github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-28 16:27:50 +00:00
Code Issues Projects Releases Wiki Activity

Config: Remove ConfigJSONKey from annotations

Browse Source 
Fixes: #2023

We can get OCI spec config from bundle instead of annotations, so this
field isn't necessary.

Signed-off-by: Wei Zhang <weizhang555.zw@gmail.com>
This commit is contained in:
Wei Zhang 2019-09-04 19:56:45 +08:00
parent fef938f81a
commit 2ed94cbd9d
31 changed files with 574 additions and 564 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cli/create.go
View File

@ -14,6 +14,7 @@ import (
"github.com/kata-containers/runtime/pkg/katautils"
vc "github.com/kata-containers/runtime/virtcontainers"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
"github.com/urfave/cli"
)
@ -113,7 +114,7 @@ func create(ctx context.Context, containerID, bundlePath, console, pidFilePath s
return err
}
ociSpec, err := oci.ParseConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
if err != nil {
return err
}

13
cli/create_test.go
View File

@ -18,6 +18,7 @@ import (
ktu "github.com/kata-containers/runtime/pkg/katatestutils"
"github.com/kata-containers/runtime/pkg/katautils"
vc "github.com/kata-containers/runtime/virtcontainers"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
"github.com/kata-containers/runtime/virtcontainers/pkg/vcmock"
specs "github.com/opencontainers/runtime-spec/specs-go"
@ -322,7 +323,7 @@ func TestCreateInvalidContainerType(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(katautils.FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
// Force an invalid container type
@ -367,7 +368,7 @@ func TestCreateContainerInvalid(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(katautils.FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
@ -432,7 +433,7 @@ func TestCreateProcessCgroupsPathSuccessful(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(katautils.FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
// Force sandbox-type container
@ -535,7 +536,7 @@ func TestCreateCreateCgroupsFilesFail(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(katautils.FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
// Force sandbox-type container
@ -622,7 +623,7 @@ func TestCreateCreateCreatePidFileFail(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(katautils.FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
// Force sandbox-type container
@ -697,7 +698,7 @@ func TestCreate(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(katautils.FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
// Force sandbox-type container

31
cli/delete_test.go
View File

@ -13,13 +13,15 @@ import (
"path/filepath"
"testing"
"github.com/stretchr/testify/assert"
"github.com/urfave/cli"
ktu "github.com/kata-containers/runtime/pkg/katatestutils"
vc "github.com/kata-containers/runtime/virtcontainers"
vcAnnotations "github.com/kata-containers/runtime/virtcontainers/pkg/annotations"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/pkg/vcmock"
"github.com/kata-containers/runtime/virtcontainers/types"
"github.com/stretchr/testify/assert"
"github.com/urfave/cli"
)
func testRemoveCgroupsPathSuccessful(t *testing.T, cgroupsPathList []string) {
@ -153,7 +155,8 @@ func TestDeleteSandbox(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
path, err := createTempContainerIDMapping(sandbox.ID(), sandbox.ID())
@ -165,11 +168,11 @@ func TestDeleteSandbox(t *testing.T) {
ID: sandbox.ID(),
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
vcAnnotations.ConfigJSONKey: configJSON,
},
State: types.ContainerState{
State: "ready",
},
Spec: &ociSpec,
}, nil
}
@ -231,7 +234,7 @@ func TestDeleteInvalidContainerType(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
path, err := createTempContainerIDMapping(sandbox.ID(), sandbox.ID())
@ -243,11 +246,11 @@ func TestDeleteInvalidContainerType(t *testing.T) {
ID: sandbox.ID(),
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: "InvalidType",
vcAnnotations.ConfigJSONKey: configJSON,
},
State: types.ContainerState{
State: "created",
},
Spec: &ociSpec,
}, nil
}
@ -270,7 +273,7 @@ func TestDeleteSandboxRunning(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
path, err := createTempContainerIDMapping(sandbox.ID(), sandbox.ID())
@ -282,11 +285,11 @@ func TestDeleteSandboxRunning(t *testing.T) {
ID: sandbox.ID(),
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
vcAnnotations.ConfigJSONKey: configJSON,
},
State: types.ContainerState{
State: "running",
},
Spec: &ociSpec,
}, nil
}
@ -350,7 +353,7 @@ func TestDeleteRunningContainer(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
path, err := createTempContainerIDMapping(sandbox.MockContainers[0].ID(), sandbox.MockContainers[0].ID())
@ -362,11 +365,11 @@ func TestDeleteRunningContainer(t *testing.T) {
ID: sandbox.MockContainers[0].ID(),
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
vcAnnotations.ConfigJSONKey: configJSON,
},
State: types.ContainerState{
State: "running",
},
Spec: &ociSpec,
}, nil
}
@ -433,7 +436,7 @@ func TestDeleteContainer(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
path, err := createTempContainerIDMapping(sandbox.MockContainers[0].ID(), sandbox.MockContainers[0].ID())
@ -445,11 +448,11 @@ func TestDeleteContainer(t *testing.T) {
ID: sandbox.MockContainers[0].ID(),
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
vcAnnotations.ConfigJSONKey: configJSON,
},
State: types.ContainerState{
State: "ready",
},
Spec: &ociSpec,
}, nil
}
@ -533,7 +536,7 @@ func TestDeleteCLIFunctionSuccess(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
path, err := createTempContainerIDMapping(sandbox.ID(), sandbox.ID())
@ -545,11 +548,11 @@ func TestDeleteCLIFunctionSuccess(t *testing.T) {
ID: sandbox.ID(),
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
vcAnnotations.ConfigJSONKey: configJSON,
},
State: types.ContainerState{
State: "ready",
},
Spec: &ociSpec,
}, nil
}

47
cli/exec_test.go
View File

@ -20,6 +20,7 @@ import (
vc "github.com/kata-containers/runtime/virtcontainers"
vcAnnotations "github.com/kata-containers/runtime/virtcontainers/pkg/annotations"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/pkg/vcmock"
"github.com/kata-containers/runtime/virtcontainers/types"
)
@ -79,7 +80,7 @@ func TestExecuteErrors(t *testing.T) {
}
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, types.ContainerState{}, annotations), nil
return newSingleContainerStatus(testContainerID, types.ContainerState{}, annotations, &specs.Spec{Process: &specs.Process{}}), nil
}
defer func() {
@ -93,17 +94,16 @@ func TestExecuteErrors(t *testing.T) {
// Container state undefined
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
annotations = map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
vcAnnotations.ConfigJSONKey: configJSON,
}
containerState := types.ContainerState{}
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, containerState, annotations), nil
return newSingleContainerStatus(testContainerID, containerState, annotations, &ociSpec), nil
}
err = execute(context.Background(), ctx)
@ -115,7 +115,7 @@ func TestExecuteErrors(t *testing.T) {
State: types.StatePaused,
}
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, containerState, annotations), nil
return newSingleContainerStatus(testContainerID, containerState, annotations, &ociSpec), nil
}
err = execute(context.Background(), ctx)
@ -127,7 +127,7 @@ func TestExecuteErrors(t *testing.T) {
State: types.StateStopped,
}
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, containerState, annotations), nil
return newSingleContainerStatus(testContainerID, containerState, annotations, &ociSpec), nil
}
err = execute(context.Background(), ctx)
@ -152,12 +152,11 @@ func TestExecuteErrorReadingProcessJson(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
annotations := map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
vcAnnotations.ConfigJSONKey: configJSON,
}
state := types.ContainerState{
@ -169,7 +168,7 @@ func TestExecuteErrorReadingProcessJson(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, annotations), nil
return newSingleContainerStatus(testContainerID, state, annotations, &ociSpec), nil
}
defer func() {
@ -201,12 +200,11 @@ func TestExecuteErrorOpeningConsole(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
annotations := map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
vcAnnotations.ConfigJSONKey: configJSON,
}
state := types.ContainerState{
@ -218,7 +216,7 @@ func TestExecuteErrorOpeningConsole(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, annotations), nil
return newSingleContainerStatus(testContainerID, state, annotations, &ociSpec), nil
}
defer func() {
@ -268,12 +266,11 @@ func TestExecuteWithFlags(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
annotations := map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
vcAnnotations.ConfigJSONKey: configJSON,
}
state := types.ContainerState{
@ -285,7 +282,7 @@ func TestExecuteWithFlags(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, annotations), nil
return newSingleContainerStatus(testContainerID, state, annotations, &ociSpec), nil
}
defer func() {
@ -358,12 +355,11 @@ func TestExecuteWithFlagsDetached(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
annotations := map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
vcAnnotations.ConfigJSONKey: configJSON,
}
state := types.ContainerState{
@ -375,7 +371,7 @@ func TestExecuteWithFlagsDetached(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, annotations), nil
return newSingleContainerStatus(testContainerID, state, annotations, &ociSpec), nil
}
defer func() {
@ -437,12 +433,11 @@ func TestExecuteWithInvalidProcessJson(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
annotations := map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
vcAnnotations.ConfigJSONKey: configJSON,
}
state := types.ContainerState{
@ -454,7 +449,7 @@ func TestExecuteWithInvalidProcessJson(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, annotations), nil
return newSingleContainerStatus(testContainerID, state, annotations, &ociSpec), nil
}
defer func() {
@ -489,12 +484,11 @@ func TestExecuteWithValidProcessJson(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
annotations := map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
vcAnnotations.ConfigJSONKey: configJSON,
}
state := types.ContainerState{
@ -506,7 +500,7 @@ func TestExecuteWithValidProcessJson(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, annotations), nil
return newSingleContainerStatus(testContainerID, state, annotations, &ociSpec), nil
}
defer func() {
@ -590,12 +584,11 @@ func TestExecuteWithEmptyEnvironmentValue(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
annotations := map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
vcAnnotations.ConfigJSONKey: configJSON,
}
state := types.ContainerState{
@ -607,7 +600,7 @@ func TestExecuteWithEmptyEnvironmentValue(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, annotations), nil
return newSingleContainerStatus(testContainerID, state, annotations, &ociSpec), nil
}
defer func() {

