refactor isKataNode function and add tests

Author: arc9693

pkg/azurefile/azurefile.go

@@ -288,6 +288,7 @@ type Driver struct {
 	endpoint     string
 	resolver     Resolver
 	directVolume DirectVolume
+	isKataNode   bool
 }
 
 // NewDriver Creates a NewCSIDriver object. Assumes vendor version is equal to driver version &
@@ -329,6 +330,7 @@ func NewDriver(options *DriverOptions) *Driver {
 	driver.endpoint = options.Endpoint
 	driver.resolver = new(NetResolver)
 	driver.directVolume = new(directVolume)
+	driver.isKataNode = false
 
 	var err error
 	getter := func(_ context.Context, _ string) (interface{}, error) { return nil, nil }
@@ -452,12 +454,8 @@ func (d *Driver) Run(ctx context.Context) error {
 	csi.RegisterControllerServer(server, d)
 	csi.RegisterNodeServer(server, d)
 	d.server = server
-	val, val2, err := getNodeInfoFromLabels(ctx, d.NodeID, d.kubeClient)
-	if err != nil {
-		klog.Warningf("failed to get node info from labels: %v", err)
-	}
+	d.isKataNode = isKataNode(ctx, d.NodeID, d.kubeClient)
 
-	klog.V(2).Infof("Node info from labels: %s, %s", val, val2)
 	listener, err := csicommon.ListenEndpoint(d.endpoint)
 	if err != nil {
 		klog.Fatalf("failed to listen endpoint: %v", err)
@@ -1302,10 +1300,12 @@ func getNodeInfoFromLabels(ctx context.Context, nodeID string, kubeClient client
 }
 
 func isKataNode(ctx context.Context, nodeID string, kubeClient clientset.Interface) bool {
-	val, val2, err := getNodeInfoFromLabels(ctx, nodeID, kubeClient)
+	kataVMIsolationLabel, kataRuntimeLabel, err := getNodeInfoFromLabels(ctx, nodeID, kubeClient)
+
 	if err != nil {
-		klog.Warningf("get node(%s) confidential label failed with %v", nodeID, err)
+		klog.Warningf("failed to get node info from labels: %v", err)
 		return false
 	}
-	return val == "true" || val2 == "true"
+
+	return strings.EqualFold(kataVMIsolationLabel, "true") || strings.EqualFold(kataRuntimeLabel, "true")
 }

pkg/azurefile/azurefile_test.go

@@ -1632,3 +1632,97 @@ func TestGetFileShareClientForSub(t *testing.T) {
 		assert.Equal(t, tc.expectedError, err)
 	}
 }
+
+func TestGetNodeInfoFromLabels(t *testing.T) {
+	ctx := context.TODO()
+
+	// Test case where kubeClient is nil
+	_, _, err := getNodeInfoFromLabels(ctx, "test-node", nil)
+	if err == nil || err.Error() != "kubeClient is nil" {
+		t.Fatalf("expected error 'kubeClient is nil', got %v", err)
+	}
+
+	// Create a fake clientset
+	clientset := fake.NewSimpleClientset()
+
+	// Test case where the node does not exist
+	_, _, err = getNodeInfoFromLabels(ctx, "nonexistent-node", clientset)
+	if err == nil {
+		t.Fatalf("expected an error, got nil")
+	}
+
+	// Test case where node exists but has no labels
+	node := &v1api.Node{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:   "test-node",
+			Labels: map[string]string{},
+		},
+	}
+	_, err = clientset.CoreV1().Nodes().Create(ctx, node, metav1.CreateOptions{})
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+
+	_, _, err = getNodeInfoFromLabels(ctx, "test-node", clientset)
+	if err == nil || err.Error() != "node(test-node) label is empty" {
+		t.Fatalf("expected error 'node(test-node) label is empty', got %v", err)
+	}
+
+	// Test case where node has kata labels
+	node.Labels = map[string]string{
+		"kubernetes.azure.com/kata-mshv-vm-isolation": "true",
+		"katacontainers.io/kata-runtime":              "false",
+	}
+	_, err = clientset.CoreV1().Nodes().Update(ctx, node, metav1.UpdateOptions{})
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+
+	kataVMIsolation, kataRuntime, err := getNodeInfoFromLabels(ctx, "test-node", clientset)
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+
+	if kataVMIsolation != "true" || kataRuntime != "false" {
+		t.Fatalf("expected (true, false), got (%v, %v)", kataVMIsolation, kataRuntime)
+	}
+}
+
+func TestIsKataNode(t *testing.T) {
+	ctx := context.TODO()
+	clientset := fake.NewSimpleClientset()
+
+	// Test case where node does not exist
+	if isKataNode(ctx, "nonexistent-node", clientset) {
+		t.Fatalf("expected false, got true")
+	}
+
+	// Create node without kata labels
+	node := &v1api.Node{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "test-node",
+			Labels: map[string]string{
+				"some-other-label": "value",
+			},
+		},
+	}
+	_, err := clientset.CoreV1().Nodes().Create(ctx, node, metav1.CreateOptions{})
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+
+	if isKataNode(ctx, "test-node", clientset) {
+		t.Fatalf("expected false, got true")
+	}
+
+	// Update node with kata labels
+	node.Labels["kubernetes.azure.com/kata-mshv-vm-isolation"] = "true"
+	_, err = clientset.CoreV1().Nodes().Update(ctx, node, metav1.UpdateOptions{})
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+
+	if !isKataNode(ctx, "test-node", clientset) {
+		t.Fatalf("expected true, got false")
+	}
+}

