Merge pull request #1365 from LeoQuote/readonly-hostpath

Author: Vlatombe

src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplateBuilder.java

@@ -51,6 +51,7 @@
 import org.csanchez.jenkins.plugins.kubernetes.model.TemplateEnvVar;
 import org.csanchez.jenkins.plugins.kubernetes.pipeline.PodTemplateStepExecution;
 import org.csanchez.jenkins.plugins.kubernetes.pod.decorator.PodDecorator;
+import org.csanchez.jenkins.plugins.kubernetes.volumes.HostPathVolume;
 import org.csanchez.jenkins.plugins.kubernetes.volumes.PodVolume;
 import org.csanchez.jenkins.plugins.kubernetes.volumes.ConfigMapVolume;
 import org.kohsuke.accmod.Restricted;
@@ -196,6 +197,11 @@ public Pod build() {
                         volumeMountBuilder = volumeMountBuilder.withSubPath(normalizePath(subPath));
                     }
                 }
+                if (volume instanceof HostPathVolume) {
+                    final HostPathVolume hostPathVolume = (HostPathVolume) volume;
+                    Boolean readOnly = hostPathVolume.getReadOnly();
+                    volumeMountBuilder = volumeMountBuilder.withReadOnly(readOnly);
+                }
                 volumeMounts.put(mountPath, volumeMountBuilder.build());
                 volumes.put(volumeName, volume.buildVolume(volumeName, podName));
                 i++;

src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodVolumes.java

@@ -40,13 +40,13 @@ protected Object readResolve() {
     @Deprecated
     public static class HostPathVolume extends org.csanchez.jenkins.plugins.kubernetes.volumes.HostPathVolume {
 
-        public HostPathVolume(String hostPath, String mountPath) {
-            super(hostPath, mountPath);
+        public HostPathVolume(String hostPath, String mountPath, Boolean readOnly) {
+            super(hostPath, mountPath, readOnly);
         }
 
         protected Object readResolve() {
             return new org.csanchez.jenkins.plugins.kubernetes.volumes.HostPathVolume(this.getHostPath(),
-                    this.getMountPath());
+                    this.getMountPath(), this.getReadOnly());
         }
     }
 

src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes/HostPathVolume.java

@@ -24,6 +24,8 @@
 
 package org.csanchez.jenkins.plugins.kubernetes.volumes;
 
+import edu.umd.cs.findbugs.annotations.CheckForNull;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import org.jenkinsci.Symbol;
 import org.kohsuke.stapler.DataBoundConstructor;
 
@@ -36,10 +38,14 @@ public class HostPathVolume extends PodVolume {
     private String mountPath;
     private String hostPath;
 
+    @CheckForNull
+    private Boolean readOnly;
+
     @DataBoundConstructor
-    public HostPathVolume(String hostPath, String mountPath) {
+    public HostPathVolume(String hostPath, String mountPath, Boolean readOnly) {
         this.hostPath = hostPath;
         this.mountPath = mountPath;
+        this.readOnly = readOnly;
     }
 
     public Volume buildVolume(String volumeName) {
@@ -57,6 +63,11 @@ public String getHostPath() {
         return hostPath;
     }
 
+    @NonNull
+    public Boolean getReadOnly() {
+        return readOnly != null && readOnly;
+    }
+
     @Extension
     @Symbol("hostPathVolume")
     public static class DescriptorImpl extends Descriptor<PodVolume> {

src/main/resources/org/csanchez/jenkins/plugins/kubernetes/volumes/HostPathVolume/config.jelly

@@ -10,4 +10,8 @@
     <f:textbox />
   </f:entry>
 
+  <f:entry title="${%Read Only}" field="readOnly">
+    <f:checkbox />
+  </f:entry>
+
 </j:jelly>

src/main/resources/org/csanchez/jenkins/plugins/kubernetes/volumes/HostPathVolume/help-readOnly.html

@@ -0,0 +1 @@
+Flag for read-only mount, set hostPath mount to readOnly is considered best-practice.

src/test/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplateBuilderTest.java

@@ -289,7 +289,7 @@ public void testBuildFromTemplate(boolean directConnection) throws Exception {
         template.setHostNetwork(false);
 
         List<PodVolume> volumes = new ArrayList<PodVolume>();
-        volumes.add(new HostPathVolume("/host/data", "/container/data"));
+        volumes.add(new HostPathVolume("/host/data", "/container/data", false));
         volumes.add(new EmptyDirVolume("/empty/dir", false));
         template.setVolumes(volumes);
 

src/test/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplateUtilsTest.java

@@ -527,13 +527,13 @@ public void shouldTreatNullEnvFromSouresAsEmpty(boolean parentEnvNull, boolean t
     @Test
     public void shouldCombineAllMounts() {
         PodTemplate template1 = new PodTemplate();
-        HostPathVolume hostPathVolume1 = new HostPathVolume("/host/mnt1", "/container/mnt1");
-        HostPathVolume hostPathVolume2 = new HostPathVolume("/host/mnt2", "/container/mnt2");
+        HostPathVolume hostPathVolume1 = new HostPathVolume("/host/mnt1", "/container/mnt1", false);
+        HostPathVolume hostPathVolume2 = new HostPathVolume("/host/mnt2", "/container/mnt2", false);
         template1.setVolumes(asList(hostPathVolume1, hostPathVolume2));
 
         PodTemplate template2 = new PodTemplate();
-        HostPathVolume hostPathVolume3 = new HostPathVolume("/host/mnt3", "/container/mnt3");
-        HostPathVolume hostPathVolume4 = new HostPathVolume("/host/mnt1", "/container/mnt4");
+        HostPathVolume hostPathVolume3 = new HostPathVolume("/host/mnt3", "/container/mnt3", false);
+        HostPathVolume hostPathVolume4 = new HostPathVolume("/host/mnt1", "/container/mnt4", false);
         template2.setVolumes(asList(hostPathVolume3, hostPathVolume4));
 
         PodTemplate result = combine(template1, template2);