Addressed nits
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
This commit is contained in:
Brandon Lum
parent
8df431fc31
commit
ffcef9dc32
@ -153,7 +153,7 @@ type RegistryConfig struct {
|
|||||||
TLS *TLSConfig `toml:"tls" json:"tls"`
|
TLS *TLSConfig `toml:"tls" json:"tls"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type EncryptedImagesConfig struct {
|
type ImageEncryption struct {
|
||||||
// KeyModel specifies the model of where keys should reside
|
// KeyModel specifies the model of where keys should reside
|
||||||
KeyModel string `toml:"key_model" json:"keyModel"`
|
KeyModel string `toml:"key_model" json:"keyModel"`
|
||||||
}
|
}
|
||||||
@ -167,8 +167,8 @@ type PluginConfig struct {
|
|||||||
CniConfig `toml:"cni" json:"cni"`
|
CniConfig `toml:"cni" json:"cni"`
|
||||||
// Registry contains config related to the registry
|
// Registry contains config related to the registry
|
||||||
Registry Registry `toml:"registry" json:"registry"`
|
Registry Registry `toml:"registry" json:"registry"`
|
||||||
// EncryptedImagesConfig contains config related to handling of encrypted images
|
// ImageEncryption contains config related to handling of encrypted images
|
||||||
EncryptedImagesConfig `toml:"image_encryption" json:"imageEncryption"`
|
ImageEncryption `toml:"image_encryption" json:"imageEncryption"`
|
||||||
// DisableTCPService disables serving CRI on the TCP server.
|
// DisableTCPService disables serving CRI on the TCP server.
|
||||||
DisableTCPService bool `toml:"disable_tcp_service" json:"disableTCPService"`
|
DisableTCPService bool `toml:"disable_tcp_service" json:"disableTCPService"`
|
||||||
// StreamServerAddress is the ip address streaming server is listening on.
|
// StreamServerAddress is the ip address streaming server is listening on.
|
||||||
|
|||||||
@ -414,7 +414,8 @@ func newTransport() *http.Transport {
|
|||||||
// addEncryptedImagesPullOpts adds the necessary pull options to a list of
|
// addEncryptedImagesPullOpts adds the necessary pull options to a list of
|
||||||
// pull options if enabled.
|
// pull options if enabled.
|
||||||
func (c *criService) encryptedImagesPullOpts() []containerd.RemoteOpt {
|
func (c *criService) encryptedImagesPullOpts() []containerd.RemoteOpt {
|
||||||
if c.config.EncryptedImagesConfig.KeyModel == criconfig.EncryptionKeyModelNode {
|
if c.config.ImageEncryption.KeyModel == criconfig.EncryptionKeyModelNode ||
|
||||||
|
c.config.ImageEncryption.KeyModel == "" {
|
||||||
ltdd := imgcrypt.Payload{}
|
ltdd := imgcrypt.Payload{}
|
||||||
decUnpackOpt := encryption.WithUnpackConfigApplyOpts(encryption.WithDecryptedUnpack(<dd))
|
decUnpackOpt := encryption.WithUnpackConfigApplyOpts(encryption.WithDecryptedUnpack(<dd))
|
||||||
opt := containerd.WithUnpackOpts([]containerd.UnpackOpt{decUnpackOpt})
|
opt := containerd.WithUnpackOpts([]containerd.UnpackOpt{decUnpackOpt})
|
||||||
|
|||||||
@ -298,14 +298,14 @@ func TestEncryptedImagePullOpts(t *testing.T) {
|
|||||||
keyModel: criconfig.EncryptionKeyModelNode,
|
keyModel: criconfig.EncryptionKeyModelNode,
|
||||||
expectedOpts: 1,
|
expectedOpts: 1,
|
||||||
},
|
},
|
||||||
"no key model selected should not add any opts": {
|
"no key model selected should default to node key model": {
|
||||||
keyModel: "",
|
keyModel: "",
|
||||||
expectedOpts: 0,
|
expectedOpts: 1,
|
||||||
},
|
},
|
||||||
} {
|
} {
|
||||||
t.Logf("TestCase %q", desc)
|
t.Logf("TestCase %q", desc)
|
||||||
c := newTestCRIService()
|
c := newTestCRIService()
|
||||||
c.config.EncryptedImagesConfig.KeyModel = test.keyModel
|
c.config.ImageEncryption.KeyModel = test.keyModel
|
||||||
got := len(c.encryptedImagesPullOpts())
|
got := len(c.encryptedImagesPullOpts())
|
||||||
assert.Equal(t, test.expectedOpts, got)
|
assert.Equal(t, test.expectedOpts, got)
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user