We use cookies to ensure you get the best experience on our website
Home Verkennen Help
Registreren Inloggen
0ct0pu5
/
moby
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: eaa83640fa
Aftakkingen Labels
moby
/
vendor
/
github.com
/
moby
/
buildkit
/
frontend
/
dockerfile
/
instructions
/
commands_runmount.go

commands_runmount.go 6.1 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263 
  1. // +build dfrunmount
    2. 

  2. 

  3. package instructions
    4. 

  4. 

  5. import (
    6. 

  6. 	"encoding/csv"
    7. 

  7. 	"strconv"
    8. 

  8. 	"strings"
    9. 

  9. 

  10. 	"github.com/pkg/errors"
    11. 

  11. )
    12. 

  12. 

  13. const MountTypeBind = "bind"
    14. 

  14. const MountTypeCache = "cache"
    15. 

  15. const MountTypeTmpfs = "tmpfs"
    16. 

  16. const MountTypeSecret = "secret"
    17. 

  17. const MountTypeSSH = "ssh"
    18. 

  18. 

  19. var allowedMountTypes = map[string]struct{}{
    20. 

  20. 	MountTypeBind:   {},
    21. 

  21. 	MountTypeCache:  {},
    22. 

  22. 	MountTypeTmpfs:  {},
    23. 

  23. 	MountTypeSecret: {},
    24. 

  24. 	MountTypeSSH:    {},
    25. 

  25. }
    26. 

  26. 

  27. const MountSharingShared = "shared"
    28. 

  28. const MountSharingPrivate = "private"
    29. 

  29. const MountSharingLocked = "locked"
    30. 

  30. 

  31. var allowedSharingTypes = map[string]struct{}{
    32. 

  32. 	MountSharingShared:  {},
    33. 

  33. 	MountSharingPrivate: {},
    34. 

  34. 	MountSharingLocked:  {},
    35. 

  35. }
    36. 

  36. 

  37. type mountsKeyT string
    38. 

  38. 

  39. var mountsKey = mountsKeyT("dockerfile/run/mounts")
    40. 

  40. 

  41. func init() {
    42. 

  42. 	parseRunPreHooks = append(parseRunPreHooks, runMountPreHook)
    43. 

  43. 	parseRunPostHooks = append(parseRunPostHooks, runMountPostHook)
    44. 

  44. }
    45. 

  45. 

  46. func isValidMountType(s string) bool {
    47. 

  47. 	if s == "secret" {
    48. 

  48. 		if !isSecretMountsSupported() {
    49. 

  49. 			return false
    50. 

  50. 		}
    51. 

  51. 	}
    52. 

  52. 	if s == "ssh" {
    53. 

  53. 		if !isSSHMountsSupported() {
    54. 

  54. 			return false
    55. 

  55. 		}
    56. 

  56. 	}
    57. 

  57. 	_, ok := allowedMountTypes[s]
    58. 

  58. 	return ok
    59. 

  59. }
    60. 

  60. 

  61. func runMountPreHook(cmd *RunCommand, req parseRequest) error {
    62. 

  62. 	st := &mountState{}
    63. 

  63. 	st.flag = req.flags.AddStrings("mount")
    64. 

  64. 	cmd.setExternalValue(mountsKey, st)
    65. 

  65. 	return nil
    66. 

  66. }
    67. 

  67. 

  68. func runMountPostHook(cmd *RunCommand, req parseRequest) error {
    69. 

  69. 	st := getMountState(cmd)
    70. 

  70. 	if st == nil {
    71. 

  71. 		return errors.Errorf("no mount state")
    72. 

  72. 	}
    73. 

  73. 	var mounts []*Mount
    74. 

  74. 	for _, str := range st.flag.StringValues {
    75. 

  75. 		m, err := parseMount(str)
    76. 

  76. 		if err != nil {
    77. 

  77. 			return err
    78. 

  78. 		}
    79. 

  79. 		mounts = append(mounts, m)
    80. 

  80. 	}
    81. 

  81. 	st.mounts = mounts
    82. 

  82. 	return nil
    83. 

  83. }
    84. 

  84. 

  85. func getMountState(cmd *RunCommand) *mountState {
    86. 

  86. 	v := cmd.getExternalValue(mountsKey)
    87. 

  87. 	if v == nil {
    88. 

  88. 		return nil
    89. 

  89. 	}
    90. 

  90. 	return v.(*mountState)
    91. 

