From ff3cecc54a6e797b991c8cf108656b0e9d65ae92 Mon Sep 17 00:00:00 2001 From: Hemant Kumar Date: Tue, 2 Mar 2021 22:37:30 -0500 Subject: [PATCH] Update wording for new files Also relax NodeStageVolume and NodePublishVolume using same volume_mount_group field --- csi.proto | 49 +++++++++++++++++++++++--------------------- lib/go/csi/csi.pb.go | 48 ++++++++++++++++++++++--------------------- spec.md | 49 +++++++++++++++++++++++--------------------- 3 files changed, 77 insertions(+), 69 deletions(-) diff --git a/csi.proto b/csi.proto index 5ad580d5..b919550b 100644 --- a/csi.proto +++ b/csi.proto @@ -1226,13 +1226,15 @@ message NodeStageVolumeRequest { map volume_context = 6; // If SP has VOLUME_MOUNT_GROUP node capability and CO provides - // this field then SP MUST ensure that volume is mounted with - // provided volume_mount_group and all files and directories - // within the volume are readable and writable by the provided - // volume_mount_group. - // The value of volume_mount_group should be group - // identifier (as determined by underlying operating system) - // which would be associated with workload that uses the volume. + // this field then SP MUST ensure that the volume_mount_group + // parameter is passed as the group identifier to the underlying + // operating system mount system call, with the understanding + // that the set of available mount call parameters and/or + // mount implementations may vary across operating systems. + // Additionally, new file and/or directory entries written to + // the underlying filesystem SHOULD be permission-labeled in such a + // manner, unless otherwise modified by a workload, that they are + // both readable and writable by said mount group identifier. // This is an OPTIONAL field. string volume_mount_group = 7; } @@ -1307,23 +1309,24 @@ message NodePublishVolumeRequest { // volume identified by `volume_id`. map volume_context = 8; + // If SP has VOLUME_MOUNT_GROUP node capability and CO provides - // this field then SP MUST ensure that volume is mounted with - // provided volume_mount_group and all files and directories - // within the volume are readable and writable by the provided - // volume_mount_group. - // If NodeStageVolume was previously called with volume_mount_group - // CO MUST ensure that NodePublishVolume uses the same - // volume_mount_group for the same volume_id. - // If Plugin does not have `STAGE_UNSTAGE_VOLUME` capability the CO - // MAY call NodePublishVolume with different volume_mount_group and - // target_path for same volume_id. - // If a Plugin does not support multiple calls of NodePublishVolume - // with different volume_mount_group and target_path for same volume - // on same node - it MAY return FAILED_PRECONDITION error. - // The value of volume_mount_group should be group - // identifier (as determined by underlying operating system) - // which would be associated with workload that uses the volume. + // this field then SP MUST ensure that the volume_mount_group + // parameter is passed as the group identifier to the underlying + // operating system mount system call, with the understanding + // that the set of available mount call parameters and/or + // mount implementations may vary across operating systems. + // Additionally, new file and/or directory entries written to + // the underlying filesystem SHOULD be permission-labeled in such a + // manner, unless otherwise modified by a workload, that they are + // both readable and writable by said mount group identifier. + // + // If Plugin does not support NodePublishVolume with different + // volume_mount_group than the one used during NodeStageVolume + // then Plugin MAY return FAILED_PRECONDITION error. + // Similarly if SP does not support NodePublishVolume of same volume + // on same node but with different volume_mount_group it MAY return + // FAILED_PRECONDITION error. // This is an OPTIONAL field. string volume_mount_group = 9; } diff --git a/lib/go/csi/csi.pb.go b/lib/go/csi/csi.pb.go index 460478b5..c2698640 100644 --- a/lib/go/csi/csi.pb.go +++ b/lib/go/csi/csi.pb.go @@ -3627,13 +3627,15 @@ type NodeStageVolumeRequest struct { // volume identified by `volume_id`. VolumeContext map[string]string `protobuf:"bytes,6,rep,name=volume_context,json=volumeContext,proto3" json:"volume_context,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // If SP has VOLUME_MOUNT_GROUP node capability and CO provides - // this field then SP MUST ensure that volume is mounted with - // provided volume_mount_group and all files and directories - // within the volume are readable and writable by the provided - // volume_mount_group. - // The value of volume_mount_group should be group - // identifier (as determined by underlying operating system) - // which would be associated with workload that uses the volume. + // this field then SP MUST ensure that the volume_mount_group + // parameter is passed as the group identifier to the underlying + // operating system mount system call, with the understanding + // that the set of available mount call parameters and/or + // mount implementations may vary across operating systems. + // Additionally, new file and/or directory entries written to + // the underlying filesystem SHOULD be permission-labeled in such a + // manner, unless otherwise modified by a workload, that they are + // both readable and writable by said mount group identifier. // This is an OPTIONAL field. VolumeMountGroup string `protobuf:"bytes,7,opt,name=volume_mount_group,json=volumeMountGroup,proto3" json:"volume_mount_group,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` @@ -3875,22 +3877,22 @@ type NodePublishVolumeRequest struct { // volume identified by `volume_id`. VolumeContext map[string]string `protobuf:"bytes,8,rep,name=volume_context,json=volumeContext,proto3" json:"volume_context,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // If SP has VOLUME_MOUNT_GROUP node capability and CO provides - // this field then SP MUST ensure that volume is mounted with - // provided volume_mount_group and all files and directories - // within the volume are readable and writable by the provided - // volume_mount_group. - // If NodeStageVolume was previously called with volume_mount_group - // CO MUST ensure that NodePublishVolume uses the same - // volume_mount_group for the same volume_id. - // If Plugin does not have `STAGE_UNSTAGE_VOLUME` capability the CO - // MAY call NodePublishVolume with different volume_mount_group and - // target_path for same volume_id. - // If a Plugin does not support multiple calls of NodePublishVolume - // with different volume_mount_group and target_path for same volume - // on same node - it MAY return FAILED_PRECONDITION error. - // The value of volume_mount_group should be group - // identifier (as determined by underlying operating system) - // which would be associated with workload that uses the volume. + // this field then SP MUST ensure that the volume_mount_group + // parameter is passed as the group identifier to the underlying + // operating system mount system call, with the understanding + // that the set of available mount call parameters and/or + // mount implementations may vary across operating systems. + // Additionally, new file and/or directory entries written to + // the underlying filesystem SHOULD be permission-labeled in such a + // manner, unless otherwise modified by a workload, that they are + // both readable and writable by said mount group identifier. + // + // If Plugin does not support NodePublishVolume with different + // volume_mount_group than the one used during NodeStageVolume + // then Plugin MAY return FAILED_PRECONDITION error. + // Similarly if SP does not support NodePublishVolume of same volume + // on same node but with different volume_mount_group it MAY return + // FAILED_PRECONDITION error. // This is an OPTIONAL field. VolumeMountGroup string `protobuf:"bytes,9,opt,name=volume_mount_group,json=volumeMountGroup,proto3" json:"volume_mount_group,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` diff --git a/spec.md b/spec.md index 7a24896b..c98168cc 100644 --- a/spec.md +++ b/spec.md @@ -2093,13 +2093,15 @@ message NodeStageVolumeRequest { map volume_context = 6; // If SP has VOLUME_MOUNT_GROUP node capability and CO provides - // this field then SP MUST ensure that volume is mounted with - // provided volume_mount_group and all files and directories - // within the volume are readable and writable by the provided - // volume_mount_group. - // The value of volume_mount_group should be group - // identifier (as determined by underlying operating system) - // which would be associated with workload that uses the volume. + // this field then SP MUST ensure that the volume_mount_group + // parameter is passed as the group identifier to the underlying + // operating system mount system call, with the understanding + // that the set of available mount call parameters and/or + // mount implementations may vary across operating systems. + // Additionally, new file and/or directory entries written to + // the underlying filesystem SHOULD be permission-labeled in such a + // manner, unless otherwise modified by a workload, that they are + // both readable and writable by said mount group identifier. // This is an OPTIONAL field. string volume_mount_group = 7; } @@ -2256,23 +2258,24 @@ message NodePublishVolumeRequest { // volume identified by `volume_id`. map volume_context = 8; + // If SP has VOLUME_MOUNT_GROUP node capability and CO provides - // this field then SP MUST ensure that volume is mounted with - // provided volume_mount_group and all files and directories - // within the volume are readable and writable by the provided - // volume_mount_group. - // If NodeStageVolume was previously called with volume_mount_group - // CO MUST ensure that NodePublishVolume uses the same - // volume_mount_group for the same volume_id. - // If Plugin does not have `STAGE_UNSTAGE_VOLUME` capability the CO - // MAY call NodePublishVolume with different volume_mount_group and - // target_path for same volume_id. - // If a Plugin does not support multiple calls of NodePublishVolume - // with different volume_mount_group and target_path for same volume - // on same node - it MAY return FAILED_PRECONDITION error. - // The value of volume_mount_group should be group - // identifier (as determined by underlying operating system) - // which would be associated with workload that uses the volume. + // this field then SP MUST ensure that the volume_mount_group + // parameter is passed as the group identifier to the underlying + // operating system mount system call, with the understanding + // that the set of available mount call parameters and/or + // mount implementations may vary across operating systems. + // Additionally, new file and/or directory entries written to + // the underlying filesystem SHOULD be permission-labeled in such a + // manner, unless otherwise modified by a workload, that they are + // both readable and writable by said mount group identifier. + // + // If Plugin does not support NodePublishVolume with different + // volume_mount_group than the one used during NodeStageVolume + // then Plugin MAY return FAILED_PRECONDITION error. + // Similarly if SP does not support NodePublishVolume of same volume + // on same node but with different volume_mount_group it MAY return + // FAILED_PRECONDITION error. // This is an OPTIONAL field. string volume_mount_group = 9; }