Skip to content

sanity: Add more input validation tests to node service #266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

sanity: Add more input validation tests to node service #266

wants to merge 4 commits into from

Conversation

NicolasT
Copy link
Contributor

@NicolasT NicolasT commented May 6, 2020
edited
Loading

What type of PR is this?
/kind feature

What this PR does / why we need it:

  • Test for NOT_FOUND on NodeStageVolume and NodeUnstageVolume for unknown volumes
  • Test for NOT_FOUND on NodePublishVolume for unknown volumes
  • Rework the NodePublishVolume tests to not depend on input validation ordering inside the driver
  • Test for FAILED_PRECONDITION on NodePublishVolume if STAGE_UNSTAGE_VOLUME is supported

Does this PR introduce a user-facing change?:

- The `csi-sanity` test suite now validates a nodeplugin returns `NOT_FOUND` when `NodeStageVolume` or `NodeUnstageVolume` is called given a non-existing `volume_id`.
- The `csi-sanity` test suite now validates a nodeplugin returns `NOT_FOUND` when `NodePublishVolume` is called given a non-existing `volume_id`.
- The `csi-sanity` test suite now validates a nodeplugin with the `STAGE_UNSTAGE_VOLUME` capability returns `FAILED_PRECONDITION` when `NodePublishVolume` is called given an empty `staging_target_path`.

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels May 6, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: NicolasT
To complete the pull request process, please assign lpabon
You can assign the PR to them by writing /assign @lpabon in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot requested review from lpabon and saad-ali May 6, 2020 08:59
@k8s-ci-robot
Copy link
Contributor

Hi @NicolasT. Thanks for your PR.

I'm waiting for a kubernetes-csi member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 6, 2020
@NicolasT
Copy link
Contributor Author

NicolasT commented May 6, 2020

/assign @lpabon

@NicolasT
Copy link
Contributor Author

NicolasT commented May 6, 2020

Same applies to NodePublishVolume, apparently (https://github.com/container-storage-interface/spec/blob/87a27a2496565857ed564284eaa762587feb9453/spec.md#nodepublishvolume-errors). I'll add one more commit to this PR.

@NicolasT
sanity: test NOT_FOUND on Node(Un)StageVolume
09a5b85 
According to the CSI spec, a plugin must return a `NOT_FOUND` error when
`NodeStageVolume` or `NodeUnstageVolume` is called with a `volume_id` of
a volume that does not (or no longer?) exist.

The `sanity` package has tests asserting these `NOT_FOUND` reports for
various RPC calls, including `NodeUnpublishVolume`, but not for
`NodeStageVolume` and `NodeUnstageVolume`. This patch adds them for
completeness.

See: https://github.com/container-storage-interface/spec/blob/87a27a2496565857ed564284eaa762587feb9453/spec.md#nodestagevolume-errors
See: https://github.com/container-storage-interface/spec/blob/87a27a2496565857ed564284eaa762587feb9453/spec.md#nodeunstagevolume-errors
@NicolasT NicolasT force-pushed the test-node-stage-notfound branch from a7e8665 to ae0d21a Compare May 6, 2020 10:10
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 6, 2020
@NicolasT NicolasT changed the title sanity: test NOT_FOUND on Node(Un)StageVolume sanity: Add more input validation tests to node service May 6, 2020
@NicolasT NicolasT force-pushed the test-node-stage-notfound branch from ae0d21a to fac58c5 Compare May 6, 2020 10:26
@pohly
Copy link
Contributor

pohly commented May 6, 2020

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 6, 2020
NicolasT added 3 commits May 6, 2020 13:00
@NicolasT
sanity: test NOT_FOUND on NodePublishVolume
da30021 
According to the CSI spec, a plugin must return a `NOT_FOUND` error when
`NodePublishVolume` is called with a `volume_id` of a volume that does
not (or no longer?) exist.

The `sanity` package has a test asserting this `NOT_FOUND` is returned
on `NodeUnpublishVolume`, but not for `NodePublishVolume`. This patch
adds this for completeness.

See: https://github.com/container-storage-interface/spec/blob/87a27a2496565857ed564284eaa762587feb9453/spec.md#nodepublishvolume-errors
@NicolasT
sanity: make NodePublishVolume test more generic
396075f 
The input validation tests for the `NodePublishVolume` RPC (and others)
depends on the ordering by which a CSI node plugin performs the
validation checks. This was hidden because all checks tested for return
the same error. However, when adding a test which expects a different
error code, this becomes an issue.