  91. }
    92. 

  92. 

  93. func GetMounts(cmd *RunCommand) []*Mount {
    94. 

  94. 	return getMountState(cmd).mounts
    95. 

  95. }
    96. 

  96. 

  97. type mountState struct {
    98. 

  98. 	flag   *Flag
    99. 

  99. 	mounts []*Mount
    100. 

  100. }
    101. 

  101. 

  102. type Mount struct {
    103. 

  103. 	Type         string
    104. 

  104. 	From         string
    105. 

  105. 	Source       string
    106. 

  106. 	Target       string
    107. 

  107. 	ReadOnly     bool
    108. 

  108. 	CacheID      string
    109. 

  109. 	CacheSharing string
    110. 

  110. 	Required     bool
    111. 

  111. 	Mode         *uint64
    112. 

  112. 	UID          *uint64
    113. 

  113. 	GID          *uint64
    114. 

  114. }
    115. 

  115. 

  116. func parseMount(value string) (*Mount, error) {
    117. 

  117. 	csvReader := csv.NewReader(strings.NewReader(value))
    118. 

  118. 	fields, err := csvReader.Read()
    119. 

  119. 	if err != nil {
    120. 

  120. 		return nil, errors.Wrap(err, "failed to parse csv mounts")
    121. 

  121. 	}
    122. 

  122. 

  123. 	m := &Mount{Type: MountTypeBind}
    124. 

  124. 

  125. 	roAuto := true
    126. 

  126. 

  127. 	for _, field := range fields {
    128. 

  128. 		parts := strings.SplitN(field, "=", 2)
    129. 

  129. 		key := strings.ToLower(parts[0])
    130. 

  130. 

  131. 		if len(parts) == 1 {
    132. 

  132. 			switch key {
    133. 

  133. 			case "readonly", "ro":
    134. 

  134. 				m.ReadOnly = true
    135. 

  135. 				roAuto = false
    136. 

  136. 				continue
    137. 

  137. 			case "readwrite", "rw":
    138. 

  138. 				m.ReadOnly = false
    139. 

  139. 				roAuto = false
    140. 

  140. 				continue
    141. 

  141. 			case "required":
    142. 

  142. 				if m.Type == "secret" || m.Type == "ssh" {
    143. 

  143. 					m.Required = true
    144. 

  144. 					continue
    145. 

  145. 				} else {
    146. 

  146. 					return nil, errors.Errorf("unexpected key '%s' for mount type '%s'", key, m.Type)
    147. 

  147. 				}
    148. 

  148. 			}
    149. 

  149. 		}
    150. 

  150. 

  151. 		if len(parts) != 2 {
    152. 

  152. 			return nil, errors.Errorf("invalid field '%s' must be a key=value pair", field)
    153. 

  153. 		}
    154. 

  154. 

  155. 		value := parts[1]
    156. 

  156. 		switch key {
    157. 

  157. 		case "type":
    158. 

  158. 			if !isValidMountType(strings.ToLower(value)) {
    159. 

  159. 				return nil, errors.Errorf("unsupported mount type %q", value)
    160. 

  160. 			}
    161. 

  161. 			m.Type = strings.ToLower(value)
    162. 

  162. 		case "from":
    163. 

  163. 			m.From = value
    164. 

  164. 		case "source", "src":
    165. 

  165. 			m.Source = value
    166. 

  166. 		case "target", "dst", "destination":
    167. 

  167. 			m.Target = value
    168. 

  168. 		case "readonly", "ro":
    169. 

  169. 			m.ReadOnly, err = strconv.ParseBool(value)
    170. 

  170. 			if err != nil {
    171. 

  171. 				return nil, errors.Errorf("invalid value for %s: %s", key, value)
    172. 

  172. 			}
    173. 

  173. 			roAuto = false
    174. 

  174. 		case "readwrite", "rw":
    175. 

  175. 			rw, err := strconv.ParseBool(value)
    176. 

  176. 			if err != nil {
    177. 

  177. 				return nil, errors.Errorf("invalid value for %s: %s", key, value)
    178. 

  178. 			}
    179. 

  179. 			m.ReadOnly = !rw
    180. 

  180. 			roAuto = false
    181. 

  181. 		case "required":
    182. 

  182. 			if m.Type == "secret" || m.Type == "ssh" {
    183. 

  183. 				v, err := strconv.ParseBool(value)
    184. 