28
cli/kill_test.go
View File

@ -13,11 +13,13 @@ import (
"syscall"
"testing"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/stretchr/testify/assert"
vc "github.com/kata-containers/runtime/virtcontainers"
vcAnnotations "github.com/kata-containers/runtime/virtcontainers/pkg/annotations"
"github.com/kata-containers/runtime/virtcontainers/pkg/vcmock"
"github.com/kata-containers/runtime/virtcontainers/types"
"github.com/stretchr/testify/assert"
)
var (
@ -81,7 +83,7 @@ func testKillCLIFunctionTerminationSignalSuccessful(t *testing.T, sig string) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, annotations), nil
return newSingleContainerStatus(testContainerID, state, annotations, &specs.Spec{}), nil
}
defer func() {
@ -100,7 +102,7 @@ func testKillCLIFunctionTerminationSignalSuccessful(t *testing.T, sig string) {
}
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, annotations), nil
return newSingleContainerStatus(testContainerID, state, annotations, &specs.Spec{}), nil
}
testingImpl.StopContainerFunc = nil
@ -134,7 +136,7 @@ func TestKillCLIFunctionNotTerminationSignalSuccessful(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, map[string]string{}), nil
return newSingleContainerStatus(testContainerID, state, map[string]string{}, &specs.Spec{}), nil
}
defer func() {
@ -167,7 +169,7 @@ func TestKillCLIFunctionNoSignalSuccessful(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, annotations), nil
return newSingleContainerStatus(testContainerID, state, annotations, &specs.Spec{}), nil
}
defer func() {
@ -186,7 +188,7 @@ func TestKillCLIFunctionNoSignalSuccessful(t *testing.T) {
}
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, annotations), nil
return newSingleContainerStatus(testContainerID, state, annotations, &specs.Spec{}), nil
}
testingImpl.StopContainerFunc = nil
@ -223,7 +225,7 @@ func TestKillCLIFunctionEnableAllSuccessful(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, annotations), nil
return newSingleContainerStatus(testContainerID, state, annotations, &specs.Spec{}), nil
}
defer func() {
@ -243,7 +245,7 @@ func TestKillCLIFunctionEnableAllSuccessful(t *testing.T) {
}
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, annotations), nil
return newSingleContainerStatus(testContainerID, state, annotations, &specs.Spec{}), nil
}
testingImpl.StopContainerFunc = nil
@ -300,7 +302,7 @@ func TestKillCLIFunctionInvalidSignalFailure(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, map[string]string{}), nil
return newSingleContainerStatus(testContainerID, state, map[string]string{}, &specs.Spec{}), nil
}
defer func() {
@ -330,7 +332,7 @@ func TestKillCLIFunctionStatePausedSuccessful(t *testing.T) {
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state,
map[string]string{string(vcAnnotations.ContainerTypeKey): string(vc.PodContainer)}), nil
map[string]string{string(vcAnnotations.ContainerTypeKey): string(vc.PodContainer)}, &specs.Spec{}), nil
}
defer func() {
@ -359,7 +361,7 @@ func TestKillCLIFunctionInvalidStateStoppedFailure(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, map[string]string{}), nil
return newSingleContainerStatus(testContainerID, state, map[string]string{}, &specs.Spec{}), nil
}
defer func() {
@ -385,7 +387,7 @@ func TestKillCLIFunctionKillContainerFailure(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, map[string]string{}), nil
return newSingleContainerStatus(testContainerID, state, map[string]string{}, &specs.Spec{}), nil
}
defer func() {
@ -412,7 +414,7 @@ func TestKillCLIFunctionInvalidStateStoppedAllSuccess(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, map[string]string{}), nil
return newSingleContainerStatus(testContainerID, state, map[string]string{}, &specs.Spec{}), nil
}
defer func() {

20
cli/main_test.go
View File

@ -25,6 +25,7 @@ import (
ktu "github.com/kata-containers/runtime/pkg/katatestutils"
"github.com/kata-containers/runtime/pkg/katautils"
vc "github.com/kata-containers/runtime/virtcontainers"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
"github.com/kata-containers/runtime/virtcontainers/pkg/vcmock"
"github.com/kata-containers/runtime/virtcontainers/types"
@ -150,20 +151,6 @@ func runUnitTests(m *testing.M) {
os.Exit(ret)
}
// Read fail that should contain a specs.Spec and
// return its JSON representation on success
func readOCIConfigJSON(bundlePath string) (string, error) {
ociSpec, err := oci.ParseConfigJSON(bundlePath)
if err != nil {
return "", nil
}
ociSpecJSON, err := json.Marshal(ociSpec)
if err != nil {
return "", err
}
return string(ociSpecJSON), err
}
// TestMain is the common main function used by ALL the test functions
// for this package.
func TestMain(m *testing.M) {
@ -347,7 +334,7 @@ func realMakeOCIBundle(bundleDir string) error {
// Note the unusual parameter (a directory, not the config
// file to parse!)
spec, err := oci.ParseConfigJSON(bundleDir)
spec, err := compatoci.ParseConfigJSON(bundleDir)
if err != nil {
return err
}
@ -412,11 +399,12 @@ func writeOCIConfigFile(spec specs.Spec, configPath string) error {
return ioutil.WriteFile(configPath, bytes, testFileMode)
}
func newSingleContainerStatus(containerID string, containerState types.ContainerState, annotations map[string]string) vc.ContainerStatus {
func newSingleContainerStatus(containerID string, containerState types.ContainerState, annotations map[string]string, spec *specs.Spec) vc.ContainerStatus {
return vc.ContainerStatus{
ID: containerID,
State: containerState,
Annotations: annotations,
Spec: spec,
}
}

6
cli/network_test.go
View File

@ -12,10 +12,12 @@ import (
"os"
"testing"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/stretchr/testify/assert"
vc "github.com/kata-containers/runtime/virtcontainers"
vcTypes "github.com/kata-containers/runtime/virtcontainers/pkg/types"
"github.com/kata-containers/runtime/virtcontainers/types"
"github.com/stretchr/testify/assert"
)
var (
@ -54,7 +56,7 @@ func TestNetworkCliFunction(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, map[string]string{}), nil
return newSingleContainerStatus(testContainerID, state, map[string]string{}, &specs.Spec{}), nil
}
defer func() {

12
cli/pause_test.go
View File

@ -12,9 +12,11 @@ import (
"os"
"testing"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/stretchr/testify/assert"
vc "github.com/kata-containers/runtime/virtcontainers"
"github.com/kata-containers/runtime/virtcontainers/types"
"github.com/stretchr/testify/assert"
)
var (
@ -41,7 +43,7 @@ func TestPauseCLIFunctionSuccessful(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, map[string]string{}), nil
return newSingleContainerStatus(testContainerID, state, map[string]string{}, &specs.Spec{}), nil
}
defer func() {
@ -87,7 +89,7 @@ func TestPauseCLIFunctionPauseContainerFailure(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, map[string]string{}), nil
return newSingleContainerStatus(testContainerID, state, map[string]string{}, &specs.Spec{}), nil
}
defer func() {
@ -114,7 +116,7 @@ func TestResumeCLIFunctionSuccessful(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, map[string]string{}), nil
return newSingleContainerStatus(testContainerID, state, map[string]string{}, &specs.Spec{}), nil
}
defer func() {
@ -159,7 +161,7 @@ func TestResumeCLIFunctionPauseContainerFailure(t *testing.T) {
defer os.RemoveAll(path)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return newSingleContainerStatus(testContainerID, state, map[string]string{}), nil
return newSingleContainerStatus(testContainerID, state, map[string]string{}, &specs.Spec{}), nil
}
defer func() {

