feature

(fluid-webhook): support to update check-mount.sh configmap on demand

Signed-off-by: 玖宇 <guotongyu.gty@alibaba-inc.com>

Author: 玖宇

pkg/application/inject/fuse/mount_point_script.go

@@ -23,10 +23,12 @@ import (
 
 	"github.com/fluid-cloudnative/fluid/pkg/application/inject/fuse/mutator"
 	"github.com/fluid-cloudnative/fluid/pkg/application/inject/fuse/poststart"
+	"github.com/fluid-cloudnative/fluid/pkg/common"
 	"github.com/fluid-cloudnative/fluid/pkg/ddc/base"
 	"github.com/fluid-cloudnative/fluid/pkg/utils"
 	"github.com/fluid-cloudnative/fluid/pkg/utils/kubeclient"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/client-go/util/retry"
 )
 
 func (s *Injector) injectCheckMountReadyScript(podSpecs *mutator.MutatingPodSpecs, runtimeInfos map[string]base.RuntimeInfoInterface) error {
@@ -131,24 +133,56 @@ func (s *Injector) ensureScriptConfigMapExists(namespace string) (*poststart.Scr
 	appScriptGen := poststart.NewScriptGeneratorForApp(namespace)
 
 	cm := appScriptGen.BuildConfigmap()
-	cmFound, err := kubeclient.IsConfigMapExist(s.client, cm.Name, cm.Namespace)
+	cmKey := fmt.Sprintf("%s/%s", cm.Namespace, cm.Name)
+
+	existingCM, err := kubeclient.GetConfigmapByName(s.client, cm.Name, cm.Namespace)
 	if err != nil {
-		s.log.Error(err, "error when checking configMap's existence", "cm.Name", cm.Name, "cm.Namespace", cm.Namespace)
+		s.log.Error(err, "error when getting configMap", "cm.Name", cm.Name, "cm.Namespace", cm.Namespace)
 		return nil, err
 	}
 
-	cmKey := fmt.Sprintf("%s/%s", cm.Namespace, cm.Name)
-	s.log.V(1).Info("after check configMap existence", "configMap", cmKey, "existence", cmFound)
-	if !cmFound {
+	if existingCM == nil {
+		// ConfigMap does not exist, create it
+		s.log.V(1).Info("configMap not found, creating", "configMap", cmKey)
 		err = s.client.Create(context.TODO(), cm)
 		if err != nil {
 			if otherErr := utils.IgnoreAlreadyExists(err); otherErr != nil {
 				s.log.Error(err, "error when creating new configMap", "cm.Name", cm.Name, "cm.Namespace", cm.Namespace)
 				return nil, err
-			} else {
-				s.log.V(1).Info("configmap already exists, skip", "configMap", cmKey)
 			}
+			s.log.V(1).Info("configmap already exists (concurrent creation), skip", "configMap", cmKey)
+		}
+		return appScriptGen, nil
+	}
+
+	// ConfigMap exists, check if the script SHA256 annotation matches; update with retry on conflict.
+	currentSHA256 := appScriptGen.GetScriptSHA256()
+	if err = retry.RetryOnConflict(retry.DefaultBackoff, func() error {
+		latest, getErr := kubeclient.GetConfigmapByName(s.client, cm.Name, cm.Namespace)
+		if getErr != nil {
+			return getErr
+		}
+		if latest == nil {
+			// Deleted between Get calls; recreate
+			return s.client.Create(context.TODO(), cm)
+		}
+		if latest.Annotations != nil {
+			if annotationSHA256, ok := latest.Annotations[common.AnnotationCheckMountScriptSHA256]; ok && annotationSHA256 == currentSHA256 {
+				s.log.V(1).Info("configmap script is up-to-date, skip update", "configMap", cmKey)
+				return nil
+			}
+		}
+		// SHA256 mismatch or annotation missing: update the ConfigMap with latest script and SHA256
+		s.log.Info("configmap script SHA256 mismatch or annotation missing, updating", "configMap", cmKey, "expectedSHA256", currentSHA256)
+		latest.Data = cm.Data
+		if latest.Annotations == nil {
+			latest.Annotations = map[string]string{}
 		}
+		latest.Annotations[common.AnnotationCheckMountScriptSHA256] = currentSHA256
+		return s.client.Update(context.TODO(), latest)
+	}); err != nil {
+		s.log.Error(err, "error when ensuring configMap is up-to-date", "cm.Name", cm.Name, "cm.Namespace", cm.Namespace)
+		return nil, err
 	}
 
 	return appScriptGen, nil

pkg/application/inject/fuse/mount_point_script_test.go

@@ -21,6 +21,7 @@ import (
 
 	"github.com/fluid-cloudnative/fluid/pkg/application/inject/fuse/mutator"
 	"github.com/fluid-cloudnative/fluid/pkg/application/inject/fuse/poststart"
+	"github.com/fluid-cloudnative/fluid/pkg/common"
 	"github.com/fluid-cloudnative/fluid/pkg/ddc/base"
 	"github.com/go-logr/logr"
 	. "github.com/onsi/ginkgo/v2"
@@ -266,17 +267,64 @@ var _ = Describe("Fuse Injector", func() {
 			})
 		})
 
