This commit upgrades github.com/containerd/typeurl to use typeurl.Any.
The interface hides gogo/protobuf/types.Any from containerd's Go client.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
The directory created by `T.TempDir` is automatically removed when the
test and all its subtests complete.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
`gosec` linter is able to identify issues described in #6584
e.g.
$ git revert 54e95e6b88
[gosec dfc8ca1ec] Revert "fix Implicit memory aliasing in for loop"
2 files changed, 2 deletions(-)
$ make check
+ proto-fmt
+ check
GOGC=75 golangci-lint run
containerstore.go:192:54: G601: Implicit memory aliasing in for loop. (gosec)
containers = append(containers, containerFromProto(&container))
^
image_store.go:132:42: G601: Implicit memory aliasing in for loop. (gosec)
images = append(images, imageFromProto(&image))
^
make: *** [check] Error 1
I also disabled following two settings which prevent the linter to show a complete list of issues.
* max-issues-per-linter (default 50)
* max-same-issues (default 3)
Furthermore enabling gosec revealed many other issues. For now I blacklisted the ones except G601.
Will create separate tasks to address them one by one moving next.
Signed-off-by: Henry Wang <henwang@amazon.com>
The error message was unnecessary cryptic. `snapshot-[name]` notation
was only used here and hard to understand.
Instead it should say `snapshots on "..." snapshotter`.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
The `createAndCopy` function is only called when `nw.w` is nil
in order to create a new writer and prepare it. The current code
is attempting to close `nw.w` when there is a copy error. The
correct behavior would be to close the new writer and not touch `nw.w`.
Signed-off-by: Derek McGowan <derek@mcg.dev>
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Adds shared content labels to namespaces allowing content to be shared
between namespaces if that namespace is specifically tagged as being
sharable by adding the `containerd.io/namespace/sharable` label to the
namespace.
Signed-off-by: Cody Roseborough <cdr@amazon.com>
Deleting a non-empty namespace fails with
> namespace must be empty: failed precondition
This change improves the error message by listing the types of
the objects in the namespace that prevent deletion.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
While Walk() has been taking filter strings, it was not using the parameter.
This change actually makes the filtering work.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
Dependencies may be switching to use the new `%w` formatting
option to wrap errors; switching to use `errors.Is()` makes
sure that we are still able to unwrap the error and detect the
underlying cause.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Cleanup is an optional method a snapshotter may implement.
Cleanup can be used to cleanup resources after a snapshot
has been removed. This function allows a snapshotter to defer
longer resource cleanup until after snapshot removals are
completed. Adding this to the API allows proxy snapshotters
to leverage this enhancement.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Allows backend snapshots to bring existing snapshots into
a namespace without requiring clients to fully snapshots
when the target reference is known. Backend snapshots must
explicitly implement this functionality, it is equivalent
to sharing across namespaces and is up to the backend to
use the label when it is given or ignore it.
This enables remote snapshot functionality for a backend to
query for a target snapshot before a client has performed
any work to create that snapshot.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Regular expressions in the namespaces package are redundant with the
pre-existing validator in the "identifiers" package; replace this custom
usage with the validator in "identifiers"
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Provide a flag which configures a lease to only hold
reference to its given references and ignore label references
during garbage collection rooted from the lease.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Enables showing debug logs in testing output.
For integration tests the client log output will show
in addition to daemon output, with timestamps for better
correlation.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Closes#3305
This adds an opt and a `--cgroup,-c` flag to `ctr namespaces rm` to
remove the cgroup that is commonly created with runtimes.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Add three methods for lease service so that the client can use it to
manage the resource by lease, not just gc.root label. With the following
methods, it is easy for client to maintain their own cache system.
```
- AddResource(context.Context, Lease, Resource) error
- RemoveResource(context.Context, Lease, Resource) error
- ListResources(context.Context, Lease) ([]Resource, error)
```
And the resource is to be
```golang
type Resource {
ID string
Type string
}
```
For the snapshots, the Type field will be formatted by
snapshots/%{type}, like snapshots/overlayfs.
fix: #3295
Signed-off-by: Wei Fu <fuweid89@gmail.com>
The namespaced writer Commit method must always have a
namespace in the context as checked by the removeIngestLease
function, resulting in a panic when not provided.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Extend the adaptImage function with a case for handling the annotations
so they can be used in the filter adaptors for fieldpaths.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Currently the objects which can retain content from labels
are limited. This limitation has required clients to work
around this and and in some cases add outside reference
counting (e.g. buildkit keeping content for snapshots).
Updated the logic to treat content and snapshot labels equally
and simplified the code in the process.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