23
cli/run_test.go
View File

@ -16,13 +16,16 @@ import (
"regexp"
"testing"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/stretchr/testify/assert"
"github.com/urfave/cli"
ktu "github.com/kata-containers/runtime/pkg/katatestutils"
vc "github.com/kata-containers/runtime/virtcontainers"
vcAnnotations "github.com/kata-containers/runtime/virtcontainers/pkg/annotations"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
"github.com/kata-containers/runtime/virtcontainers/pkg/vcmock"
"github.com/stretchr/testify/assert"
"github.com/urfave/cli"
)
func TestRunCliAction(t *testing.T) {
@ -155,7 +158,7 @@ type runContainerData struct {
pidFilePath string
consolePath string
bundlePath string
configJSON string
spec *specs.Spec
sandbox *vcmock.Sandbox
runtimeConfig oci.RuntimeConfig
process *os.Process
@ -205,15 +208,15 @@ func testRunContainerSetup(t *testing.T) runContainerData {
runtimeConfig, err := newTestRuntimeConfig(tmpdir, consolePath, true)
assert.NoError(err)
configJSON, err := readOCIConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
return runContainerData{
pidFilePath: pidFilePath,
consolePath: consolePath,
bundlePath: bundlePath,
configJSON: configJSON,
sandbox: sandbox,
spec: &ociSpec,
runtimeConfig: runtimeConfig,
process: cmd.Process,
tmpDir: tmpdir,
@ -259,8 +262,8 @@ func TestRunContainerSuccessful(t *testing.T) {
ID: d.sandbox.ID(),
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
vcAnnotations.ConfigJSONKey: d.configJSON,
},
Spec: d.spec,
}, nil
}
@ -368,8 +371,8 @@ func TestRunContainerDetachSuccessful(t *testing.T) {
ID: d.sandbox.ID(),
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
vcAnnotations.ConfigJSONKey: d.configJSON,
},
Spec: d.spec,
}, nil
}
@ -439,8 +442,8 @@ func TestRunContainerDeleteFail(t *testing.T) {
ID: d.sandbox.ID(),
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
vcAnnotations.ConfigJSONKey: d.configJSON,
},
Spec: d.spec,
}, nil
}
@ -513,8 +516,8 @@ func TestRunContainerWaitFail(t *testing.T) {
ID: d.sandbox.ID(),
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
vcAnnotations.ConfigJSONKey: d.configJSON,
},
Spec: d.spec,
}, nil
}
@ -595,8 +598,8 @@ func TestRunContainerStartFail(t *testing.T) {
ID: d.sandbox.ID(),
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
vcAnnotations.ConfigJSONKey: d.configJSON,
},
Spec: d.spec,
}, nil
}

16
cli/start_test.go
View File

@ -7,7 +7,6 @@ package main
import (
"context"
"encoding/json"
"flag"
"io/ioutil"
"os"
@ -62,16 +61,13 @@ func TestStartSandbox(t *testing.T) {
assert.NoError(err)
defer os.RemoveAll(path)
ociSpecJSON, err := json.Marshal(specs.Spec{})
assert.NoError(err)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return vc.ContainerStatus{
ID: sandbox.ID(),
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
vcAnnotations.ConfigJSONKey: string(ociSpecJSON),
},
Spec: &specs.Spec{},
}, nil
}
@ -140,16 +136,13 @@ func TestStartContainerSucessFailure(t *testing.T) {
assert.NoError(err)
defer os.RemoveAll(path)
ociSpecJSON, err := json.Marshal(specs.Spec{})
assert.NoError(err)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return vc.ContainerStatus{
ID: testContainerID,
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
vcAnnotations.ConfigJSONKey: string(ociSpecJSON),
},
Spec: &specs.Spec{},
}, nil
}
@ -218,16 +211,13 @@ func TestStartCLIFunctionSuccess(t *testing.T) {
assert.NoError(err)
defer os.RemoveAll(path)
ociSpecJSON, err := json.Marshal(specs.Spec{})
assert.NoError(err)
testingImpl.StatusContainerFunc = func(ctx context.Context, sandboxID, containerID string) (vc.ContainerStatus, error) {
return vc.ContainerStatus{
ID: testContainerID,
Annotations: map[string]string{
vcAnnotations.ContainerTypeKey: string(vc.PodContainer),
vcAnnotations.ConfigJSONKey: string(ociSpecJSON),
},
Spec: &specs.Spec{},
}, nil
}

21
containerd-shim-v2/create.go
View File

@ -13,22 +13,21 @@ import (
"os"
"path/filepath"
"github.com/containerd/typeurl"
vc "github.com/kata-containers/runtime/virtcontainers"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
"github.com/pkg/errors"
taskAPI "github.com/containerd/containerd/runtime/v2/task"
"github.com/kata-containers/runtime/pkg/katautils"
"github.com/opencontainers/runtime-spec/specs-go"
containerd_types "github.com/containerd/containerd/api/types"
"github.com/containerd/containerd/mount"
taskAPI "github.com/containerd/containerd/runtime/v2/task"
"github.com/containerd/typeurl"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
// only register the proto type
_ "github.com/containerd/containerd/runtime/linux/runctypes"
crioption "github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1"
"github.com/kata-containers/runtime/pkg/katautils"
vc "github.com/kata-containers/runtime/virtcontainers"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
)
func create(ctx context.Context, s *service, r *taskAPI.CreateTaskRequest) (*container, error) {
@ -132,7 +131,7 @@ func loadSpec(r *taskAPI.CreateTaskRequest) (*specs.Spec, string, error) {
return nil, "", err
}
ociSpec, err := oci.ParseConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
if err != nil {
return nil, "", err
}

14
containerd-shim-v2/create_test.go
View File

@ -21,7 +21,7 @@ import (
ktu "github.com/kata-containers/runtime/pkg/katatestutils"
"github.com/kata-containers/runtime/pkg/katautils"
vc "github.com/kata-containers/runtime/virtcontainers"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/pkg/vcmock"
)
@ -62,7 +62,7 @@ func TestCreateSandboxSuccess(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(katautils.FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
// Force sandbox-type container
@ -120,7 +120,7 @@ func TestCreateSandboxFail(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(katautils.FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
err = writeOCIConfigFile(spec, ociConfigFile)
@ -167,7 +167,7 @@ func TestCreateSandboxConfigFail(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(katautils.FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
quota := int64(0)
@ -231,7 +231,7 @@ func TestCreateContainerSuccess(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(katautils.FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
// set expected container type and sandboxID
@ -280,7 +280,7 @@ func TestCreateContainerFail(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(katautils.FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
spec.Annotations = make(map[string]string)
@ -340,7 +340,7 @@ func TestCreateContainerConfigFail(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(katautils.FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
// set the error containerType

4
containerd-shim-v2/delete_test.go
View File

@ -15,7 +15,7 @@ import (
taskAPI "github.com/containerd/containerd/runtime/v2/task"
"github.com/stretchr/testify/assert"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/pkg/vcmock"
)
@ -28,7 +28,7 @@ func TestDeleteContainerSuccessAndFail(t *testing.T) {
rootPath, bundlePath := testConfigSetup(t)
defer os.RemoveAll(rootPath)
_, err := oci.ParseConfigJSON(bundlePath)
_, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
s := &service{

17
containerd-shim-v2/service.go
View File

@ -15,24 +15,25 @@ import (
"time"
eventstypes "github.com/containerd/containerd/api/events"
"github.com/containerd/containerd/api/types/task"
"github.com/containerd/containerd/errdefs"
"github.com/containerd/containerd/events"
"github.com/containerd/containerd/namespaces"
cdruntime "github.com/containerd/containerd/runtime"
cdshim "github.com/containerd/containerd/runtime/v2/shim"
taskAPI "github.com/containerd/containerd/runtime/v2/task"
"github.com/kata-containers/runtime/pkg/katautils"
vc "github.com/kata-containers/runtime/virtcontainers"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
"github.com/kata-containers/runtime/virtcontainers/types"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/containerd/containerd/api/types/task"
"github.com/containerd/typeurl"
ptypes "github.com/gogo/protobuf/types"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
"github.com/kata-containers/runtime/pkg/katautils"
vc "github.com/kata-containers/runtime/virtcontainers"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
"github.com/kata-containers/runtime/virtcontainers/types"
)
const (
@ -291,7 +292,7 @@ func (s *service) Cleanup(ctx context.Context) (_ *taskAPI.DeleteResponse, err e
return nil, err
}
ociSpec, err := oci.ParseConfigJSON(path)
ociSpec, err := compatoci.ParseConfigJSON(path)
if err != nil {
return nil, err
}

3
containerd-shim-v2/utils.go
View File

@ -17,6 +17,7 @@ import (
cdshim "github.com/containerd/containerd/runtime/v2/shim"
"github.com/kata-containers/runtime/pkg/katautils"
vc "github.com/kata-containers/runtime/virtcontainers"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/sirupsen/logrus"
@ -87,7 +88,7 @@ func getAddress(ctx context.Context, bundlePath, id string) (string, error) {
return "", err
}
ociSpec, err := oci.ParseConfigJSON(bundlePath)
ociSpec, err := compatoci.ParseConfigJSON(bundlePath)
if err != nil {
return "", err
}

3
containerd-shim-v2/utils_test.go
View File

@ -22,6 +22,7 @@ import (
ktu "github.com/kata-containers/runtime/pkg/katatestutils"
"github.com/kata-containers/runtime/pkg/katautils"
vc "github.com/kata-containers/runtime/virtcontainers"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
"github.com/kata-containers/runtime/virtcontainers/pkg/vcmock"
)
@ -236,7 +237,7 @@ func realMakeOCIBundle(bundleDir string) error {
// Note the unusual parameter (a directory, not the config
// file to parse!)
spec, err := oci.ParseConfigJSON(bundleDir)
spec, err := compatoci.ParseConfigJSON(bundleDir)
if err != nil {
return err
}

11
pkg/katautils/create_test.go
View File

@ -21,6 +21,7 @@ import (
ktu "github.com/kata-containers/runtime/pkg/katatestutils"
vc "github.com/kata-containers/runtime/virtcontainers"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
"github.com/kata-containers/runtime/virtcontainers/pkg/vcmock"
"github.com/opencontainers/runtime-spec/specs-go"
@ -275,7 +276,7 @@ func TestCreateSandboxConfigFail(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
quota := int64(0)
@ -323,7 +324,7 @@ func TestCreateSandboxFail(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
rootFs := vc.RootFs{Mounted: true}
@ -353,7 +354,7 @@ func TestCreateContainerContainerConfigFail(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
// Set invalid container type
@ -396,7 +397,7 @@ func TestCreateContainerFail(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
// set expected container type and sandboxID
@ -446,7 +447,7 @@ func TestCreateContainer(t *testing.T) {
ociConfigFile := filepath.Join(bundlePath, "config.json")
assert.True(FileExists(ociConfigFile))
spec, err := oci.ParseConfigJSON(bundlePath)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
// set expected container type and sandboxID

