From 73e81f5e39ca4feee787fc7294f84e585e1c351a Mon Sep 17 00:00:00 2001
From: "alex.lyn" <alex.lyn@antgroup.com>
Date: Mon, 9 Oct 2023 20:56:21 +0800
Subject: [PATCH] runitme-rs: unify base64 encoding for direct-volume

Direct-volume needs to use the same base64 character set as
kata-runtime/direct-volume does.

Fixes: #8175

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
---
 src/libs/kata-types/src/mount.rs         |  6 +++---
 src/tools/kata-ctl/src/ops/volume_ops.rs | 15 +++++++++------
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/libs/kata-types/src/mount.rs b/src/libs/kata-types/src/mount.rs
index 0cccab574d..831cc8f1ce 100644
--- a/src/libs/kata-types/src/mount.rs
+++ b/src/libs/kata-types/src/mount.rs
@@ -480,14 +480,14 @@ impl<H> StorageHandlerManager<H> {
 
 /// Join user provided volume path with kata direct-volume root path.
 ///
-/// The `volume_path` is base64-encoded and then safely joined to the `prefix`
+/// The `volume_path` is base64-url-encoded and then safely joined to the `prefix`
 pub fn join_path(prefix: &str, volume_path: &str) -> Result<PathBuf> {
     if volume_path.is_empty() {
         return Err(anyhow!("volume path must not be empty"));
     }
-    let b64_encoded_path = base64::encode(volume_path.as_bytes());
+    let b64_url_encoded_path = base64::encode_config(volume_path.as_bytes(), base64::URL_SAFE);
 
-    Ok(safe_path::scoped_join(prefix, b64_encoded_path)?)
+    Ok(safe_path::scoped_join(prefix, b64_url_encoded_path)?)
 }
 
 /// get DirectVolume mountInfo from mountinfo.json.
diff --git a/src/tools/kata-ctl/src/ops/volume_ops.rs b/src/tools/kata-ctl/src/ops/volume_ops.rs
index a8c6818fe3..56768cf15d 100644
--- a/src/tools/kata-ctl/src/ops/volume_ops.rs
+++ b/src/tools/kata-ctl/src/ops/volume_ops.rs
@@ -207,11 +207,13 @@ mod tests {
         let root_fs_str = root_fs.to_str().unwrap();
 
         let relative_secret_path = "../../etc/passwd";
-        let b64_relative_secret_path = base64::encode(relative_secret_path);
+        let b64_relative_secret_path =
+            base64::encode_config(relative_secret_path, base64::URL_SAFE);
 
-        // this byte array b64encodes to "/abcdddd"
-        let b64_abs_path = vec![253, 166, 220, 117, 215, 93];
-        let converted_relative_path = "abcdddd";
+        // byte array of "abcdddd"
+        let b64_abs_path = vec![97, 98, 99, 100, 100, 100, 100];
+        // b64urlencoded string of "abcdddd"
+        let b64urlencodes_relative_path = "YWJjZGRkZA==";
 
         let tests = &[
             TestData {
@@ -227,14 +229,15 @@ mod tests {
             TestData {
                 rootfs: root_fs_str,
                 volume_path: unsafe { std::str::from_utf8_unchecked(&b64_abs_path) },
-                result: Ok(root_fs.join(converted_relative_path)),
+                result: Ok(root_fs.join(b64urlencodes_relative_path)),
             },
         ];
+
         for (i, d) in tests.iter().enumerate() {
             let msg = format!("test[{}]: {:?}", i, d);
             let result = join_path(d.rootfs, d.volume_path);
             let msg = format!("{}, result: {:?}", msg, result);
-            if d.result.is_ok() {
+            if result.is_ok() {
                 assert!(
                     result.as_ref().unwrap() == d.result.as_ref().unwrap(),
                     "{}",