diff --git a/pkg/imageverifier/bindir/bindir.go b/pkg/imageverifier/bindir/bindir.go index 0dc89d1c2..2f2e86a8c 100644 --- a/pkg/imageverifier/bindir/bindir.go +++ b/pkg/imageverifier/bindir/bindir.go @@ -30,6 +30,7 @@ import ( "time" "github.com/containerd/containerd/pkg/imageverifier" + "github.com/containerd/containerd/pkg/tomlext" "github.com/containerd/log" ocispec "github.com/opencontainers/image-spec/specs-go/v1" ) @@ -37,9 +38,9 @@ import ( const outputLimitBytes = 1 << 15 // 32 KiB type Config struct { - BinDir string `toml:"bin_dir"` - MaxVerifiers int `toml:"max_verifiers"` - PerVerifierTimeout time.Duration `toml:"per_verifier_timeout"` + BinDir string `toml:"bin_dir"` + MaxVerifiers int `toml:"max_verifiers"` + PerVerifierTimeout tomlext.Duration `toml:"per_verifier_timeout"` } type ImageVerifier struct { @@ -110,7 +111,7 @@ func (v *ImageVerifier) VerifyImage(ctx context.Context, name string, desc ocisp } func (v *ImageVerifier) runVerifier(ctx context.Context, bin string, imageName string, desc ocispec.Descriptor) (exitCode int, reason string, err error) { - ctx, cancel := context.WithTimeout(ctx, v.config.PerVerifierTimeout) + ctx, cancel := context.WithTimeout(ctx, tomlext.ToStdTime(v.config.PerVerifierTimeout)) defer cancel() binPath := filepath.Join(v.config.BinDir, bin) diff --git a/pkg/imageverifier/bindir/bindir_test.go b/pkg/imageverifier/bindir/bindir_test.go index 25b613b29..033109b22 100644 --- a/pkg/imageverifier/bindir/bindir_test.go +++ b/pkg/imageverifier/bindir/bindir_test.go @@ -29,6 +29,7 @@ import ( "text/template" "time" + "github.com/containerd/containerd/pkg/tomlext" "github.com/containerd/log" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/stretchr/testify/assert" @@ -136,7 +137,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: binDir, MaxVerifiers: -1, - PerVerifierTimeout: 5 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(5 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{ @@ -170,7 +171,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: binDir, MaxVerifiers: -1, - PerVerifierTimeout: 30 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(30 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{}) @@ -183,7 +184,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: filepath.Join(t.TempDir(), "missing_directory"), MaxVerifiers: 10, - PerVerifierTimeout: 5 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(5 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{}) @@ -196,7 +197,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: t.TempDir(), MaxVerifiers: 10, - PerVerifierTimeout: 5 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(5 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{}) @@ -213,7 +214,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: binDir, MaxVerifiers: 0, - PerVerifierTimeout: 5 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(5 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{}) @@ -231,7 +232,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: binDir, MaxVerifiers: 1, - PerVerifierTimeout: 5 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(5 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{}) @@ -250,7 +251,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: binDir, MaxVerifiers: 2, - PerVerifierTimeout: 5 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(5 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{}) @@ -268,7 +269,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: binDir, MaxVerifiers: 3, - PerVerifierTimeout: 5 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(5 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{}) @@ -287,7 +288,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: binDir, MaxVerifiers: 3, - PerVerifierTimeout: 5 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(5 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{}) @@ -306,7 +307,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: binDir, MaxVerifiers: -1, - PerVerifierTimeout: 5 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(5 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{}) @@ -325,7 +326,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: binDir, MaxVerifiers: -1, - PerVerifierTimeout: 5 