Unable to distinguish between uid and gid

[mriedem]

This is similar to but different enough from #50 that I'm opening a new issue.

We're backing jupyter notebook storage with s3fs and the jovyan user uid is 1000 and the gid is 100 [1] and everything gets set as 1000 for objects, e.g.:

{
    "AcceptRanges": "bytes",
    "LastModified": "Fri, 25 Sep 2020 20:27:45 GMT",
    "ContentLength": "1085",
    "ETag": "\"4f8c9d9ec745ddb7c3696a0e1273cb11\"",
    "ContentType": "application/octet-stream",
    "Metadata": {
        "ctime": "1601065665",
        "mode": "33152",
        "gid": "1000",
        "uid": "1000",
        "mtime": "1601065664"
    }
}

It looks like the problem is here [2].

The gid being wrong doesn't seem to affect the jupyter notebook application but it's something we'd like to fix since we have these uid/gid values spread through various configs.

[1] https://github.com/jupyter/docker-stacks/blob/master/base-notebook/Dockerfile#L15
[2]

ibmcloud-object-storage-plugin/driver/driver.go

Lines 609 to 615 in b4af4af

	if _, ok := mountRequest.Opts["kubernetes.io/fsGroup"]; ok {
	args = append(args, "-o", "gid="+options.FSGroup)
	args = append(args, "-o", "uid="+options.FSGroup)
	} else if _, ok := mountRequest.Opts["kubernetes.io/mounterArgs.FsGroup"]; ok {
	args = append(args, "-o", "gid="+options.FSGroupNew)
	args = append(args, "-o", "uid="+options.FSGroupNew)
	}

[mriedem]

I see there is also a documented limitation in the related helm chart:

https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-object-storage-plugin.md#limitations

[nkkashyap]

Hi @mriedem
The object storage plugin is based on flex volume driver. In case of flex volume driver there is no way to pass the POD's UID to the driver. As a work around, to provide access to the non-root user, the FSGroup ID is set as UID and GID for the volume.