getporter · magnus-karlsson-sectra · Feb 12, 2025
@@ -12,6 +12,7 @@ import (
 	"get.porter.sh/porter/pkg/tracing"
 	cnabaction "github.com/cnabio/cnab-go/action"
 	"github.com/cnabio/cnab-go/driver"
+	"github.com/docker/docker/api/types/mount"
 	"github.com/hashicorp/go-multierror"
 	"go.opentelemetry.io/otel/attribute"
 	"go.uber.org/zap/zapcore"
@@ -21,6 +22,7 @@ type HostVolumeMountSpec struct {
 	Source   string
 	Target   string
 	ReadOnly bool
+	Type     mount.Type
 }
 
 // ActionArguments are the shared arguments for all bundle runs.

@@ -41,18 +41,18 @@ func (r *Runtime) mountDockerSocket(cfg *container.Config, hostCfg *container.Ho
 	dockerSockMount := mount.Mount{
 		Source:   "/var/run/docker.sock",
 		Target:   "/var/run/docker.sock",
-		Type:     "bind",
+		Type:     mount.TypeBind,
 		ReadOnly: false,
 	}
 	hostCfg.Mounts = append(hostCfg.Mounts, dockerSockMount)
 	return nil
 }
 
-func (r *Runtime) addVolumeMountToHostConfig(hostConfig *container.HostConfig, source string, target string, readOnly bool) error {
+func (r *Runtime) addVolumeMountToHostConfig(hostConfig *container.HostConfig, source string, target string, readOnly bool, mountType mount.Type) error {
 	mount := mount.Mount{
 		Source:   source,
 		Target:   target,
-		Type:     "bind",
+		Type:     mountType,
 		ReadOnly: readOnly,
 	}
 	hostConfig.Mounts = append(hostConfig.Mounts, mount)

@@ -115,7 +115,7 @@ func (r *Runtime) dockerDriverWithHostAccess(config cnab.Docker, d *docker.Drive
 
 func (r *Runtime) addVolumeMountsToHostConfig(hostConfig *container.HostConfig, mounts []HostVolumeMountSpec) error {
 	for _, mount := range mounts {
-		err := r.addVolumeMountToHostConfig(hostConfig, mount.Source, mount.Target, mount.ReadOnly)
+		err := r.addVolumeMountToHostConfig(hostConfig, mount.Source, mount.Target, mount.ReadOnly, mount.Type)
 		if err != nil {
 			return err
 		}

@@ -20,11 +20,11 @@ func (r *Runtime) mountDockerSocket(cfg *container.Config, hostCfg *container.Ho
 	return nil
 }
 
-func (r *Runtime) addVolumeMountToHostConfig(hostConfig *container.HostConfig, source string, target string, readOnly bool) error {
+func (r *Runtime) addVolumeMountToHostConfig(hostConfig *container.HostConfig, source string, target string, readOnly bool, mountType mount.Type) error {
 	mount := mount.Mount{
 		Source:   source,
 		Target:   target,
-		Type:     "bind",
+		Type:     mountType,
 		ReadOnly: readOnly,
 	}
 	hostConfig.Mounts = append(hostConfig.Mounts, mount)

@@ -5,6 +5,7 @@ import (
 
 	"get.porter.sh/porter/pkg/cnab"
 	"github.com/cnabio/cnab-go/driver/docker"
+	"github.com/docker/docker/api/types/mount"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -131,34 +132,36 @@ func TestNewDriver_Docker(t *testing.T) {
 		r.MockGetDockerGroupId()
 		defer r.Close()
 
-		r.Extensions[cnab.DockerExtensionKey] = cnab.Docker{}
-		_, err := r.FileSystem.Create("/var/run/docker.sock")
-		require.NoError(t, err)
-		_, err = r.FileSystem.Create("/sourceFolder")
-		require.NoError(t, err)
-		_, err = r.FileSystem.Create("/sourceFolder2")
-		require.NoError(t, err)
-		_, err = r.FileSystem.Create("/sourceFolder3")
-		require.NoError(t, err)
+		var hostVolumeMounts = []HostVolumeMountSpec{
+			{
+				Source:   "/sourceFolder",
+				Target:   "/targetFolder",
+				ReadOnly: false,
+				Type:     mount.TypeBind,
+			},
+			{
+				Source:   "/sourceFolder2",
+				Target:   "/targetFolder2",
+				ReadOnly: true,
+				Type:     mount.TypeBind,
+			},
+			{
+				Source:   "/sourceFolder3",
+				Target:   "/targetFolder3",
+				ReadOnly: false,
+				Type:     mount.TypeBind,
+			},
+			{
+				Source:   "volume",
+				Target:   "/targetFolder4",
+				ReadOnly: true,
+				Type:     mount.TypeVolume,
+			},
+		}
 
