Add in struct for mounted storage options

kyaml/kio/filters/container.go

@@ -25,7 +25,6 @@ import (
 // The full set of environment variables from the parent process
 // are passed to the container.
 type ContainerFilter struct {
-	mountPath string
 
 	// Image is the container image to use to create a container.
 	Image string `yaml:"image,omitempty"`
@@ -33,8 +32,8 @@ type ContainerFilter struct {
 	// Network is the container network to use.
 	Network string `yaml:"network,omitempty"`
 
-	// LocalVolume is the volume the container uses.
+	// List of storage options that container will have mounted.
-	LocalVolume string `yaml:"localVolume,omitempty"`
+	StorageMounts []StorageMount
 
 	// Config is the API configuration for the container and passed through the
 	// API_CONFIG env var to the container.
@@ -47,8 +46,25 @@ type ContainerFilter struct {
 	checkInput func(string)
 }
 
-func (c *ContainerFilter) SetMountPath(path string) {
+// StorageMount represents a container's mounted storage option(s)
-	c.mountPath = path
+type StorageMount struct {
+	// Type of mount e.g. bind mount, local volume, etc.
+	mountType string
+
+	// Source for the storage to be mounted.
+	// For named volumes, this is the name of the volume.
+	// For anonymous volumes, this field is omitted (empty string).
+	// For bind mounts, this is the path to the file or directory on the host.
+	src string
+
+	// The path where the file or directory is mounted in the container.
+	dstPath string
+}
+
+// AddStorageMount adds a mounted storage option to the Container
+func (c *ContainerFilter) AddStorageMount(mountType, src, dstPath string) {
+	storageMount := StorageMount{mountType, src, dstPath}
+	c.StorageMounts = append(c.StorageMounts, storageMount)
 }
 
 // GrepFilter implements kio.GrepFilter
@@ -108,13 +124,14 @@ func (c *ContainerFilter) getArgs() []string {
 		// don't make fs readonly because things like heredoc rely on writing tmp files
 		"--security-opt=no-new-privileges", // don't allow the user to escalate privileges
 	}
-	// mount the directory containing the function as read-only
-	if c.mountPath != "" {
-		args = append(args, "-v", fmt.Sprintf("%s:/local/:ro", c.mountPath))
-	}
 
-	if c.LocalVolume != "" {
+	// TODO(joncwong): Allow StorageMount fields to have default values.
-		args = append(args, "--mount", fmt.Sprintf("'type=volume,src=%s,dst=/local/:ro'", c.LocalVolume))
+	for _, storageMount := range c.StorageMounts {
+		mountType := storageMount.mountType
+		src := storageMount.src
+		dstPath := storageMount.dstPath
+
+		args = append(args, "--mount", fmt.Sprintf("'type=%s,src=%s,dst=%s:ro'", mountType, src, dstPath))
 	}
 
 	// export the local environment vars to the container

kyaml/kio/filters/container_test.go

@@ -7,7 +7,6 @@ import (
 	"bytes"
 	"fmt"
 	"os"
-	"path/filepath"
 	"strings"
 	"testing"
 
@@ -62,7 +61,7 @@ metadata:
 	assert.True(t, foundKyaml)
 }
 
-func TestFilter_commandMountPath(t *testing.T) {
+func TestFilter_command_StorageMount(t *testing.T) {
 	cfg, err := yaml.Parse(`apiversion: apps/v1
 kind: Deployment
 metadata:
@@ -71,47 +70,13 @@ metadata:
 	if !assert.NoError(t, err) {
 		return
 	}
+	bindMount := StorageMount{"bind", "/mount/path", "/local/"}
+	localVol := StorageMount{"volume", "myvol", "/local/"}
+	tmpfs := StorageMount{"tmpfs", "", "/local/"}
 	instance := &ContainerFilter{
-		Image:     "example.com:version",
+		Image:         "example.com:version",
-		Config:    cfg,
+		Config:        cfg,
-		mountPath: filepath.Join("mount", "path"),
+		StorageMounts: []StorageMount{bindMount, localVol, tmpfs},
-	}
-	os.Setenv("KYAML_TEST", "FOO")
-	cmd, err := instance.getCommand()
-	if !assert.NoError(t, err) {
-		return
-	}
-
-	expected := []string{
-		"docker", "run",
-		"--rm",
-		"-i", "-a", "STDIN", "-a", "STDOUT", "-a", "STDERR",
-		"--network", "none",
-		"--user", "nobody",
-		"--security-opt=no-new-privileges",
-		"-v", fmt.Sprintf("%s:/local/:ro", filepath.Join("mount", "path")),
-	}
-	for _, e := range os.Environ() {
-		// the process env
-		expected = append(expected, "-e", strings.Split(e, "=")[0])
-	}
-	expected = append(expected, "example.com:version")
-	assert.Equal(t, expected, cmd.Args)
-}
-
-func TestFilter_command_LocalVolume(t *testing.T) {
-	cfg, err := yaml.Parse(`apiversion: apps/v1
-kind: Deployment
-metadata:
-  name: foo
-`)
-	if !assert.NoError(t, err) {
-		return
-	}
-	instance := &ContainerFilter{
-		Image:       "example.com:version",
-		Config:      cfg,
-		LocalVolume: "myvol",
 	}
 	cmd, err := instance.getCommand()
 	if !assert.NoError(t, err) {
@@ -125,7 +90,9 @@ metadata:
 		"--network", "none",
 		"--user", "nobody",
 		"--security-opt=no-new-privileges",
-		"--mount", fmt.Sprintf("'type=volume,src=%s,dst=/local/:ro'", "myvol"),
+		"--mount", fmt.Sprintf("'type=%s,src=%s,dst=%s:ro'", "bind", "/mount/path", "/local/"),
+		"--mount", fmt.Sprintf("'type=%s,src=%s,dst=%s:ro'", "volume", "myvol", "/local/"),
+		"--mount", fmt.Sprintf("'type=%s,src=%s,dst=%s:ro'", "tmpfs", "", "/local/"),
 	}
 	for _, e := range os.Environ() {
 		// the process env

kyaml/runfn/runfn.go

@@ -91,7 +91,6 @@ func (r *RunFns) init() {
 	if r.containerFilterProvider == nil {
 		r.containerFilterProvider = func(image, path string, api *yaml.RNode) kio.Filter {
 			cf := &filters.ContainerFilter{Image: image, Config: api}
-			cf.SetMountPath(filepath.Join(r.Path, path))
 			return cf
 		}
 	}