4
pkg/katautils/utils_test.go
View File

@ -18,7 +18,7 @@ import (
"syscall"
"testing"
"github.com/kata-containers/runtime/virtcontainers/pkg/oci"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/stretchr/testify/assert"
)
@ -124,7 +124,7 @@ func realMakeOCIBundle(bundleDir string) error {
// Note the unusual parameter (a directory, not the config
// file to parse!)
spec, err := oci.ParseConfigJSON(bundleDir)
spec, err := compatoci.ParseConfigJSON(bundleDir)
if err != nil {
return err
}

1
virtcontainers/api.go
View File

@ -613,6 +613,7 @@ func statusContainer(sandbox *Sandbox, containerID string) (ContainerStatus, err
PID: container.process.Pid,
StartTime: container.process.StartTime,
RootFs: container.config.RootFs.Target,
Spec: container.GetOCISpec(),
Annotations: container.config.Annotations,
}, nil
}

71
virtcontainers/api_test.go
View File

@ -7,6 +7,7 @@ package virtcontainers
import (
"context"
"encoding/json"
"fmt"
"os"
"path/filepath"
@ -15,7 +16,6 @@ import (
"testing"
ktu "github.com/kata-containers/runtime/pkg/katatestutils"
"github.com/kata-containers/runtime/virtcontainers/pkg/annotations"
"github.com/kata-containers/runtime/virtcontainers/pkg/mock"
vcTypes "github.com/kata-containers/runtime/virtcontainers/pkg/types"
"github.com/kata-containers/runtime/virtcontainers/store"
@ -30,15 +30,24 @@ const (
)
var sandboxAnnotations = map[string]string{
"sandbox.foo": "sandbox.bar",
"sandbox.hello": "sandbox.world",
annotations.ConfigJSONKey: `{"linux":{"resources":{}}}`,
"sandbox.foo": "sandbox.bar",
"sandbox.hello": "sandbox.world",
}
var containerAnnotations = map[string]string{
"container.foo": "container.bar",
"container.hello": "container.world",
annotations.ConfigJSONKey: `{"linux":{"resources":{}}}`,
"container.foo": "container.bar",
"container.hello": "container.world",
}
func newEmptySpec() *specs.Spec {
return &specs.Spec{
Linux: &specs.Linux{
Resources: &specs.LinuxResources{},
},
Process: &specs.Process{
Capabilities: &specs.LinuxCapabilities{},
},
}
}
func newBasicTestCmd() types.Cmd {
@ -59,12 +68,19 @@ func newBasicTestCmd() types.Cmd {
}
func newTestSandboxConfigNoop() SandboxConfig {
bundlePath := filepath.Join(testDir, testBundle)
containerAnnotations["com.github.containers.virtcontainers.pkg.oci.bundle_path"] = bundlePath
// containerAnnotations["com.github.containers.virtcontainers.pkg.oci.container_type"] = "pod_sandbox"
emptySpec := newEmptySpec()
// Define the container command and bundle.
container := ContainerConfig{
ID: containerID,
RootFs: RootFs{Target: filepath.Join(testDir, testBundle), Mounted: true},
RootFs: RootFs{Target: bundlePath, Mounted: true},
Cmd: newBasicTestCmd(),
Annotations: containerAnnotations,
Spec: emptySpec,
}
// Sets the hypervisor configuration.
@ -88,28 +104,24 @@ func newTestSandboxConfigNoop() SandboxConfig {
ProxyType: NoopProxyType,
}
configFile := filepath.Join(bundlePath, "config.json")
f, err := os.OpenFile(configFile, os.O_RDWR|os.O_CREATE, 0644)
if err != nil {
return SandboxConfig{}
}
defer f.Close()
if err := json.NewEncoder(f).Encode(emptySpec); err != nil {
return SandboxConfig{}
}
return sandboxConfig
}
func newTestSandboxConfigKataAgent() SandboxConfig {
// Sets the hypervisor configuration.
hypervisorConfig := HypervisorConfig{
KernelPath: filepath.Join(testDir, testKernel),
ImagePath: filepath.Join(testDir, testImage),
HypervisorPath: filepath.Join(testDir, testHypervisor),
}
sandboxConfig := SandboxConfig{
ID: testSandboxID,
HypervisorType: MockHypervisor,
HypervisorConfig: hypervisorConfig,
AgentType: KataContainersAgent,
Annotations: sandboxAnnotations,
ProxyType: NoopProxyType,
}
sandboxConfig := newTestSandboxConfigNoop()
sandboxConfig.AgentType = KataContainersAgent
sandboxConfig.Containers = nil
return sandboxConfig
}
@ -577,6 +589,7 @@ func TestStatusSandboxSuccessfulStateReady(t *testing.T) {
PID: 0,
RootFs: filepath.Join(testDir, testBundle),
Annotations: containerAnnotations,
Spec: newEmptySpec(),
},
},
}
@ -593,7 +606,7 @@ func TestStatusSandboxSuccessfulStateReady(t *testing.T) {
// value will be.
expectedStatus.ContainersStatus[0].StartTime = status.ContainersStatus[0].StartTime
assert.Exactly(status, expectedStatus)
assert.Equal(status, expectedStatus)
}
func TestStatusSandboxSuccessfulStateRunning(t *testing.T) {
@ -635,6 +648,7 @@ func TestStatusSandboxSuccessfulStateRunning(t *testing.T) {
PID: 0,
RootFs: filepath.Join(testDir, testBundle),
Annotations: containerAnnotations,
Spec: newEmptySpec(),
},
},
}
@ -701,6 +715,7 @@ func newTestContainerConfigNoop(contID string) ContainerConfig {
RootFs: RootFs{Target: filepath.Join(testDir, testBundle), Mounted: true},
Cmd: newBasicTestCmd(),
Annotations: containerAnnotations,
Spec: newEmptySpec(),
}
return container
@ -1202,6 +1217,7 @@ func TestStatusContainerStateReady(t *testing.T) {
PID: 0,
RootFs: filepath.Join(testDir, testBundle),
Annotations: containerAnnotations,
Spec: newEmptySpec(),
}
defer p2.wg.Wait()
@ -1268,6 +1284,7 @@ func TestStatusContainerStateRunning(t *testing.T) {
PID: 0,
RootFs: filepath.Join(testDir, testBundle),
Annotations: containerAnnotations,
Spec: newEmptySpec(),
}
defer p2.wg.Wait()

2
virtcontainers/cgroups_test.go
View File

@ -174,6 +174,7 @@ func TestUpdateCgroups(t *testing.T) {
},
config: &ContainerConfig{
Annotations: containerAnnotations,
Spec: newEmptySpec(),
},
},
"xyz": {
@ -182,6 +183,7 @@ func TestUpdateCgroups(t *testing.T) {
},
config: &ContainerConfig{
Annotations: containerAnnotations,
Spec: newEmptySpec(),
},
},
}

24
virtcontainers/container.go
View File

@ -9,7 +9,6 @@ package virtcontainers
import (
"context"
"encoding/hex"
"encoding/json"
"fmt"
"io"
"os"
@ -18,7 +17,6 @@ import (
"time"
"github.com/containerd/cgroups"
"github.com/kata-containers/runtime/virtcontainers/pkg/annotations"
vcTypes "github.com/kata-containers/runtime/virtcontainers/pkg/types"
"github.com/kata-containers/runtime/virtcontainers/types"
"github.com/kata-containers/runtime/virtcontainers/utils"
@ -80,6 +78,7 @@ type ContainerStatus struct {
PID int
StartTime time.Time
RootFs string
Spec *specs.Spec
// Annotations allow clients to store arbitrary values,
// for example to add additional status values required
@ -250,6 +249,9 @@ type ContainerConfig struct {
// Resources container resources
Resources specs.LinuxResources
// Raw OCI specification, it won't be saved to disk.
Spec *specs.Spec `json:"_"`
}
// valid checks that the container configuration is valid.
@ -403,6 +405,11 @@ func (c *Container) GetAnnotations() map[string]string {
return c.config.Annotations
}
// GetOCISpec returns container's OCI specification
func (c *Container) GetOCISpec() *specs.Spec {
return c.config.Spec
}
// storeContainer stores a container config.
func (c *Container) storeContainer() error {
if c.sandbox.supportNewStore() {
@ -1453,16 +1460,9 @@ func (c *Container) detachDevices() error {
// cgroupsCreate creates cgroups on the host for the associated container
func (c *Container) cgroupsCreate() (err error) {
ann := c.GetAnnotations()
config, ok := ann[annotations.ConfigJSONKey]
if !ok {
return fmt.Errorf("Could not find json config in annotations")
}
var spec specs.Spec
if err := json.Unmarshal([]byte(config), &spec); err != nil {
return err
spec := c.GetOCISpec()
if spec == nil {
return errorMissingOCISpec
}
// https://github.com/kata-containers/runtime/issues/168

