Replace tar (cli) with code-only packing

[astef]

What type of PR is this?
/kind feature

What this PR does / why we need it:

• Removes dependency on the presence of tar utility in the system. This is beneficial for distroless containers
• New packing/unpacking gives more control over the content of snapshots and make developers think about what exactly is being snapshotted/restored

Special notes for your reviewer:

• One of the important cases I've tried to support - proper symlink support. Unfortunately, symlinks happen to be not supported in the testing solution I've chosen (golang.org/x/mod/sumdb/dirhash), so this functionality is only tested by me manually. This can be improved, if we'll find a way to hash the resulting directories considering symlinks. I've also tried to byte-compare the resulting archives, but they contain non-deterministic information, and, therefore, not comparable.

• Another important case was reported by an automatic check - Arbitrary file access during archive extraction ("Zip Slip"). Issue was reproduced in test and fixed. I've chosen the error, which won't change in future versions of Go (after they will finally "turn on" their fix by default, see issue)

Does this PR introduce a user-facing change?:

tar is no longer needed to be present in the environment for snapshots to work

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: astef
Once this PR has been reviewed and has the lgtm label, please assign xing-yang for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Welcome @astef!

It looks like this is your first PR to kubernetes-csi/csi-driver-nfs 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-csi/csi-driver-nfs has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @astef. Thanks for your PR.

I'm waiting for a kubernetes-csi member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[andyzhangx]

/ok-to-test

[coveralls]

Pull Request Test Coverage Report for Build 12367443998

Details

• 130 of 171 (76.02%) changed or added relevant lines in 2 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage decreased (-0.4%) to 78.188%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
pkg/nfs/tar.go	124	165	75.15%

Totals
Change from base Build 12364997568:	-0.4%
Covered Lines:	1079
Relevant Lines:	1380

---

💛 - Coveralls

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: astef / name: Aleksandr Stefurishin (3f15d4d)

[andyzhangx]

@astef can you sign the cla first? thx

[astef]

I had to change my email in GitHub, that's why EasyCLA now fails. Will fix it soon.

[astef]

@andyzhangx I've just finished manual test in my cluster (snapshot/restore, checked integrity of content, folder structure inside controller), and removed "WIP" prefix. Sorry for delay and back-and-forth.

[andyzhangx]

@astef thanks for the contribution, does original tar command supports symlink?

[astef]

does original tar command supports symlink?

Yes it does, here's how I check:

# setup
mkdir input && date > input/d.txt && cd input && ln -s -T ./d.txt ./symlink_to_d.txt && cd ..

# pack
tar -C input/ -czvf output.tar.gz .

# unpack
mkdir output && tar -xzvf output.tar.gz -C output

# check
ls -la input && ls -la output && cat input/symlink_to_d.txt && cat output/symlink_to_d.txt

[andyzhangx]

does original tar command supports symlink?

Yes it does, here's how I check:

# setup
mkdir input && date > input/d.txt && cd input && ln -s -T ./d.txt ./symlink_to_d.txt && cd ..

# pack
tar -C input/ -czvf output.tar.gz .

# unpack
mkdir output && tar -xzvf output.tar.gz -C output

# check
ls -la input && ls -la output && cat input/symlink_to_d.txt && cat output/symlink_to_d.txt

@astef then this is a regression and blocker.

[astef]

But proposed solution supports symlinks too. In "special notes" I've meant that I'm not testing symlinks in unit-tests, but they're suppored.

Actually, now I think that I can write a more concrete unit-test, without golang.org/x/mod/sumdb/dirhash, and this will demonstrate the support of symlinks, and increase coverage.

[astef]

@andyzhangx you were right, there was a regression. Up to this moment I didn't realize that io.Copy won't create a symlink's "content" automatically. I saw it was created, but missed that it's empty. Fixed and covered with test. Thank you!

[astef]

/test pull-csi-driver-nfs-external-e2e

[astef]

Expected, since we want to preserve such links in snapshots.

[astef]

Expected, since we want to preserve such links in snapshots.

[k8s-ci-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.