fc2cae39ef
We now can pass 37/55 tests with this PR. Remaining tests include may be fixed with 1.8. [Fail] [k8s.io] Security Context bucket [It] runtime should support RunAsUserName [Fail] [k8s.io] Security Context NamespaceOption [It] runtime should support HostPID [Fail] [k8s.io] PodSandbox runtime should support sysctls [It] should support unsafe sysctls [Fail] [k8s.io] PodSandbox runtime should support basic operations on PodSandbox [It] runtime should support removing PodSandbox [Conformance] [Fail] [k8s.io] Streaming runtime should support streaming interfaces [It] runtime should support portforward [Conformance] [Fail] [k8s.io] Security Context SeccompProfilePath [It] runtime should not support a custom seccomp profile without using localhost/ as a prefix [Fail] [k8s.io] Image Manager [It] listImage should get exactly 2 repoTags in the result image [Conformance] [Fail] [k8s.io] PodSandbox runtime should support sysctls [It] should support safe sysctls [Fail] [k8s.io] Security Context NoNewPrivs [It] should not allow privilege escalation when true [Fail] [k8s.io] Security Context SeccompProfilePath [It] runtime should support an seccomp profile that blocks setting hostname with SYS_ADMIN [Fail] [k8s.io] Container runtime should support mount propagation [It] mount with 'rslave' should support propagation from host to container [Fail] [k8s.io] Container runtime should support mount propagation [It] mount with 'rshared' should support propagation from host to container and vice versa [Fail] [k8s.io] Networking runtime should support networking [It] runtime should support port mapping with host port and container port [Conformance] [Fail] [k8s.io] Security Context SeccompProfilePath [It] should support seccomp localhost/profile on the container [Fail] [k8s.io] Container runtime should support log [It] runtime should support starting container with log [Conformance] [Fail] [k8s.io] Security Context bucket [It] runtime should support RunAsUser [Fail] [k8s.io] Security Context bucket [It] runtime should support SupplementalGroups [Fail] [k8s.io] Security Context SeccompProfilePath docker/default [It] should support seccomp docker/default on the container Signed-off-by: baude <bbaude@redhat.com>
112 lines
2.9 KiB
Go
112 lines
2.9 KiB
Go
package server
|
|
|
|
import (
|
|
"github.com/kubernetes-incubator/cri-o/oci"
|
|
"github.com/sirupsen/logrus"
|
|
"golang.org/x/net/context"
|
|
"k8s.io/apimachinery/pkg/fields"
|
|
pb "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime"
|
|
)
|
|
|
|
// filterContainer returns whether passed container matches filtering criteria
|
|
func filterContainer(c *pb.Container, filter *pb.ContainerFilter) bool {
|
|
if filter != nil {
|
|
if filter.State != nil {
|
|
if c.State != filter.State.State {
|
|
return false
|
|
}
|
|
}
|
|
if filter.LabelSelector != nil {
|
|
sel := fields.SelectorFromSet(filter.LabelSelector)
|
|
if !sel.Matches(fields.Set(c.Labels)) {
|
|
return false
|
|
}
|
|
}
|
|
}
|
|
return true
|
|
}
|
|
|
|
// ListContainers lists all containers by filters.
|
|
func (s *Server) ListContainers(ctx context.Context, req *pb.ListContainersRequest) (*pb.ListContainersResponse, error) {
|
|
logrus.Debugf("ListContainersRequest %+v", req)
|
|
var ctrs []*pb.Container
|
|
filter := req.Filter
|
|
ctrList, err := s.ContainerServer.ListContainers()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Filter using container id and pod id first.
|
|
if filter.Id != "" {
|
|
id, err := s.CtrIDIndex().Get(filter.Id)
|
|
if err != nil {
|
|
// If we don't find a container ID with a filter, it should not
|
|
// be considered an error. Log a warning and return an empty struct
|
|
logrus.Warn("unable to find container ID %s", filter.Id)
|
|
return &pb.ListContainersResponse{}, nil
|
|
}
|
|
c := s.ContainerServer.GetContainer(id)
|
|
if c != nil {
|
|
if filter.PodSandboxId != "" {
|
|
if c.Sandbox() == filter.PodSandboxId {
|
|
ctrList = []*oci.Container{c}
|
|
} else {
|
|
ctrList = []*oci.Container{}
|
|
}
|
|
|
|
} else {
|
|
ctrList = []*oci.Container{c}
|
|
}
|
|
}
|
|
} else {
|
|
if filter.PodSandboxId != "" {
|
|
pod := s.ContainerServer.GetSandbox(filter.PodSandboxId)
|
|
if pod == nil {
|
|
ctrList = []*oci.Container{}
|
|
} else {
|
|
ctrList = pod.Containers().List()
|
|
}
|
|
}
|
|
}
|
|
|
|
for _, ctr := range ctrList {
|
|
podSandboxID := ctr.Sandbox()
|
|
cState := s.Runtime().ContainerStatus(ctr)
|
|
created := cState.Created.UnixNano()
|
|
rState := pb.ContainerState_CONTAINER_UNKNOWN
|
|
cID := ctr.ID()
|
|
img := &pb.ImageSpec{
|
|
Image: ctr.Image(),
|
|
}
|
|
c := &pb.Container{
|
|
Id: cID,
|
|
PodSandboxId: podSandboxID,
|
|
CreatedAt: created,
|
|
Labels: ctr.Labels(),
|
|
Metadata: ctr.Metadata(),
|
|
Annotations: ctr.Annotations(),
|
|
Image: img,
|
|
}
|
|
|
|
switch cState.Status {
|
|
case oci.ContainerStateCreated:
|
|
rState = pb.ContainerState_CONTAINER_CREATED
|
|
case oci.ContainerStateRunning:
|
|
rState = pb.ContainerState_CONTAINER_RUNNING
|
|
case oci.ContainerStateStopped:
|
|
rState = pb.ContainerState_CONTAINER_EXITED
|
|
}
|
|
c.State = rState
|
|
|
|
// Filter by other criteria such as state and labels.
|
|
if filterContainer(c, req.Filter) {
|
|
ctrs = append(ctrs, c)
|
|
}
|
|
}
|
|
|
|
resp := &pb.ListContainersResponse{
|
|
Containers: ctrs,
|
|
}
|
|
logrus.Debugf("ListContainersResponse: %+v", resp)
|
|
return resp, nil
|
|
}
|