chore: Support multiple subpath mounts for a single PVC

Signed-off-by: Anatolii Bazko <abazko@redhat.com>

Author: tolusha

docs/additional-configuration.adoc

@@ -141,7 +141,16 @@ By default, resources will be mounted based on the resource name:
 Mounting resources can be additionally configured via **annotations**:
 
 * `controller.devfile.io/mount-path`: configure where the resource should be mounted
-* `controller.devfile.io/mount-sub-path`: for persistent volume claims only, configure a subpath within the PVC to mount instead of its root
++
+For persistent volume claims, `controller.devfile.io/mount-path` also supports a JSON array to mount multiple subdirectories at different paths:
++
+[source,yaml]
+----
+annotations:
+  controller.devfile.io/mount-path: '[{"path":"/var/logs","subPath":"data/logs"},{"path":"/etc/config","subPath":"data/config"}]'
+----
++
+Each entry requires a `path` field (the container mount path) and an optional `subPath` field (the subdirectory within the PVC). An empty or missing annotation falls back to `/tmp/<pvc-name>`.
 * `controller.devfile.io/mount-access-mode`: for secrets and configmaps only, configure file permissions on files mounted from this configmap/secret. Permissions can be specified in decimal (e.g. `"511"`) or octal notation by prefixing with a "0" (e.g. `"0777"`)
 * `controller.devfile.io/mount-as`: for secrets and configmaps only, configure how the resource should be mounted to the workspace
 +

pkg/constants/metadata.go

@@ -121,12 +121,6 @@ const (
 	// read-write. Automounted configmaps and secrets are always mounted read-only and this annotation is ignored.
 	DevWorkspaceMountReadyOnlyAnnotation = "controller.devfile.io/read-only"
 
-	// DevWorkspaceMountSubPathAnnotation is an annotation to configure a subPath for a mounted PVC volume.
-	// When set on a PVC with the automount label, the volume mount will use the specified subPath,
-	// allowing a subdirectory within the PVC to be mounted instead of the root.
-	// This annotation is only used for PersistentVolumeClaims.
-	DevWorkspaceMountSubPathAnnotation = "controller.devfile.io/mount-sub-path"
-
 	// DevWorkspaceRestrictedAccessAnnotation marks the intention that devworkspace access is restricted to only the creator; setting this
 	// annotation will cause devworkspace start to fail if webhooks are disabled.
 	// Operator also propagates it to the devworkspace-related objects to perform authorization.

pkg/provision/automount/pvcs.go

@@ -16,16 +16,51 @@
 package automount
 
 import (
+	"encoding/json"
+	"fmt"
 	"path"
+	"strings"
 
-	"github.com/devfile/devworkspace-operator/pkg/provision/sync"
 	corev1 "k8s.io/api/core/v1"
 	k8sclient "sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/devfile/devworkspace-operator/pkg/common"
 	"github.com/devfile/devworkspace-operator/pkg/constants"
+	"github.com/devfile/devworkspace-operator/pkg/provision/sync"
 )
 
+type mountPathEntry struct {
+	Path    string `json:"path"`
+	SubPath string `json:"subPath,omitempty"`
+}
+
+func parseMountPathAnnotation(annotation string, pvcName string) ([]mountPathEntry, error) {
+	if annotation == "" {
+		return []mountPathEntry{{Path: path.Join("/tmp/", pvcName)}}, nil
+	}
+
+	if !strings.HasPrefix(annotation, "[") {
+		return []mountPathEntry{{Path: annotation}}, nil
+	}
+
+	var entries []mountPathEntry
+	if err := json.Unmarshal([]byte(annotation), &entries); err != nil {
+		return nil, fmt.Errorf("failed to parse mount-path annotation on PVC %s: %w", pvcName, err)
+	}
+
+	if len(entries) == 0 {
+		return []mountPathEntry{{Path: path.Join("/tmp/", pvcName)}}, nil
+	}
+
+	for i, entry := range entries {
+		if entry.Path == "" {
+			return nil, fmt.Errorf("mount-path annotation on PVC %s: entry %d is missing required field 'path'", pvcName, i)
+		}
+	}
+
+	return entries, nil
+}
+
 func getAutoMountPVCs(namespace string, api sync.ClusterAPI) (*Resources, error) {
 	pvcs := &corev1.PersistentVolumeClaimList{}
 	if err := api.Client.List(api.Ctx, pvcs, k8sclient.InNamespace(namespace), k8sclient.MatchingLabels{
@@ -40,16 +75,7 @@ func getAutoMountPVCs(namespace string, api sync.ClusterAPI) (*Resources, error)
 	var volumes []corev1.Volume
 	var volumeMounts []corev1.VolumeMount
 	for _, pvc := range pvcs.Items {
-		mountPath := pvc.Annotations[constants.DevWorkspaceMountPathAnnotation]
-		subPath := pvc.Annotations[constants.DevWorkspaceMountSubPathAnnotation]
-		if mountPath == "" {
-			mountPath = path.Join("/tmp/", pvc.Name)
-		}
-
-		mountReadOnly := false
-		if pvc.Annotations[constants.DevWorkspaceMountReadyOnlyAnnotation] == "true" {
-			mountReadOnly = true
-		}
+		mountReadOnly := pvc.Annotations[constants.DevWorkspaceMountReadyOnlyAnnotation] == "true"
 
