test: add tests for mounting shares with kerberos auth

Author: GamerGirlandCo

test/e2e/dynamic_provisioning_test.go

@@ -52,6 +52,29 @@ var _ = ginkgo.Describe("Dynamic Provisioning", func() {
 	})
 
 	testDriver = driver.InitNFSDriver()
+	ginkgo.It("should create a volume with kerberos auth", func(ctx ginkgo.SpecContext) {
+		pods := []testsuites.PodDetails{
+			{
+				Cmd: "echo 'hello world' > /mnt/test-1/data && grep 'hello world' /mnt/test-1/data",
+				Volumes: []testsuites.VolumeDetails{
+					{
+						ClaimSize: "1Gi",
+						VolumeMount: testsuites.VolumeMountDetails{
+							NameGenerate:      "test-volume-",
+							MountPathGenerate: "/mnt/test-",
+						},
+						MountOptions: []string{"sec=krb5", "noresvport", "nfsvers=4"},
+					},
+				},
+			},
+		}
+		test := testsuites.DynamicallyProvisionedVolumeWithKerberosAuth{
+			Pods:                   pods,
+			StorageClassParameters: krbStorageClassParameters,
+			Driver:                 testDriver,
+		}
+		test.Run(ctx, cs, ns)
+	})
 	ginkgo.It("should create a volume on demand with mount options", func(ctx ginkgo.SpecContext) {
 		pods := []testsuites.PodDetails{
 			{

test/e2e/e2e_suite_test.go

@@ -92,6 +92,16 @@ var (
 		"mountPermissions": "0755",
 		"onDelete":         "archive",
 	}
+	krbStorageClassParameters = map[string]string{
+		"server": "nfs-krb-server.default.svc.cluster.local",
+		"share":  "/srv/shared",
+		"csi.storage.k8s.io/provisioner-secret-namespace": "default",
+		"csi.storage.k8s.io/provisioner-secret-name":      "mount-options",
+		"mountPermissions":   "0755",
+		"authPasswordSecret": "krb-pwd",
+		"authPrincipal":      "nfs/nfs-krb-server.default.svc.cluster.local@NFS-KRB-SERVER.DEFAULT.SVC.CLUSTER.LOCAL",
+	}
+
 	controllerServer *nfs.ControllerServer
 )
 

test/e2e/testsuites/dynamically_provisioned_krb_auth_volume.go

@@ -0,0 +1,46 @@
+/*
+Copyright 2025 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package testsuites
+
+import (
+	"context"
+
+	"github.com/kubernetes-csi/csi-driver-nfs/test/e2e/driver"
+	"github.com/onsi/ginkgo/v2"
+	v1 "k8s.io/api/core/v1"
+	clientset "k8s.io/client-go/kubernetes"
+)
+
+type DynamicallyProvisionedVolumeWithKerberosAuth struct {
+	Driver                 driver.DynamicPVTestDriver
+	Pods                   []PodDetails
+	StorageClassParameters map[string]string
+}
+
+func (t *DynamicallyProvisionedVolumeWithKerberosAuth) Run(ctx context.Context, client clientset.Interface, namespace *v1.Namespace) {
+	for _, pod := range t.Pods {
+		tpod, cleanup := pod.SetupWithDynamicVolumes(ctx, client, namespace, t.Driver, t.StorageClassParameters)
+		for i := range cleanup {
+			defer cleanup[i](ctx)
+		}
+		ginkgo.By("deploying the pod")
+		tpod.Create(ctx)
+		defer tpod.Cleanup(ctx)
+		ginkgo.By("checking that the pods command exits with no error")
+		tpod.WaitForSuccess(ctx)
+	}
+}