-		Context("when configmap already exists", func() {
-			It("should not return an error", func() {
-				// Create configmap first
+		Context("when configmap already exists with matching SHA256 annotation", func() {
+			It("should skip update and return without error", func() {
 				appScriptGen := poststart.NewScriptGeneratorForApp(namespace)
 				cm := appScriptGen.BuildConfigmap()
 				err := fakeClient.Create(context.TODO(), cm)
 				Expect(err).To(BeNil())
 
-				// Try to ensure it exists again
 				_, err = injector.ensureScriptConfigMapExists(namespace)
 				Expect(err).To(BeNil())
+
+				// Verify configmap is unchanged (no extra update)
+				retrievedCM := &corev1.ConfigMap{}
+				err = fakeClient.Get(context.TODO(), client.ObjectKey{Name: cm.Name, Namespace: cm.Namespace}, retrievedCM)
+				Expect(err).To(BeNil())
+				Expect(retrievedCM.Annotations).To(HaveKey(common.AnnotationCheckMountScriptSHA256))
+				Expect(retrievedCM.Annotations[common.AnnotationCheckMountScriptSHA256]).To(Equal(appScriptGen.GetScriptSHA256()))
+			})
+		})
+
+		Context("when configmap already exists with stale SHA256 annotation", func() {
+			It("should update the configmap with the latest script and annotation", func() {
+				appScriptGen := poststart.NewScriptGeneratorForApp(namespace)
+				cm := appScriptGen.BuildConfigmap()
+				// Tamper the annotation to simulate an outdated configmap
+				cm.Annotations[common.AnnotationCheckMountScriptSHA256] = "stale-sha256"
+				cm.Data["check-fluid-mount-ready.sh"] = "old script content"
+				err := fakeClient.Create(context.TODO(), cm)
+				Expect(err).To(BeNil())
+
+				_, err = injector.ensureScriptConfigMapExists(namespace)
+				Expect(err).To(BeNil())
+
+				// Verify configmap was updated
+				retrievedCM := &corev1.ConfigMap{}
+				err = fakeClient.Get(context.TODO(), client.ObjectKey{Name: cm.Name, Namespace: cm.Namespace}, retrievedCM)
+				Expect(err).To(BeNil())
+				Expect(retrievedCM.Annotations[common.AnnotationCheckMountScriptSHA256]).To(Equal(appScriptGen.GetScriptSHA256()))
+				Expect(retrievedCM.Data["check-fluid-mount-ready.sh"]).NotTo(Equal("old script content"))
+			})
+		})
+
+		Context("when configmap already exists without SHA256 annotation", func() {
+			It("should update the configmap to add the annotation", func() {
+				appScriptGen := poststart.NewScriptGeneratorForApp(namespace)
+				cm := appScriptGen.BuildConfigmap()
+				// Remove the annotation to simulate a legacy configmap
+				delete(cm.Annotations, common.AnnotationCheckMountScriptSHA256)
+				err := fakeClient.Create(context.TODO(), cm)
+				Expect(err).To(BeNil())
+
+				_, err = injector.ensureScriptConfigMapExists(namespace)
+				Expect(err).To(BeNil())
+
+				retrievedCM := &corev1.ConfigMap{}
+				err = fakeClient.Get(context.TODO(), client.ObjectKey{Name: cm.Name, Namespace: cm.Namespace}, retrievedCM)
+				Expect(err).To(BeNil())
+				Expect(retrievedCM.Annotations).To(HaveKey(common.AnnotationCheckMountScriptSHA256))
+				Expect(retrievedCM.Annotations[common.AnnotationCheckMountScriptSHA256]).To(Equal(appScriptGen.GetScriptSHA256()))
 			})
 		})
 	})

pkg/application/inject/fuse/mutator/mutator_default.go

@@ -22,13 +22,15 @@ import (
 	"encoding/hex"
 	"fmt"
 	"path/filepath"
+	"reflect"
 	"strings"
 	"time"
 
