From f67f5c2b69ab0570bbb4f6705a0bad3cc8445ef5 Mon Sep 17 00:00:00 2001 From: Xynnn007 Date: Fri, 13 Jun 2025 10:16:10 +0800 Subject: [PATCH] agent: remove image pull configs As image pull ability is moved to CDH, kata-agent does not need the confugurations of image pulling anymore. All these configurations reading from kernel cmdline is now implemented by CDH. Signed-off-by: Xynnn007 --- src/agent/src/confidential_data_hub/mod.rs | 1 - src/agent/src/config.rs | 114 --------------------- 2 files changed, 115 deletions(-) diff --git a/src/agent/src/confidential_data_hub/mod.rs b/src/agent/src/confidential_data_hub/mod.rs index 3cb48133ce..cf03465e8d 100644 --- a/src/agent/src/confidential_data_hub/mod.rs +++ b/src/agent/src/confidential_data_hub/mod.rs @@ -83,7 +83,6 @@ impl CDHClient { Ok(unsealed_secret.plaintext) } - #[cfg(feature = "guest-pull")] pub async fn secure_mount( &self, volume_type: &str, diff --git a/src/agent/src/config.rs b/src/agent/src/config.rs index c124d6015d..1b64768013 100644 --- a/src/agent/src/config.rs +++ b/src/agent/src/config.rs @@ -32,16 +32,8 @@ const UNIFIED_CGROUP_HIERARCHY_OPTION: &str = "systemd.unified_cgroup_hierarchy" const CONFIG_FILE: &str = "agent.config_file"; const GUEST_COMPONENTS_REST_API_OPTION: &str = "agent.guest_components_rest_api"; const GUEST_COMPONENTS_PROCS_OPTION: &str = "agent.guest_components_procs"; -#[cfg(feature = "guest-pull")] -const IMAGE_REGISTRY_AUTH_OPTION: &str = "agent.image_registry_auth"; const SECURE_STORAGE_INTEGRITY_OPTION: &str = "agent.secure_storage_integrity"; -#[cfg(feature = "guest-pull")] -const ENABLE_SIGNATURE_VERIFICATION: &str = "agent.enable_signature_verification"; - -#[cfg(feature = "guest-pull")] -const IMAGE_POLICY_FILE: &str = "agent.image_policy_file"; - // Configure the proxy settings for HTTPS requests in the guest, // to solve the problem of not being able to access the specified image in some cases. const HTTPS_PROXY: &str = "agent.https_proxy"; @@ -147,13 +139,7 @@ pub struct AgentConfig { pub no_proxy: String, pub guest_components_rest_api: GuestComponentsFeatures, pub guest_components_procs: GuestComponentsProcs, - #[cfg(feature = "guest-pull")] - pub image_registry_auth: String, pub secure_storage_integrity: bool, - #[cfg(feature = "guest-pull")] - pub enable_signature_verification: bool, - #[cfg(feature = "guest-pull")] - pub image_policy_file: String, #[cfg(feature = "agent-policy")] pub policy_file: String, pub mem_agent: Option, @@ -184,13 +170,7 @@ pub struct AgentConfigBuilder { pub no_proxy: Option, pub guest_components_rest_api: Option, pub guest_components_procs: Option, - #[cfg(feature = "guest-pull")] - pub image_registry_auth: Option, pub secure_storage_integrity: Option, - #[cfg(feature = "guest-pull")] - pub enable_signature_verification: Option, - #[cfg(feature = "guest-pull")] - pub image_policy_file: Option, #[cfg(feature = "agent-policy")] pub policy_file: Option, pub mem_agent_enable: Option, @@ -284,13 +264,7 @@ impl Default for AgentConfig { no_proxy: String::from(""), guest_components_rest_api: GuestComponentsFeatures::default(), guest_components_procs: GuestComponentsProcs::default(), - #[cfg(feature = "guest-pull")] - image_registry_auth: String::from(""), secure_storage_integrity: false, - #[cfg(feature = "guest-pull")] - enable_signature_verification: false, - #[cfg(feature = "guest-pull")] - image_policy_file: String::from(""), #[cfg(feature = "agent-policy")] policy_file: String::from(""), mem_agent: None, @@ -333,16 +307,6 @@ impl FromStr for AgentConfig { guest_components_rest_api ); config_override!(agent_config_builder, agent_config, guest_components_procs); - #[cfg(feature = "guest-pull")] - { - config_override!(agent_config_builder, agent_config, image_registry_auth); - config_override!