From c9b4ccf83ee681ccff020de3d6c67db4f35a3fd6 Mon Sep 17 00:00:00 2001
From: Ed Bartosh <eduard.bartosh@intel.com>
Date: Mon, 21 Feb 2022 21:56:48 +0200
Subject: [PATCH] add configuration for CDI

Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
---
 container_opts.go                             | 4 ++--
 docs/cri/config.md                            | 8 ++++++++
 pkg/cri/config/config.go                      | 7 +++++++
 pkg/cri/config/config_unix.go                 | 2 ++
 pkg/cri/server/container_create.go            | 6 +++++-
 pkg/cri/server/container_create_linux_test.go | 4 ++--
 6 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/container_opts.go b/container_opts.go
index 83a7a965e..ca960302e 100644
--- a/container_opts.go
+++ b/container_opts.go
@@ -328,7 +328,7 @@ func WithoutRefreshedMetadata(i *InfoConfig) {
 }
 
 // WithCDI updates OCI spec with CDI content
-func WithCDI(s *oci.Spec, annotations map[string]string) NewContainerOpts {
+func WithCDI(s *oci.Spec, annotations map[string]string, cdiSpecDirs []string) NewContainerOpts {
 	return func(ctx context.Context, _ *Client, c *containers.Container) error {
 		// TODO: Once CRI is extended with native CDI support this will need to be updated...
 		_, cdiDevices, err := cdi.ParseAnnotations(annotations)
@@ -339,7 +339,7 @@ func WithCDI(s *oci.Spec, annotations map[string]string) NewContainerOpts {
 			return nil
 		}
 
-		registry := cdi.GetRegistry()
+		registry := cdi.GetRegistry(cdi.WithSpecDirs(cdiSpecDirs...))
 		if err = registry.Refresh(); err != nil {
 			// We don't consider registry refresh failure a fatal error.
 			// For instance, a dynamically generated invalid CDI Spec file for
diff --git a/docs/cri/config.md b/docs/cri/config.md
index b678b25d1..ce86c810b 100644
--- a/docs/cri/config.md
+++ b/docs/cri/config.md
@@ -120,6 +120,14 @@ version = 2
   # Note that currently default is set to disabled but target change it in future together with enable_unprivileged_ports
   enable_unprivileged_icmp = false
 
+  # enable_cdi enables support of the Container Device Interface (CDI)
+	# For more details about CDI and the syntax of CDI Spec files please refer to
+	# https://github.com/container-orchestrated-devices/container-device-interface.
+	enable_cdi = false
+
+  # cdi_spec_dirs is the list of directories to scan for CDI spec files
+	cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"]
+
   # 'plugins."io.containerd.grpc.v1.cri".containerd' contains config related to containerd
   [plugins."io.containerd.grpc.v1.cri".containerd]
 
diff --git a/pkg/cri/config/config.go b/pkg/cri/config/config.go
index 9a986efb7..fb0b4f8b0 100644
--- a/pkg/cri/config/config.go
+++ b/pkg/cri/config/config.go
@@ -302,6 +302,13 @@ type PluginConfig struct {
 	// and if it is not overwritten by PodSandboxConfig
 	// Note that currently default is set to disabled but target change it in future together with EnableUnprivilegedPorts
 	EnableUnprivilegedICMP bool `toml:"enable_unprivileged_icmp" json:"enableUnprivilegedICMP"`
+	// EnableCDI indicates to enable injection of the Container Device Interface Specifications
+	// into the OCI config
+	// For more details about CDI and the syntax of CDI Spec files please refer to
+	// https://github.com/container-orchestrated-devices/container-device-interface.
+	EnableCDI bool `toml:"enable_cdi" json:"enableCDI"`
+	// CDISpecDirs is the list of directories to scan for Container Device Interface Specifications
+	CDISpecDirs []string `toml:"cdi_spec_dirs" json:"cdiSpecDirs"`
 }
 
 // X509KeyPairStreaming contains the x509 configuration for streaming
diff --git a/pkg/cri/config/config_unix.go b/pkg/cri/config/config_unix.go
index ed75bb41c..19463b492 100644
--- a/pkg/cri/config/config_unix.go
+++ b/pkg/cri/config/config_unix.go
@@ -104,5 +104,7 @@ func DefaultConfig() PluginConfig {
 		ImageDecryption: ImageDecryption{
 			KeyModel: KeyModelNode,
 		},
+		EnableCDI:   false,
+		CDISpecDirs: []string{"/etc/cdi", "/var/run/cdi"},
 	}
 }
diff --git a/pkg/cri/server/container_create.go b/pkg/cri/server/container_create.go
index 58e05a916..4d84a582b 100644
--- a/pkg/cri/server/container_create.go
+++ b/pkg/cri/server/container_create.go
@@ -238,8 +238,12 @@ func (c *criService) CreateContainer(ctx context.Context, r *runtime.CreateConta
 	if err != nil {
 		return nil, fmt.Errorf("failed to get runtime options: %w", err)
 	}
+
+	if c.config.EnableCDI {
+		opts = append(opts, containerd.WithCDI(spec, config.Annotations, c.config.CDISpecDirs))
+	}
+
 	opts = append(opts,
-		containerd.WithCDI(spec, config.Annotations),
 		containerd.WithSpec(spec, specOpts...),
 		containerd.WithRuntime(sandboxInfo.Runtime.Name, runtimeOptions),
 		containerd.WithContainerLabels(containerLabels),
diff --git a/pkg/cri/server/container_create_linux_test.go b/pkg/cri/server/container_create_linux_test.go
index 7efc42183..ff725df99 100644
--- a/pkg/cri/server/container_create_linux_test.go
+++ b/pkg/cri/server/container_create_linux_test.go
@@ -1507,7 +1507,7 @@ func writeFilesToTempDir(tmpDirPattern string, content []string) (string, error)
 		}
 	}
 
-	return dir, cdi.GetRegistry(cdi.WithSpecDirs(dir)).Refresh()
+	return dir, nil
 }
 
 func TestCDIInjections(t *testing.T) {
@@ -1619,7 +1619,7 @@ containerEdits:
 		}
 		require.NoError(t, err)
 
-		injectFun := containerd.WithCDI(spec, test.annotations)
+		injectFun := containerd.WithCDI(spec, test.annotations, []string{cdiDir})
 		err = injectFun(nil, nil, nil)
 		assert.Equal(t, test.expectError, err != nil)