 		args := ActionArguments{
 			AllowDockerHostAccess: true,
-			HostVolumeMounts: []HostVolumeMountSpec{
-				{
-					Source: "/sourceFolder",
-					Target: "/targetFolder",
-				},
-				{
-					Source:   "/sourceFolder2",
-					Target:   "/targetFolder2",
-					ReadOnly: true,
-				},
-				{
-					Source:   "/sourceFolder3",
-					Target:   "/targetFolder3",
-					ReadOnly: false,
-				},
-			},
+			HostVolumeMounts:      hostVolumeMounts,
 		}
 
 		driver, err := r.newDriver(DriverNameDocker, args)
@@ -175,16 +178,14 @@ func TestNewDriver_Docker(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, false, containerHostCfg.Privileged)
 
-		require.Len(t, containerHostCfg.Mounts, 4) //includes the docker socket mount
-		assert.Equal(t, "/sourceFolder", containerHostCfg.Mounts[1].Source)
-		assert.Equal(t, "/targetFolder", containerHostCfg.Mounts[1].Target)
-		assert.Equal(t, false, containerHostCfg.Mounts[1].ReadOnly)
-		assert.Equal(t, "/sourceFolder2", containerHostCfg.Mounts[2].Source)
-		assert.Equal(t, "/targetFolder2", containerHostCfg.Mounts[2].Target)
-		assert.Equal(t, true, containerHostCfg.Mounts[2].ReadOnly)
-		assert.Equal(t, "/sourceFolder3", containerHostCfg.Mounts[3].Source)
-		assert.Equal(t, "/targetFolder3", containerHostCfg.Mounts[3].Target)
-		assert.Equal(t, false, containerHostCfg.Mounts[3].ReadOnly)
+		require.Len(t, containerHostCfg.Mounts, 5) //includes the docker socket mount
+
+		for i, hostMount := range hostVolumeMounts {
+			assert.Equal(t, hostMount.Source, containerHostCfg.Mounts[i+1].Source)
+			assert.Equal(t, hostMount.Target, containerHostCfg.Mounts[i+1].Target)
+			assert.Equal(t, hostMount.ReadOnly, containerHostCfg.Mounts[i+1].ReadOnly)
+			assert.Equal(t, hostMount.Type, containerHostCfg.Mounts[i+1].Type)
+		}
 	})
 
 	t.Run("host volume mount, docker driver, with multiple mounts", func(t *testing.T) {
@@ -193,30 +194,25 @@ func TestNewDriver_Docker(t *testing.T) {
 		r := NewTestRuntime(t)
 		defer r.Close()
 
-		_, err := r.FileSystem.Create("/sourceFolder")
-		require.NoError(t, err)
-		_, err = r.FileSystem.Create("/sourceFolder2")
-		require.NoError(t, err)
-		_, err = r.FileSystem.Create("/sourceFolder3")
-		require.NoError(t, err)
+		var hostVolumeMounts = []HostVolumeMountSpec{
+			{
+				Source: "/sourceFolder",
+				Target: "/targetFolder",
+			},
+			{
+				Source:   "/sourceFolder2",
+				Target:   "/targetFolder2",
+				ReadOnly: true,
+			},
+			{
+				Source:   "/sourceFolder3",
+				Target:   "/targetFolder3",
+				ReadOnly: false,
+			},
+		}
 
 		args := ActionArguments{
-			HostVolumeMounts: []HostVolumeMountSpec{
-				{
-					Source: "/sourceFolder",
-					Target: "/targetFolder",
-				},
-				{
-					Source:   "/sourceFolder2",
-					Target:   "/targetFolder2",
-					ReadOnly: true,
-				},
-				{
-					Source:   "/sourceFolder3",
-					Target:   "/targetFolder3",
-					ReadOnly: false,
-				},
-			},
+			HostVolumeMounts: hostVolumeMounts,
 		}
 
 		driver, err := r.newDriver(DriverNameDocker, args)
@@ -234,16 +230,13 @@ func TestNewDriver_Docker(t *testing.T) {
 		require.NoError(t, err)
 