23
virtcontainers/kata_agent.go
View File

@ -745,14 +745,10 @@ func (k *kataAgent) setProxyFromGrpc(proxy proxy, pid int, url string) {
}
func (k *kataAgent) getDNS(sandbox *Sandbox) ([]string, error) {
ociSpecJSON, ok := sandbox.config.Annotations[vcAnnotations.ConfigJSONKey]
if !ok {
return nil, errorMissingOCISpec
}
ociSpec := &specs.Spec{}
if err := json.Unmarshal([]byte(ociSpecJSON), ociSpec); err != nil {
return nil, err
ociSpec := sandbox.GetOCISpec()
if ociSpec == nil {
k.Logger().Debug("Sandbox OCI spec not found. Sandbox DNS will not be set.")
return nil, nil
}
ociMounts := ociSpec.Mounts
@ -1260,11 +1256,6 @@ func (k *kataAgent) createContainer(sandbox *Sandbox, c *Container) (p *Process,
span, _ := k.trace("createContainer")
defer span.Finish()
ociSpecJSON, ok := c.config.Annotations[vcAnnotations.ConfigJSONKey]
if !ok {
return nil, errorMissingOCISpec
}
var ctrStorages []*grpc.Storage
var ctrDevices []*grpc.Device
var rootfs *grpc.Storage
@ -1291,9 +1282,9 @@ func (k *kataAgent) createContainer(sandbox *Sandbox, c *Container) (p *Process,
ctrStorages = append(ctrStorages, rootfs)
}
ociSpec := &specs.Spec{}
if err = json.Unmarshal([]byte(ociSpecJSON), ociSpec); err != nil {
return nil, err
ociSpec := c.GetOCISpec()
if ociSpec == nil {
return nil, errorMissingOCISpec
}
// Handle container mounts

7
virtcontainers/kata_agent_test.go
View File

@ -7,7 +7,6 @@ package virtcontainers
import (
"context"
"encoding/json"
"fmt"
"io/ioutil"
"net"
@ -30,7 +29,6 @@ import (
"github.com/kata-containers/runtime/virtcontainers/device/config"
"github.com/kata-containers/runtime/virtcontainers/device/drivers"
"github.com/kata-containers/runtime/virtcontainers/device/manager"
vcAnnotations "github.com/kata-containers/runtime/virtcontainers/pkg/annotations"
"github.com/kata-containers/runtime/virtcontainers/pkg/mock"
vcTypes "github.com/kata-containers/runtime/virtcontainers/pkg/types"
"github.com/kata-containers/runtime/virtcontainers/store"
@ -747,14 +745,11 @@ func TestAgentCreateContainer(t *testing.T) {
Fstype: "xfs",
},
config: &ContainerConfig{
Spec: &specs.Spec{},
Annotations: map[string]string{},
},
}
ociSpec, err := json.Marshal(&specs.Spec{})
assert.Nil(err)
container.config.Annotations[vcAnnotations.ConfigJSONKey] = string(ociSpec[:])
impl := &gRPCProxy{}
proxy := mock.ProxyGRPCMock{

3
virtcontainers/pkg/annotations/annotations.go
View File

@ -47,9 +47,6 @@ const (
// AssetHashType is the hash type used for assets verification
AssetHashType = vcAnnotationsPrefix + "AssetHashType"
// ConfigJSONKey is the annotation key to fetch the OCI configuration.
ConfigJSONKey = vcAnnotationsPrefix + "pkg.oci.config"
// BundlePathKey is the annotation key to fetch the OCI configuration file path.
BundlePathKey = vcAnnotationsPrefix + "pkg.oci.bundle_path"

151
virtcontainers/pkg/compatoci/utils.go Normal file
View File

@ -0,0 +1,151 @@
// Copyright (c) 2017 Intel Corporation
//
// SPDX-License-Identifier: Apache-2.0
//
package compatoci
import (
"encoding/json"
"fmt"
"io/ioutil"
"path/filepath"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/sirupsen/logrus"
vcAnnotations "github.com/kata-containers/runtime/virtcontainers/pkg/annotations"
)
var ociLog = logrus.WithFields(logrus.Fields{
"source": "virtcontainers",
"subsystem": "compatoci",
})
// compatOCIProcess is a structure inheriting from specs.Process defined
// in runtime-spec/specs-go package. The goal is to be compatible with
// both v1.0.0-rc4 and v1.0.0-rc5 since the latter introduced a change
// about the type of the Capabilities field.
// Refer to: https://github.com/opencontainers/runtime-spec/commit/37391fb
type compatOCIProcess struct {
specs.Process
Capabilities interface{} `json:"capabilities,omitempty" platform:"linux"` //nolint:govet
}
// compatOCISpec is a structure inheriting from specs.Spec defined
// in runtime-spec/specs-go package. It relies on the compatOCIProcess
// structure declared above, in order to be compatible with both
// v1.0.0-rc4 and v1.0.0-rc5.
// Refer to: https://github.com/opencontainers/runtime-spec/commit/37391fb
type compatOCISpec struct {
specs.Spec
Process *compatOCIProcess `json:"process,omitempty"` //nolint:govet
}
func containerCapabilities(s compatOCISpec) (specs.LinuxCapabilities, error) {
capabilities := s.Process.Capabilities
var c specs.LinuxCapabilities
// In spec v1.0.0-rc4, capabilities was a list of strings. This was changed
// to an object with v1.0.0-rc5.
// Check for the interface type to support both the versions.
switch caps := capabilities.(type) {
case map[string]interface{}:
for key, value := range caps {
switch val := value.(type) {
case []interface{}:
var list []string
for _, str := range val {
list = append(list, str.(string))
}
switch key {
case "bounding":
c.Bounding = list
case "effective":
c.Effective = list
case "inheritable":
c.Inheritable = list
case "ambient":
c.Ambient = list
case "permitted":
c.Permitted = list
}
default:
return c, fmt.Errorf("Unexpected format for capabilities: %v", caps)
}
}
case []interface{}:
var list []string
for _, str := range caps {
list = append(list, str.(string))
}
c = specs.LinuxCapabilities{
Bounding: list,
Effective: list,
Inheritable: list,
Ambient: list,
Permitted: list,
}
case nil:
ociLog.Debug("Empty capabilities have been passed")
return c, nil
default:
return c, fmt.Errorf("Unexpected format for capabilities: %v", caps)
}
return c, nil
}
// ContainerCapabilities return a LinuxCapabilities for virtcontainer
func ContainerCapabilities(s compatOCISpec) (specs.LinuxCapabilities, error) {
if s.Process == nil {
return specs.LinuxCapabilities{}, fmt.Errorf("ContainerCapabilities, Process is nil")
}
return containerCapabilities(s)
}
// getConfigPath returns the full config path from the bundle
// path provided.
func getConfigPath(bundlePath string) string {
return filepath.Join(bundlePath, "config.json")
}
// ParseConfigJSON unmarshals the config.json file.
func ParseConfigJSON(bundlePath string) (specs.Spec, error) {
configPath := getConfigPath(bundlePath)
ociLog.Debugf("converting %s", configPath)
configByte, err := ioutil.ReadFile(configPath)
if err != nil {
return specs.Spec{}, err
}
var compSpec compatOCISpec
if err := json.Unmarshal(configByte, &compSpec); err != nil {
return specs.Spec{}, err
}
caps, err := ContainerCapabilities(compSpec)
if err != nil {
return specs.Spec{}, err
}
compSpec.Spec.Process = &compSpec.Process.Process
compSpec.Spec.Process.Capabilities = &caps
return compSpec.Spec, nil
}
func GetContainerSpec(annotations map[string]string) (specs.Spec, error) {
if bundlePath, ok := annotations[vcAnnotations.BundlePathKey]; ok {
return ParseConfigJSON(bundlePath)
}
ociLog.Errorf("Annotations[%s] not found, cannot find container spec",
vcAnnotations.BundlePathKey)
return specs.Spec{}, fmt.Errorf("Could not find container spec")
}

