set mode and permissions from PVC annotation (nfs.io/createMode,nfs.i…

…o/createUID,nfs.io/createGID)
kubernetes-sigs · Jul 7, 2021 · cb203b4 · cb203b4
1 parent e289a21
commit cb203b4
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -165,6 +165,9 @@ metadata:
   name: test-claim
   annotations:
     nfs.io/storage-path: "test-path" # not required, depending on whether this annotation was shown in the storage class description
+    nfs.io/createUID: "1000" # set folder uid as createUID on creation, not required, default 0 (root)
+    nfs.io/createGID: "1000" # set folder gid as createGID on creation, not required, default 0 (root)
+    nfs.io/createMode: "0755" # set folder mode as createMode on creation, not required, default 0777 (a+rwx)
 spec:
   storageClassName: managed-nfs-storage
   accessModes:

diff --git a/cmd/nfs-subdir-external-provisioner/provisioner.go b/cmd/nfs-subdir-external-provisioner/provisioner.go
@@ -110,11 +110,33 @@ func (p *nfsProvisioner) Provision(ctx context.Context, options controller.Provi
 		}
 	}
 
-	glog.V(4).Infof("creating path %s", fullPath)
-	if err := os.MkdirAll(fullPath, 0777); err != nil {
+	createMode := os.FileMode(0777)
+	annotationCreateMode, exists := metadata.annotations["nfs.io/createMode"]
+    if exists {
+        annotationCreateModeUInt, _ := strconv.ParseUint(annotationCreateMode, 8, 32)
+        createMode = os.FileMode(annotationCreateModeUInt)
+    }
+
+    createUID := "0"
+    annotationCreateUID, exists := metadata.annotations["nfs.io/createUID"]
+    if exists {
+        createUID = annotationCreateUID
+    }
+    createGID := "0"
+    annotationCreateGID, exists := metadata.annotations["nfs.io/createGID"]
+    if exists {
+        createGID = annotationCreateGID
+    }
+
+    uid, _ := strconv.Atoi(createUID)
+    gid, _ := strconv.Atoi(createGID)
+
+    glog.V(4).Infof("creating path %s with %#o mode, %d UID, %d GID", fullPath, createMode, uid, gid)
+	if err := os.MkdirAll(fullPath, createMode); err != nil {
 		return nil, controller.ProvisioningFinished, errors.New("unable to create directory to provision new pv: " + err.Error())
 	}
-	os.Chmod(fullPath, 0777)
+	os.Chmod(fullPath, createMode)
+	os.Chown(fullPath, uid, gid)
 
 	pv := &v1.PersistentVolume{
 		ObjectMeta: metav1.ObjectMeta{