 		require.Len(t, containerHostCfg.Mounts, 3)
-		assert.Equal(t, "/sourceFolder", containerHostCfg.Mounts[0].Source)
-		assert.Equal(t, "/targetFolder", containerHostCfg.Mounts[0].Target)
-		assert.Equal(t, false, containerHostCfg.Mounts[0].ReadOnly)
-		assert.Equal(t, "/sourceFolder2", containerHostCfg.Mounts[1].Source)
-		assert.Equal(t, "/targetFolder2", containerHostCfg.Mounts[1].Target)
-		assert.Equal(t, true, containerHostCfg.Mounts[1].ReadOnly)
-		assert.Equal(t, "/sourceFolder3", containerHostCfg.Mounts[2].Source)
-		assert.Equal(t, "/targetFolder3", containerHostCfg.Mounts[2].Target)
-		assert.Equal(t, false, containerHostCfg.Mounts[2].ReadOnly)
 
+		for i, hostMount := range hostVolumeMounts {
+			assert.Equal(t, hostMount.Source, containerHostCfg.Mounts[i].Source)
+			assert.Equal(t, hostMount.Target, containerHostCfg.Mounts[i].Target)
+			assert.Equal(t, hostMount.ReadOnly, containerHostCfg.Mounts[i].ReadOnly)
+			assert.Equal(t, hostMount.Type, containerHostCfg.Mounts[i].Type)
+		}
 	})
 
 	t.Run("host volume mount, docker driver, with single mount", func(t *testing.T) {
@@ -252,14 +245,15 @@ func TestNewDriver_Docker(t *testing.T) {
 		r := NewTestRuntime(t)
 		defer r.Close()
 
-		_, err := r.FileSystem.Create("/sourceFolder")
-		require.NoError(t, err)
+		//		_, err := r.FileSystem.Create("/sourceFolder")
+		//require.NoError(t, err)
 
 		args := ActionArguments{
 			HostVolumeMounts: []HostVolumeMountSpec{
 				{
 					Source: "/sourceFolder",
 					Target: "/targetFolder",
+					Type:   mount.TypeBind,
 				},
 			},
 		}
@@ -282,6 +276,7 @@ func TestNewDriver_Docker(t *testing.T) {
 		assert.Equal(t, "/sourceFolder", containerHostCfg.Mounts[0].Source)
 		assert.Equal(t, "/targetFolder", containerHostCfg.Mounts[0].Target)
 		assert.Equal(t, false, containerHostCfg.Mounts[0].ReadOnly)
+		assert.Equal(t, mount.TypeBind, containerHostCfg.Mounts[0].Type)
 	})
 
 	t.Run("host volume mount, mismatch driver name", func(t *testing.T) {

@@ -18,11 +18,11 @@ func (r *Runtime) mountDockerSocket(cfg *container.Config, hostCfg *container.Ho
 	return nil
 }
 
-func (r *Runtime) addVolumeMountToHostConfig(hostConfig *container.HostConfig, source string, target string, readOnly bool) error {
+func (r *Runtime) addVolumeMountToHostConfig(hostConfig *container.HostConfig, source string, target string, readOnly bool, mountType mount.Type) error {
 	mount := mount.Mount{
 		Source:   source,
 		Target:   target,
-		Type:     "bind",
+		Type:     mountType,
 		ReadOnly: readOnly,
 	}
 	hostConfig.Mounts = append(hostConfig.Mounts, mount)

@@ -18,6 +18,7 @@ import (
 	"get.porter.sh/porter/pkg/secrets"
 	"get.porter.sh/porter/pkg/storage"
 	"get.porter.sh/porter/pkg/tracing"
+	"github.com/docker/docker/api/types/mount"
 	"github.com/opencontainers/go-digest"
 	"go.mongodb.org/mongo-driver/bson"
 )
@@ -48,8 +49,9 @@ type BundleExecutionOptions struct {
 	AllowDockerHostAccess bool
 
 	// MountHostVolume mounts provides the bundle access to a host volume.
-	// This is the unparsed list of HOST_PATH:TARGET_PATH:OPTION
+	// This is the unparsed list of HOST_PATH:TARGET_PATH:OPTION:MOUNT_TYPE
 	// OPTION can be ro (read-only) or rw (read-write). Defaults to ro.
+	// MOUNT_TYPE can be bind, volume, or tmpfs. Defaults to bind.
 	HostVolumeMounts []string
 