Instead of constructing 'mostly-invalid' requests in many of the tests,
this patch changes the strategy to construct a *valid* request by
default, then in every test only switch the field under test to some
invalid value, then asserting the expected error code is returned.
@NicolasT
sanity: test FAILED_PRECONDITION on NodePublishVolume
4ee7e7c 
According to the CSI spec, a `NodePublishVolume` RPC must return a
`FAILED_PRECONDITION` error when invoked with no `staging_target_path`
set, if `STAGE_UNSTAGE_VOLUME` is supported by the driver.

This patch adds a test to assert this.

See: https://github.com/container-storage-interface/spec/blob/87a27a2496565857ed564284eaa762587feb9453/spec.md#nodepublishvolume-errors
@NicolasT NicolasT force-pushed the test-node-stage-notfound branch from fac58c5 to 4ee7e7c Compare May 6, 2020 13:08
@k8s-ci-robot
Copy link
Contributor

@NicolasT: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
pull-kubernetes-csi-csi-test 4ee7e7c link /test pull-kubernetes-csi-csi-test

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@NicolasT
Copy link
Contributor Author

NicolasT commented May 6, 2020

Prow fails because the E2E tests run against the csi-driver-hostpath driver, which seems to be incompatible with the changes introduced in this PR (may one then conclude csi-driver-hostpath is not fully spec-compliant itself?)

May look into this. However, as discussed on Slack, I'm starting to believe the requirements in the spec for a node plugin to validate a given volume_id and assert the volume's existence may be a mistake in the first place...

@pohly
Copy link
Contributor

pohly commented May 6, 2020 via email

@NicolasT
Copy link
Contributor Author

NicolasT commented May 6, 2020

It wouldn't be the first time that adding more tests reveals deficiencies in the example driver.

That happens 😃 Is there any 'standard' process to get things in sync? It appears the tests in the hostpath driver repository rely on a released version of csi-sanity, so fixing the driver would be 'in the dark' until a new version of csi-sanity including the new test is made, which relies on the hostpath driver being compatible, etc...

@pohly
Copy link
Contributor

pohly commented May 6, 2020

Is there any 'standard' process to get things in sync? It appears the tests in the hostpath driver repository rely on a released version of csi-sanity, so fixing the driver would be 'in the dark' until a new version of csi-sanity including the new test is made, which relies on the hostpath driver being compatible, etc...

A developer will have to test locally that the updated driver passes testing with the updated csi-test, then we gradually have to roll out the changes: first merge the fixed into the driver, do a new release with it, then update csi-release-tools to test against that new release. At that time, the new test can be added to csi-test without test failures.

It's a lengthy process, but there's no way around that when different repos are involved.

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 4, 2020
@k8s-ci-robot
Copy link
Contributor

@NicolasT: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 4, 2020
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Sep 3, 2020
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closed this PR.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

liangyuanpeng added a commit to liangyuanpeng/csi-test that referenced this pull request Feb 19, 2025
@liangyuanpeng
Squashed 'release-tools/' changes from 734c2b9..90efb2c
7aa3892 
90efb2c Merge pull request kubernetes-csi#272 from andyzhangx/patch-3
9b616fe Bump golang to 1.23.6 to fix CVE-2024-45336, CVE-2025-22866
0496593 Merge pull request kubernetes-csi#268 from huww98/cloudbuild
119aee1 Merge pull request kubernetes-csi#266 from jsafrane/bump-sanity-5.3.1
0ae5e52 Update cloudbuild image with go 1.21+
406a79a Merge pull request kubernetes-csi#267 from huww98/gomodcache
9cec273 Set GOMODCACHE to avoid re-download toolchain
98f2307 Merge pull request kubernetes-csi#260 from TerryHowe/update-csi-driver-version
e9d8712 Merge pull request kubernetes-csi#259 from stmcginnis/deprecated-kind-kube-root
faf79ff Remove --kube-root deprecated kind argument
43bde06 Bump csi-sanity to 5.3.1
18b6ac6 chore: update CSI driver version to 1.15

git-subtree-dir: release-tools
git-subtree-split: 90efb2ca59900f19eba05e65da28beda79c5bb28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lpabon lpabon Awaiting requested review from lpabon

@saad-ali saad-ali Awaiting requested review from saad-ali

Assignees

@lpabon lpabon

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@NicolasT @k8s-ci-robot @pohly @fejta-bot @lpabon