Skip to content

Commit

Permalink
Mark Downward API VolumeMount as readonly.
Browse files Browse the repository at this point in the history 
This is effectively a no-op change, since the Downwards API Volume is
already readonly. This simply updates the VolumeMount to also mark the
volume as read-only for completeness.
  • Loading branch information
@wlynch
wlynch committed Sep 16, 2021
1 parent adaae90 commit c028b41
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 13 deletions.
3 changes: 3 additions & 0 deletions pkg/pod/entrypoint.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,9 @@ var (
downwardMount = corev1.VolumeMount{
Name: downwardVolumeName,
MountPath: downwardMountPoint,
// Marking this volume mountreadonly is technically redundant,
// since the volume itself is readonly, but including for completeness.
ReadOnly: true,
}
)

Expand Down
26 changes: 13 additions & 13 deletions pkg/reconciler/taskrun/taskrun_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -508,7 +508,7 @@ func TestReconcile_ExplicitDefaultSA(t *testing.T) {
"--",
),
tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward", func(vm *corev1.VolumeMount) { vm.ReadOnly = true }),
tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
tb.VolumeMount("tekton-internal-workspace", workspaceDir),
tb.VolumeMount("tekton-internal-home", "/tekton/home"),
Expand Down Expand Up @@ -557,7 +557,7 @@ func TestReconcile_ExplicitDefaultSA(t *testing.T) {
"--",
),
tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward", func(vm *corev1.VolumeMount) { vm.ReadOnly = true }),
tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
tb.VolumeMount("tekton-internal-workspace", workspaceDir),
tb.VolumeMount("tekton-internal-home", "/tekton/home"),
Expand Down Expand Up @@ -696,7 +696,7 @@ func TestReconcile_FeatureFlags(t *testing.T) {
),
tb.EnvVar("foo", "bar"),
tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward", func(vm *corev1.VolumeMount) { vm.ReadOnly = true }),
tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
tb.VolumeMount("tekton-internal-workspace", workspaceDir),
tb.VolumeMount("tekton-internal-home", "/tekton/home"),
Expand Down Expand Up @@ -746,7 +746,7 @@ func TestReconcile_FeatureFlags(t *testing.T) {
"--",
),
tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward", func(vm *corev1.VolumeMount) { vm.ReadOnly = true }),
tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
tb.VolumeMount("tekton-internal-workspace", workspaceDir),
tb.VolumeMount("tekton-internal-home", "/tekton/home"),
Expand Down Expand Up @@ -1101,7 +1101,7 @@ func TestReconcile(t *testing.T) {
"--",
),
tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward", func(vm *corev1.VolumeMount) { vm.ReadOnly = true }),
tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
tb.VolumeMount("tekton-internal-workspace", workspaceDir),
tb.VolumeMount("tekton-internal-home", "/tekton/home"),
Expand Down Expand Up @@ -1153,7 +1153,7 @@ func TestReconcile(t *testing.T) {
"--",
),
tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward", func(vm *corev1.VolumeMount) { vm.ReadOnly = true }),
tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
tb.VolumeMount("tekton-internal-workspace", workspaceDir),
tb.VolumeMount("tekton-internal-home", "/tekton/home"),
Expand Down Expand Up @@ -1234,7 +1234,7 @@ func TestReconcile(t *testing.T) {
"-p",
"/workspace/output/myimage"),
tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward", func(vm *corev1.VolumeMount) { vm.ReadOnly = true }),
tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
tb.VolumeMount("tekton-internal-workspace", workspaceDir),
tb.VolumeMount("tekton-internal-home", "/tekton/home"),
Expand Down Expand Up @@ -1399,7 +1399,7 @@ func TestReconcile(t *testing.T) {
tb.EnvVar("HOME", "/tekton/home"),
tb.WorkingDir("/workspace"),
tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward", func(vm *corev1.VolumeMount) { vm.ReadOnly = true }),
tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
tb.VolumeMount("tekton-internal-workspace", workspaceDir),
tb.VolumeMount("tekton-internal-home", "/tekton/home"),
Expand Down Expand Up @@ -1474,7 +1474,7 @@ func TestReconcile(t *testing.T) {
"--",
),
tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward", func(vm *corev1.VolumeMount) { vm.ReadOnly = true }),
tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
tb.VolumeMount("tekton-internal-workspace", workspaceDir),
tb.VolumeMount("tekton-internal-home", "/tekton/home"),
Expand Down Expand Up @@ -1536,7 +1536,7 @@ func TestReconcile(t *testing.T) {
tb.EnvVar("HOME", "/tekton/home"),
tb.WorkingDir("/workspace"),
tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward", func(vm *corev1.VolumeMount) { vm.ReadOnly = true }),
tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
tb.VolumeMount("tekton-internal-workspace", workspaceDir),
tb.VolumeMount("tekton-internal-home", "/tekton/home"),
Expand Down Expand Up @@ -1609,7 +1609,7 @@ func TestReconcile(t *testing.T) {
"/mycmd",
"--"),
tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward", func(vm *corev1.VolumeMount) { vm.ReadOnly = true }),
tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
tb.VolumeMount("tekton-internal-workspace", workspaceDir),
tb.VolumeMount("tekton-internal-home", "/tekton/home"),
Expand Down Expand Up @@ -1660,7 +1660,7 @@ func TestReconcile(t *testing.T) {
"/mycmd /tekton/creds",
"--"),
tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward", func(vm *corev1.VolumeMount) { vm.ReadOnly = true }),
tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
tb.VolumeMount("tekton-internal-workspace", workspaceDir),
tb.VolumeMount("tekton-internal-home", "/tekton/home"),
Expand Down Expand Up @@ -1712,7 +1712,7 @@ func TestReconcile(t *testing.T) {
"--",
),
tb.VolumeMount("tekton-internal-tools", "/tekton/tools"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward"),
tb.VolumeMount("tekton-internal-downward", "/tekton/downward", func(vm *corev1.VolumeMount) { vm.ReadOnly = true }),
tb.VolumeMount("tekton-creds-init-home-0", "/tekton/creds"),
tb.VolumeMount("tekton-internal-workspace", workspaceDir),
tb.VolumeMount("tekton-internal-home", "/tekton/home"),
Expand Down

0 comments on commit c028b41

Please sign in to comment.