CDH/image-rs | promote error information printing #995
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Xynnn007
force-pushed
the
image-rs-error-prt
branch
2 times, most recently
from
de128b6 to
a6a6160
Compare
ChengyuZhu6
reviewed
May 12, 2025
Xynnn007
force-pushed
the
image-rs-error-prt
branch
from
a6a6160 to
d0df699
Compare
Xynnn007
force-pushed
the
image-rs-error-prt
branch
3 times, most recently
from
d1bb5dc to
4e800d7
Compare
Xynnn007
added a commit
to Xynnn007/kata-containers
that referenced
this pull request
May 13, 2025
let's see if this whole bunch of things works. together with PR confidential-containers/guest-components#995 Signed-off-by: Xynnn007 <[email protected]>
|
It's ready for review now! |
Xynnn007
added a commit
to Xynnn007/kata-containers
that referenced
this pull request
May 13, 2025
let's see if this whole bunch of things works. together with PR confidential-containers/guest-components#995 Signed-off-by: Xynnn007 <[email protected]>
Xynnn007
added a commit
to Xynnn007/kata-containers
that referenced
this pull request
May 21, 2025
let's see if this whole bunch of things works. together with PR confidential-containers/guest-components#995 Signed-off-by: Xynnn007 <[email protected]>
Xynnn007
added a commit
to Xynnn007/kata-containers
that referenced
this pull request
May 21, 2025
let's see if this whole bunch of things works. together with PR confidential-containers/guest-components#995 Signed-off-by: Xynnn007 <[email protected]>
Xynnn007
added a commit
to Xynnn007/kata-containers
that referenced
this pull request
May 21, 2025
let's see if this whole bunch of things works. together with PR confidential-containers/guest-components#995 Signed-off-by: Xynnn007 <[email protected]>
Xynnn007
added a commit
to Xynnn007/kata-containers
that referenced
this pull request
May 21, 2025
let's see if this whole bunch of things works. together with PR confidential-containers/guest-components#995 Signed-off-by: Xynnn007 <[email protected]>
Xynnn007
added a commit
to Xynnn007/kata-containers
that referenced
this pull request
May 21, 2025
let's see if this whole bunch of things works. together with CDH side PR. If the CI passes, we can merge the following PR first. confidential-containers/guest-components#995 Signed-off-by: Xynnn007 <[email protected]>
Xynnn007
added a commit
to Xynnn007/kata-containers
that referenced
this pull request
May 22, 2025
let's see if this whole bunch of things works. together with CDH side PR. If the CI passes, we can merge the following PR first. confidential-containers/guest-components#995 Signed-off-by: Xynnn007 <[email protected]>
Previously, the snapshot type in the image-rs logic was specified by the `default_snapshot` field in the configuration file. This type remained constant throughout the entire lifecycle of the ImageClient. However, the previous logic attempted to re-fetch the snapshot using the `default_snapshot` from the current ImageClient's members each time an imagePull request was made, subsequently performing related image storage actions. This commit simplifies the logic. It ensures that initialization only creates one snapshot as specified by `default_snapshot`, and this snapshot is directly referenced and used throughout the entire lifecycle of the ImageClient. It should be noted that if any Snapshot feature is not activated at compile time, an Unknown type Snapshot may be initialized when creating an ImageClient at runtime. This type actually has no effect and will result in an error when the image is pulled. This commit will correct this logic, completely abandon the Unknown type Snapshot, and check whether there is an available Snapshot type at compile time, otherwise an error will be reported directly. Signed-off-by: Xynnn007 <[email protected]>
Xynnn007
force-pushed
the
image-rs-error-prt
branch
from
4e800d7 to
e15a391
Compare
Xynnn007
added a commit
to Xynnn007/kata-containers
that referenced
this pull request
May 23, 2025
let's see if this whole bunch of things works. together with CDH side PR. If the CI passes, we can merge the following PR first. confidential-containers/guest-components#995 Signed-off-by: Xynnn007 <[email protected]>
fitzthum
reviewed
May 23, 2025
Xynnn007
force-pushed
the
image-rs-error-prt
branch
from
e15a391 to
f41fa7c
Compare
|
@fitzthum Hi, I realized that the PR to help sigstore support To distinguish them, I changed the corresponding configuration items to our usual names, namely |
Xynnn007
force-pushed
the
image-rs-error-prt
branch
from
f41fa7c to
484cfd6
Compare
Added thiserror for improved error handling in image-rs submodules. This provides standardized and formatted error messages, aiding CDH in better logging during image-pull RPC processes. Additionally, a minor refactor was done for asynchronous image downloads in image-rs, organizing relevant content into a stream submodule. Signed-off-by: Xynnn007 <[email protected]>
This commit defines a more formatted error printing when RPC fails to be called by a remote caller. Also, it includes a simple error reason for image pulling failures. Signed-off-by: Xynnn007 <[email protected]>
The function LayerBlockCipherHandler::new() will raise an error if AESCTRBlockCipher::new returns error. Actually the latter will only return error when the given parameter is not 256. So in code it will never return error thus safe to unwrap here. As this function now returns no error and receives no parameter, it's recommended to mark it as default. Signed-off-by: Xynnn007 <[email protected]>
If the policy file has no rules for a specific image, the image should be allowed rather than raise an error. This is common when there is no default rules for the policy. Signed-off-by: Xynnn007 <[email protected]>
This little refactor helps the higher caller to handle raised errors. Signed-off-by: Xynnn007 <[email protected]>
ocicrypt_config.json is a configuration file that specifies the key provider to decrypt images following ocicrypt standard. When using CDH to provide image pull ability, this file must be used to specify the env of CDH process. This patch adds the file and docs for this. Signed-off-by: Xynnn007 <[email protected]>
the new version of http_proxy supports to set http_proxy configuration, this would help to have a common overall config inside image-rs/CDH config. Signed-off-by: Xynnn007 <[email protected]>
Note that now we have both http_proxy and https_proxy configurations for image-rs. We use this widely acceptable variable name to replace the old names. As `no_proxy`, `https_proxy` and `http_proxy` are all proxy configurations, thus we combine them altogether into one struct for better maintainance. Signed-off-by: Xynnn007 <[email protected]>
now `image_pull_proxy` is renamed to `https_proxy` and `http_proxy`, thus we need some fixups to update the unit tests. Signed-off-by: Xynnn007 <[email protected]>
new field `http_proxy` is introduced and we use the more common name `no_proxy` and `https_proxy` for old `skip_proxy_ips` and `image_pull_proxy` variable names. Signed-off-by: Xynnn007 <[email protected]>
Xynnn007
force-pushed
the
image-rs-error-prt
branch
from
484cfd6 to
ac3639a
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is mainly for move image-pull to cdh. It improves the log printing after CDH RPC call failure to keep the error information consistent with that when calling image-rs directly, and avoids a lot of useless debug trace information.
In addition, this PR includes an additional commit to abandon the Unknown Snapshot type. Please see the commit message for the specific reason. cc @ChengyuZhu6