Refactor encrypted opts and added unit test
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
This commit is contained in:
Brandon Lum
parent
ac8ec18813
commit
c43a7588f6
@ -119,11 +119,7 @@ func (c *criService) PullImage(ctx context.Context, r *runtime.PullImageRequest)
|
|||||||
containerd.WithImageHandler(imageHandler),
|
containerd.WithImageHandler(imageHandler),
|
||||||
}
|
}
|
||||||
|
|
||||||
if c.config.EncryptedImagesConfig.KeyModel == criconfig.EncryptionKeyModelNode {
|
pullOpts = append(pullOpts, c.encryptedImagesPullOpts()...)
|
||||||
ltdd := imgcrypt.Payload{}
|
|
||||||
decUnpackOpt := encryption.WithUnpackConfigApplyOpts(encryption.WithDecryptedUnpack(<dd))
|
|
||||||
pullOpts = append(pullOpts, encryption.WithUnpackOpts([]containerd.UnpackOpt{decUnpackOpt}))
|
|
||||||
}
|
|
||||||
|
|
||||||
image, err := c.client.Pull(ctx, ref, pullOpts...)
|
image, err := c.client.Pull(ctx, ref, pullOpts...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -414,3 +410,15 @@ func newTransport() *http.Transport {
|
|||||||
ExpectContinueTimeout: 5 * time.Second,
|
ExpectContinueTimeout: 5 * time.Second,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// addEncryptedImagesPullOpts adds the necessary pull options to a list of
|
||||||
|
// pull options if enabled.
|
||||||
|
func (c *criService) encryptedImagesPullOpts() []containerd.RemoteOpt {
|
||||||
|
if c.config.EncryptedImagesConfig.KeyModel == criconfig.EncryptionKeyModelNode {
|
||||||
|
ltdd := imgcrypt.Payload{}
|
||||||
|
decUnpackOpt := encryption.WithUnpackConfigApplyOpts(encryption.WithDecryptedUnpack(<dd))
|
||||||
|
opt := containerd.WithUnpackOpts([]containerd.UnpackOpt{decUnpackOpt})
|
||||||
|
return []containerd.RemoteOpt{opt}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|||||||
@ -288,3 +288,25 @@ func TestDefaultScheme(t *testing.T) {
|
|||||||
assert.Equal(t, test.expected, got)
|
assert.Equal(t, test.expected, got)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestEncryptedImagePullOpts(t *testing.T) {
|
||||||
|
for desc, test := range map[string]struct {
|
||||||
|
keyModel string
|
||||||
|
expectedOpts int
|
||||||
|
}{
|
||||||
|
"node key model should return one unpack opt": {
|
||||||
|
keyModel: criconfig.EncryptionKeyModelNode,
|
||||||
|
expectedOpts: 1,
|
||||||
|
},
|
||||||
|
"no key model selected should not add any opts": {
|
||||||
|
keyModel: "",
|
||||||
|
expectedOpts: 0,
|
||||||
|
},
|
||||||
|
} {
|
||||||
|
t.Logf("TestCase %q", desc)
|
||||||
|
c := newTestCRIService()
|
||||||
|
c.config.EncryptedImagesConfig.KeyModel = test.keyModel
|
||||||
|
got := len(c.encryptedImagesPullOpts())
|
||||||
|
assert.Equal(t, test.expectedOpts, got)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user