
         # move index.html to here
         /bin/cp /tmp/index.html $i/
         chmod 644 $i/index.html