Add DefaultRuntimeName option.

Signed-off-by: Lantao Liu <lantaol@google.com>
2019-04-08 16:39:28 -07:00
parent a5c5d55c90
commit ba4a04ae70
6 changed files with 120 additions and 79 deletions
--- a/pkg/server/helpers_test.go
+++ b/pkg/server/helpers_test.go
@@ -212,7 +212,8 @@ func TestGenerateRuntimeOptions(t *testing.T) {
 systemd_cgroup = true
 [containerd]
  no_pivot = true
-[containerd.default_runtime]
+  default_runtime_name = "default"
+[containerd.runtimes.legacy]
  runtime_type = "` + linuxRuntime + `"
 [containerd.runtimes.runc]
  runtime_type = "` + runcRuntimeV1 + `"
@@ -223,11 +224,12 @@ systemd_cgroup = true
 systemd_cgroup = true
 [containerd]
  no_pivot = true
-[containerd.default_runtime]
+  default_runtime_name = "default"
+[containerd.runtimes.legacy]
  runtime_type = "` + linuxRuntime + `"
-[containerd.default_runtime.options]
-  Runtime = "default"
-  RuntimeRoot = "/default"
+[containerd.runtimes.legacy.options]
+  Runtime = "legacy"
+  RuntimeRoot = "/legacy"
 [containerd.runtimes.runc]
  runtime_type = "` + runcRuntimeV1 + `"
 [containerd.runtimes.runc.options]
@@ -246,8 +248,8 @@ systemd_cgroup = true
 	require.NoError(t, err)
 	_, err = toml.Decode(nonNilOpts, &nonNilOptsConfig)
 	require.NoError(t, err)
-	require.Len(t, nilOptsConfig.Runtimes, 2)
-	require.Len(t, nonNilOptsConfig.Runtimes, 2)
+	require.Len(t, nilOptsConfig.Runtimes, 3)
+	require.Len(t, nonNilOptsConfig.Runtimes, 3)

 	for desc, test := range map[string]struct {
 		r               criconfig.Runtime
@@ -265,7 +267,7 @@ systemd_cgroup = true
 			expectedOptions: nil,
 		},
 		"when options is nil, should use legacy fields for legacy runtime": {
-			r: nilOptsConfig.DefaultRuntime,
+			r: nilOptsConfig.Runtimes["legacy"],
 			c: nilOptsConfig,
 			expectedOptions: &runctypes.RuncOptions{
 				SystemdCgroup: true,
@@ -290,11 +292,11 @@ systemd_cgroup = true
 			},
 		},
 		"when options is not nil, should be able to decode for legacy runtime": {
-			r: nonNilOptsConfig.DefaultRuntime,
+			r: nonNilOptsConfig.Runtimes["legacy"],
 			c: nonNilOptsConfig,
 			expectedOptions: &runctypes.RuncOptions{
-				Runtime:     "default",
-				RuntimeRoot: "/default",
+				Runtime:     "legacy",
+				RuntimeRoot: "/legacy",
 			},
 		},
 	} {
--- a/pkg/server/sandbox_run.go
+++ b/pkg/server/sandbox_run.go
@@ -628,16 +628,11 @@ func (c *criService) getSandboxRuntime(config *runtime.PodSandboxConfig, runtime
 			return criconfig.Runtime{}, errors.New("untrusted workload with host access is not allowed")
 		}

-		// Handle the deprecated UntrustedWorkloadRuntime.
-		if c.config.ContainerdConfig.UntrustedWorkloadRuntime.Type != "" {
-			return c.config.ContainerdConfig.UntrustedWorkloadRuntime, nil
-		}
-
 		runtimeHandler = criconfig.RuntimeUntrusted
 	}

 	if runtimeHandler == "" {
-		return c.config.ContainerdConfig.DefaultRuntime, nil
+		runtimeHandler = c.config.ContainerdConfig.DefaultRuntimeName
 	}

 	handler, ok := c.config.ContainerdConfig.Runtimes[runtimeHandler]
--- a/pkg/server/sandbox_run_test.go
+++ b/pkg/server/sandbox_run_test.go
@@ -681,13 +681,11 @@ func TestGetSandboxRuntime(t *testing.T) {
 	}

