virtcontainers: rename GetOCISpec to GetPatchedOCISpec

GetOCISpec returns a patched version of the original OCI spec, it was modified
to support:
* capabilities
* Ephemeral storage
* k8s empty dir

In order to avoid consusions and make api clear, rename GetOCISpec
to GetPatchedOCISpec and ContainerConfig.Spec to ContainerConfig.CustomSpec

fixes #2252

Signed-off-by: Julio Montes <julio.montes@intel.com>

virtcontainers/api.go

@@ -620,7 +620,7 @@ func statusContainer(sandbox *Sandbox, containerID string) (ContainerStatus, err
 			PID:         container.process.Pid,
 			StartTime:   container.process.StartTime,
 			RootFs:      container.config.RootFs.Target,
-			Spec:        container.GetOCISpec(),
+			Spec:        container.GetPatchedOCISpec(),
 			Annotations: container.config.Annotations,
 		}, nil
 	}

virtcontainers/api_test.go

@@ -81,7 +81,7 @@ func newTestSandboxConfigNoop() SandboxConfig {
 		RootFs:      RootFs{Target: bundlePath, Mounted: true},
 		Cmd:         newBasicTestCmd(),
 		Annotations: containerAnnotations,
-		Spec:        emptySpec,
+		CustomSpec:  emptySpec,
 	}
 
 	// Sets the hypervisor configuration.
@@ -717,7 +717,7 @@ func newTestContainerConfigNoop(contID string) ContainerConfig {
 		RootFs:      RootFs{Target: filepath.Join(testDir, testBundle), Mounted: true},
 		Cmd:         newBasicTestCmd(),
 		Annotations: containerAnnotations,
-		Spec:        newEmptySpec(),
+		CustomSpec:  newEmptySpec(),
 	}
 
 	return container

virtcontainers/cgroups_test.go

@@ -175,7 +175,7 @@ func TestUpdateCgroups(t *testing.T) {
 			},
 			config: &ContainerConfig{
 				Annotations: containerAnnotations,
-				Spec:        newEmptySpec(),
+				CustomSpec:  newEmptySpec(),
 			},
 		},
 		"xyz": {
@@ -184,7 +184,7 @@ func TestUpdateCgroups(t *testing.T) {
 			},
 			config: &ContainerConfig{
 				Annotations: containerAnnotations,
-				Spec:        newEmptySpec(),
+				CustomSpec:  newEmptySpec(),
 			},
 		},
 	}

virtcontainers/container.go

@@ -252,7 +252,7 @@ type ContainerConfig struct {
 	Resources specs.LinuxResources
 
 	// Raw OCI specification, it won't be saved to disk.
-	Spec *specs.Spec `json:"-"`
+	CustomSpec *specs.Spec `json:"-"`
 }
 
 // valid checks that the container configuration is valid.
@@ -406,9 +406,17 @@ func (c *Container) GetAnnotations() map[string]string {
 	return c.config.Annotations
 }
 
-// GetOCISpec returns container's OCI specification
+// GetPatchedOCISpec returns container's OCI specification
-func (c *Container) GetOCISpec() *specs.Spec {
+// This OCI specification was patched when the sandbox was created
-	return c.config.Spec
+// by containerCapabilities(), SetEphemeralStorageType() and others
+// in order to support:
+// * capabilities
+// * Ephemeral storage
+// * k8s empty dir
+// If you need the original (vanilla) OCI spec,
+// use compatoci.GetContainerSpec() instead.
+func (c *Container) GetPatchedOCISpec() *specs.Spec {
+	return c.config.CustomSpec
 }
 
 // storeContainer stores a container config.
@@ -1469,7 +1477,7 @@ func (c *Container) detachDevices() error {
 
 // cgroupsCreate creates cgroups on the host for the associated container
 func (c *Container) cgroupsCreate() (err error) {
-	spec := c.GetOCISpec()
+	spec := c.GetPatchedOCISpec()
 	if spec == nil {
 		return errorMissingOCISpec
 	}

virtcontainers/kata_agent.go

@@ -746,7 +746,7 @@ func (k *kataAgent) setProxyFromGrpc(proxy proxy, pid int, url string) {
 }
 
 func (k *kataAgent) getDNS(sandbox *Sandbox) ([]string, error) {
-	ociSpec := sandbox.GetOCISpec()
+	ociSpec := sandbox.GetPatchedOCISpec()
 	if ociSpec == nil {
 		k.Logger().Debug("Sandbox OCI spec not found. Sandbox DNS will not be set.")
 		return nil, nil
@@ -1283,7 +1283,7 @@ func (k *kataAgent) createContainer(sandbox *Sandbox, c *Container) (p *Process,
 		ctrStorages = append(ctrStorages, rootfs)
 	}
 
