Don't read image spec when listing images

mxpv · mxpv · commit 1eb20bf1d5a9 · 2022-06-22T10:21:35.000-07:00
Instead embed label with user information in metadata store.

Signed-off-by: Maksym Pavlenko &lt;pavlenko.maksym@gmail.com&gt;
diff --git a/pkg/cri/server/helpers.go b/pkg/cri/server/helpers.go
@@ -92,6 +92,8 @@ const (
 	imageLabelChainID = criContainerdPrefix + ".image-chain-id"
 	// imageLabelSize is the label key for image size information.
 	imageLabelSize = criContainerdPrefix + ".image-size"
+	// imageLabelUser is the label key to retrieve image spec user.
+	imageLabelUser = criContainerdPrefix + ".image-spec-user"
 
 	// defaultIfName is the default network interface for the pods
 	defaultIfName = "eth0"
@@ -519,6 +521,16 @@ func (c *criService) ensureImageMetadata(ctx context.Context, name string) error
 		update = true
 	}
 
+	if _, ok := metadata.Labels[imageLabelUser]; !ok {
+		spec, err := image.Spec(ctx)
+		if err != nil {
+			return fmt.Errorf("failed to read image spec: %w", err)
+		}
+
+		metadata.Labels[imageLabelUser] = spec.Config.User
+		update = true
+	}
+
 	if update {
 		metadata.Labels[imageLabelKey] = imageLabelValue
 
diff --git a/pkg/cri/server/image_list.go b/pkg/cri/server/image_list.go
@@ -21,7 +21,6 @@ import (
 	"fmt"
 
 	"github.com/containerd/containerd"
-	imagespec "github.com/opencontainers/image-spec/specs-go/v1"
 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
 )
 
@@ -37,7 +36,6 @@ func (c *criService) ListImages(ctx context.Context, r *runtime.ListImagesReques
 	type imageInfo struct {
 		image      containerd.Image
 		references []string
-		spec       imagespec.Image
 	}
 
 	// Group by image id and gather image references
@@ -51,15 +49,9 @@ func (c *criService) ListImages(ctx context.Context, r *runtime.ListImagesReques
 		if existing, ok := groups[imageID]; ok {
 			existing.references = append(existing.references, image.Name())
 		} else {
-			spec, err := getImageSpec(ctx, image)
-			if err != nil {
-				return nil, err
-			}
-
 			groups[imageID] = &imageInfo{
 				image:      image,
 				references: []string{image.Name()},
-				spec:       spec,
 			}
 		}
 	}
@@ -68,7 +60,7 @@ func (c *criService) ListImages(ctx context.Context, r *runtime.ListImagesReques
 	for _, info := range groups {
 		// TODO(random-liu): [P0] Make sure corresponding snapshot exists. What if snapshot
 		// doesn't exist?
-		image, err := toCRIImage(info.image, info.references, info.spec)
+		image, err := toCRIImage(info.image, info.references)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/cri/server/image_list_test.go b/pkg/cri/server/image_list_test.go
@@ -17,13 +17,11 @@
 package server
 
 import (
-	"context"
 	"testing"
 
