Skip to content

Commit

Permalink
add featureflag to check volume ownership via prefix instead of volum…
Browse files Browse the repository at this point in the history
…e labels to have this work with volume drivers that dont support labels
  • Loading branch information
s4ke committed Oct 7, 2024
1 parent c72074b commit 1b9378d
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions swarmgate/routes.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ const KNOWN_VOLUME_TYPES = ['bind', 'volume', 'tmpfs', 'npipe', 'cluster'];
const ALLOWED_VOLUME_TYPES = process.env.ALLOWED_VOLUME_TYPES?.split(',') || ['bind', 'volume', 'tmpfs', 'npipe', 'cluster'];
const ALLOW_PORT_EXPOSE = process.env.ALLOW_PORT_EXPOSE === '1' || process.env.ALLOW_PORT_EXPOSE === 'true';
const SERVICE_ALLOW_LISTED_NETWORKS = process.env.SERVICE_ALLOW_LISTED_NETWORKS?.split(',') || [];
const CHECK_VOLUME_OWNERSHIP_VIA_PREFIX = (process.env.CHECK_VOLUME_OWNERSHIP_VIA_PREFIX || 'false') === 'false';

const tenantLabel = "com.github.neuroforgede.swarmgate.tenant";

Expand Down Expand Up @@ -958,6 +959,9 @@ export function setupRoutes(tenantLabelValue: string) {
// volume code

function isVolumeOwned(volume: Docker.VolumeInspectInfo): boolean {
if(CHECK_VOLUME_OWNERSHIP_VIA_PREFIX) {
return volume.Name.startsWith(tenantLabelValue);
}
return !!(volume.Labels && volume.Labels[tenantLabel] == tenantLabelValue);
}

Expand Down

0 comments on commit 1b9378d

Please sign in to comment.