 	"github.com/go-logr/logr"
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/util/retry"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/fluid-cloudnative/fluid/pkg/application/inject/fuse/poststart"
@@ -321,12 +323,14 @@ func prepareFuseContainerPostStartScript(helper *helperData) error {
 	// Fluid assumes pvc name is the same with runtime's name
 	gen := poststart.NewDefaultPostStartScriptGenerator()
 	cmKey := gen.GetNamespacedConfigMapKey(types.NamespacedName{Namespace: datasetNamespace, Name: datasetName}, template.FuseMountInfo.FsType)
-	found, err := kubeclient.IsConfigMapExist(helper.client, cmKey.Name, cmKey.Namespace)
+
+	existingCM, err := kubeclient.GetConfigmapByName(helper.client, cmKey.Name, cmKey.Namespace)
 	if err != nil {
 		return err
 	}
 
-	if !found {
+	if existingCM == nil {
+		// ConfigMap does not exist, create it
 		cm := gen.BuildConfigMap(dataset, cmKey)
 		err = helper.client.Create(context.TODO(), cm)
 		if err != nil {
@@ -335,6 +339,33 @@ func prepareFuseContainerPostStartScript(helper *helperData) error {
 				return err
 			}
 		}
+	} else {
+		// ConfigMap exists; update with retry on conflict to handle concurrent webhook mutations.
+		currentSHA256 := gen.GetScriptSHA256()
+		if err = retry.RetryOnConflict(retry.DefaultBackoff, func() error {
+			latest, getErr := kubeclient.GetConfigmapByName(helper.client, cmKey.Name, cmKey.Namespace)
+			if getErr != nil {
+				return getErr
+			}
+			if latest == nil {
+				// Deleted between Get calls; recreate
+				return helper.client.Create(context.TODO(), gen.BuildConfigMap(dataset, cmKey))
+			}
+			// Fast path: SHA256 annotation already matches, no update needed.
+			if latest.Annotations != nil {
+				if sha, ok := latest.Annotations[common.AnnotationCheckMountScriptSHA256]; ok && sha == currentSHA256 {
+					return nil
+				}
+			}
+			// Refresh Data/Labels/Annotations to match the desired state.
+			updated := gen.RefreshConfigMapContents(dataset, cmKey, latest.DeepCopy())
+			if reflect.DeepEqual(latest, updated) {
+				return nil
+			}
+			return helper.client.Update(context.TODO(), updated)
+		}); err != nil {
+			return err
+		}
 	}
 
 	template.FuseContainer.VolumeMounts = append(template.FuseContainer.VolumeMounts, gen.GetVolumeMount())

pkg/application/inject/fuse/mutator/mutator_default_test.go

@@ -1,6 +1,7 @@
 package mutator
 
 import (
+	"context"
 	"fmt"
 