147
virtcontainers/pkg/compatoci/utils_test.go Normal file
View File

@ -0,0 +1,147 @@
// Copyright (c) 2017 Intel Corporation
//
// SPDX-License-Identifier: Apache-2.0
//
package compatoci
import (
"encoding/json"
"path/filepath"
"testing"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/stretchr/testify/assert"
)
const (
tempBundlePath = "/tmp/virtc/ocibundle/"
capabilitiesSpecArray = `
{
"ociVersion": "1.0.0-rc2-dev",
"process": {
"capabilities": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FSETID"
]
}
}`
capabilitiesSpecStruct = `
{
"ociVersion": "1.0.0-rc5",
"process": {
"capabilities": {
"bounding": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FSETID"
],
"effective": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FSETID"
],
"inheritable": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FSETID"
],
"permitted": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FSETID"
]
}
}
}`
)
func TestContainerCapabilities(t *testing.T) {
var ociSpec compatOCISpec
ociSpec.Process = &compatOCIProcess{}
ociSpec.Process.Capabilities = map[string]interface{}{
"bounding": []interface{}{"CAP_KILL"},
"effective": []interface{}{"CAP_KILL", "CAP_LEASE"},
"permitted": []interface{}{"CAP_SETUID"},
"inheritable": []interface{}{"CAP_KILL", "CAP_LEASE", "CAP_SYS_ADMIN"},
"ambient": []interface{}{""},
}
c, err := ContainerCapabilities(ociSpec)
assert.Nil(t, err)
assert.Equal(t, c.Bounding, []string{"CAP_KILL"})
assert.Equal(t, c.Effective, []string{"CAP_KILL", "CAP_LEASE"})
assert.Equal(t, c.Permitted, []string{"CAP_SETUID"})
assert.Equal(t, c.Inheritable, []string{"CAP_KILL", "CAP_LEASE", "CAP_SYS_ADMIN"})
assert.Equal(t, c.Ambient, []string{""})
ociSpec.Process.Capabilities = []interface{}{"CAP_LEASE", "CAP_SETUID"}
c, err = ContainerCapabilities(ociSpec)
assert.Nil(t, err)
assert.Equal(t, c.Bounding, []string{"CAP_LEASE", "CAP_SETUID"})
assert.Equal(t, c.Effective, []string{"CAP_LEASE", "CAP_SETUID"})
assert.Equal(t, c.Permitted, []string{"CAP_LEASE", "CAP_SETUID"})
assert.Equal(t, c.Inheritable, []string{"CAP_LEASE", "CAP_SETUID"})
assert.Equal(t, c.Ambient, []string{"CAP_LEASE", "CAP_SETUID"})
ociSpec.Process.Capabilities = nil
c, err = ContainerCapabilities(ociSpec)
assert.Nil(t, err)
assert.Equal(t, c.Bounding, []string(nil))
assert.Equal(t, c.Effective, []string(nil))
assert.Equal(t, c.Permitted, []string(nil))
assert.Equal(t, c.Inheritable, []string(nil))
assert.Equal(t, c.Ambient, []string(nil))
}
// use specs.Spec to decode the spec, the content of capabilities is [] string
func TestCompatOCISpecWithArray(t *testing.T) {
compatOCISpec := compatOCISpec{}
err := json.Unmarshal([]byte(capabilitiesSpecArray), &compatOCISpec)
assert.Nil(t, err, "use compatOCISpec to decode capabilitiesSpecArray failed")
ociSpecJSON, err := json.Marshal(compatOCISpec)
assert.Nil(t, err, "encode compatOCISpec failed")
// use specs.Spec to decode the spec, specs.Spec' capabilities is struct,
// but the content of spec' capabilities is [] string
ociSpec := specs.Spec{}
err = json.Unmarshal(ociSpecJSON, &ociSpec)
assert.NotNil(t, err, "This test should fail")
caps, err := ContainerCapabilities(compatOCISpec)
assert.Nil(t, err, "decode capabilities failed")
compatOCISpec.Process.Capabilities = caps
ociSpecJSON, err = json.Marshal(compatOCISpec)
assert.Nil(t, err, "encode compatOCISpec failed")
// capabilities has been chaged to struct
err = json.Unmarshal(ociSpecJSON, &ociSpec)
assert.Nil(t, err, "This test should fail")
}
// use specs.Spec to decode the spec, the content of capabilities is struct
func TestCompatOCISpecWithStruct(t *testing.T) {
compatOCISpec := compatOCISpec{}
err := json.Unmarshal([]byte(capabilitiesSpecStruct), &compatOCISpec)
assert.Nil(t, err, "use compatOCISpec to decode capabilitiesSpecStruct failed")
ociSpecJSON, err := json.Marshal(compatOCISpec)
assert.Nil(t, err, "encode compatOCISpec failed")
ociSpec := specs.Spec{}
err = json.Unmarshal(ociSpecJSON, &ociSpec)
assert.Nil(t, err, "This test should not fail")
}
func TestGetConfigPath(t *testing.T) {
expected := filepath.Join(tempBundlePath, "config.json")
configPath := getConfigPath(tempBundlePath)
assert.Equal(t, configPath, expected)
}

145
virtcontainers/pkg/oci/utils.go
View File

@ -7,10 +7,8 @@ package oci
import (
"context"
"encoding/json"
"errors"
"fmt"
"io/ioutil"
"path/filepath"
"strconv"
"strings"
@ -75,26 +73,6 @@ const (
const KernelModulesSeparator = ";"
// compatOCIProcess is a structure inheriting from specs.Process defined
// in runtime-spec/specs-go package. The goal is to be compatible with
// both v1.0.0-rc4 and v1.0.0-rc5 since the latter introduced a change
// about the type of the Capabilities field.
// Refer to: https://github.com/opencontainers/runtime-spec/commit/37391fb
type compatOCIProcess struct {
specs.Process
Capabilities interface{} `json:"capabilities,omitempty" platform:"linux"` //nolint:govet
}
// compatOCISpec is a structure inheriting from specs.Spec defined
// in runtime-spec/specs-go package. It relies on the CompatOCIProcess
// structure declared above, in order to be compatible with both
// v1.0.0-rc4 and v1.0.0-rc5.
// Refer to: https://github.com/opencontainers/runtime-spec/commit/37391fb
type compatOCISpec struct {
specs.Spec
Process *compatOCIProcess `json:"process,omitempty"` //nolint:govet
}
// FactoryConfig is a structure to set the VM factory configuration.
type FactoryConfig struct {
// Template enables VM templating support in VM factory.
@ -267,69 +245,6 @@ func containerDeviceInfos(spec specs.Spec) ([]config.DeviceInfo, error) {
return devices, nil
}
// containerCapabilities return a LinuxCapabilities for virtcontainer
func containerCapabilities(s compatOCISpec) (specs.LinuxCapabilities, error) {
if s.Process == nil {
return specs.LinuxCapabilities{}, fmt.Errorf("containerCapabilities, Process is nil")
}
capabilities := s.Process.Capabilities
var c specs.LinuxCapabilities
// In spec v1.0.0-rc4, capabilities was a list of strings. This was changed
// to an object with v1.0.0-rc5.
// Check for the interface type to support both the versions.
switch caps := capabilities.(type) {
case map[string]interface{}:
for key, value := range caps {
switch val := value.(type) {
case []interface{}:
var list []string
for _, str := range val {
list = append(list, str.(string))
}
switch key {
case "bounding":
c.Bounding = list
case "effective":
c.Effective = list
case "inheritable":
c.Inheritable = list
case "ambient":
c.Ambient = list
case "permitted":
c.Permitted = list
}
default:
return c, fmt.Errorf("Unexpected format for capabilities: %v", caps)
}
}
case []interface{}:
var list []string
for _, str := range caps {
list = append(list, str.(string))
}
c = specs.LinuxCapabilities{
Bounding: list,
Effective: list,
Inheritable: list,
Ambient: list,
Permitted: list,
}
case nil:
ociLog.Debug("Empty capabilities have been passed")
return c, nil
default:
return c, fmt.Errorf("Unexpected format for capabilities: %v", caps)
}
return c, nil
}
func networkConfig(ocispec specs.Spec, config RuntimeConfig) (vc.NetworkConfig, error) {
linux := ocispec.Linux
if linux == nil {
@ -359,38 +274,6 @@ func networkConfig(ocispec specs.Spec, config RuntimeConfig) (vc.NetworkConfig,
return netConf, nil
}
// getConfigPath returns the full config path from the bundle
// path provided.
func getConfigPath(bundlePath string) string {
return filepath.Join(bundlePath, "config.json")
}
// ParseConfigJSON unmarshals the config.json file.
func ParseConfigJSON(bundlePath string) (specs.Spec, error) {
configPath := getConfigPath(bundlePath)
ociLog.Debugf("converting %s", configPath)
configByte, err := ioutil.ReadFile(configPath)
if err != nil {
return specs.Spec{}, err
}
var compSpec compatOCISpec
if err := json.Unmarshal(configByte, &compSpec); err != nil {
return specs.Spec{}, err
}
caps, err := containerCapabilities(compSpec)
if err != nil {
return specs.Spec{}, err
}
compSpec.Spec.Process = &compSpec.Process.Process
compSpec.Spec.Process.Capabilities = &caps
return compSpec.Spec, nil
}
// GetContainerType determines which type of container matches the annotations
// table provided.
func GetContainerType(annotations map[string]string) (vc.ContainerType, error) {
@ -484,11 +367,6 @@ func SandboxConfig(ocispec specs.Spec, runtime RuntimeConfig, bundlePath, cid, c
return vc.SandboxConfig{}, err
}
ociSpecJSON, err := json.Marshal(ocispec)
if err != nil {
return vc.SandboxConfig{}, err
}
sandboxConfig := vc.SandboxConfig{
ID: cid,
@ -511,7 +389,6 @@ func SandboxConfig(ocispec specs.Spec, runtime RuntimeConfig, bundlePath, cid, c
Containers: []vc.ContainerConfig{containerConfig},
Annotations: map[string]string{
vcAnnotations.ConfigJSONKey: string(ociSpecJSON),
vcAnnotations.BundlePathKey: bundlePath,
},
@ -523,6 +400,9 @@ func SandboxConfig(ocispec specs.Spec, runtime RuntimeConfig, bundlePath, cid, c
DisableGuestSeccomp: runtime.DisableGuestSeccomp,
// Q: Is this really necessary? @weizhang555
// Spec: &ocispec,
Experimental: runtime.Experimental,
}
@ -534,11 +414,6 @@ func SandboxConfig(ocispec specs.Spec, runtime RuntimeConfig, bundlePath, cid, c
// ContainerConfig converts an OCI compatible runtime configuration
// file to a virtcontainers container configuration structure.
func ContainerConfig(ocispec specs.Spec, bundlePath, cid, console string, detach bool) (vc.ContainerConfig, error) {
ociSpecJSON, err := json.Marshal(ocispec)
if err != nil {
return vc.ContainerConfig{}, err
}
rootfs := vc.RootFs{Target: ocispec.Root.Path, Mounted: true}
if !filepath.IsAbs(rootfs.Target) {
rootfs.Target = filepath.Join(bundlePath, ocispec.Root.Path)
@ -578,12 +453,12 @@ func ContainerConfig(ocispec specs.Spec, bundlePath, cid, console string, detach
ReadonlyRootfs: ocispec.Root.Readonly,
Cmd: cmd,
Annotations: map[string]string{
vcAnnotations.ConfigJSONKey: string(ociSpecJSON),
vcAnnotations.BundlePathKey: bundlePath,
},
Mounts: containerMounts(ocispec),
DeviceInfos: deviceInfos,
Resources: *ocispec.Linux.Resources,
Spec: &ocispec,
}
cType, err := ContainerType(ocispec)
@ -686,15 +561,9 @@ func EnvVars(envs []string) ([]types.EnvVar, error) {
// GetOCIConfig returns an OCI spec configuration from the annotation
// stored into the container status.
func GetOCIConfig(status vc.ContainerStatus) (specs.Spec, error) {
ociConfigStr, ok := status.Annotations[vcAnnotations.ConfigJSONKey]
if !ok {
return specs.Spec{}, fmt.Errorf("Annotation[%s] not found", vcAnnotations.ConfigJSONKey)
if status.Spec == nil {
return specs.Spec{}, fmt.Errorf("missing OCI spec for container")
}
var ociSpec specs.Spec
if err := json.Unmarshal([]byte(ociConfigStr), &ociSpec); err != nil {
return specs.Spec{}, err
}
return ociSpec, nil
return *status.Spec, nil
}