 		volumes = append(volumes, corev1.Volume{
 			Name: common.AutoMountPVCVolumeName(pvc.Name),
@@ -60,11 +86,19 @@ func getAutoMountPVCs(namespace string, api sync.ClusterAPI) (*Resources, error)
 				},
 			},
 		})
-		volumeMounts = append(volumeMounts, corev1.VolumeMount{
-			Name:      common.AutoMountPVCVolumeName(pvc.Name),
-			MountPath: mountPath,
-			SubPath:   subPath,
-		})
+
+		mountPathEntries, err := parseMountPathAnnotation(pvc.Annotations[constants.DevWorkspaceMountPathAnnotation], pvc.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, entry := range mountPathEntries {
+			volumeMounts = append(volumeMounts, corev1.VolumeMount{
+				Name:      common.AutoMountPVCVolumeName(pvc.Name),
+				MountPath: entry.Path,
+				SubPath:   entry.SubPath,
+			})
+		}
 	}
 	return &Resources{
 		Volumes:      volumes,

pkg/provision/automount/testdata/testProvisionsPVCWithEmptyArray.yaml

@@ -0,0 +1,28 @@
+name: Provisions automount PVC with empty array falls back to default mount path
+
+input:
+  pvcs:
+    -
+      apiVersion: v1
+      kind: PersistentVolumeClaim
+      metadata:
+        name: test-pvc
+        labels:
+          controller.devfile.io/mount-to-devworkspace: "true"
+        annotations:
+          controller.devfile.io/mount-path: '[]'
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+
+output:
+  volumes:
+  - name: test-pvc
+    persistentVolumeClaim:
+      claimName: test-pvc
+  volumeMounts:
+  - name: test-pvc
+    mountPath: /tmp/test-pvc

pkg/provision/automount/testdata/testProvisionsPVCWithInvalidMountPathJSON.yaml

@@ -0,0 +1,22 @@
+name: Returns error for invalid JSON in mount-path annotation
+
+input:
+  pvcs:
+    -
+      apiVersion: v1
+      kind: PersistentVolumeClaim
+      metadata:
+        name: test-pvc
+        labels:
+          controller.devfile.io/mount-to-devworkspace: "true"
+        annotations:
+          controller.devfile.io/mount-path: '[{"path":"/data"'
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+
+output:
+  errRegexp: "failed to parse mount-path annotation on PVC test-pvc"

pkg/provision/automount/testdata/testProvisionsPVCWithMissingPathField.yaml

@@ -0,0 +1,22 @@
+name: Returns error when path field is missing in mount-path JSON entry
+
+input:
+  pvcs:
+    -
+      apiVersion: v1
+      kind: PersistentVolumeClaim
+      metadata:
+        name: test-pvc
+        labels:
+          controller.devfile.io/mount-to-devworkspace: "true"
+        annotations:
+          controller.devfile.io/mount-path: '[{"subPath":"data/logs"}]'
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+
+output:
+  errRegexp: "mount-path annotation on PVC test-pvc: entry 0 is missing required field 'path'"

pkg/provision/automount/testdata/testProvisionsPVCWithMultipleSubPaths.yaml

@@ -0,0 +1,32 @@
+name: Provisions automount PVC with multiple subpath mounts via JSON array
+
+input:
+  pvcs:
+    -
+      apiVersion: v1
+      kind: PersistentVolumeClaim
+      metadata:
+        name: test-pvc
+        labels:
+          controller.devfile.io/mount-to-devworkspace: "true"
+        annotations:
+          controller.devfile.io/mount-path: '[{"path":"/var/logs","subPath":"data/logs"},{"path":"/etc/config","subPath":"data/config"}]'
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+
+output:
+  volumes:
+  - name: test-pvc
+    persistentVolumeClaim:
+      claimName: test-pvc
+  volumeMounts:
+  - name: test-pvc
+    mountPath: /var/logs
+    subPath: data/logs
+  - name: test-pvc
+    mountPath: /etc/config
+    subPath: data/config

…ata/testProvisionsPVCWithoutSubPath.yaml …ta/testProvisionsPVCWithSingleMount.yamlpkg/provision/automount/testdata/testProvisionsPVCWithoutSubPath.yaml renamed to pkg/provision/automount/testdata/testProvisionsPVCWithSingleMount.yaml pkg/provision/automount/testdata/testProvisionsPVCWithoutSubPath.yaml renamed to pkg/provision/automount/testdata/testProvisionsPVCWithSingleMount.yaml

@@ -1,4 +1,4 @@
-name: Provisions automount PVC without subPath
+name: Provisions automount PVC with plain string mount-path
 
 input:
   pvcs:

…stdata/testProvisionsPVCWithSubPath.yaml …ProvisionsPVCWithSingleSubPathEntry.yamlpkg/provision/automount/testdata/testProvisionsPVCWithSubPath.yaml renamed to pkg/provision/automount/testdata/testProvisionsPVCWithSingleSubPathEntry.yaml pkg/provision/automount/testdata/testProvisionsPVCWithSubPath.yaml renamed to pkg/provision/automount/testdata/testProvisionsPVCWithSingleSubPathEntry.yaml

@@ -1,4 +1,4 @@
-name: Provisions automount PVC with subPath
+name: Provisions automount PVC with single entry JSON array
 
 input:
   pvcs:
@@ -10,8 +10,7 @@ input:
         labels:
           controller.devfile.io/mount-to-devworkspace: "true"
         annotations:
-          controller.devfile.io/mount-path: /data
-          controller.devfile.io/mount-sub-path: my/subdirectory
+          controller.devfile.io/mount-path: '[{"path":"/data","subPath":"mydir"}]'
       spec:
         accessModes:
           - ReadWriteOnce
@@ -27,4 +26,4 @@ output:
   volumeMounts:
   - name: test-pvc
     mountPath: /data
-    subPath: my/subdirectory
+    subPath: mydir