agent-ctl: Add SetPolicy support

This patch adds support to call kata agents SetPolicy API. Also adds tests for SetPolicy API using agent-ctl. Fixes #9711 Signed-off-by: Sumedh Alok Sharma <sumsharma@microsoft.com>
2026-05-14 19:17:07 +00:00 · 2024-09-13 15:24:22 +05:30
parent 28d430ec42
commit 18c887f055
5 changed files with 120 additions and 3 deletions
--- a/src/tools/agent-ctl/src/client.rs
+++ b/src/tools/agent-ctl/src/client.rs
@@ -5,7 +5,7 @@

 // Description: Client side of ttRPC comms

-use crate::types::{Config, CopyFileInput, Options};
+use crate::types::{Config, CopyFileInput, Options, SetPolicyInput};
 use crate::utils;
 use anyhow::{anyhow, Result};
 use byteorder::ByteOrder;
@@ -288,6 +288,11 @@ static AGENT_CMDS: &[AgentCmd] = &[
        st: ServiceType::Agent,
        fp: agent_cmd_container_write_stdin,
    },
+    AgentCmd {
+        name: "SetPolicy",
+        st: ServiceType::Agent,
+        fp: agent_cmd_sandbox_set_policy,
+    },
 ];

 static BUILTIN_CMDS: & [BuiltinCmd] = &[
@@ -2115,3 +2120,28 @@ fn agent_cmd_sandbox_add_swap(

    Ok(())
 }
+
+fn agent_cmd_sandbox_set_policy(
+    ctx: &Context,
+    client: &AgentServiceClient,
+    _health: &HealthClient,
+    _options: &mut Options,
+    args: &str,
+) -> Result<()> {
+    let input: SetPolicyInput = utils::make_request(args)?;
+
+    let req = utils::make_set_policy_request(&input)?;
+
+    let ctx = clone_context(ctx);
+
+    info!(sl!(), "sending request"; "request" => format!("{:?}", req));
+
+    let reply = client
+        .set_policy(ctx, &req)
+        .map_err(|e| anyhow!("{:?}", e).context(ERR_API_FAILED))?;
+
+    info!(sl!(), "response received";
+        "response" => format!("{:?}", reply));
+
+    Ok(())
+}
--- a/src/tools/agent-ctl/src/types.rs
+++ b/src/tools/agent-ctl/src/types.rs
@@ -27,3 +27,9 @@ pub struct CopyFileInput {
    pub src: String,
    pub dest: String,
 }
+
+// SetPolicy input request
+#[derive(Debug, Default, Clone, Serialize, Deserialize)]
+pub struct SetPolicyInput {
+    pub policy_file: String,
+}
--- a/src/tools/agent-ctl/src/utils.rs
+++ b/src/tools/agent-ctl/src/utils.rs
@@ -3,17 +3,18 @@
 // SPDX-License-Identifier: Apache-2.0
 //

-use crate::types::{Config, CopyFileInput, Options};
+use crate::types::{Config, CopyFileInput, Options, SetPolicyInput};
 use anyhow::{anyhow, Result};
 use oci::{Root as ociRoot, Spec as ociSpec};
 use oci_spec::runtime as oci;
-use protocols::agent::CopyFileRequest;
+use protocols::agent::{CopyFileRequest, SetPolicyRequest};
 use protocols::oci::{Mount as ttrpcMount, Root as ttrpcRoot, Spec as ttrpcSpec};
 use rand::Rng;
 use serde::de::DeserializeOwned;
 use slog::{debug, warn};
 use std::collections::HashMap;
 use std::fs::{self, File};
+use std::io::Read;
 use std::os::unix::fs::MetadataExt;
 use std::path::PathBuf;
 use std::sync::{Arc, Mutex};
@@ -468,3 +469,26 @@ pub fn make_copy_file_request(input: &CopyFileInput) -> Result<CopyFileRequest>

    Ok(req)
 }
+
+pub fn make_set_policy_request(input: &SetPolicyInput) -> Result<SetPolicyRequest> {
+    let mut policy_file = File::open(&input.policy_file)?;
+    let metadata = policy_file.metadata()?;
+
+    let mut policy_data = String::new();
+    match policy_file.read_to_string(&mut policy_data) {
+        Ok(bytes_read) => {
+            if bytes_read != metadata.len() as usize {
+                return Err(anyhow!(
+                    "Failed to read all policy data, size {} read {}",
+                    metadata.len(),
+                    bytes_read
+                ));
+            }
+        }
+        Err(e) => return Err(anyhow!("Error reading policy file: {}", e)),
+    }
+
+    let mut req = SetPolicyRequest::default();
+    req.set_policy(policy_data);
+    Ok(req)
+}