159
virtcontainers/pkg/oci/utils_test.go
View File

@ -6,7 +6,6 @@
package oci
import (
"encoding/json"
"fmt"
"io/ioutil"
"os"
@ -18,7 +17,6 @@ import (
"testing"
"github.com/cri-o/cri-o/pkg/annotations"
spec "github.com/opencontainers/runtime-spec/specs-go"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/stretchr/testify/assert"
"golang.org/x/sys/unix"
@ -26,6 +24,7 @@ import (
vc "github.com/kata-containers/runtime/virtcontainers"
"github.com/kata-containers/runtime/virtcontainers/device/config"
vcAnnotations "github.com/kata-containers/runtime/virtcontainers/pkg/annotations"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
"github.com/kata-containers/runtime/virtcontainers/types"
)
@ -35,47 +34,6 @@ const (
consolePath = "/tmp/virtc/console"
fileMode = os.FileMode(0640)
dirMode = os.FileMode(0750)
capabilitiesSpecArray = `
{
"ociVersion": "1.0.0-rc2-dev",
"process": {
"capabilities": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FSETID"
]
}
}`
capabilitiesSpecStruct = `
{
"ociVersion": "1.0.0-rc5",
"process": {
"capabilities": {
"bounding": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FSETID"
],
"effective": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FSETID"
],
"inheritable": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FSETID"
],
"permitted": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FSETID"
]
}
}
}`
)
func createConfig(fileName string, fileData string) (string, error) {
@ -168,18 +126,7 @@ func TestMinimalSandboxConfig(t *testing.T) {
},
}
var minimalOCISpec compatOCISpec
//Marshal and unmarshall json to compare sandboxConfig and expectedSandboxConfig
err = json.Unmarshal([]byte(minimalConfig), &minimalOCISpec)
assert.NoError(err)
if minimalOCISpec.Process != nil {
caps, err := containerCapabilities(minimalOCISpec)
assert.NoError(err)
minimalOCISpec.Spec.Process = &minimalOCISpec.Process.Process
minimalOCISpec.Spec.Process.Capabilities = &caps
}
ociSpecJSON, err := json.Marshal(minimalOCISpec.Spec)
spec, err := compatoci.ParseConfigJSON(tempBundlePath)
assert.NoError(err)
devInfo := config.DeviceInfo{
@ -201,7 +148,6 @@ func TestMinimalSandboxConfig(t *testing.T) {
ReadonlyRootfs: true,
Cmd: expectedCmd,
Annotations: map[string]string{
vcAnnotations.ConfigJSONKey: string(ociSpecJSON),
vcAnnotations.BundlePathKey: tempBundlePath,
vcAnnotations.ContainerTypeKey: string(vc.PodSandbox),
},
@ -210,6 +156,7 @@ func TestMinimalSandboxConfig(t *testing.T) {
Resources: specs.LinuxResources{Devices: []specs.LinuxDeviceCgroup{
{Allow: false, Type: "", Major: (*int64)(nil), Minor: (*int64)(nil), Access: "rwm"},
}},
Spec: &spec,
}
expectedNetworkConfig := vc.NetworkConfig{}
@ -228,17 +175,13 @@ func TestMinimalSandboxConfig(t *testing.T) {
Containers: []vc.ContainerConfig{expectedContainerConfig},
Annotations: map[string]string{
vcAnnotations.ConfigJSONKey: string(ociSpecJSON),
vcAnnotations.BundlePathKey: tempBundlePath,
},
SystemdCgroup: true,
}
ociSpec, err := ParseConfigJSON(tempBundlePath)
assert.NoError(err)
sandboxConfig, err := SandboxConfig(ociSpec, runtimeConfig, tempBundlePath, containerID, consolePath, false, true)
sandboxConfig, err := SandboxConfig(spec, runtimeConfig, tempBundlePath, containerID, consolePath, false, true)
assert.NoError(err)
assert.Exactly(sandboxConfig, expectedSandboxConfig)
@ -261,7 +204,6 @@ func TestStatusToOCIStateSuccessfulWithReadyState(t *testing.T) {
}
containerAnnotations := map[string]string{
vcAnnotations.ConfigJSONKey: minimalConfig,
vcAnnotations.BundlePathKey: tempBundlePath,
}
@ -297,7 +239,6 @@ func TestStatusToOCIStateSuccessfulWithRunningState(t *testing.T) {
}
containerAnnotations := map[string]string{
vcAnnotations.ConfigJSONKey: minimalConfig,
vcAnnotations.BundlePathKey: tempBundlePath,
}
@ -332,7 +273,6 @@ func TestStatusToOCIStateSuccessfulWithStoppedState(t *testing.T) {
}
containerAnnotations := map[string]string{
vcAnnotations.ConfigJSONKey: minimalConfig,
vcAnnotations.BundlePathKey: tempBundlePath,
}
@ -363,7 +303,6 @@ func TestStatusToOCIStateSuccessfulWithNoState(t *testing.T) {
testRootFs := "testRootFs"
containerAnnotations := map[string]string{
vcAnnotations.ConfigJSONKey: minimalConfig,
vcAnnotations.BundlePathKey: tempBundlePath,
}
@ -452,12 +391,6 @@ func TestMalformedEnvVars(t *testing.T) {
assert.Error(err)
}
func TestGetConfigPath(t *testing.T) {
expected := filepath.Join(tempBundlePath, "config.json")
configPath := getConfigPath(tempBundlePath)
assert.Equal(t, configPath, expected)
}
func testGetContainerTypeSuccessful(t *testing.T, annotations map[string]string, expected vc.ContainerType) {
assert := assert.New(t)
containerType, err := GetContainerType(annotations)
@ -631,88 +564,6 @@ func TestDevicePathEmpty(t *testing.T) {
assert.NotNil(t, err, "This test should fail as path cannot be empty for device")
}
func TestContainerCapabilities(t *testing.T) {
var ociSpec compatOCISpec
ociSpec.Process = &compatOCIProcess{}
ociSpec.Process.Capabilities = map[string]interface{}{
"bounding": []interface{}{"CAP_KILL"},
"effective": []interface{}{"CAP_KILL", "CAP_LEASE"},
"permitted": []interface{}{"CAP_SETUID"},
"inheritable": []interface{}{"CAP_KILL", "CAP_LEASE", "CAP_SYS_ADMIN"},
"ambient": []interface{}{""},
}
c, err := containerCapabilities(ociSpec)
assert.Nil(t, err)
assert.Equal(t, c.Bounding, []string{"CAP_KILL"})
assert.Equal(t, c.Effective, []string{"CAP_KILL", "CAP_LEASE"})
assert.Equal(t, c.Permitted, []string{"CAP_SETUID"})
assert.Equal(t, c.Inheritable, []string{"CAP_KILL", "CAP_LEASE", "CAP_SYS_ADMIN"})
assert.Equal(t, c.Ambient, []string{""})
ociSpec.Process.Capabilities = []interface{}{"CAP_LEASE", "CAP_SETUID"}
c, err = containerCapabilities(ociSpec)
assert.Nil(t, err)
assert.Equal(t, c.Bounding, []string{"CAP_LEASE", "CAP_SETUID"})
assert.Equal(t, c.Effective, []string{"CAP_LEASE", "CAP_SETUID"})
assert.Equal(t, c.Permitted, []string{"CAP_LEASE", "CAP_SETUID"})
assert.Equal(t, c.Inheritable, []string{"CAP_LEASE", "CAP_SETUID"})
assert.Equal(t, c.Ambient, []string{"CAP_LEASE", "CAP_SETUID"})
ociSpec.Process.Capabilities = nil
c, err = containerCapabilities(ociSpec)
assert.Nil(t, err)
assert.Equal(t, c.Bounding, []string(nil))
assert.Equal(t, c.Effective, []string(nil))
assert.Equal(t, c.Permitted, []string(nil))
assert.Equal(t, c.Inheritable, []string(nil))
assert.Equal(t, c.Ambient, []string(nil))
}
// use specs.Spec to decode the spec, the content of capabilities is [] string
func TestCompatOCISpecWithArray(t *testing.T) {
compatOCISpec := compatOCISpec{}
err := json.Unmarshal([]byte(capabilitiesSpecArray), &compatOCISpec)
assert.Nil(t, err, "use compatOCISpec to decode capabilitiesSpecArray failed")
ociSpecJSON, err := json.Marshal(compatOCISpec)
assert.Nil(t, err, "encode compatOCISpec failed")
// use specs.Spec to decode the spec, specs.Spec' capabilities is struct,
// but the content of spec' capabilities is [] string
ociSpec := specs.Spec{}
err = json.Unmarshal(ociSpecJSON, &ociSpec)
assert.NotNil(t, err, "This test should fail")
caps, err := containerCapabilities(compatOCISpec)
assert.Nil(t, err, "decode capabilities failed")
compatOCISpec.Process.Capabilities = caps
ociSpecJSON, err = json.Marshal(compatOCISpec)
assert.Nil(t, err, "encode compatOCISpec failed")
// capabilities has been chaged to struct
err = json.Unmarshal(ociSpecJSON, &ociSpec)
assert.Nil(t, err, "This test should fail")
}
// use specs.Spec to decode the spec, the content of capabilities is struct
func TestCompatOCISpecWithStruct(t *testing.T) {
compatOCISpec := compatOCISpec{}
err := json.Unmarshal([]byte(capabilitiesSpecStruct), &compatOCISpec)
assert.Nil(t, err, "use compatOCISpec to decode capabilitiesSpecStruct failed")
ociSpecJSON, err := json.Marshal(compatOCISpec)
assert.Nil(t, err, "encode compatOCISpec failed")
ociSpec := specs.Spec{}
err = json.Unmarshal(ociSpecJSON, &ociSpec)
assert.Nil(t, err, "This test should not fail")
}
func TestGetShmSize(t *testing.T) {
containerConfig := vc.ContainerConfig{
Mounts: []vc.Mount{},
@ -811,7 +662,7 @@ func TestAddAssetAnnotations(t *testing.T) {
AgentConfig: vc.KataAgentConfig{},
}
ocispec := spec.Spec{
ocispec := specs.Spec{
Annotations: expectedAnnotations,
}

