github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Refactor encrypted opts and added unit test

Browse Source 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
This commit is contained in:
Brandon Lum
2020-01-08 10:13:23 +00:00
parent ac8ec18813
commit c43a7588f6
2 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/server/image_pull.go
View File

@@ -119,11 +119,7 @@ func (c *criService) PullImage(ctx context.Context, r *runtime.PullImageRequest)
containerd.WithImageHandler(imageHandler),
}
if c.config.EncryptedImagesConfig.KeyModel == criconfig.EncryptionKeyModelNode {
ltdd := imgcrypt.Payload{}
decUnpackOpt := encryption.WithUnpackConfigApplyOpts(encryption.WithDecryptedUnpack(&ltdd))
pullOpts = append(pullOpts, encryption.WithUnpackOpts([]containerd.UnpackOpt{decUnpackOpt}))
}
pullOpts = append(pullOpts, c.encryptedImagesPullOpts()...)
image, err := c.client.Pull(ctx, ref, pullOpts...)
if err != nil {
@@ -414,3 +410,15 @@ func newTransport() *http.Transport {
ExpectContinueTimeout: 5 * time.Second,
}
}
// addEncryptedImagesPullOpts adds the necessary pull options to a list of
// pull options if enabled.
func (c *criService) encryptedImagesPullOpts() []containerd.RemoteOpt {
if c.config.EncryptedImagesConfig.KeyModel == criconfig.EncryptionKeyModelNode {
ltdd := imgcrypt.Payload{}
decUnpackOpt := encryption.WithUnpackConfigApplyOpts(encryption.WithDecryptedUnpack(&ltdd))
opt := containerd.WithUnpackOpts([]containerd.UnpackOpt{decUnpackOpt})
return []containerd.RemoteOpt{opt}
}
return nil
}