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(5 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{}) @@ -344,7 +345,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: binDir, MaxVerifiers: -1, - PerVerifierTimeout: 5 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(5 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{}) @@ -379,7 +380,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: binDir, MaxVerifiers: -1, - PerVerifierTimeout: 5 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(5 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{}) @@ -395,7 +396,7 @@ func TestBinDirVerifyImage(t *testing.T) { v := NewImageVerifier(&Config{ BinDir: binDir, MaxVerifiers: 1, - PerVerifierTimeout: 5 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(5 * time.Second), }) j, err := v.VerifyImage(ctx, "registry.example.com/image:abc", ocispec.Descriptor{ diff --git a/pkg/nri/config.go b/pkg/nri/config.go index a1cd5b1d2..aa4665f3e 100644 --- a/pkg/nri/config.go +++ b/pkg/nri/config.go @@ -17,8 +17,7 @@ package nri import ( - "time" - + "github.com/containerd/containerd/pkg/tomlext" nri "github.com/containerd/nri/pkg/adaptation" ) @@ -33,9 +32,9 @@ type Config struct { // PluginConfigPath is the path to search for plugin-specific configuration. PluginConfigPath string `toml:"plugin_config_path" json:"pluginConfigPath"` // PluginRegistrationTimeout is the timeout for plugin registration. - PluginRegistrationTimeout time.Duration `toml:"plugin_registration_timeout" json:"pluginRegistrationTimeout"` + PluginRegistrationTimeout tomlext.Duration `toml:"plugin_registration_timeout" json:"pluginRegistrationTimeout"` // PluginRequestTimeout is the timeout for a plugin to handle a request. - PluginRequestTimeout time.Duration `toml:"plugin_request_timeout" json:"pluginRequestTimeout"` + PluginRequestTimeout tomlext.Duration `toml:"plugin_request_timeout" json:"pluginRequestTimeout"` // DisableConnections disables connections from externally launched plugins. DisableConnections bool `toml:"disable_connections" json:"disableConnections"` } @@ -48,8 +47,8 @@ func DefaultConfig() *Config { PluginPath: nri.DefaultPluginPath, PluginConfigPath: nri.DefaultPluginConfigPath, - PluginRegistrationTimeout: nri.DefaultPluginRegistrationTimeout, - PluginRequestTimeout: nri.DefaultPluginRequestTimeout, + PluginRegistrationTimeout: tomlext.FromStdTime(nri.DefaultPluginRegistrationTimeout), + PluginRequestTimeout: tomlext.FromStdTime(nri.DefaultPluginRequestTimeout), } } @@ -74,9 +73,9 @@ func (c *Config) toOptions() []nri.Option { // ConfigureTimeouts sets timeout options for NRI. func (c *Config) ConfigureTimeouts() { if c.PluginRegistrationTimeout != 0 { - nri.SetPluginRegistrationTimeout(c.PluginRegistrationTimeout) + nri.SetPluginRegistrationTimeout(tomlext.ToStdTime(c.PluginRegistrationTimeout)) } if c.PluginRequestTimeout != 0 { - nri.SetPluginRequestTimeout(c.PluginRequestTimeout) + nri.SetPluginRequestTimeout(tomlext.ToStdTime(c.PluginRequestTimeout)) } } diff --git a/pkg/tomlext/toml_v2_util.go b/pkg/tomlext/toml_v2_util.go new file mode 100644 index 000000000..586b17c4c --- /dev/null +++ b/pkg/tomlext/toml_v2_util.go @@ -0,0 +1,38 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package tomlext + +import "time" + +type Duration time.Duration + +func (d *Duration) UnmarshalText(b []byte) error { + x, err := time.ParseDuration(string(b)) + if err != nil { + return err + } + *d = Duration(x) + return nil +} + +func ToStdTime(d Duration) time.Duration { + return time.Duration(d) +} + +func FromStdTime(duration time.Duration) Duration { + return Duration(duration) +} diff --git a/plugins/imageverifier/plugin.go b/plugins/imageverifier/plugin.go index dac859760..0c8fce7d0 100644 --- a/plugins/imageverifier/plugin.go +++ b/plugins/imageverifier/plugin.go @@ -20,6 +20,7 @@ import ( "time" "github.com/containerd/containerd/pkg/imageverifier/bindir" + "github.com/containerd/containerd/pkg/tomlext" "github.com/containerd/containerd/plugin" ) @@ -40,6 +41,6 @@ func defaultConfig() *bindir.Config { return &bindir.Config{ BinDir: defaultPath, MaxVerifiers: 10, - PerVerifierTimeout: 10 * time.Second, + PerVerifierTimeout: tomlext.FromStdTime(10 * time.Second), } }