github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-20 08:18:24 +00:00
Code Issues Projects Releases Wiki Activity

agent:cdh: introduce a function to check initialization of cdh client

Browse Source 
introduce a function to check initialization of cdh client.

Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
This commit is contained in:
ChengyuZhu6
2024-09-02 13:12:01 +08:00
parent 07e0e843e8
commit 77521cc8d2
2 changed files with 36 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/agent/src/cdh.rs
View File

@@ -85,6 +85,11 @@ pub async fn init_cdh_client() -> Result<()> {
Ok(()) Ok(())
} }
/// Check if the CDH client is initialized
pub async fn is_cdh_client_initialized() -> bool {
CDH_CLIENT.get().is_some() // Returns true if CDH_CLIENT is initialized, false otherwise
}
pub async fn unseal_env(env: &str) -> Result<String> { pub async fn unseal_env(env: &str) -> Result<String> {
let cdh_client = CDH_CLIENT let cdh_client = CDH_CLIENT
.get() .get()

9
src/agent/src/rpc.rs
View File

@@ -228,7 +228,7 @@ impl AgentService {
.process_mut() .process_mut()
.as_mut() .as_mut()
.ok_or_else(|| anyhow!("Spec didn't contain process field"))?; .ok_or_else(|| anyhow!("Spec didn't contain process field"))?;
if cdh::is_cdh_client_initialized().await {
if let Some(envs) = process.env_mut().as_mut() { if let Some(envs) = process.env_mut().as_mut() {
for env in envs.iter_mut() { for env in envs.iter_mut() {
match cdh::unseal_env(env).await { match cdh::unseal_env(env).await {
@@ -239,11 +239,14 @@ impl AgentService {
} }
} }
} }
}
let linux = oci let linux = oci
.linux() .linux()
.as_ref() .as_ref()
.ok_or_else(|| anyhow!("Spec didn't contain linux field"))?; .ok_or_else(|| anyhow!("Spec didn't contain linux field"))?;
if cdh::is_cdh_client_initialized().await {
if let Some(devices) = linux.devices() { if let Some(devices) = linux.devices() {
for specdev in devices.iter() { for specdev in devices.iter() {
if specdev.path().as_path().to_str() == Some(TRUSTED_IMAGE_STORAGE_DEVICE) { if specdev.path().as_path().to_str() == Some(TRUSTED_IMAGE_STORAGE_DEVICE) {
@@ -262,11 +265,13 @@ impl AgentService {
("encryptType".to_string(), "LUKS".to_string()), ("encryptType".to_string(), "LUKS".to_string()),
("dataIntegrity".to_string(), secure_storage_integrity), ("dataIntegrity".to_string(), secure_storage_integrity),
]); ]);
cdh::secure_mount("BlockDevice", &options, vec![], KATA_IMAGE_WORK_DIR).await?; cdh::secure_mount("BlockDevice", &options, vec![], KATA_IMAGE_WORK_DIR)
.await?;
break; break;
} }
} }
} }
}
// Both rootfs and volumes (invoked with --volume for instance) will // Both rootfs and volumes (invoked with --volume for instance) will
// be processed the same way. The idea is to always mount any provided // be processed the same way. The idea is to always mount any provided