Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: Add CRI tests for integrity protection of LCOW layers #1193

Merged
merged 3 commits into from
Oct 22, 2021
Merged

tests: Add CRI tests for integrity protection of LCOW layers #1193

merged 3 commits into from
Oct 22, 2021

Conversation

anmaxvl
Copy link
Contributor

@anmaxvl anmaxvl commented Oct 8, 2021
edited
Loading

Add tests that validate that integrity protection is checked when
LCOW layers have dm-verity hashes appended.

Depends on:

Signed-off-by: Maksim An maksiman@microsoft.com

@anmaxvl anmaxvl requested a review from a team as a code owner October 8, 2021 17:53
katiewasnothere
katiewasnothere approved these changes Oct 8, 2021
View reviewed changes
Copy link
Contributor

@katiewasnothere katiewasnothere left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one request, otherwise LGTM

@katiewasnothere katiewasnothere self-assigned this Oct 8, 2021
dcantah
dcantah reviewed Oct 11, 2021
View reviewed changes
test/cri-containerd/layer_integrity_test.go Outdated
t,
[]string{imageLcowAlpine},
WithSandboxAnnotations(map[string]string{
"containerd.io/diff/io.microsoft.storage.lcow.append-dm-verity": "true",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This depends on this getting in as is right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yup, that too. added a feature flag to enable local testing at least.

@dcantah dcantah self-assigned this Oct 11, 2021
@dcantah
Copy link
Contributor

dcantah commented Oct 14, 2021

I think we should hold off to see if anyone has opinions on the labels vs annotations for the containerd PR, as that would change this slightly. The tests LGTM though so if the ctrd one goes in feel free to check in

@anmaxvl
tests: Add CRI tests for integrity protection of LCOW layers
bce7f69 
Add tests that validate that integrity protection is checked when
LCOW layers have dm-verity hashes appended.

Signed-off-by: Maksim An <maksiman@microsoft.com>
@anmaxvl
pr feedback #1: add rootfs type to container name
7bd0a44 
Signed-off-by: Maksim An <maksiman@microsoft.com>
@anmaxvl
Adjust behavior to upstream PR, use Labels instead of Annotations
e38656e 
Signed-off-by: Maksim An <maksiman@microsoft.com>
@anmaxvl
Copy link
Contributor Author

anmaxvl commented Oct 22, 2021

I think we shouldn't wait for the upstream PR here. The tests are hidden behind a feature flag which is not added to allFeatures

@anmaxvl
Copy link
Contributor Author

anmaxvl commented Oct 22, 2021

@dcantah lmk if you have any concerns with merging this.

@dcantah
Copy link
Contributor

dcantah commented Oct 22, 2021

Sure, I was mainly hesitant on the labels vs annotations discussion. I still don't have a great view of which to use. I'd ping Mike Brown on the PR for his opinion.

@dcantah
Copy link
Contributor

dcantah commented Oct 22, 2021

If anything it's a one line change depending on what is decided between the two.

@anmaxvl anmaxvl merged commit f174aa8 into microsoft:master Oct 22, 2021
@anmaxvl anmaxvl deleted the lcow-layer-integrity-tests branch October 22, 2021 20:28
anmaxvl pushed a commit to anmaxvl/hcsshim that referenced this pull request Nov 17, 2021
@ambarve
Merged PR 5361442: Update ADO to hcsshim db9908f
f584e1e 
Related work items: microsoft#1067, microsoft#1097, microsoft#1119, microsoft#1170, microsoft#1176, microsoft#1180, microsoft#1181, microsoft#1182, microsoft#1183, microsoft#1184, microsoft#1185, microsoft#1186, microsoft#1187, microsoft#1188, microsoft#1189, microsoft#1191, microsoft#1193, microsoft#1194, microsoft#1195, microsoft#1196, microsoft#1197, microsoft#1200, microsoft#1201, microsoft#1202, microsoft#1203, microsoft#1204, microsoft#1205, microsoft#1206, microsoft#1207, microsoft#1209, microsoft#1210, microsoft#1211, microsoft#1218, microsoft#1219, microsoft#1220, microsoft#1223
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dcantah dcantah dcantah approved these changes

@katiewasnothere katiewasnothere katiewasnothere approved these changes

Assignees

@katiewasnothere katiewasnothere

@dcantah dcantah

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@anmaxvl @dcantah @katiewasnothere