From 7132ca2775da8e62728c615cfa459dc050909539 Mon Sep 17 00:00:00 2001
From: Oliver Stenbom <ostenbom@pivotal.io>
Date: Mon, 28 May 2018 12:26:56 +0300
Subject: [PATCH] Implements WithNoNewKeyring

It does not override existing CreateOptions but assumes that the
TaskInfo's options are of type CreateOptions.

Signed-off-by: Oliver Stenbom <ostenbom@pivotal.io>
---
 task_opts_linux.go      | 17 ++++++++++++
 task_opts_linux_test.go | 61 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+)
 create mode 100644 task_opts_linux_test.go

diff --git a/task_opts_linux.go b/task_opts_linux.go
index 63136fd6a..dab72808a 100644
--- a/task_opts_linux.go
+++ b/task_opts_linux.go
@@ -18,7 +18,9 @@ package containerd
 
 import (
 	"context"
+	"errors"
 
+	"github.com/containerd/containerd/linux/runctypes"
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 
@@ -29,3 +31,18 @@ func WithResources(resources *specs.LinuxResources) UpdateTaskOpts {
 		return nil
 	}
 }
+
+// WithNoNewKeyring causes tasks not to be created with a new keyring for secret storage.
+// There is an upper limit on the number of keyrings in a linux system
+func WithNoNewKeyring(ctx context.Context, c *Client, ti *TaskInfo) error {
+	if ti.Options == nil {
+		ti.Options = &runctypes.CreateOptions{}
+	}
+	opts, ok := ti.Options.(*runctypes.CreateOptions)
+	if !ok {
+		return errors.New("could not cast TaskInfo Options to CreateOptions")
+	}
+
+	opts.NoNewKeyring = true
+	return nil
+}
diff --git a/task_opts_linux_test.go b/task_opts_linux_test.go
new file mode 100644
index 000000000..cc640228d
--- /dev/null
+++ b/task_opts_linux_test.go
@@ -0,0 +1,61 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package containerd
+
+import (
+	"context"
+	"testing"
+
+	"github.com/containerd/containerd/linux/runctypes"
+)
+
+func TestWithNoNewKeyringAddsNoNewKeyringToOptions(t *testing.T) {
+	var taskInfo TaskInfo
+	var ctx context.Context
+	var client Client
+
+	err := WithNoNewKeyring(ctx, &client, &taskInfo)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	opts := taskInfo.Options.(*runctypes.CreateOptions)
+
+	if !opts.NoNewKeyring {
+		t.Fatal("NoNewKeyring set on WithNoNewKeyring")
+	}
+
+}
+
+func TestWithNoNewKeyringDoesNotOverwriteOtherOptions(t *testing.T) {
+	var taskInfo TaskInfo
+	var ctx context.Context
+	var client Client
+
+	taskInfo.Options = &runctypes.CreateOptions{NoPivotRoot: true}
+
+	err := WithNoNewKeyring(ctx, &client, &taskInfo)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	opts := taskInfo.Options.(*runctypes.CreateOptions)
+
+	if !opts.NoPivotRoot {
+		t.Fatal("WithNoNewKeyring overwrote other options")
+	}
+}