Add volumedriver resource type

Julien Kassar · Julien Kassar · commit d9c09f9eb007 · 2018-05-14T15:32:22.000-04:00
diff --git a/docker/allow/container.go b/docker/allow/container.go
@@ -89,6 +89,12 @@ func ContainerCreate(req authorization.Request, config *types.Config) *types.All
 		}
 	}
 
+	if len(cc.HostConfig.VolumeDriver) > 0 {
+		if !p.Validate(config.Username, "volumedriver", cc.HostConfig.VolumeDriver, "") {
+			return &types.AllowResult{Allow: false, Msg: fmt.Sprintf("Volume driver %s is not allowed", cc.HostConfig.VolumeDriver)}
+		}
+	}
+
 	if len(cc.HostConfig.CapAdd) > 0 {
 		for _, c := range cc.HostConfig.CapAdd {
 			if !p.Validate(config.Username, "capability", c, "") {
diff --git a/docker/allow/volume.go b/docker/allow/volume.go
@@ -0,0 +1,56 @@
+package allow
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types/volume"
+	"github.com/docker/go-plugins-helpers/authorization"
+	"github.com/juliengk/go-log"
+	"github.com/juliengk/go-log/driver"
+	"github.com/juliengk/go-utils"
+	"github.com/juliengk/go-utils/json"
+	"github.com/kassisol/hbm/docker/allow/types"
+	policyobj "github.com/kassisol/hbm/object/policy"
+	"github.com/kassisol/hbm/version"
+)
+
+func VolumeCreate(req authorization.Request, config *types.Config) *types.AllowResult {
+	vol := &volume.VolumesCreateBody{}
+
+	err := json.Decode(req.RequestBody, vol)
+	if err != nil {
+		return &types.AllowResult{Allow: false, Error: err.Error()}
+	}
+
+	defer utils.RecoverFunc()
+
+	l, _ := log.NewDriver("standard", nil)
+
+	p, err := policyobj.New("sqlite", config.AppPath)
+	if err != nil {
+		l.WithFields(driver.Fields{
+			"storagedriver": "sqlite",
+			"logdriver":     "standard",
+			"version":       version.Version,
+		}).Fatal(err)
+	}
+	defer p.End()
+
+	if len(vol.Driver) > 0 {
+		if !p.Validate(config.Username, "volumedriver", vol.Driver, "") {
+			return &types.AllowResult{Allow: false, Msg: fmt.Sprintf("Volume driver %s is not allowed", vol.Driver)}
+		}
+	}
+
+	if len(vol.DriverOpts) > 0 {
+		for k, v := range vol.DriverOpts {
+			if vol.Driver == "local" && k == "type" && v == "tmpfs" {
+				if !p.Validate(config.Username, "config", "container_create_param_tmpfs", "") {
+					return &types.AllowResult{Allow: false, Msg: "--tmpfs param is not allowed"}
+				}
+			}
+		}
+	}
+
+	return &types.AllowResult{Allow: true}
+}
diff --git a/docker/endpoint/endpoint.go b/docker/endpoint/endpoint.go
@@ -58,7 +58,7 @@ func GetUris() *uri.URIs {
 	uris.Register("POST", `^/networks/prune`, allow.True, "network_prune", "network prune", "Delete unused networks")
 
 	uris.Register("GET", `^/volumes$`, allow.True, "volume_list", "volume ls", "List volumes")
-	uris.Register("POST", `^/volumes/create`, allow.True, "volume_create", "volume create", "Create a volume")
+	uris.Register("POST", `^/volumes/create`, allow.VolumeCreate, "volume_create", "volume create", "Create a volume")
 	uris.Register("GET", `^/volumes/(.+)`, allow.True, "volume_inspect", "volume inspect", "Inspect a volume")
 	uris.Register("DELETE", `^/volumes/(.+)`, allow.True, "volume_remove", "volume rm", "Instruct the driver to remove the volume")
 	uris.Register("POST", `^/volumes/prune`, allow.True, "volume_prune", "volume prune", "Delete unused volumes")
diff --git a/docker/resource/driver/volumedriver/volumedriver.go b/docker/resource/driver/volumedriver/volumedriver.go
@@ -0,0 +1,28 @@
+package volumedriver
+
+import (
+	"github.com/kassisol/hbm/docker/resource"
+	"github.com/kassisol/hbm/docker/resource/driver"
+)
+
+type Config struct{}
+
+func init() {
+	resource.RegisterDriver("volumedriver", New)
+}
+
+func New() (driver.Resourcer, error) {
+	return &Config{}, nil
+}
+
+func (c *Config) List() interface{} {
+	return []string{}
+}
+
+func (c *Config) Valid(value string) error {
+	return nil
+}
+
+func (c *Config) ValidOptions(options map[string]string) error {
+	return nil
+}
diff --git a/docs/reference/commandline/resource_add.md b/docs/reference/commandline/resource_add.md
@@ -18,7 +18,7 @@ Usage:
 
 Flags:
   -o, --option value   Specify options (default [])
-  -t, --type string    Set resource type (action|capability|config|device|dns|image|logdriver|logopt|plugin|port|registry|volume) (default "action")
+  -t, --type string    Set resource type (action|capability|config|device|dns|image|logdriver|logopt|plugin|port|registry|volume|volumedriver) (default "action")
   -v, --value string   Set resource value
 ```
 
@@ -359,6 +359,25 @@ NAME                TYPE                VALUE                  OPTION
 resource1           volume              /path/to/dir1
 ```
 
+---
+### Volume Driver
+#### Type
+`volumedriver`
+
+#### Value
+Any volume driver
+
+#### Option
+
+#### Examples
+
+```bash
+# hbm resource add --type volumedriver --value kassisol/gitvol resource1
+# hbm resource ls -f "type=volumedriver"
+NAME                TYPE                VALUE                  OPTION              COLLECTIONS
+resource1           volumedriver        kassisol/gitvol
+```
+
 ## Related information
 
 * [resource_find](resource_find.md)

Original file line number	Diff line number	Diff line change
`@@ -89,6 +89,12 @@ func ContainerCreate(req authorization.Request, config types.Config) types.All`
`89`	`89`	`}`
`90`	`90`	`}`
`91`	`91`
	`92`	`+ if len(cc.HostConfig.VolumeDriver) > 0 {`
	`93`	`+ if !p.Validate(config.Username, "volumedriver", cc.HostConfig.VolumeDriver, "") {`
	`94`	`+ return &types.AllowResult{Allow: false, Msg: fmt.Sprintf("Volume driver %s is not allowed", cc.HostConfig.VolumeDriver)}`
	`95`	`+ }`
	`96`	`+ }`
	`97`	`+`
`92`	`98`	`if len(cc.HostConfig.CapAdd) > 0 {`
`93`	`99`	`for _, c := range cc.HostConfig.CapAdd {`
`94`	`100`	`if !p.Validate(config.Username, "capability", c, "") {`