Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skip status response verification for containerd v2 #581

Merged
merged 1 commit into from
Oct 7, 2024
Merged

Skip status response verification for containerd v2 #581

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Fixed

- [#581](https://github.com/spegel-org/spegel/pull/581) Skip status response verification for containerd v2

### Security

## v0.0.24
Expand Down
25 changes: 23 additions & 2 deletions pkg/oci/containerd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
"path/filepath"
"strings"

semver "github.com/Masterminds/semver/v3"
"github.com/containerd/containerd"
eventtypes "github.com/containerd/containerd/api/events"
"github.com/containerd/containerd/content"
Expand Down Expand Up @@ -79,6 +80,7 @@
}

func (c *Containerd) Verify(ctx context.Context) error {
log := logr.FromContextOrDiscard(ctx)

Check warning on line 83 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L83 

Added line #L83 was not covered by tests
client, err := c.Client()
if err != nil {
return err
Expand All @@ -90,11 +92,30 @@
if !ok {
return errors.New("could not reach Containerd service")
}
resp, err := runtimeapi.NewRuntimeServiceClient(client.Conn()).Status(ctx, &runtimeapi.StatusRequest{Verbose: true})
srv := runtimeapi.NewRuntimeServiceClient(client.Conn())

Check warning on line 95 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L95 

Added line #L95 was not covered by tests

versionResp, err := srv.Version(ctx, &runtimeapi.VersionRequest{})
if err != nil {
return err

Check warning on line 99 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L97-L99 

Added lines #L97 - L99 were not covered by tests
}
version, err := semver.NewVersion(versionResp.GetRuntimeVersion())
if err != nil {
return err

Check warning on line 103 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L101-L103 

Added lines #L101 - L103 were not covered by tests
}
constraint, err := semver.NewConstraint(">1-0")
if err != nil {
return err

Check warning on line 107 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L105-L107 

Added lines #L105 - L107 were not covered by tests
}
if constraint.Check(version) {
log.Info("unable to verify status response", "runtime_version", version.String())
return nil

Check warning on line 111 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L109-L111 

Added lines #L109 - L111 were not covered by tests
}

statusResp, err := srv.Status(ctx, &runtimeapi.StatusRequest{Verbose: true})

Check warning on line 114 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L114 

Added line #L114 was not covered by tests
if err != nil {
return err
}
err = verifyStatusResponse(resp, c.registryConfigPath)
err = verifyStatusResponse(statusResp, c.registryConfigPath)

Check warning on line 118 in pkg/oci/containerd.go

View check run for this annotation

Codecov / codecov/patch

pkg/oci/containerd.go#L118 

Added line #L118 was not covered by tests
if err != nil {
return err
}
Expand Down