From 1b9378d92317155ef3bda73ff6bdbe485d70735c Mon Sep 17 00:00:00 2001 From: Martin Braun Date: Mon, 7 Oct 2024 15:16:53 +0200 Subject: [PATCH] add featureflag to check volume ownership via prefix instead of volume labels to have this work with volume drivers that dont support labels --- swarmgate/routes.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/swarmgate/routes.ts b/swarmgate/routes.ts index 1e56563..918172e 100644 --- a/swarmgate/routes.ts +++ b/swarmgate/routes.ts @@ -12,6 +12,7 @@ const KNOWN_VOLUME_TYPES = ['bind', 'volume', 'tmpfs', 'npipe', 'cluster']; const ALLOWED_VOLUME_TYPES = process.env.ALLOWED_VOLUME_TYPES?.split(',') || ['bind', 'volume', 'tmpfs', 'npipe', 'cluster']; const ALLOW_PORT_EXPOSE = process.env.ALLOW_PORT_EXPOSE === '1' || process.env.ALLOW_PORT_EXPOSE === 'true'; const SERVICE_ALLOW_LISTED_NETWORKS = process.env.SERVICE_ALLOW_LISTED_NETWORKS?.split(',') || []; +const CHECK_VOLUME_OWNERSHIP_VIA_PREFIX = (process.env.CHECK_VOLUME_OWNERSHIP_VIA_PREFIX || 'false') === 'false'; const tenantLabel = "com.github.neuroforgede.swarmgate.tenant"; @@ -958,6 +959,9 @@ export function setupRoutes(tenantLabelValue: string) { // volume code function isVolumeOwned(volume: Docker.VolumeInspectInfo): boolean { + if(CHECK_VOLUME_OWNERSHIP_VIA_PREFIX) { + return volume.Name.startsWith(tenantLabelValue); + } return !!(volume.Labels && volume.Labels[tenantLabel] == tenantLabelValue); }