pkg/azurefile/nodeserver.go

@@ -43,7 +43,6 @@ import (
 
 var getRuntimeClassForPodFunc = getRuntimeClassForPod
 var isConfidentialRuntimeClassFunc = isConfidentialRuntimeClass
-var isKataNodeFunc = isKataNode
 
 // NodePublishVolume mount the volume from staging to target path
 func (d *Driver) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolumeRequest) (*csi.NodePublishVolumeResponse, error) {
@@ -101,42 +100,40 @@ func (d *Driver) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolu
 			}
 		}
 
-		if d.enableKataCCMount {
-			enableKataCCMount := isKataNodeFunc(ctx, d.NodeID, d.kubeClient)
-			if enableKataCCMount && context[podNameField] != "" && context[podNamespaceField] != "" {
-				runtimeClass, err := getRuntimeClassForPodFunc(ctx, d.kubeClient, context[podNameField], context[podNamespaceField])
+		enableKataCCMount := d.isKataNode && d.enableKataCCMount
+		if enableKataCCMount && context[podNameField] != "" && context[podNamespaceField] != "" {
+			runtimeClass, err := getRuntimeClassForPodFunc(ctx, d.kubeClient, context[podNameField], context[podNamespaceField])
+			if err != nil {
+				return nil, status.Errorf(codes.Internal, "failed to get runtime class for pod %s/%s: %v", context[podNamespaceField], context[podNameField], err)
+			}
+			klog.V(2).Infof("NodePublishVolume: volume(%s) mount on %s with runtimeClass %s", volumeID, target, runtimeClass)
+			isConfidentialRuntimeClass, err := isConfidentialRuntimeClassFunc(ctx, d.kubeClient, runtimeClass)
+			if err != nil {
+				return nil, status.Errorf(codes.Internal, "failed to check if runtime class %s is confidential: %v", runtimeClass, err)
+			}
+			if isConfidentialRuntimeClass {
+				klog.V(2).Infof("NodePublishVolume for volume(%s) where runtimeClass is %s", volumeID, runtimeClass)
+				source := req.GetStagingTargetPath()
+				if len(source) == 0 {
+					return nil, status.Error(codes.InvalidArgument, "Staging target not provided")
+				}
+				// Load the mount info from staging area
+				mountInfo, err := d.directVolume.VolumeMountInfo(source)
 				if err != nil {
-					return nil, status.Errorf(codes.Internal, "failed to get runtime class for pod %s/%s: %v", context[podNamespaceField], context[podNameField], err)
+					return nil, status.Errorf(codes.Internal, "failed to load mount info from %s: %v", source, err)
+				}
+				if mountInfo == nil {
+					return nil, status.Errorf(codes.Internal, "mount info is nil for volume %s", volumeID)
 				}
-				klog.V(2).Infof("NodePublishVolume: volume(%s) mount on %s with runtimeClass %s", volumeID, target, runtimeClass)
-				isConfidentialRuntimeClass, err := isConfidentialRuntimeClassFunc(ctx, d.kubeClient, runtimeClass)
+				data, err := json.Marshal(mountInfo)
 				if err != nil {
-					return nil, status.Errorf(codes.Internal, "failed to check if runtime class %s is confidential: %v", runtimeClass, err)
+					return nil, status.Errorf(codes.Internal, "failed to marshal mount info %s: %v", source, err)
 				}
-				if isConfidentialRuntimeClass {
-					klog.V(2).Infof("NodePublishVolume for volume(%s) where runtimeClass is %s", volumeID, runtimeClass)
-					source := req.GetStagingTargetPath()
-					if len(source) == 0 {
-						return nil, status.Error(codes.InvalidArgument, "Staging target not provided")
-					}
-					// Load the mount info from staging area
-					mountInfo, err := d.directVolume.VolumeMountInfo(source)
-					if err != nil {
-						return nil, status.Errorf(codes.Internal, "failed to load mount info from %s: %v", source, err)
-					}
-					if mountInfo == nil {
-						return nil, status.Errorf(codes.Internal, "mount info is nil for volume %s", volumeID)
-					}
-					data, err := json.Marshal(mountInfo)
-					if err != nil {
-						return nil, status.Errorf(codes.Internal, "failed to marshal mount info %s: %v", source, err)
-					}
-					if err = d.directVolume.Add(target, string(data)); err != nil {
-						return nil, status.Errorf(codes.Internal, "failed to save mount info %s: %v", target, err)
-					}
-					klog.V(2).Infof("NodePublishVolume: direct volume mount %s at %s successfully", source, target)
-					return &csi.NodePublishVolumeResponse{}, nil
+				if err = d.directVolume.Add(target, string(data)); err != nil {
+					return nil, status.Errorf(codes.Internal, "failed to save mount info %s: %v", target, err)
 				}
+				klog.V(2).Infof("NodePublishVolume: direct volume mount %s at %s successfully", source, target)
+				return &csi.NodePublishVolumeResponse{}, nil
 			}
 		}
 	}
@@ -419,9 +416,9 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 		}
 		klog.V(2).Infof("volume(%s) mount %s on %s succeeded", volumeID, source, cifsMountPath)
 	}
-	enableKataCCMount := isKataNodeFunc(ctx, d.NodeID, d.kubeClient)
+	enableKataCCMount := d.isKataNode && d.enableKataCCMount
 	// If runtime OS is not windows and protocol is not nfs, save mountInfo.json
-	if d.enableKataCCMount && enableKataCCMount {
+	if enableKataCCMount {
 		if runtime.GOOS != "windows" && protocol != nfs {
 			// Check if mountInfo.json is already present at the targetPath
 			isMountInfoPresent, err := d.directVolume.VolumeMountInfo(cifsMountPath)

