Add InitCNIWithCache to set the cni cache directory

Add a new function InitCNIWithCache which works like InitCNI except that it accepts an extra parameter to set the cache directory. This change is needed for rootless users which are trying to use cni in a user+net namespace because the default directory is not writeable by rootless users. Second, setting the cni cache directory via the runtime config is deprecated. It has to be set with NewCNIConfigWithCacheDir for the cni config. see: containernetworking/cni#682 Signed-off-by: Paul Holzinger <[email protected]>
Luap99 · Feb 18, 2021 · 2369117 · 2369117
1 parent b6cbe99
commit 2369117
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 17 deletions.
diff --git a/pkg/ocicni/ocicni.go b/pkg/ocicni/ocicni.go
@@ -198,6 +198,11 @@ func InitCNI(defaultNetName string, confDir string, binDirs ...string) (CNIPlugi
 	return initCNI(nil, "", defaultNetName, confDir, binDirs...)
 }
 
+// InitCNIWithCache works like InitCNI except that it takes the cni cache directory as third param.
+func InitCNIWithCache(defaultNetName, confDir, cacheDir string, binDirs ...string) (CNIPlugin, error) {
+	return initCNI(nil, cacheDir, defaultNetName, confDir, binDirs...)
+}
+
 // Internal function to allow faking out exec functions for testing
 func initCNI(exec cniinvoke.Exec, cacheDir, defaultNetName string, confDir string, binDirs ...string) (CNIPlugin, error) {
 	if confDir == "" {
@@ -208,7 +213,7 @@ func initCNI(exec cniinvoke.Exec, cacheDir, defaultNetName string, confDir strin
 	}
 
 	plugin := &cniNetworkPlugin{
-		cniConfig: libcni.NewCNIConfig(binDirs, exec),
+		cniConfig: libcni.NewCNIConfigWithCacheDir(binDirs, cacheDir, exec),
 		defaultNetName: netName{
 			name: defaultNetName,
 			// If defaultNetName is not assigned in initialization,
@@ -468,7 +473,7 @@ func (plugin *cniNetworkPlugin) forEachNetwork(podNetwork *PodNetwork, fromCache
 			}
 		}
 
-		rt, err := buildCNIRuntimeConf(plugin.cacheDir, podNetwork, ifName, podNetwork.RuntimeConfig[network.Name])
+		rt, err := buildCNIRuntimeConf(podNetwork, ifName, podNetwork.RuntimeConfig[network.Name])
 		if err != nil {
 			logrus.Errorf("error building CNI runtime config: %v", err)
 			return err
@@ -775,13 +780,12 @@ func (network *cniNetwork) deleteFromNetwork(ctx context.Context, rt *libcni.Run
 	return nil
 }
 
-func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) (*libcni.RuntimeConf, error) {
+func buildCNIRuntimeConf(podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) (*libcni.RuntimeConf, error) {
 	logrus.Infof("Got pod network %+v", podNetwork)
 
 	rt := &libcni.RuntimeConf{
 		ContainerID: podNetwork.ID,
 		NetNS:       podNetwork.NetNS,
-		CacheDir:    cacheDir,
 		IfName:      ifName,
 		Args: [][2]string{
 			{"IgnoreUnknown", "1"},

diff --git a/pkg/ocicni/ocicni_test.go b/pkg/ocicni/ocicni_test.go
@@ -359,7 +359,6 @@ var _ = Describe("ocicni operations", func() {
 	})
 
 	It("build different runtime configs", func() {
-		cacheDir := "empty"
 		ifName := "eth0"
 		podNetwork := &PodNetwork{}
 
@@ -370,44 +369,44 @@ var _ = Describe("ocicni operations", func() {
 		)
 
 		// empty runtimeConfig
-		_, err = buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
+		_, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
 		Expect(err).NotTo(HaveOccurred())
 
 		// runtimeConfig with invalid IP
 		runtimeConfig = RuntimeConfig{IP: "172.16"}
-		_, err = buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
+		_, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
 		Expect(err).To(HaveOccurred())
 