-	ociSpec := c.GetOCISpec()
+	ociSpec := c.GetPatchedOCISpec()
 	if ociSpec == nil {
 		return nil, errorMissingOCISpec
 	}

virtcontainers/kata_agent_test.go

@@ -728,7 +728,7 @@ func TestAgentCreateContainer(t *testing.T) {
 			Fstype: "xfs",
 		},
 		config: &ContainerConfig{
-			Spec:        &specs.Spec{},
+			CustomSpec:  &specs.Spec{},
 			Annotations: map[string]string{},
 		},
 	}

virtcontainers/pkg/oci/utils.go

@@ -861,7 +861,10 @@ func ContainerConfig(ocispec specs.Spec, bundlePath, cid, console string, detach
 		Mounts:      containerMounts(ocispec),
 		DeviceInfos: deviceInfos,
 		Resources:   *ocispec.Linux.Resources,
-		Spec:        &ocispec,
+
+		// This is a custom OCI spec modified at SetEphemeralStorageType()
+		// to support ephemeral storage and k8s empty dir.
+		CustomSpec: &ocispec,
 	}
 
 	cType, err := ContainerType(ocispec)

virtcontainers/pkg/oci/utils_test.go

@@ -156,7 +156,7 @@ func TestMinimalSandboxConfig(t *testing.T) {
 		Resources: specs.LinuxResources{Devices: []specs.LinuxDeviceCgroup{
 			{Allow: false, Type: "", Major: (*int64)(nil), Minor: (*int64)(nil), Access: "rwm"},
 		}},
-		Spec: &spec,
+		CustomSpec: &spec,
 	}
 
 	expectedNetworkConfig := vc.NetworkConfig{}

virtcontainers/sandbox.go

@@ -1130,7 +1130,7 @@ func (s *Sandbox) fetchContainers() error {
 		if err != nil {
 			return err
 		}
-		contConfig.Spec = &spec
+		contConfig.CustomSpec = &spec
 		s.config.Containers[i] = contConfig
 
 		c, err := newContainer(s, &s.config.Containers[i])
@@ -2213,7 +2213,7 @@ func (s *Sandbox) cpuResources() *specs.LinuxCPU {
 
 // setupSandboxCgroup creates and joins sandbox cgroups for the sandbox config
 func (s *Sandbox) setupSandboxCgroup() error {
-	spec := s.GetOCISpec()
+	spec := s.GetPatchedOCISpec()
 
 	if spec == nil {
 		return errorMissingOCISpec
@@ -2242,9 +2242,16 @@ func (s *Sandbox) setupSandboxCgroup() error {
 	return nil
 }
 
-func (s *Sandbox) sandboxContConf() *ContainerConfig {
+// GetPatchedOCISpec returns sandbox's OCI specification
-	var podSandboxConfig *ContainerConfig
+// This OCI specification was patched when the sandbox was created
-
+// by containerCapabilities(), SetEphemeralStorageType() and others
+// in order to support:
+// * capabilities
+// * Ephemeral storage
+// * k8s empty dir
+// If you need the original (vanilla) OCI spec,
+// use compatoci.GetContainerSpec() instead.
+func (s *Sandbox) GetPatchedOCISpec() *specs.Spec {
 	if s.config == nil {
 		return nil
 	}
@@ -2254,25 +2261,9 @@ func (s *Sandbox) sandboxContConf() *ContainerConfig {
 	// cgroup path from this container.
 	for _, cConfig := range s.config.Containers {
 		if cConfig.Annotations[annotations.ContainerTypeKey] == string(PodSandbox) {
-			podSandboxConfig = &cConfig
+			return cConfig.CustomSpec
-			break
 		}
 	}
 
-	if podSandboxConfig == nil {
 	return nil
 }
-
-	return podSandboxConfig
-}
-
-// GetOCISpec returns sandbox's OCI specification
-func (s *Sandbox) GetOCISpec() *specs.Spec {
-	conf := s.sandboxContConf()
-	if conf == nil {
-		return nil
-	}
-
-	// First container is sandbox container as default
-	return conf.Spec
-}

virtcontainers/sandbox_test.go

@@ -649,7 +649,7 @@ func TestContainerStateSetFstype(t *testing.T) {
 		{
 			ID:          "100",
 			Annotations: containerAnnotations,
-			Spec:        newEmptySpec(),
+			CustomSpec:  newEmptySpec(),
 		},
 	}
 
@@ -1524,7 +1524,7 @@ func TestSandbox_SetupSandboxCgroup(t *testing.T) {
 	sandboxContainer.Annotations[annotations.ContainerTypeKey] = string(PodSandbox)
 
 	emptyJSONLinux := ContainerConfig{
-		Spec: newEmptySpec(),
+		CustomSpec: newEmptySpec(),
 	}
 	emptyJSONLinux.Annotations = make(map[string]string)
 	emptyJSONLinux.Annotations[annotations.ContainerTypeKey] = string(PodSandbox)
@@ -1532,7 +1532,7 @@ func TestSandbox_SetupSandboxCgroup(t *testing.T) {
 	cloneSpec1 := newEmptySpec()
 	cloneSpec1.Linux.CgroupsPath = "/myRuntime/myContainer"
 	successfulContainer := ContainerConfig{
-		Spec: cloneSpec1,
+		CustomSpec: cloneSpec1,
 	}
 	successfulContainer.Annotations = make(map[string]string)
 	successfulContainer.Annotations[annotations.ContainerTypeKey] = string(PodSandbox)