Merge pull request #11482 from Apokleos/fix-force-guestpull

runtime-rs:  refactor and fix the implementation of guest-pull

src/libs/kata-types/src/mount.rs

@@ -47,6 +47,9 @@ pub const SANDBOX_BIND_MOUNTS_RO: &str = ":ro";
 /// SANDBOX_BIND_MOUNTS_RO is for sandbox bindmounts with readwrite
 pub const SANDBOX_BIND_MOUNTS_RW: &str = ":rw";
 
+/// KATA_VIRTUAL_VOLUME_PREFIX is for container image guest pull
+pub const KATA_VIRTUAL_VOLUME_PREFIX: &str = "io.katacontainers.volume=";
+
 /// Directly assign a block volume to vm and mount it inside guest.
 pub const KATA_VIRTUAL_VOLUME_DIRECT_BLOCK: &str = "direct_block";
 /// Present a container image as a generic block device.
@@ -384,7 +387,15 @@ impl KataVirtualVolume {
     pub fn from_base64(value: &str) -> Result<Self> {
         let json = base64::decode(value)?;
         let volume: KataVirtualVolume = serde_json::from_slice(&json)?;
+
+        Ok(volume)
+    }
+
+    /// Decode and deserialize a virtual volume object from base64 encoded json string and validate it.
+    pub fn from_base64_and_validate(value: &str) -> Result<Self> {
+        let volume = Self::from_base64(value)?;
         volume.validate()?;
+
         Ok(volume)
     }
 }
@@ -532,7 +543,7 @@ pub fn adjust_rootfs_mounts() -> Result<Vec<Mount>> {
     // Create a new Vec<Mount> with a single Mount entry.
     // This Mount's options will contain the base64-encoded virtual volume.
     Ok(vec![Mount {
-        options: vec![format!("{}={}", "io.katacontainers.volume", b64_vol)],
+        options: vec![format!("{}{}", KATA_VIRTUAL_VOLUME_PREFIX, b64_vol)],
         ..Default::default() // Use default values for other Mount fields
     }])
 }
@@ -647,7 +658,8 @@ mod tests {
         volume.direct_volume = Some(DirectAssignedVolume { metadata });
 
         let value = volume.to_base64().unwrap();
-        let volume2: KataVirtualVolume = KataVirtualVolume::from_base64(value.as_str()).unwrap();
+        let volume2: KataVirtualVolume =
+            KataVirtualVolume::from_base64_and_validate(value.as_str()).unwrap();
         assert_eq!(volume.volume_type, volume2.volume_type);
         assert_eq!(volume.source, volume2.source);
         assert_eq!(volume.fs_type, volume2.fs_type);

src/runtime-rs/crates/resource/src/rootfs/virtual_volume.rs

@@ -9,6 +9,7 @@ use std::{collections::HashMap, path::PathBuf};
 
 use anyhow::{anyhow, Context, Result};
 use async_trait::async_trait;
+use kata_types::mount::ImagePullVolume;
 use oci_spec::runtime as oci;
 use serde_json;
 use tokio::sync::RwLock;
@@ -17,13 +18,12 @@ use hypervisor::device::device_manager::DeviceManager;
 use kata_types::{
     annotations,
     container::ContainerType,
-    mount::{KataVirtualVolume, KATA_VIRTUAL_VOLUME_IMAGE_GUEST_PULL},
+    mount::{KataVirtualVolume, KATA_VIRTUAL_VOLUME_IMAGE_GUEST_PULL, KATA_VIRTUAL_VOLUME_PREFIX},
 };
 
 /// Image guest-pull related consts
 const KUBERNETES_CRI_IMAGE_NAME: &str = "io.kubernetes.cri.image-name";
 const KUBERNETES_CRIO_IMAGE_NAME: &str = "io.kubernetes.cri-o.ImageName";
-const KATA_VIRTUAL_VOLUME_PREFIX: &str = "io.katacontainers.volume=";
 const KATA_VIRTUAL_VOLUME_TYPE_OVERLAY_FS: &str = "overlayfs";
 const KATA_GUEST_ROOT_SHARED_FS: &str = "/run/kata-containers/";
 
@@ -85,11 +85,16 @@ fn handle_virtual_volume_storage(
 
         let mut virtual_volume_info = virt_volume.clone();
         // Merge metadata
-        for (k, v) in annotations.iter() {
+        if let Some(ref mut image_pull) = virtual_volume_info.image_pull {
-            if let Some(ref mut image_pull) = virtual_volume_info.image_pull {
+            for (k, v) in annotations.iter() {
                 image_pull.metadata.insert(k.to_owned(), v.to_owned());
             }
+        } else {
+            virtual_volume_info.image_pull = Some(ImagePullVolume {
+                metadata: annotations.clone(),
+            });
         }
+
         // Serialize ImagePull as JSON
         let image_pull_info = serde_json::to_string(&virtual_volume_info.image_pull)
             .map_err(|e| anyhow!(e.to_string()))?;