92
virtcontainers/sandbox.go
View File

@ -7,7 +7,6 @@ package virtcontainers
import (
"context"
"encoding/json"
"fmt"
"io"
"math"
@ -20,6 +19,12 @@ import (
"github.com/containerd/cgroups"
"github.com/containernetworking/plugins/pkg/ns"
specs "github.com/opencontainers/runtime-spec/specs-go"
opentracing "github.com/opentracing/opentracing-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/vishvananda/netlink"
"github.com/kata-containers/agent/protocols/grpc"
"github.com/kata-containers/runtime/virtcontainers/device/api"
"github.com/kata-containers/runtime/virtcontainers/device/config"
@ -29,15 +34,11 @@ import (
"github.com/kata-containers/runtime/virtcontainers/persist"
persistapi "github.com/kata-containers/runtime/virtcontainers/persist/api"
"github.com/kata-containers/runtime/virtcontainers/pkg/annotations"
"github.com/kata-containers/runtime/virtcontainers/pkg/compatoci"
vcTypes "github.com/kata-containers/runtime/virtcontainers/pkg/types"
"github.com/kata-containers/runtime/virtcontainers/store"
"github.com/kata-containers/runtime/virtcontainers/types"
"github.com/kata-containers/runtime/virtcontainers/utils"
specs "github.com/opencontainers/runtime-spec/specs-go"
opentracing "github.com/opentracing/opentracing-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/vishvananda/netlink"
)
const (
@ -1089,7 +1090,15 @@ func (s *Sandbox) addContainer(c *Container) error {
// in the guest. This should only be used when fetching a
// sandbox that already exists.
func (s *Sandbox) fetchContainers() error {
for _, contConfig := range s.config.Containers {
for i, contConfig := range s.config.Containers {
// Add spec from bundle path
spec, err := compatoci.GetContainerSpec(contConfig.Annotations)
if err != nil {
return err
}
contConfig.Spec = &spec
s.config.Containers[i] = contConfig
c, err := newContainer(s, contConfig)
if err != nil {
return err
@ -2090,45 +2099,21 @@ func (s *Sandbox) cpuResources() *specs.LinuxCPU {
// setupSandboxCgroup creates and joins sandbox cgroups for the sandbox config
func (s *Sandbox) setupSandboxCgroup() error {
var podSandboxConfig *ContainerConfig
spec := s.GetOCISpec()
if s.config == nil {
return fmt.Errorf("Sandbox config is nil")
}
// get the container associated with the PodSandbox annotation. In Kubernetes, this
// represents the pause container. In Docker, this is the container. We derive the
// cgroup path from this container.
for _, cConfig := range s.config.Containers {
if cConfig.Annotations[annotations.ContainerTypeKey] == string(PodSandbox) {
podSandboxConfig = &cConfig
break
}
}
if podSandboxConfig == nil {
return fmt.Errorf("Failed to find cgroup path for sandbox: Container of type '%s' not found", PodSandbox)
}
configJSON, ok := podSandboxConfig.Annotations[annotations.ConfigJSONKey]
if !ok {
return fmt.Errorf("Could not find json config in annotations for container '%s'", podSandboxConfig.ID)
}
var spec specs.Spec
if err := json.Unmarshal([]byte(configJSON), &spec); err != nil {
return err
if spec == nil {
return errorMissingOCISpec
}
if spec.Linux == nil {
// Cgroup path is optional, though expected. If not defined, skip the setup
s.Logger().WithField("sandboxid", podSandboxConfig.ID).Warning("no cgroup path provided for pod sandbox, not creating sandbox cgroup")
s.Logger().WithField("sandboxid", s.id).Warning("no cgroup path provided for pod sandbox, not creating sandbox cgroup")
return nil
}
validContainerCgroup := utils.ValidCgroupPath(spec.Linux.CgroupsPath)
// Create a Kata sandbox cgroup with the cgroup of the sandbox container as the parent
s.state.CgroupPath = filepath.Join(filepath.Dir(validContainerCgroup), cgroupKataPrefix+"_"+podSandboxConfig.ID)
s.state.CgroupPath = filepath.Join(filepath.Dir(validContainerCgroup), cgroupKataPrefix+"_"+s.id)
cgroup, err := cgroupsNewFunc(cgroups.V1, cgroups.StaticPath(s.state.CgroupPath), &specs.LinuxResources{})
if err != nil {
return fmt.Errorf("Could not create sandbox cgroup in %v: %v", s.state.CgroupPath, err)
@ -2143,3 +2128,38 @@ func (s *Sandbox) setupSandboxCgroup() error {
return nil
}
func (s *Sandbox) sandboxContConf() *ContainerConfig {
var podSandboxConfig *ContainerConfig
if s.config == nil {
return nil
}
// get the container associated with the PodSandbox annotation. In Kubernetes, this
// represents the pause container. In Docker, this is the container. We derive the
// cgroup path from this container.
for _, cConfig := range s.config.Containers {
if cConfig.Annotations[annotations.ContainerTypeKey] == string(PodSandbox) {
podSandboxConfig = &cConfig
break
}
}
if podSandboxConfig == nil {
return nil
}
return podSandboxConfig
}
// GetOCISpec returns sandbox's OCI specification
func (s *Sandbox) GetOCISpec() *specs.Spec {
conf := s.sandboxContConf()
if conf == nil {
return nil
}
// First container is sandbox container as default
return conf.Spec
}

37
virtcontainers/sandbox_test.go
View File

@ -649,6 +649,7 @@ func TestContainerStateSetFstype(t *testing.T) {
{
ID: "100",
Annotations: containerAnnotations,
Spec: newEmptySpec(),
},
}
@ -1517,44 +1518,24 @@ func TestSandboxExperimentalFeature(t *testing.T) {
assert.True(t, sconfig.valid())
}
/*
func TestSandbox_joinSandboxCgroup(t *testing.T) {
mockValidCgroup := &Sandbox{}
mockValidCgroup.state.CgroupPath = "/my/cgroup"
tests := []struct {
name string
s *Sandbox
wantErr bool
}{
{"New Config", &Sandbox{}, false},
{"Mock cgroup path", mockValidCgroup, false},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if err := tt.s.joinSandboxCgroup(); (err != nil) != tt.wantErr {
t.Errorf("Sandbox.joinSandboxCgroup() error = %v, wantErr %v", err, tt.wantErr)
}
})
}
}
*/
func TestSandbox_SetupSandboxCgroup(t *testing.T) {
sandboxContainer := ContainerConfig{}
sandboxContainer.Annotations = make(map[string]string)
sandboxContainer.Annotations[annotations.ContainerTypeKey] = string(PodSandbox)
emptyJSONLinux := ContainerConfig{}
emptyJSONLinux := ContainerConfig{
Spec: newEmptySpec(),
}
emptyJSONLinux.Annotations = make(map[string]string)
emptyJSONLinux.Annotations[annotations.ContainerTypeKey] = string(PodSandbox)
emptyJSONLinux.Annotations[annotations.ConfigJSONKey] = "{}"
successfulContainer := ContainerConfig{}
cloneSpec1 := newEmptySpec()
cloneSpec1.Linux.CgroupsPath = "/myRuntime/myContainer"
successfulContainer := ContainerConfig{
Spec: cloneSpec1,
}
successfulContainer.Annotations = make(map[string]string)
successfulContainer.Annotations[annotations.ContainerTypeKey] = string(PodSandbox)
successfulContainer.Annotations[annotations.ConfigJSONKey] = "{\"linux\": { \"cgroupsPath\": \"/myRuntime/myContainer\" }}"
tests := []struct {
name string