fix containerized function mounts issue (#4489)

* fix containerized function mounts issue * skip path test on windows * move test out of temp dir * update tests to deal with new working dir restrictions * code review
2026-06-11 17:12:51 +00:00 · 2022-04-18 14:25:50 -07:00
parent cf89eae804
commit 9d5491c2e2
8 changed files with 253 additions and 57 deletions
--- a/kyaml/fn/runtime/container/container.go
+++ b/kyaml/fn/runtime/container/container.go
@@ -6,10 +6,11 @@ package container
 import (
 	"fmt"
 	"os"
+	"path/filepath"

+	"sigs.k8s.io/kustomize/kyaml/errors"
 	runtimeexec "sigs.k8s.io/kustomize/kyaml/fn/runtime/exec"
 	"sigs.k8s.io/kustomize/kyaml/fn/runtime/runtimeutil"
-
 	"sigs.k8s.io/kustomize/kyaml/yaml"
 )

@@ -151,11 +152,14 @@ func (c *Filter) setupExec() error {
 	if c.Exec.Path != "" {
 		return nil
 	}
-	wd, err := os.Getwd()
-	if err != nil {
-		return err
+
+	if c.Exec.WorkingDir == "" {
+		wd, err := os.Getwd()
+		if err != nil {
+			return errors.Wrap(err)
+		}
+		c.Exec.WorkingDir = wd
 	}
-	c.Exec.WorkingDir = wd

 	path, args := c.getCommand()
 	c.Exec.Path = path
@@ -183,8 +187,11 @@ func (c *Filter) getCommand() (string, []string) {
 		// note: don't make fs readonly because things like heredoc rely on writing tmp files
 	}

-	// TODO(joncwong): Allow StorageMount fields to have default values.
 	for _, storageMount := range c.StorageMounts {
+		// convert declarative relative paths to absolute (otherwise docker will throw an error)
+		if !filepath.IsAbs(storageMount.Src) {
+			storageMount.Src = filepath.Join(c.Exec.WorkingDir, storageMount.Src)
+		}
 		args = append(args, "--mount", storageMount.String())
 	}

--- a/kyaml/fn/runtime/container/container_test.go
+++ b/kyaml/fn/runtime/container/container_test.go
@@ -7,6 +7,7 @@ import (
 	"bytes"
 	"fmt"
 	"os"
+	"path/filepath"
 	"testing"

 	"github.com/stretchr/testify/assert"
@@ -81,18 +82,19 @@ metadata:
 				"--network", "none",
 				"--user", "nobody",
 				"--security-opt=no-new-privileges",
-				"--mount", fmt.Sprintf("type=%s,source=%s,target=%s,readonly", "bind", "/mount/path", "/local/"),
-				"--mount", fmt.Sprintf("type=%s,source=%s,target=%s", "bind", "/mount/pathrw", "/localrw/"),
-				"--mount", fmt.Sprintf("type=%s,source=%s,target=%s,readonly", "volume", "myvol", "/local/"),
-				"--mount", fmt.Sprintf("type=%s,source=%s,target=%s,readonly", "tmpfs", "", "/local/"),
+				// use filepath.Join for Windows filepath handling
+				"--mount", fmt.Sprintf("type=%s,source=%s,target=%s,readonly", "bind", getAbsFilePath(string(filepath.Separator), "mount", "path"), "/local/"),
+				"--mount", fmt.Sprintf("type=%s,source=%s,target=%s", "bind", getAbsFilePath(string(filepath.Separator), "mount", "pathrw"), "/localrw/"),
+				"--mount", fmt.Sprintf("type=%s,source=%s,target=%s,readonly", "volume", getAbsFilePath(string(filepath.Separator), "myvol"), "/local/"),
+				"--mount", fmt.Sprintf("type=%s,source=%s,target=%s,readonly", "tmpfs", getAbsFilePath(string(filepath.Separator)), "/local/"),
 			},
 			containerSpec: runtimeutil.ContainerSpec{
 				Image: "example.com:version",
 				StorageMounts: []runtimeutil.StorageMount{
-					{MountType: "bind", Src: "/mount/path", DstPath: "/local/"},
-					{MountType: "bind", Src: "/mount/pathrw", DstPath: "/localrw/", ReadWriteMode: true},
-					{MountType: "volume", Src: "myvol", DstPath: "/local/"},
-					{MountType: "tmpfs", Src: "", DstPath: "/local/"},
+					{MountType: "bind", Src: getAbsFilePath(string(filepath.Separator), "mount", "path"), DstPath: "/local/"},
+					{MountType: "bind", Src: getAbsFilePath(string(filepath.Separator), "mount", "pathrw"), DstPath: "/localrw/", ReadWriteMode: true},
+					{MountType: "volume", Src: getAbsFilePath(string(filepath.Separator), "myvol"), DstPath: "/local/"},
+					{MountType: "tmpfs", Src: getAbsFilePath(string(filepath.Separator)), DstPath: "/local/"},
 				},
 			},
 			UIDGID: "nobody",
@@ -247,3 +249,8 @@ func getWorkingDir(t *testing.T) string {
 	require.NoError(t, err)
 	return wd
 }
+
+func getAbsFilePath(args ...string) string {
+	path, _ := filepath.Abs(filepath.Join(args...))
+	return path
+}
--- a/kyaml/fn/runtime/runtimeutil/functiontypes.go
+++ b/kyaml/fn/runtime/runtimeutil/functiontypes.go
@@ -136,9 +136,6 @@ type FunctionSpec struct {

 	// ExecSpec is the spec for running a function as an executable
 	Exec ExecSpec `json:"exec,omitempty" yaml:"exec,omitempty"`
-
-	// Mounts are the storage or directories to mount into the container
-	StorageMounts []StorageMount `json:"mounts,omitempty" yaml:"mounts,omitempty"`
 }

 type ExecSpec struct {
@@ -208,9 +205,7 @@ func GetFunctionSpec(n *yaml.RNode) *FunctionSpec {
 	if err != nil {
 		return nil
 	}
-
 	if fn := getFunctionSpecFromAnnotation(n, meta); fn != nil {
-		fn.StorageMounts = []StorageMount{}
 		return fn
 	}