Merge pull request #82 from joekhoobyar/configmap-volumes

feat: Add support for config_map volumes

engine/compiler/compiler.go

@@ -593,6 +593,15 @@ func (c *Compiler) Compile(ctx context.Context, args runtime.CompilerArgs) runti
 				ClaimName: v.Claim.ClaimName,
 				ReadOnly:  v.Claim.ReadOnly,
 			}
+		} else if v.ConfigMap != nil {
+			src.ConfigMap = &engine.VolumeConfigMap{
+				ID:            id,
+				Name:          v.Name,
+				ConfigMapName: v.ConfigMap.ConfigMapName,
+				Optional:      v.ConfigMap.Optional,
+				DefaultMode:   v.ConfigMap.DefaultMode,
+			}
+
 		} else {
 			continue
 		}

engine/convert.go

@@ -131,6 +131,22 @@ func toVolumes(spec *Spec) []v1.Volume {
 			volumes = append(volumes, volume)
 		}
 
+		if v.ConfigMap != nil {
+			volume := v1.Volume{
+				Name: v.ConfigMap.ID,
+				VolumeSource: v1.VolumeSource{
+					ConfigMap: &v1.ConfigMapVolumeSource{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: v.ConfigMap.ConfigMapName,
+						},
+						Optional:    &v.ConfigMap.Optional,
+						DefaultMode: &v.ConfigMap.DefaultMode,
+					},
+				},
+			}
+			volumes = append(volumes, volume)
+		}
+
 		if v.DownwardAPI != nil {
 			var items []v1.DownwardAPIVolumeFile
 
@@ -358,6 +374,10 @@ func lookupVolumeID(spec *Spec, name string) (string, bool) {
 			return v.Claim.ID, true
 		}
 
+		if v.ConfigMap != nil && v.ConfigMap.Name == name {
+			return v.ConfigMap.ID, true
+		}
+
 		if v.DownwardAPI != nil && v.DownwardAPI.Name == name {
 			return v.DownwardAPI.ID, true
 		}

engine/linter/linter.go

@@ -147,6 +147,12 @@ func checkVolumes(pipeline *resource.Pipeline, trusted bool) error {
 				return err
 			}
 		}
+		if volume.ConfigMap != nil {
+			err := checkConfigMapVolume(volume.ConfigMap, trusted)
+			if err != nil {
+				return err
+			}
+		}
 		switch volume.Name {
 		case "":
 			return fmt.Errorf("linter: missing volume name")
@@ -171,6 +177,13 @@ func checkClaimVolume(volume *resource.VolumeClaim, trusted bool) error {
 	return nil
 }
 
+func checkConfigMapVolume(volume *resource.VolumeConfigMap, trusted bool) error {
+	if trusted == false {
+		return errors.New("linter: untrusted repositories cannot mount configMap volumes")
+	}
+	return nil
+}
+
 func checkEmptyDirVolume(volume *resource.VolumeEmptyDir, trusted bool) error {
 	if trusted == false && volume.Medium == "memory" {
 		return errors.New("linter: untrusted repositories cannot mount in-memory volumes")

engine/linter/linter_test.go

@@ -64,6 +64,19 @@ func TestLint(t *testing.T) {
 			trusted: true,
 			invalid: false,
 		},
+		// user should not be able to mount configmap
+		// volumes unless the repository is trusted.
+		{
+			path:    "testdata/volume_configmap.yml",
+			trusted: false,
+			invalid: true,
+			message: "linter: untrusted repositories cannot mount configMap volumes",
+		},
+		{
+			path:    "testdata/volume_configmap.yml",
+			trusted: true,
+			invalid: false,
+		},
 		// user should not be able to mount persistent volume claims
 		// volumes unless the repository is trusted.
 		{

engine/linter/testdata/volume_configmap.yml

@@ -0,0 +1,35 @@
+kind: pipeline
+type: kubernetes
+name: default
+
+clone:
+  disable: true
+
+steps:
+- name: write
+  pull: if-not-exists
+  image: alpine
+  volumes:
+  - name: shared
+    path: /shared
+  commands:
+  - pwd
+  - echo "hello" > /shared/greetings.txt
+
+- name: read
+  pull: if-not-exists
+  image: alpine
+  volumes:
+  - name: shared
+    path: /shared
+  commands:
+  - pwd
+  - ls /shared
+  - cat /shared/greetings.txt
+
+volumes:
+- name: shared
+  config_map:
+    name: received-data-claim
+    default_mode: 420
+    optional: false

engine/resource/pipeline.go

@@ -143,10 +143,11 @@ type (
 
 	// Volume that can be mounted by containers.
 	Volume struct {
-		Name     string          `json:"name,omitempty"`
-		EmptyDir *VolumeEmptyDir `json:"temp,omitempty" yaml:"temp"`
-		HostPath *VolumeHostPath `json:"host,omitempty" yaml:"host"`
-		Claim    *VolumeClaim    `json:"claim,omitempty" yaml:"claim"`
+		Name      string           `json:"name,omitempty"`
+		EmptyDir  *VolumeEmptyDir  `json:"temp,omitempty" yaml:"temp"`
+		HostPath  *VolumeHostPath  `json:"host,omitempty" yaml:"host"`
+		Claim     *VolumeClaim     `json:"claim,omitempty" yaml:"claim"`
+		ConfigMap *VolumeConfigMap `json:"config_map,omitempty" yaml:"config_map"`
 	}
 
 	// VolumeMount describes a mounting of a Volume
@@ -178,6 +179,14 @@ type (
 		ReadOnly  bool   `json:"read_only,omitempty" yaml:"read_only"`
 	}
 
+	// VolumeConfigMap mounts a Kubernetes configmap into the container.
+	// persistentVolumeClaim.
+	VolumeConfigMap struct {
+		ConfigMapName string `json:"name,omitempty" yaml:"name"`
+		DefaultMode   int32  `json:"default_mode,omitempty" yaml:"default_mode"`
+		Optional      bool   `json:"optional,omitempty" yaml:"optional"`
+	}
+
 	// Workspace represents the pipeline workspace configuration.
 	Workspace struct {
 		Path string `json:"path,omitempty"`

engine/spec.go

@@ -102,6 +102,7 @@ type (
 		HostPath    *VolumeHostPath    `json:"host,omitempty"`
 		DownwardAPI *VolumeDownwardAPI `json:"downward_api,omitempty"`
 		Claim       *VolumeClaim       `json:"claim,omitempty"`
+		ConfigMap   *VolumeConfigMap   `json:"config_map,omitempty"`
 	}
 
 	// VolumeMount describes a mounting of a Volume
@@ -150,6 +151,15 @@ type (
 		ReadOnly  bool   `json:"read_only,omitempty"`
 	}
 
+	// VolumeConfigMap ...
+	VolumeConfigMap struct {
+		ID            string `json:"id,omitempty"`
+		Name          string `json:"name,omitempty"`
+		ConfigMapName string `json:"config_map_name,omitempty"`
+		DefaultMode   int32  `json:"default_mode,omitempty"`
+		Optional      bool   `json:"optional,omitempty"`
+	}
+
 	// Resources describes the compute resource requirements.
 	Resources struct {
 		Limits   ResourceObject `json:"limits,omitempty"`