Add volumedriver resource type

docker/allow/container.go

@@ -89,6 +89,12 @@ func ContainerCreate(req authorization.Request, config *types.Config) *types.All
 		}
 	}
 
+	if len(cc.HostConfig.VolumeDriver) > 0 {
+		if !p.Validate(config.Username, "volumedriver", cc.HostConfig.VolumeDriver, "") {
+			return &types.AllowResult{Allow: false, Msg: fmt.Sprintf("Volume driver %s is not allowed", cc.HostConfig.VolumeDriver)}
+		}
+	}
+
 	if len(cc.HostConfig.CapAdd) > 0 {
 		for _, c := range cc.HostConfig.CapAdd {
 			if !p.Validate(config.Username, "capability", c, "") {

docker/allow/volume.go

@@ -0,0 +1,56 @@
+package allow
+
+import (
+	"fmt"
+
+	"github.com/docker/docker/api/types/volume"
+	"github.com/docker/go-plugins-helpers/authorization"
+	"github.com/juliengk/go-log"
+	"github.com/juliengk/go-log/driver"
+	"github.com/juliengk/go-utils"
+	"github.com/juliengk/go-utils/json"
+	"github.com/kassisol/hbm/docker/allow/types"
+	policyobj "github.com/kassisol/hbm/object/policy"
+	"github.com/kassisol/hbm/version"
+)
+
+func VolumeCreate(req authorization.Request, config *types.Config) *types.AllowResult {
+	vol := &volume.VolumesCreateBody{}
+
+	err := json.Decode(req.RequestBody, vol)
+	if err != nil {
+		return &types.AllowResult{Allow: false, Error: err.Error()}
+	}
+
+	defer utils.RecoverFunc()
+
+	l, _ := log.NewDriver("standard", nil)
+
+	p, err := policyobj.New("sqlite", config.AppPath)
+	if err != nil {
+		l.WithFields(driver.Fields{
+			"storagedriver": "sqlite",
+			"logdriver":     "standard",
+			"version":       version.Version,
+		}).Fatal(err)
+	}
+	defer p.End()
+
+	if len(vol.Driver) > 0 {
+		if !p.Validate(config.Username, "volumedriver", vol.Driver, "") {
+			return &types.AllowResult{Allow: false, Msg: fmt.Sprintf("Volume driver %s is not allowed", vol.Driver)}
+		}
+	}
+
+	if len(vol.DriverOpts) > 0 {
+		for k, v := range vol.DriverOpts {
+			if vol.Driver == "local" && k == "type" && v == "tmpfs" {
+				if !p.Validate(config.Username, "config", "container_create_param_tmpfs", "") {
+					return &types.AllowResult{Allow: false, Msg: "--tmpfs param is not allowed"}
+				}
+			}
+		}
+	}
+
+	return &types.AllowResult{Allow: true}
+}

docker/resource/driver/volumedriver/volumedriver.go

@@ -0,0 +1,28 @@
+package volumedriver
+
+import (
+	"github.com/kassisol/hbm/docker/resource"
+	"github.com/kassisol/hbm/docker/resource/driver"
+)
+
+type Config struct{}
+
+func init() {
+	resource.RegisterDriver("volumedriver", New)
+}
+
+func New() (driver.Resourcer, error) {
+	return &Config{}, nil
+}
+
+func (c *Config) List() interface{} {
+	return []string{}
+}
+
+func (c *Config) Valid(value string) error {
+	return nil
+}
+
+func (c *Config) ValidOptions(options map[string]string) error {
+	return nil
+}

docs/reference/commandline/resource_add.md

@@ -18,7 +18,7 @@ Usage:
 
 Flags:
   -o, --option value   Specify options (default [])
-  -t, --type string    Set resource type (action|capability|config|device|dns|image|logdriver|logopt|plugin|port|registry|volume) (default "action")
+  -t, --type string    Set resource type (action|capability|config|device|dns|image|logdriver|logopt|plugin|port|registry|volume|volumedriver) (default "action")
   -v, --value string   Set resource value
 ```
 
@@ -359,6 +359,25 @@ NAME                TYPE                VALUE                  OPTION
 resource1           volume              /path/to/dir1
 ```
 
+---
+### Volume Driver
+#### Type
+`volumedriver`
+
+#### Value
+Any volume driver
+
+#### Option
+
+#### Examples
+
+```bash
+# hbm resource add --type volumedriver --value kassisol/gitvol resource1
+# hbm resource ls -f "type=volumedriver"
+NAME                TYPE                VALUE                  OPTION              COLLECTIONS
+resource1           volumedriver        kassisol/gitvol
+```
+
 ## Related information
 
 * [resource_find](resource_find.md)