 	for desc, test := range map[string]struct {
-		sandboxConfig            *runtime.PodSandboxConfig
-		runtimeHandler           string
-		defaultRuntime           criconfig.Runtime
-		untrustedWorkloadRuntime criconfig.Runtime
-		runtimes                 map[string]criconfig.Runtime
-		expectErr                bool
-		expectedRuntime          criconfig.Runtime
+		sandboxConfig   *runtime.PodSandboxConfig
+		runtimeHandler  string
+		runtimes        map[string]criconfig.Runtime
+		expectErr       bool
+		expectedRuntime criconfig.Runtime
 	}{
 		"should return error if untrusted workload requires host access": {
 			sandboxConfig: &runtime.PodSandboxConfig{
@@ -705,9 +703,11 @@ func TestGetSandboxRuntime(t *testing.T) {
 					annotations.UntrustedWorkload: "true",
 				},
 			},
-			defaultRuntime:           defaultRuntime,
-			untrustedWorkloadRuntime: untrustedWorkloadRuntime,
-			expectErr:                true,
+			runtimes: map[string]criconfig.Runtime{
+				criconfig.RuntimeDefault:   defaultRuntime,
+				criconfig.RuntimeUntrusted: untrustedWorkloadRuntime,
+			},
+			expectErr: true,
 		},
 		"should use untrusted workload runtime for untrusted workload": {
 			sandboxConfig: &runtime.PodSandboxConfig{
@@ -715,15 +715,18 @@ func TestGetSandboxRuntime(t *testing.T) {
 					annotations.UntrustedWorkload: "true",
 				},
 			},
-			defaultRuntime:           defaultRuntime,
-			untrustedWorkloadRuntime: untrustedWorkloadRuntime,
-			expectedRuntime:          untrustedWorkloadRuntime,
+			runtimes: map[string]criconfig.Runtime{
+				criconfig.RuntimeDefault:   defaultRuntime,
+				criconfig.RuntimeUntrusted: untrustedWorkloadRuntime,
+			},
+			expectedRuntime: untrustedWorkloadRuntime,
 		},
 		"should use default runtime for regular workload": {
-			sandboxConfig:            &runtime.PodSandboxConfig{},
-			defaultRuntime:           defaultRuntime,
-			untrustedWorkloadRuntime: untrustedWorkloadRuntime,
-			expectedRuntime:          defaultRuntime,
+			sandboxConfig: &runtime.PodSandboxConfig{},
+			runtimes: map[string]criconfig.Runtime{
+				criconfig.RuntimeDefault: defaultRuntime,
+			},
+			expectedRuntime: defaultRuntime,
 		},
 		"should use default runtime for trusted workload": {
 			sandboxConfig: &runtime.PodSandboxConfig{
@@ -731,9 +734,11 @@ func TestGetSandboxRuntime(t *testing.T) {
 					annotations.UntrustedWorkload: "false",
 				},
 			},
-			defaultRuntime:           defaultRuntime,
-			untrustedWorkloadRuntime: untrustedWorkloadRuntime,
-			expectedRuntime:          defaultRuntime,
+			runtimes: map[string]criconfig.Runtime{
+				criconfig.RuntimeDefault:   defaultRuntime,
+				criconfig.RuntimeUntrusted: untrustedWorkloadRuntime,
+			},
+			expectedRuntime: defaultRuntime,
 		},
 		"should return error if untrusted workload runtime is required but not configured": {
 			sandboxConfig: &runtime.PodSandboxConfig{
@@ -741,8 +746,10 @@ func TestGetSandboxRuntime(t *testing.T) {
 					annotations.UntrustedWorkload: "true",
 				},
 			},
-			defaultRuntime: defaultRuntime,
-			expectErr:      true,
+			runtimes: map[string]criconfig.Runtime{
+				criconfig.RuntimeDefault: defaultRuntime,
+			},
+			expectErr: true,
 		},
 		"should use 'untrusted' runtime for untrusted workload": {
 			sandboxConfig: &runtime.PodSandboxConfig{
@@ -750,8 +757,10 @@ func TestGetSandboxRuntime(t *testing.T) {
 					annotations.UntrustedWorkload: "true",
 				},
 			},