 	datav1alpha1 "github.com/fluid-cloudnative/fluid/api/v1alpha1"
@@ -619,3 +620,126 @@ var _ = Describe("Default mutator related unit tests", Label("pkg.application.in
 		})
 	})
 })
+
+var _ = Describe("prepareFuseContainerPostStartScript ConfigMap update logic", Label("pkg.application.inject.fuse.mutator.mutator_default_test.go"), func() {
+	var (
+		testScheme       *runtime.Scheme
+		datasetName      string
+		datasetNamespace string
+		dataset          *datav1alpha1.Dataset
+		thinRuntime      *datav1alpha1.ThinRuntime
+		daemonSet        *appsv1.DaemonSet
+		pv               *corev1.PersistentVolume
+		podToMutate      *corev1.Pod
+	)
+
+	BeforeEach(func() {
+		testScheme = runtime.NewScheme()
+		_ = datav1alpha1.AddToScheme(testScheme)
+		_ = corev1.AddToScheme(testScheme)
+		_ = appsv1.AddToScheme(testScheme)
+
+		datasetName = "test-dataset"
+		datasetNamespace = "fluid"
+		dataset, thinRuntime, daemonSet, pv = test_buildFluidResources(datasetName, datasetNamespace)
+		podToMutate = test_buildPodToMutate([]string{datasetName})
+	})
+
+	When("the configmap already exists with a matching SHA256 annotation", func() {
+		It("should skip the update and not return an error", func() {
+			c := fake.NewFakeClientWithScheme(testScheme, dataset, thinRuntime, daemonSet, pv)
+			pod, err := applicationspod.NewApplication(podToMutate).GetPodSpecs()
+			Expect(err).ShouldNot(HaveOccurred())
+			specs, err := CollectFluidObjectSpecs(pod[0])
+			Expect(err).NotTo(HaveOccurred())
+
+			args := MutatorBuildArgs{
+				Client: c,
+				Log:    fake.NullLogger(),
+				Options: common.FuseSidecarInjectOption{
+					EnableCacheDir:             false,
+					SkipSidecarPostStartInject: false,
+				},
+				Specs: specs,
+			}
+			// First mutate: creates the ConfigMap
+			mut := NewDefaultMutator(args)
+			runtimeInfo, err := base.GetRuntimeInfo(c, datasetName, datasetNamespace)
+			Expect(err).NotTo(HaveOccurred())
+			err = mut.MutateWithRuntimeInfo(datasetName, runtimeInfo, "-0")
+			Expect(err).To(BeNil())
+
+			// Re-build fresh args/mutator to simulate a second webhook call
+			pod2, _ := applicationspod.NewApplication(podToMutate).GetPodSpecs()
+			specs2, _ := CollectFluidObjectSpecs(pod2[0])
+			args2 := MutatorBuildArgs{Client: c, Log: fake.NullLogger(), Options: args.Options, Specs: specs2}
+			mut2 := NewDefaultMutator(args2)
+			runtimeInfo2, err := base.GetRuntimeInfo(c, datasetName, datasetNamespace)
+			Expect(err).NotTo(HaveOccurred())
+
+			// Second mutate: SHA256 matches, should not error
+			err = mut2.MutateWithRuntimeInfo(datasetName, runtimeInfo2, "-0")
+			Expect(err).To(BeNil())
+		})
+	})
+
+	When("the configmap already exists with a stale SHA256 annotation", func() {
+		It("should refresh the configmap Data and annotation", func() {
+			c := fake.NewFakeClientWithScheme(testScheme, dataset, thinRuntime, daemonSet, pv)
+			pod, err := applicationspod.NewApplication(podToMutate).GetPodSpecs()
+			Expect(err).ShouldNot(HaveOccurred())
+			specs, err := CollectFluidObjectSpecs(pod[0])
+			Expect(err).NotTo(HaveOccurred())
+
+			args := MutatorBuildArgs{
+				Client: c,
+				Log:    fake.NullLogger(),
+				Options: common.FuseSidecarInjectOption{
+					EnableCacheDir:             false,
+					SkipSidecarPostStartInject: false,
+				},
+				Specs: specs,
+			}
+			// First mutate: creates the ConfigMap
+			mut := NewDefaultMutator(args)
+			runtimeInfo, err := base.GetRuntimeInfo(c, datasetName, datasetNamespace)
+			Expect(err).NotTo(HaveOccurred())
+			err = mut.MutateWithRuntimeInfo(datasetName, runtimeInfo, "-0")
+			Expect(err).To(BeNil())
+
+			// Deliberately corrupt the SHA256 annotation to simulate a stale configmap
+			cmList := &corev1.ConfigMapList{}
+			Expect(c.List(context.TODO(), cmList)).To(Succeed())
+			for i := range cmList.Items {
+				cm := &cmList.Items[i]
+				if cm.Annotations != nil {
+					if _, ok := cm.Annotations[common.AnnotationCheckMountScriptSHA256]; ok {
+						cm.Annotations[common.AnnotationCheckMountScriptSHA256] = "deliberately-stale-sha"
+						Expect(c.Update(context.TODO(), cm)).To(Succeed())
+					}
+				}
+			}
+
+			// Second mutate: SHA256 mismatch → should trigger update
+			pod2, _ := applicationspod.NewApplication(podToMutate).GetPodSpecs()
+			specs2, _ := CollectFluidObjectSpecs(pod2[0])
+			args2 := MutatorBuildArgs{Client: c, Log: fake.NullLogger(), Options: args.Options, Specs: specs2}
+			mut2 := NewDefaultMutator(args2)
+			runtimeInfo2, err := base.GetRuntimeInfo(c, datasetName, datasetNamespace)
+			Expect(err).NotTo(HaveOccurred())
+			err = mut2.MutateWithRuntimeInfo(datasetName, runtimeInfo2, "-0")
+			Expect(err).To(BeNil())
+
+			// Verify the SHA256 annotation was refreshed
+			updatedCmList := &corev1.ConfigMapList{}
+			Expect(c.List(context.TODO(), updatedCmList)).To(Succeed())
+			for _, cm := range updatedCmList.Items {
+				if cm.Annotations != nil {
+					if sha, ok := cm.Annotations[common.AnnotationCheckMountScriptSHA256]; ok {
+						Expect(sha).NotTo(Equal("deliberately-stale-sha"))
+					}
+				}
+			}
+		})
+	})
+})