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/metadata"
-	imagespec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
@@ -39,6 +37,7 @@ func TestListImages(t *testing.T) {
 				imageLabelConfigDigest: "sha256:1123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
 				imageLabelSize:         "1000",
 				imageLabelKey:          imageLabelValue,
+				imageLabelUser:         "root",
 			},
 		},
 		{
@@ -48,6 +47,7 @@ func TestListImages(t *testing.T) {
 				imageLabelConfigDigest: "sha256:1123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
 				imageLabelSize:         "1000",
 				imageLabelKey:          imageLabelValue,
+				imageLabelUser:         "root",
 			},
 		},
 		{
@@ -57,6 +57,7 @@ func TestListImages(t *testing.T) {
 				imageLabelConfigDigest: "sha256:1123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
 				imageLabelSize:         "1000",
 				imageLabelKey:          imageLabelValue,
+				imageLabelUser:         "root",
 			},
 		},
 		// Image 2
@@ -67,6 +68,7 @@ func TestListImages(t *testing.T) {
 				imageLabelConfigDigest: "sha256:2123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
 				imageLabelSize:         "2000",
 				imageLabelKey:          imageLabelValue,
+				imageLabelUser:         "1234:1234",
 			},
 		},
 		{
@@ -76,6 +78,7 @@ func TestListImages(t *testing.T) {
 				imageLabelConfigDigest: "sha256:2123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
 				imageLabelSize:         "2000",
 				imageLabelKey:          imageLabelValue,
+				imageLabelUser:         "1234:1234",
 			},
 		},
 		{
@@ -85,6 +88,7 @@ func TestListImages(t *testing.T) {
 				imageLabelConfigDigest: "sha256:2123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
 				imageLabelSize:         "2000",
 				imageLabelKey:          imageLabelValue,
+				imageLabelUser:         "1234:1234",
 			},
 		},
 		// Image 3
@@ -95,6 +99,7 @@ func TestListImages(t *testing.T) {
 				imageLabelConfigDigest: "sha256:3123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
 				imageLabelSize:         "3000",
 				imageLabelKey:          imageLabelValue,
+				imageLabelUser:         "nobody",
 			},
 		},
 		{
@@ -104,6 +109,7 @@ func TestListImages(t *testing.T) {
 				imageLabelConfigDigest: "sha256:3123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
 				imageLabelSize:         "3000",
 				imageLabelKey:          imageLabelValue,
+				imageLabelUser:         "nobody",
 			},
 		}, {
 			Name:   "gcr.io/library/ubuntu@sha256:e6693c20186f837fc393390135d8a598a96a833917917789d63766cab6c59582",
@@ -112,25 +118,11 @@ func TestListImages(t *testing.T) {
 				imageLabelConfigDigest: "sha256:3123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
 				imageLabelSize:         "3000",
 				imageLabelKey:          imageLabelValue,
+				imageLabelUser:         "nobody",
 			},
 		},
 	}
 
-	getImageSpec = func(ctx context.Context, image containerd.Image) (imagespec.Image, error) {
-		switch image.Name() {
-		case "sha256:1123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", "gcr.io/library/busybox:latest":
-			return imagespec.Image{Config: imagespec.ImageConfig{User: "root"}}, nil
-		case "sha256:2123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", "gcr.io/library/alpine:latest":
-			return imagespec.Image{Config: imagespec.ImageConfig{User: "1234:1234"}}, nil
-		case "sha256:3123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", "gcr.io/library/ubuntu:latest":
-			return imagespec.Image{Config: imagespec.ImageConfig{User: "nobody"}}, nil
-		default:
-			t.Fatalf("unexpected OCI spec request for image %q", image.Name())
-		}
-		return imagespec.Image{}, nil
-	}
-	t.Cleanup(func() { getImageSpec = retrieveImageSpec })
-
 	expect := []*runtime.Image{
 		{
 			Id:          "sha256:1123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
diff --git a/pkg/cri/server/image_status.go b/pkg/cri/server/image_status.go
@@ -60,10 +60,11 @@ func (c *criService) ImageStatus(ctx context.Context, r *runtime.ImageStatusRequ
 		return nil, err
 	}
 
-	runtimeImage, err := toCRIImage(containerdImage, references, imageSpec)
+	runtimeImage, err := toCRIImage(containerdImage, references)
 	if err != nil {
 		return nil, err
 	}
+
 	info, err := c.toCRIImageInfo(ctx, containerdImage.Metadata(), imageSpec, r.GetVerbose())
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate image info: %w", err)
@@ -76,7 +77,7 @@ func (c *criService) ImageStatus(ctx context.Context, r *runtime.ImageStatusRequ
 }
 
 // toCRIImage converts internal image object to CRI runtime.Image.
-func toCRIImage(image containerd.Image, references []string, imageSpec imagespec.Image) (*runtime.Image, error) {
+func toCRIImage(image containerd.Image, references []string) (*runtime.Image, error) {
 	imageID, err := getImageID(image)
 	if err != nil {
 		return nil, err
@@ -85,6 +86,7 @@ func toCRIImage(image containerd.Image, references []string, imageSpec imagespec
 	var (
 		labels    = image.Labels()
 		labelSize = labels[imageLabelSize]
+		labelUser = labels[imageLabelUser]
 	)
 
 	size, err := strconv.ParseUint(labelSize, 10, 64)
@@ -100,7 +102,7 @@ func toCRIImage(image containerd.Image, references []string, imageSpec imagespec
 		Size_:       size,
 	}
 
