agent: let image_pull_handler call cdh to pull image

This is a higher level calling to pull image inside guest. Now it should call confidential_data_hub's API. As the previous pull_image API does 1. check is sandbox 2. generate bundle_path inside the original logic, and the new API does not do them to keep the API semantice clean, thus before we call the API, we explicitly do the two things. Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
2025-09-18 07:18:27 +00:00 · 2025-06-13 10:19:11 +08:00
parent 39cd430994
commit 22c50cae7b
1 changed files with 33 additions and 2 deletions
--- a/src/agent/src/storage/image_pull_handler.rs
+++ b/src/agent/src/storage/image_pull_handler.rs
@@ -4,12 +4,15 @@
 //

 use super::new_device;
-use crate::image;
+use crate::confidential_data_hub;
+use crate::confidential_data_hub::image::{is_sandbox, unpack_pause_image};
+use crate::rpc::CONTAINER_BASE;
 use crate::storage::{StorageContext, StorageHandler};
 use anyhow::{anyhow, Result};
 use kata_types::mount::KATA_VIRTUAL_VOLUME_IMAGE_GUEST_PULL;
 use kata_types::mount::{ImagePullVolume, StorageDevice};
 use protocols::agent::Storage;
+use safe_path::scoped_join;
 use std::sync::Arc;
 use tracing::instrument;

@@ -53,7 +56,35 @@ impl StorageHandler for ImagePullHandler {
            .cid
            .clone()
            .ok_or_else(|| anyhow!("failed to get container id"))?;
-        let bundle_path = image::pull_image(image_name, &cid, &image_pull_volume.metadata).await?;
+
+        info!(
+            ctx.logger,
+            "image metadata: {:?}", image_pull_volume.metadata
+        );
+        if is_sandbox(&image_pull_volume.metadata) {
+            let mount_path = unpack_pause_image(&cid)?;
+            return new_device(mount_path);
+        }
+
+        // generated bundles with rootfs and config.json will store under CONTAINER_BASE/cid/images.
+        let bundle_path = scoped_join(CONTAINER_BASE, &cid)?;
+        let bundle_path = match confidential_data_hub::pull_image(image_name, bundle_path).await {
+            Ok(path) => {
+                info!(
+                    ctx.logger,
+                    "pull and unpack image {image_name}, cid: {cid} succeeded."
+                );
+                path
+            }
+            Err(e) => {
+                error!(
+                    ctx.logger,
+                    "pull and unpack image {image_name}, cid: {cid} failed with {:?}.",
+                    e.to_string()
+                );
+                return Err(e);
+            }
+        };

        new_device(bundle_path)
    }