From e46108ada0c22c011d8d66f64969a84b6fccbbe4 Mon Sep 17 00:00:00 2001 From: Jonathan Wong Date: Thu, 28 Nov 2019 15:43:17 -0800 Subject: [PATCH] Add in struct for mounted storage options --- kyaml/kio/filters/container.go | 39 +++++++++++++++------ kyaml/kio/filters/container_test.go | 53 ++++++----------------------- kyaml/runfn/runfn.go | 1 - 3 files changed, 38 insertions(+), 55 deletions(-) diff --git a/kyaml/kio/filters/container.go b/kyaml/kio/filters/container.go index 797dc2cad..8d327ccf2 100644 --- a/kyaml/kio/filters/container.go +++ b/kyaml/kio/filters/container.go @@ -25,7 +25,6 @@ import ( // The full set of environment variables from the parent process // are passed to the container. type ContainerFilter struct { - mountPath string // Image is the container image to use to create a container. Image string `yaml:"image,omitempty"` @@ -33,8 +32,8 @@ type ContainerFilter struct { // Network is the container network to use. Network string `yaml:"network,omitempty"` - // LocalVolume is the volume the container uses. - LocalVolume string `yaml:"localVolume,omitempty"` + // List of storage options that container will have mounted. + StorageMounts []StorageMount // Config is the API configuration for the container and passed through the // API_CONFIG env var to the container. @@ -47,8 +46,25 @@ type ContainerFilter struct { checkInput func(string) } -func (c *ContainerFilter) SetMountPath(path string) { - c.mountPath = path +// StorageMount represents a container's mounted storage option(s) +type StorageMount struct { + // Type of mount e.g. bind mount, local volume, etc. + mountType string + + // Source for the storage to be mounted. + // For named volumes, this is the name of the volume. + // For anonymous volumes, this field is omitted (empty string). + // For bind mounts, this is the path to the file or directory on the host. + src string + + // The path where the file or directory is mounted in the container. + dstPath string +} + +// AddStorageMount adds a mounted storage option to the Container +func (c *ContainerFilter) AddStorageMount(mountType, src, dstPath string) { + storageMount := StorageMount{mountType, src, dstPath} + c.StorageMounts = append(c.StorageMounts, storageMount) } // GrepFilter implements kio.GrepFilter @@ -108,13 +124,14 @@ func (c *ContainerFilter) getArgs() []string { // don't make fs readonly because things like heredoc rely on writing tmp files "--security-opt=no-new-privileges", // don't allow the user to escalate privileges } - // mount the directory containing the function as read-only - if c.mountPath != "" { - args = append(args, "-v", fmt.Sprintf("%s:/local/:ro", c.mountPath)) - } - if c.LocalVolume != "" { - args = append(args, "--mount", fmt.Sprintf("'type=volume,src=%s,dst=/local/:ro'", c.LocalVolume)) + // TODO(joncwong): Allow StorageMount fields to have default values. + for _, storageMount := range c.StorageMounts { + mountType := storageMount.mountType + src := storageMount.src + dstPath := storageMount.dstPath + + args = append(args, "--mount", fmt.Sprintf("'type=%s,src=%s,dst=%s:ro'", mountType, src, dstPath)) } // export the local environment vars to the container diff --git a/kyaml/kio/filters/container_test.go b/kyaml/kio/filters/container_test.go index 6dbc88beb..f64b38f6d 100644 --- a/kyaml/kio/filters/container_test.go +++ b/kyaml/kio/filters/container_test.go @@ -7,7 +7,6 @@ import ( "bytes" "fmt" "os" - "path/filepath" "strings" "testing" @@ -62,7 +61,7 @@ metadata: assert.True(t, foundKyaml) } -func TestFilter_commandMountPath(t *testing.T) { +func TestFilter_command_StorageMount(t *testing.T) { cfg, err := yaml.Parse(`apiversion: apps/v1 kind: Deployment metadata: @@ -71,47 +70,13 @@ metadata: if !assert.NoError(t, err) { return } + bindMount := StorageMount{"bind", "/mount/path", "/local/"} + localVol := StorageMount{"volume", "myvol", "/local/"} + tmpfs := StorageMount{"tmpfs", "", "/local/"} instance := &ContainerFilter{ - Image: "example.com:version", - Config: cfg, - mountPath: filepath.Join("mount", "path"), - } - os.Setenv("KYAML_TEST", "FOO") - cmd, err := instance.getCommand() - if !assert.NoError(t, err) { - return - } - - expected := []string{ - "docker", "run", - "--rm", - "-i", "-a", "STDIN", "-a", "STDOUT", "-a", "STDERR", - "--network", "none", - "--user", "nobody", - "--security-opt=no-new-privileges", - "-v", fmt.Sprintf("%s:/local/:ro", filepath.Join("mount", "path")), - } - for _, e := range os.Environ() { - // the process env - expected = append(expected, "-e", strings.Split(e, "=")[0]) - } - expected = append(expected, "example.com:version") - assert.Equal(t, expected, cmd.Args) -} - -func TestFilter_command_LocalVolume(t *testing.T) { - cfg, err := yaml.Parse(`apiversion: apps/v1 -kind: Deployment -metadata: - name: foo -`) - if !assert.NoError(t, err) { - return - } - instance := &ContainerFilter{ - Image: "example.com:version", - Config: cfg, - LocalVolume: "myvol", + Image: "example.com:version", + Config: cfg, + StorageMounts: []StorageMount{bindMount, localVol, tmpfs}, } cmd, err := instance.getCommand() if !assert.NoError(t, err) { @@ -125,7 +90,9 @@ metadata: "--network", "none", "--user", "nobody", "--security-opt=no-new-privileges", - "--mount", fmt.Sprintf("'type=volume,src=%s,dst=/local/:ro'", "myvol"), + "--mount", fmt.Sprintf("'type=%s,src=%s,dst=%s:ro'", "bind", "/mount/path", "/local/"), + "--mount", fmt.Sprintf("'type=%s,src=%s,dst=%s:ro'", "volume", "myvol", "/local/"), + "--mount", fmt.Sprintf("'type=%s,src=%s,dst=%s:ro'", "tmpfs", "", "/local/"), } for _, e := range os.Environ() { // the process env diff --git a/kyaml/runfn/runfn.go b/kyaml/runfn/runfn.go index 1a587485d..dd7faabb2 100644 --- a/kyaml/runfn/runfn.go +++ b/kyaml/runfn/runfn.go @@ -91,7 +91,6 @@ func (r *RunFns) init() { if r.containerFilterProvider == nil { r.containerFilterProvider = func(image, path string, api *yaml.RNode) kio.Filter { cf := &filters.ContainerFilter{Image: image, Config: api} - cf.SetMountPath(filepath.Join(r.Path, path)) return cf } }