pkg/azurefile/nodeserver_test.go

@@ -147,7 +147,7 @@ func TestNodePublishVolume(t *testing.T) {
 	mockDirectVolume := NewMockDirectVolume(ctrl)
 	getRuntimeClassForPodFunc = mockGetRuntimeClassForPod
 	isConfidentialRuntimeClassFunc = mockIsConfidentialRuntimeClass
-	isKataNodeFunc = mockIsKataNodeAsFalse
+	d.isKataNode = false
 
 	tests := []struct {
 		desc        string
@@ -274,7 +274,7 @@ func TestNodePublishVolume(t *testing.T) {
 				VolumeContext:     map[string]string{mountPermissionsField: "0755", podNameField: "testPod", podNamespaceField: "testNamespace"},
 			},
 			setup: func() {
-				isKataNodeFunc = mockIsKataNodeAsTrue
+				d.isKataNode = true
 				d.directVolume = mockDirectVolume
 				mockDirectVolume.EXPECT().VolumeMountInfo(sourceTest).Return(&volume.MountInfo{}, nil)
 				mockDirectVolume.EXPECT().Add(targetTest, gomock.Any()).Return(nil)
@@ -470,7 +470,7 @@ func TestNodeStageVolume(t *testing.T) {
 	defer ctrl.Finish()
 	mockResolver := NewMockResolver(ctrl)
 	mockDirectVolume := NewMockDirectVolume(ctrl)
-	isKataNodeFunc = mockIsKataNodeAsFalse
+	d.isKataNode = false
 
 	tests := []struct {
 		desc          string
@@ -760,7 +760,7 @@ func TestNodeStageVolume(t *testing.T) {
 				d.resolver = mockResolver
 				d.directVolume = mockDirectVolume
 				if runtime.GOOS != "windows" {
-					isKataNodeFunc = mockIsKataNodeAsTrue
+					d.isKataNode = true
 					mockIPAddr := &net.IPAddr{IP: net.ParseIP("192.168.1.1")}
 					mockDirectVolume.EXPECT().VolumeMountInfo(sourceTest).Return(nil, nil)
 					mockResolver.EXPECT().ResolveIPAddr("ip", "test_servername").Return(mockIPAddr, nil)