  184. 				if err != nil {
    185. 

  185. 					return nil, errors.Errorf("invalid value for %s: %s", key, value)
    186. 

  186. 				}
    187. 

  187. 				m.Required = v
    188. 

  188. 			} else {
    189. 

  189. 				return nil, errors.Errorf("unexpected key '%s' for mount type '%s'", key, m.Type)
    190. 

  190. 			}
    191. 

  191. 		case "id":
    192. 

  192. 			m.CacheID = value
    193. 

  193. 		case "sharing":
    194. 

  194. 			if _, ok := allowedSharingTypes[strings.ToLower(value)]; !ok {
    195. 

  195. 				return nil, errors.Errorf("unsupported sharing value %q", value)
    196. 

  196. 			}
    197. 

  197. 			m.CacheSharing = strings.ToLower(value)
    198. 

  198. 		case "mode":
    199. 

  199. 			mode, err := strconv.ParseUint(value, 8, 32)
    200. 

  200. 			if err != nil {
    201. 

  201. 				return nil, errors.Errorf("invalid value %s for mode", value)
    202. 

  202. 			}
    203. 

  203. 			m.Mode = &mode
    204. 

  204. 		case "uid":
    205. 

  205. 			uid, err := strconv.ParseUint(value, 10, 32)
    206. 

  206. 			if err != nil {
    207. 

  207. 				return nil, errors.Errorf("invalid value %s for uid", value)
    208. 

  208. 			}
    209. 

  209. 			m.UID = &uid
    210. 

  210. 		case "gid":
    211. 

  211. 			gid, err := strconv.ParseUint(value, 10, 32)
    212. 

  212. 			if err != nil {
    213. 

  213. 				return nil, errors.Errorf("invalid value %s for gid", value)
    214. 

  214. 			}
    215. 

  215. 			m.GID = &gid
    216. 

  216. 		default:
    217. 

  217. 			return nil, errors.Errorf("unexpected key '%s' in '%s'", key, field)
    218. 

  218. 		}
    219. 

  219. 	}
    220. 

  220. 

  221. 	fileInfoAllowed := m.Type == MountTypeSecret || m.Type == MountTypeSSH || m.Type == MountTypeCache
    222. 

  222. 

  223. 	if m.Mode != nil && !fileInfoAllowed {
    224. 

  224. 		return nil, errors.Errorf("mode not allowed for %q type mounts", m.Type)
    225. 

  225. 	}
    226. 

  226. 

  227. 	if m.UID != nil && !fileInfoAllowed {
    228. 

  228. 		return nil, errors.Errorf("uid not allowed for %q type mounts", m.Type)
    229. 

  229. 	}
    230. 

  230. 

  231. 	if m.GID != nil && !fileInfoAllowed {
    232. 

  232. 		return nil, errors.Errorf("gid not allowed for %q type mounts", m.Type)
    233. 

  233. 	}
    234. 

  234. 

  235. 	if roAuto {
    236. 

  236. 		if m.Type == MountTypeCache || m.Type == MountTypeTmpfs {
    237. 

  237. 			m.ReadOnly = false
    238. 

  238. 		} else {
    239. 

  239. 			m.ReadOnly = true
    240. 

  240. 		}
    241. 

  241. 	}
    242. 

  242. 

  243. 	if m.CacheSharing != "" && m.Type != MountTypeCache {
    244. 

  244. 		return nil, errors.Errorf("invalid cache sharing set for %v mount", m.Type)
    245. 

  245. 	}
    246. 

  246. 

  247. 	if m.Type == MountTypeSecret {
    248. 

  248. 		if m.From != "" {
    249. 

  249. 			return nil, errors.Errorf("secret mount should not have a from")
    250. 

  250. 		}
    251. 

  251. 		if m.CacheSharing != "" {
    252. 

  252. 			return nil, errors.Errorf("secret mount should not define sharing")
    253. 

  253. 		}
    254. 

  254. 		if m.Source == "" && m.Target == "" && m.CacheID == "" {
    255. 

  255. 			return nil, errors.Errorf("invalid secret mount. one of source, target required")
    256. 

  256. 		}
    257. 

  257. 		if m.Source != "" && m.CacheID != "" {
    258. 

  258. 			return nil, errors.Errorf("both source and id can't be set")
    259. 

  259. 		}
    260. 

  260. 	}
    261. 

  261. 

  262. 	return m, nil
    263. 

  263. }
    264.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5