Skip to content

Commit 7132ca2

Browse files
ostenbomostenbom
committed
Implements WithNoNewKeyring
It does not override existing CreateOptions but assumes that the TaskInfo's options are of type CreateOptions. Signed-off-by: Oliver Stenbom <[email protected]>
1 parent c9ea816 commit 7132ca2

File tree

2 files changed

+78
-0
lines changed

2 files changed

+78
-0
lines changed

task_opts_linux.go

+17
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,9 @@ package containerd
1818

1919
import (
2020
"context"
21+
"errors"
2122

23+
"github.com/containerd/containerd/linux/runctypes"
2224
"github.com/opencontainers/runtime-spec/specs-go"
2325
)
2426

@@ -29,3 +31,18 @@ func WithResources(resources *specs.LinuxResources) UpdateTaskOpts {
2931
return nil
3032
}
3133
}
34+
35+
// WithNoNewKeyring causes tasks not to be created with a new keyring for secret storage.
36+
// There is an upper limit on the number of keyrings in a linux system
37+
func WithNoNewKeyring(ctx context.Context, c *Client, ti *TaskInfo) error {
38+
if ti.Options == nil {
39+
ti.Options = &runctypes.CreateOptions{}
40+
}
41+
opts, ok := ti.Options.(*runctypes.CreateOptions)
42+
if !ok {
43+
return errors.New("could not cast TaskInfo Options to CreateOptions")
44+
}
45+
46+
opts.NoNewKeyring = true
47+
return nil
48+
}

task_opts_linux_test.go

+61
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
/*
2+
Copyright The containerd Authors.
3+
4+
Licensed under the Apache License, Version 2.0 (the "License");
5+
you may not use this file except in compliance with the License.
6+
You may obtain a copy of the License at
7+
8+
http://www.apache.org/licenses/LICENSE-2.0
9+
10+
Unless required by applicable law or agreed to in writing, software
11+
distributed under the License is distributed on an "AS IS" BASIS,
12+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
See the License for the specific language governing permissions and
14+
limitations under the License.
15+
*/
16+
17+
package containerd
18+
19+
import (
20+
"context"
21+
"testing"
22+
23+
"github.com/containerd/containerd/linux/runctypes"
24+
)
25+
26+
func TestWithNoNewKeyringAddsNoNewKeyringToOptions(t *testing.T) {
27+
var taskInfo TaskInfo
28+
var ctx context.Context
29+
var client Client
30+
31+
err := WithNoNewKeyring(ctx, &client, &taskInfo)
32+
if err != nil {
33+
t.Fatal(err)
34+
}
35+
36+
opts := taskInfo.Options.(*runctypes.CreateOptions)
37+
38+
if !opts.NoNewKeyring {
39+
t.Fatal("NoNewKeyring set on WithNoNewKeyring")
40+
}
41+
42+
}
43+
44+
func TestWithNoNewKeyringDoesNotOverwriteOtherOptions(t *testing.T) {
45+
var taskInfo TaskInfo
46+
var ctx context.Context
47+
var client Client
48+
49+
taskInfo.Options = &runctypes.CreateOptions{NoPivotRoot: true}
50+
51+
err := WithNoNewKeyring(ctx, &client, &taskInfo)
52+
if err != nil {
53+
t.Fatal(err)
54+
}
55+
56+
opts := taskInfo.Options.(*runctypes.CreateOptions)
57+
58+
if !opts.NoPivotRoot {
59+
t.Fatal("WithNoNewKeyring overwrote other options")
60+
}
61+
}

0 commit comments

Comments
 (0)