 	// DebugMode indicates if the bundle should be run in debug mode.
@@ -106,10 +108,10 @@ func (o *BundleExecutionOptions) GetParameters() map[string]interface{} {
 // Sets the final resolved set of host volumes to be made availabe to the bundle
 func (o *BundleExecutionOptions) GetHostVolumeMounts() []cnabprovider.HostVolumeMountSpec {
 	var hostVolumeMounts []cnabprovider.HostVolumeMountSpec
-	for _, mount := range o.HostVolumeMounts {
+	for _, mountString := range o.HostVolumeMounts {
+		var mountType mount.Type = mount.TypeBind
 		var isReadOnlyMount bool
-		parts := strings.Split(mount, ":") // HOST_PATH:TARGET_PATH:OPTION
-
+		parts := strings.Split(mountString, ":") // HOST_PATH:TARGET_PATH:OPTION:MOUNT_TYPE
 		// if parts[0] is a single character, it's a drive letter on Windows
 		// so we need to join it with the next part
 		if runtime.GOOS == "windows" && len(parts) > 1 && len(parts[0]) == 1 && unicode.IsLetter(rune(parts[0][0])) {
@@ -118,7 +120,8 @@ func (o *BundleExecutionOptions) GetHostVolumeMounts() []cnabprovider.HostVolume
 		}
 
 		l := len(parts)
-		if l < 2 || l > 3 {
+		if l < 2 || l > 4 {
+			fmt.Printf("ERROR: invalid mount: %s\n", mountString)
 			continue
 		}
 
@@ -134,10 +137,19 @@ func (o *BundleExecutionOptions) GetHostVolumeMounts() []cnabprovider.HostVolume
 			isReadOnlyMount = true
 		}
 
+		if l == 4 {
+			mountType = mount.Type(parts[3])
+			if mountType != mount.TypeBind && mountType != mount.TypeVolume && mountType != mount.TypeTmpfs {
+				fmt.Printf("ERROR: invalid mount type: %s\n", mountType)
+				continue
+			}
+		}
+
 		hostVolumeMounts = append(hostVolumeMounts, cnabprovider.HostVolumeMountSpec{
 			Source:   parts[0],
 			Target:   parts[1],
 			ReadOnly: isReadOnlyMount,
+			Type:     mountType,
 		})
 	}
 

@@ -20,6 +20,7 @@ import (
 	"get.porter.sh/porter/tests"
 	"github.com/cnabio/cnab-go/secrets/host"
 	"github.com/cnabio/cnab-to-oci/relocation"
+	"github.com/docker/docker/api/types/mount"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -712,6 +713,7 @@ func TestBundleExecutionOptions_GetHostVolumeMounts(t *testing.T) {
 				"/host/path:/target/path:ro",
 				"/host/path:/target/path:rw",
 				"/host/path:/target/path",
+				"myvolume:/target/path:ro:volume",
 			},
 		}
 
@@ -720,16 +722,25 @@ func TestBundleExecutionOptions_GetHostVolumeMounts(t *testing.T) {
 				Source:   "/host/path",
 				Target:   "/target/path",
 				ReadOnly: true,
+				Type:     mount.TypeBind,
 			},
 			{
 				Source:   "/host/path",
 				Target:   "/target/path",
 				ReadOnly: false,
+				Type:     mount.TypeBind,
 			},
 			{
 				Source:   "/host/path",
 				Target:   "/target/path",
 				ReadOnly: true,
+				Type:     mount.TypeBind,
+			},
+			{
+				Source:   "myvolume",
+				Target:   "/target/path",
+				ReadOnly: true,
+				Type:     mount.TypeVolume,
 			},
 		}
 
@@ -748,6 +759,7 @@ func TestBundleExecutionOptions_GetHostVolumeMounts(t *testing.T) {
 			if expected[i].ReadOnly != actual[i].ReadOnly {
 				t.Errorf("expected %v but got %v", expected[i].ReadOnly, actual[i].ReadOnly)
 			}
+
 		}
 	})
 
@@ -781,6 +793,18 @@ func TestBundleExecutionOptions_GetHostVolumeMounts(t *testing.T) {
 		}
 
 	})
+
+	t.Run("invalid host volume mount type option value", func(t *testing.T) {
+		opts := &BundleExecutionOptions{
+			HostVolumeMounts: []string{
+				"/host/path:/target/path:ro:invalid-option",
+			},
+		}
+
+		actual := opts.GetHostVolumeMounts()
+
+		assert.Equal(t, 0, len(actual), "expected no host volume mounts")
+	})
 }
 
 func TestBundleExecutionOptions_GetHostVolumeMountsWindows(t *testing.T) {