This is an automated email from the ASF dual-hosted git repository. chhsiao pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mesos.git
commit c60fd87e0e2871afa2508d77358cfad29aba86fd Author: Chun-Hung Hsiao <[email protected]> AuthorDate: Mon Feb 4 23:26:20 2019 -0800 Disallowed `DESTROY_DISK` on persistent volumes. `DESTROY_DISK` would bypass persistent volume cleanup and directly ask the CSI plugin to delete the backed volume. Since the CSI spec does not require the plugin to do data cleanup, to avoid data leakage, we require that if there is persistent volume on the CSI volume, it should be destroyed first. Review: https://reviews.apache.org/r/69894 --- src/master/validation.cpp | 7 +++++++ src/tests/master_validation_tests.cpp | 12 ++++++++++++ 2 files changed, 19 insertions(+) diff --git a/src/master/validation.cpp b/src/master/validation.cpp index 7e688bb..4a699f0 100644 --- a/src/master/validation.cpp +++ b/src/master/validation.cpp @@ -2572,6 +2572,13 @@ Option<Error> validate(const Offer::Operation::DestroyDisk& destroyDisk) return Error("'source' is neither a MOUNT or BLOCK disk resource"); } + if (Resources::isPersistentVolume(source)) { + return Error( + "A disk resource containing a persistent volume " + stringify(source) + + " cannot be destroyed directly. Please destroy the persistent volume" + " first then destroy the disk resource"); + } + return None(); } diff --git a/src/tests/master_validation_tests.cpp b/src/tests/master_validation_tests.cpp index c00e8bb..b34e88f 100644 --- a/src/tests/master_validation_tests.cpp +++ b/src/tests/master_validation_tests.cpp @@ -2128,9 +2128,13 @@ TEST(OperationValidationTest, DestroyDisk) Resource disk4 = createDiskResource( "40", "*", None(), None(), createDiskSourceMount()); + Resource disk5 = createPersistentVolume( + Megabytes(50), "role", "id", "path", None(), createDiskSourceMount()); + disk1.mutable_provider_id()->set_value("provider1"); disk2.mutable_provider_id()->set_value("provider2"); disk3.mutable_provider_id()->set_value("provider3"); + disk5.mutable_provider_id()->set_value("provider5"); Offer::Operation::DestroyDisk destroyDisk; destroyDisk.mutable_source()->CopyFrom(disk1); @@ -2158,6 +2162,14 @@ TEST(OperationValidationTest, DestroyDisk) EXPECT_TRUE(strings::contains( error->message, "'source' is not managed by a resource provider")); + + destroyDisk.mutable_source()->CopyFrom(disk5); + + error = operation::validate(destroyDisk); + ASSERT_SOME(error); + EXPECT_TRUE(strings::contains( + error->message, + "Please destroy the persistent volume first")); }