( - agent_config_builder, - agent_config, - enable_signature_verification - ); - config_override!(agent_config_builder, agent_config, image_policy_file); - } config_override!(agent_config_builder, agent_config, secure_storage_integrity); #[cfg(feature = "agent-policy")] @@ -557,27 +521,6 @@ impl AgentConfig { config.guest_components_procs, get_guest_components_procs_value ); - #[cfg(feature = "guest-pull")] - { - parse_cmdline_param!( - param, - IMAGE_REGISTRY_AUTH_OPTION, - config.image_registry_auth, - get_string_value - ); - parse_cmdline_param!( - param, - ENABLE_SIGNATURE_VERIFICATION, - config.enable_signature_verification, - get_bool_value - ); - parse_cmdline_param!( - param, - IMAGE_POLICY_FILE, - config.image_policy_file, - get_string_value - ); - } parse_cmdline_param!( param, SECURE_STORAGE_INTEGRITY_OPTION, @@ -901,11 +844,6 @@ mod tests { assert!(!config.dev_mode); assert_eq!(config.log_level, DEFAULT_LOG_LEVEL); assert_eq!(config.hotplug_timeout, DEFAULT_HOTPLUG_TIMEOUT); - #[cfg(feature = "guest-pull")] - { - assert!(!config.enable_signature_verification); - assert_eq!(config.image_policy_file, ""); - } } #[test] @@ -931,13 +869,7 @@ mod tests { no_proxy: &'a str, guest_components_rest_api: GuestComponentsFeatures, guest_components_procs: GuestComponentsProcs, - #[cfg(feature = "guest-pull")] - image_registry_auth: &'a str, secure_storage_integrity: bool, - #[cfg(feature = "guest-pull")] - enable_signature_verification: bool, - #[cfg(feature = "guest-pull")] - image_policy_file: &'a str, #[cfg(feature = "agent-policy")] policy_file: &'a str, mem_agent: Option, @@ -961,13 +893,7 @@ mod tests { no_proxy: "", guest_components_rest_api: GuestComponentsFeatures::default(), guest_components_procs: GuestComponentsProcs::default(), - #[cfg(feature = "guest-pull")] - image_registry_auth: "", secure_storage_integrity: false, - #[cfg(feature = "guest-pull")] - enable_signature_verification: false, - #[cfg(feature = "guest-pull")] - image_policy_file: "", #[cfg(feature = "agent-policy")] policy_file: "", mem_agent: None, @@ -1418,18 +1344,6 @@ mod tests { guest_components_procs: GuestComponentsProcs::None, ..Default::default() }, - #[cfg(feature = "guest-pull")] - TestData { - contents: "agent.image_registry_auth=file:///root/.docker/config.json", - image_registry_auth: "file:///root/.docker/config.json", - ..Default::default() - }, - #[cfg(feature = "guest-pull")] - TestData { - contents: "agent.image_registry_auth=kbs:///default/credentials/test", - image_registry_auth: "kbs:///default/credentials/test", - ..Default::default() - }, TestData { contents: "", secure_storage_integrity: false, @@ -1455,24 +1369,6 @@ mod tests { secure_storage_integrity: false, ..Default::default() }, - #[cfg(feature = "guest-pull")] - TestData { - contents: "agent.enable_signature_verification=true", - enable_signature_verification: true, - ..Default::default() - }, - #[cfg(feature = "guest-pull")] - TestData { - contents: "agent.image_policy_file=kbs:///default/image-policy/test", - image_policy_file: "kbs:///default/image-policy/test", - ..Default::default() - }, - #[cfg(feature = "guest-pull")] - TestData { - contents: "agent.image_policy_file=file:///etc/image-policy.json", - image_policy_file: "file:///etc/image-policy.json", - ..Default::default() - }, #[cfg(feature = "agent-policy")] // Test environment TestData { @@ -1575,16 +1471,6 @@ mod tests { "{}", msg ); - #[cfg(feature = "guest-pull")] - { - assert_eq!(d.image_registry_auth, config.image_registry_auth, "{}", msg); - assert_eq!( - d.enable_signature_verification, config.enable_signature_verification, - "{}", - msg - ); - assert_eq!(d.image_policy_file, config.image_policy_file, "{}", msg); - } assert_eq!( d.secure_storage_integrity, config.secure_storage_integrity, "{}",