-			defaultRuntime:  defaultRuntime,
-			runtimes:        map[string]criconfig.Runtime{criconfig.RuntimeUntrusted: untrustedWorkloadRuntime},
+			runtimes: map[string]criconfig.Runtime{
+				criconfig.RuntimeDefault:   defaultRuntime,
+				criconfig.RuntimeUntrusted: untrustedWorkloadRuntime,
+			},
 			expectedRuntime: untrustedWorkloadRuntime,
 		},
 		"should use 'untrusted' runtime for untrusted workload & handler": {
@@ -760,9 +769,11 @@ func TestGetSandboxRuntime(t *testing.T) {
 					annotations.UntrustedWorkload: "true",
 				},
 			},
-			runtimeHandler:  "untrusted",
-			defaultRuntime:  defaultRuntime,
-			runtimes:        map[string]criconfig.Runtime{criconfig.RuntimeUntrusted: untrustedWorkloadRuntime},
+			runtimeHandler: "untrusted",
+			runtimes: map[string]criconfig.Runtime{
+				criconfig.RuntimeDefault:   defaultRuntime,
+				criconfig.RuntimeUntrusted: untrustedWorkloadRuntime,
+			},
 			expectedRuntime: untrustedWorkloadRuntime,
 		},
 		"should return an error if untrusted annotation with conflicting handler": {
@@ -771,26 +782,32 @@ func TestGetSandboxRuntime(t *testing.T) {
 					annotations.UntrustedWorkload: "true",
 				},
 			},
-			runtimeHandler:           "foo",
-			defaultRuntime:           defaultRuntime,
-			untrustedWorkloadRuntime: untrustedWorkloadRuntime,
-			runtimes:                 map[string]criconfig.Runtime{"foo": fooRuntime},
-			expectErr:                true,
+			runtimeHandler: "foo",
+			runtimes: map[string]criconfig.Runtime{
+				criconfig.RuntimeDefault:   defaultRuntime,
+				criconfig.RuntimeUntrusted: untrustedWorkloadRuntime,
+				"foo":                      fooRuntime,
+			},
+			expectErr: true,
 		},
 		"should use correct runtime for a runtime handler": {
-			sandboxConfig:            &runtime.PodSandboxConfig{},
-			runtimeHandler:           "foo",
-			defaultRuntime:           defaultRuntime,
-			untrustedWorkloadRuntime: untrustedWorkloadRuntime,
-			runtimes:                 map[string]criconfig.Runtime{"foo": fooRuntime},
-			expectedRuntime:          fooRuntime,
+			sandboxConfig:  &runtime.PodSandboxConfig{},
+			runtimeHandler: "foo",
+			runtimes: map[string]criconfig.Runtime{
+				criconfig.RuntimeDefault:   defaultRuntime,
+				criconfig.RuntimeUntrusted: untrustedWorkloadRuntime,
+				"foo":                      fooRuntime,
+			},
+			expectedRuntime: fooRuntime,
 		},
 		"should return error if runtime handler is required but not configured": {
 			sandboxConfig:  &runtime.PodSandboxConfig{},
 			runtimeHandler: "bar",
-			defaultRuntime: defaultRuntime,
-			runtimes:       map[string]criconfig.Runtime{"foo": fooRuntime},
-			expectErr:      true,
+			runtimes: map[string]criconfig.Runtime{
+				criconfig.RuntimeDefault: defaultRuntime,
+				"foo":                    fooRuntime,
+			},
+			expectErr: true,
 		},
 	} {
 		t.Run(desc, func(t *testing.T) {
@@ -798,8 +815,7 @@ func TestGetSandboxRuntime(t *testing.T) {
 			cri.config = criconfig.Config{
 				PluginConfig: criconfig.DefaultConfig(),
 			}
-			cri.config.ContainerdConfig.DefaultRuntime = test.defaultRuntime
-			cri.config.ContainerdConfig.UntrustedWorkloadRuntime = test.untrustedWorkloadRuntime
+			cri.config.ContainerdConfig.DefaultRuntimeName = criconfig.RuntimeDefault
 			cri.config.ContainerdConfig.Runtimes = test.runtimes
 			r, err := cri.getSandboxRuntime(test.sandboxConfig, test.runtimeHandler)
 			assert.Equal(t, test.expectErr, err != nil)