-
Notifications
You must be signed in to change notification settings - Fork 256
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add new gcs hooks, add expected mounts to security policy (#1258)
Introduce a new `wait-paths` binary, which polls file system until requested paths are available or a timeout is reached. Security policy has been updated to have `ExpectedMounts` entries, which will be used in conjunction with "wait-paths" hook for synchronization purposes. Refactor oci-hook logic into its own internal package and update existing code to use that package. Copy runc HookName and constants definitions to break dependency on runc Introduce `ExpectedMounts` as part of security policy language and the logic to enforce the policy, which resolves the expected mounts in the UVM and adds a wait-paths hook to the spec. Add positive and negative CRI tests. Signed-off-by: Maksim An <maksiman@microsoft.com>
- Loading branch information
Showing
44 changed files
with
944 additions
and
227 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
// +build linux | ||
|
||
package main | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
"os" | ||
"strings" | ||
"time" | ||
|
||
"github.com/sirupsen/logrus" | ||
"github.com/urfave/cli" | ||
) | ||
|
||
const ( | ||
pathsFlag = "paths" | ||
timeoutFlag = "timeout" | ||
) | ||
|
||
// This is a hook that waits for a specific path to appear. | ||
// The hook has required list of comma-separated paths and a default timeout in seconds. | ||
|
||
func main() { | ||
app := cli.NewApp() | ||
app.Name = "wait-paths" | ||
app.Usage = "Provide a list paths and an optional timeout" | ||
app.Flags = []cli.Flag{ | ||
cli.StringFlag{ | ||
Name: pathsFlag + ",p", | ||
Usage: "Comma-separated list of paths that should become available", | ||
Required: true, | ||
}, | ||
cli.IntFlag{ | ||
Name: timeoutFlag + ",t", | ||
Usage: "Timeout in seconds", | ||
Value: 30, | ||
}, | ||
} | ||
app.Action = run | ||
if err := app.Run(os.Args); err != nil { | ||
logrus.Fatalf("%s\n", err) | ||
} | ||
os.Exit(0) | ||
} | ||
|
||
func run(cCtx *cli.Context) error { | ||
timeout := cCtx.GlobalInt(timeoutFlag) | ||
paths := strings.Split(cCtx.GlobalString(pathsFlag), ",") | ||
|
||
waitCtx, cancel := context.WithTimeout(context.Background(), time.Duration(timeout)*time.Second) | ||
defer cancel() | ||
|
||
for _, path := range paths { | ||
for { | ||
if _, err := os.Stat(path); err != nil { | ||
if !os.IsNotExist(err) { | ||
return err | ||
} | ||
select { | ||
case <-waitCtx.Done(): | ||
return fmt.Errorf("timeout while waiting for path %q to appear", path) | ||
default: | ||
time.Sleep(time.Millisecond * 10) | ||
continue | ||
} | ||
} | ||
break | ||
} | ||
} | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.