Ignores :z or :Z when passed in as a volume string

We're going to ignore :z / :Z for labeling aka SELinux when being passed in via Docker Compose. Closes https://github.com/kubernetes-incubator/kompose/issues/176
2017-01-20 15:20:41 -05:00 · 2017-01-20 15:20:41 -05:00 · b8006d0620
commit b8006d0620
parent 99c1a79fbd
3 changed files with 35 additions and 2 deletions
--- a/pkg/transformer/kubernetes/kubernetes.go
+++ b/pkg/transformer/kubernetes/kubernetes.go
@ -321,12 +321,15 @@ func (k *Kubernetes) ConfigVolumes(name string, service kobject.ServiceConfig) (

 	var count int
 	for _, volume := range service.Volumes {
+
 		volumeName, host, container, mode, err := transformer.ParseVolume(volume)
 		if err != nil {
 			logrus.Warningf("Failed to configure container volume: %v", err)
 			continue
 		}

+		logrus.Debug("Volume name %s", volumeName)
+
 		// check if ro/rw mode is defined, default rw
 		readonly := len(mode) > 0 && mode == "ro"

--- a/pkg/transformer/utils.go
+++ b/pkg/transformer/utils.go
@ -62,23 +62,41 @@ func CreateOutFile(out string) *os.File {
 // ParseVolume parses a given volume, which might be [name:][host:]container[:access_mode]
 func ParseVolume(volume string) (name, host, container, mode string, err error) {
 	separator := ":"
+
+	// Parse based on ":"
 	volumeStrings := strings.Split(volume, separator)
 	if len(volumeStrings) == 0 {
 		return
 	}
+
 	// Set name if existed
 	if !isPath(volumeStrings[0]) {
 		name = volumeStrings[0]
 		volumeStrings = volumeStrings[1:]
 	}
+
+	// Check if *anything* has been passed
 	if len(volumeStrings) == 0 {
 		err = fmt.Errorf("invalid volume format: %s", volume)
 		return
 	}
-	if volumeStrings[len(volumeStrings)-1] == "rw" || volumeStrings[len(volumeStrings)-1] == "ro" {
-		mode = volumeStrings[len(volumeStrings)-1]
+
+	// Get the last ":" passed which is presumingly the "access mode"
+	possibleAccessMode := volumeStrings[len(volumeStrings)-1]
+
+	// Check to see if :Z or :z exists. We do not support SELinux relabeling at the moment.
+	// See https://github.com/kubernetes-incubator/kompose/issues/176
+	// Otherwise, check to see if "rw" or "ro" has been passed
+	if possibleAccessMode == "z" || possibleAccessMode == "Z" {
+		logrus.Warnf("Volume mount \"%s\" will be mounted without labeling support. :z or :Z not supported", volume)
+		mode = ""
+		volumeStrings = volumeStrings[:len(volumeStrings)-1]
+	} else if possibleAccessMode == "rw" || possibleAccessMode == "ro" {
+		mode = possibleAccessMode
 		volumeStrings = volumeStrings[:len(volumeStrings)-1]
 	}
+
+	// Check the volume format as well as host
 	container = volumeStrings[len(volumeStrings)-1]
 	volumeStrings = volumeStrings[:len(volumeStrings)-1]
 	if len(volumeStrings) == 1 {
--- a/pkg/transformer/utils_test.go
+++ b/pkg/transformer/utils_test.go
@ -21,6 +21,18 @@ import (
 	"testing"
 )

+// When passing "z" or "Z" we expect "" back.
+func TestZParseVolumeLabeling(t *testing.T) {
+	testCase := "/foobar:/foobar:Z"
+	_, _, _, mode, err := ParseVolume(testCase)
+	if err != nil {
+		t.Errorf("In test case %q, returned unexpected error %v", testCase, err)
+	}
+	if mode != "" {
+		t.Errorf("In test case %q, returned mode %s, expected \"\"", testCase, mode)
+	}
+}
+
 func TestParseVolume(t *testing.T) {
 	name1 := "datavolume"
 	host1 := "./cache"