-	uid, username := getUserFromImage(imageSpec.Config.User)
+	uid, username := getUserFromImage(labelUser)
 	if uid != nil {
 		runtimeImage.Uid = &runtime.Int64Value{Value: *uid}
 	}
diff --git a/pkg/cri/server/image_status_test.go b/pkg/cri/server/image_status_test.go
@@ -42,7 +42,7 @@ func TestImageStatus(t *testing.T) {
 	getImageSpec = func(ctx context.Context, image containerd.Image) (imagespec.Image, error) {
 		switch image.Name() {
 		case "sha256:d848ce12891bf78792cda4a23c58984033b0c397a55e93a1556202222ecc5ed4":
-			return imagespec.Image{Config: imagespec.ImageConfig{User: "user:group"}}, nil
+			return imagespec.Image{}, nil
 		default:
 			t.Fatalf("unexpected OCI spec request for image %q", image.Name())
 		}
@@ -58,6 +58,7 @@ func TestImageStatus(t *testing.T) {
 				imageLabelConfigDigest: "sha256:d848ce12891bf78792cda4a23c58984033b0c397a55e93a1556202222ecc5ed4",
 				imageLabelSize:         "1234",
 				imageLabelKey:          imageLabelValue,
+				imageLabelUser:         "user:group",
 			},
 		},
 		{
@@ -67,6 +68,7 @@ func TestImageStatus(t *testing.T) {
 				imageLabelConfigDigest: "sha256:d848ce12891bf78792cda4a23c58984033b0c397a55e93a1556202222ecc5ed4",
 				imageLabelSize:         "1234",
 				imageLabelKey:          imageLabelValue,
+				imageLabelUser:         "user:group",
 			},
 		},
 		{
@@ -76,6 +78,7 @@ func TestImageStatus(t *testing.T) {
 				imageLabelConfigDigest: "sha256:d848ce12891bf78792cda4a23c58984033b0c397a55e93a1556202222ecc5ed4",
 				imageLabelSize:         "1234",
 				imageLabelKey:          imageLabelValue,
+				imageLabelUser:         "user:group",
 			},
 		},
 	}

Original file line number	Diff line number	Diff line change
`@@ -60,10 +60,11 @@ func (c criService) ImageStatus(ctx context.Context, r runtime.ImageStatusRequ`
`60`	`60`	`return nil, err`
`61`	`61`	`}`
`62`	`62`
`63`		`- runtimeImage, err := toCRIImage(containerdImage, references, imageSpec)`
	`63`	`+ runtimeImage, err := toCRIImage(containerdImage, references)`
`64`	`64`	`if err != nil {`
`65`	`65`	`return nil, err`
`66`	`66`	`}`
	`67`	`+`
`67`	`68`	`info, err := c.toCRIImageInfo(ctx, containerdImage.Metadata(), imageSpec, r.GetVerbose())`
`68`	`69`	`if err != nil {`
`69`	`70`	`return nil, fmt.Errorf("failed to generate image info: %w", err)`
`@@ -76,7 +77,7 @@ func (c criService) ImageStatus(ctx context.Context, r runtime.ImageStatusRequ`
`76`	`77`	`}`
`77`	`78`
`78`	`79`	`// toCRIImage converts internal image object to CRI runtime.Image.`
`79`		`-func toCRIImage(image containerd.Image, references []string, imageSpec imagespec.Image) (*runtime.Image, error) {`
	`80`	`+func toCRIImage(image containerd.Image, references []string) (*runtime.Image, error) {`
`80`	`81`	`imageID, err := getImageID(image)`
`81`	`82`	`if err != nil {`
`82`	`83`	`return nil, err`
`@@ -85,6 +86,7 @@ func toCRIImage(image containerd.Image, references []string, imageSpec imagespec`
`85`	`86`	`var (`
`86`	`87`	`labels = image.Labels()`
`87`	`88`	`labelSize = labels[imageLabelSize]`
	`89`	`+ labelUser = labels[imageLabelUser]`
`88`	`90`	`)`
`89`	`91`
`90`	`92`	`size, err := strconv.ParseUint(labelSize, 10, 64)`
`@@ -100,7 +102,7 @@ func toCRIImage(image containerd.Image, references []string, imageSpec imagespec`
`100`	`102`	`Size_: size,`
`101`	`103`	`}`
`102`	`104`
`103`		`- uid, username := getUserFromImage(imageSpec.Config.User)`
	`105`	`+ uid, username := getUserFromImage(labelUser)`
`104`	`106`	`if uid != nil {`
`105`	`107`	`runtimeImage.Uid = &runtime.Int64Value{Value: *uid}`
`106`	`108`	`}`