 		// runtimeConfig with valid IP
 		runtimeConfig = RuntimeConfig{IP: "172.16.0.1"}
-		rt, err = buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
+		rt, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
 		Expect(err).NotTo(HaveOccurred())
 		Expect(len(rt.Args)).To(Equal(5))
 		Expect(rt.Args[4][1]).To(Equal("172.16.0.1"))
 
 		// runtimeConfig with invalid MAC
 		runtimeConfig = RuntimeConfig{MAC: "f0:a6"}
-		_, err = buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
+		_, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
 		Expect(err).To(HaveOccurred())
 
 		// runtimeConfig with valid MAC
 		runtimeConfig = RuntimeConfig{MAC: "9e:0c:d9:b2:f0:a6"}
-		rt, err = buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
+		rt, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
 		Expect(err).NotTo(HaveOccurred())
 		Expect(len(rt.Args)).To(Equal(5))
 		Expect(rt.Args[4][1]).To(Equal("9e:0c:d9:b2:f0:a6"))
 
 		// runtimeConfig with valid IP and valid MAC
 		runtimeConfig = RuntimeConfig{IP: "172.16.0.1", MAC: "9e:0c:d9:b2:f0:a6"}
-		rt, err = buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
+		rt, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
 		Expect(err).NotTo(HaveOccurred())
 		Expect(len(rt.Args)).To(Equal(6))
 		Expect(rt.Args[4][1]).To(Equal("172.16.0.1"))
 		Expect(rt.Args[5][1]).To(Equal("9e:0c:d9:b2:f0:a6"))
 
 		// runtimeConfig with portMappings is nil
 		runtimeConfig = RuntimeConfig{PortMappings: nil}
-		_, err = buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
+		_, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
 		Expect(err).NotTo(HaveOccurred())
 
 		// runtimeConfig with valid portMappings
@@ -417,7 +416,7 @@ var _ = Describe("ocicni operations", func() {
 			Protocol:      "tcp",
 			HostIP:        "192.168.0.1",
 		}}}
-		rt, err = buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
+		rt, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
 		Expect(err).NotTo(HaveOccurred())
 		pm, ok := rt.CapabilityArgs["portMappings"].([]PortMapping)
 		Expect(ok).To(Equal(true))
@@ -429,7 +428,7 @@ var _ = Describe("ocicni operations", func() {
 
 		// runtimeConfig with bandwidth is nil
 		runtimeConfig = RuntimeConfig{Bandwidth: nil}
-		_, err = buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
+		_, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
 		Expect(err).NotTo(HaveOccurred())
 
 		// runtimeConfig with valid bandwidth
@@ -439,7 +438,7 @@ var _ = Describe("ocicni operations", func() {
 			EgressRate:   3,
 			EgressBurst:  4,
 		}}
-		rt, err = buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
+		rt, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
 		Expect(err).NotTo(HaveOccurred())
 		bw, ok := rt.CapabilityArgs["bandwidth"].(map[string]uint64)
 		Expect(ok).To(Equal(true))
@@ -450,7 +449,7 @@ var _ = Describe("ocicni operations", func() {
 
 		// runtimeConfig with ipRanges is empty
 		runtimeConfig = RuntimeConfig{IpRanges: [][]IpRange{}}
-		_, err = buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
+		_, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
 		Expect(err).NotTo(HaveOccurred())
 
 		// runtimeConfig with valid ipRanges
@@ -460,7 +459,7 @@ var _ = Describe("ocicni operations", func() {
 			RangeEnd:   "192.168.0.200",
 			Gateway:    "192.168.0.254",
 		}}}}
-		rt, err = buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
+		rt, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
 		Expect(err).NotTo(HaveOccurred())
 		ir, ok := rt.CapabilityArgs["ipRanges"].([][]IpRange)
 		Expect(ok).To(Equal(true))