From 8bcb078ad03fb73065fd3206683284a86263b497 Mon Sep 17 00:00:00 2001
From: Zvonko Kaiser <zkaiser@nvidia.com>
Date: Wed, 19 Oct 2022 03:30:34 -0700
Subject: [PATCH] Added Annotations to CDI Spec

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
---
 README.md          | 123 ++++++++++++++++++++++++++++++++-------------
 pkg/cdi/spec.go    |   1 +
 schema/defs.json   |  11 ++++
 schema/schema.json |   6 +++
 specs-go/config.go |   7 +--
 5 files changed, 111 insertions(+), 37 deletions(-)

diff --git a/README.md b/README.md
index 5b124a3..916fc79 100644
--- a/README.md
+++ b/README.md
@@ -1,48 +1,63 @@
 # CDI - The Container Device Interface
+
 ## What is CDI?
 
-CDI (Container Device Interface), is a [specification](SPEC.md), for container runtimes, to support third party devices.
+CDI (Container Device Interface), is a [specification](SPEC.md), for container-
+runtimes, to support third-party devices.
 
-CDI concerns itself only with enabling container to be device aware. Areas like resource management are explicitly left out of CDI (and is expected to be handled by the orchestrator). Because of this focus, the CDI specification is simple to implement and allows great flexibility to runtimes and orchestrators.
+CDI concerns itself only with enabling containers to be device aware. Areas like
+resource management are explicitly left out of CDI (and are expected to be
+handled by the orchestrator). Because of this focus, the CDI specification is
+simple to implement and allows great flexibility for runtimes and orchestrators.
 
-Note: The CDI model is based on the Container Networking Interface (CNI) model and specification.
+Note: The CDI model is based on the Container Networking Interface (CNI) model
+and specification.
 
 ## Why is CDI needed?
 
-On Linux, enabling a container to be device aware used to be as simple as exposing a device node in that container.
-However, as devices and software grows more complex, vendors want to perform more operations, such as:
-
-- Exposing a device to a container can require exposing more than one device node, mounting files from the runtime namespace or hide procfs entries.
-- Performing compatibility checks between the container and the device (e.g: Can this container run on this device).
-- Performing runtime specific operations (e.g: VM vs linux containers based runtimes).
-- Performing device specific operations (e.g: scrubbing the memory of a GPU or reconfiguring an FPGA).
-
-In the absence of a standard for third party devices, vendors often have to write and maintain multiple plugins for different runtimes or even directly contribute vendor specific code in the runtime.
-Additionally runtimes don't uniformly expose a plugin system (or even expose a plugin system at all) leading to duplication of the functionality in higher level abstractions (such as Kubernetes device plugins).
+On Linux, enabling a container to be device aware used to be as simple as
+exposing a device node in that container. However, as devices and software grows
+more complex, vendors want to perform more operations, such as:
+
+- Exposing a device to a container can require exposing more than one device
+  node, mounting files from the runtime namespace, or hiding procfs entries.
+- Performing compatibility checks between the container and the device (e.g: Can
+  this container run on this device).
+- Performing runtime-specific operations (e.g: VM vs Linux containers-based
+  runtimes).
+- Performing device-specific operations (e.g: scrubbing the memory of a GPU or
+  reconfiguring an FPGA).
+
+In the absence of a standard for third-party devices, vendors often have to
+write and maintain multiple plugins for different runtimes or even directly
+contribute vendor-specific code in the runtime. Additionally, runtimes don't
+uniformly expose a plugin system (or even expose a plugin system at all) leading
+to duplication of the functionality in higher-level abstractions (such as
+Kubernetes device plugins).
 
 ## How does CDI work?
 
 For CDI to work the following needs to be done:
 
-- CDI file containing update for the OCI spec in JSON format should be present in the CDI
-  spec directory. Default directories are /etc/cdi and /var/run/cdi
-
-- Fully qualified device name should be passed to the runtime either
-  using command line parameters for podman or using container annotations
-  for CRI-O and Containerd
-
-- Container runtime should be able to find CDI file by the device name
-  and update container config using CDI file content.
+- CDI file containing updates for the OCI spec in JSON format should be present
+  in the CDI spec directory. Default directories are `/etc/cdi` and
+  `/var/run/cdi`
+- Fully qualified device name should be passed to the runtime either using
+  command line parameters for podman or using container annotations for CRI-O
+  and containerd
+- Container runtime should be able to find the CDI file by the device name and
+  update the container config using CDI file content.
 
 ## How to configure CDI?
 
 ### CRI-O configuration
 
-In CRI-O CDI support is enabled by default. It is configured with the default `/etc/cdi, /var/run/cdi`
-CDI directory locations. Therefore you can start using CDI simply by dropping CDI configuration files
-in either of those directories, static configuration into `/etc/cdi` and dynamically updated one into
-`/var/run/cdi`. If you are unsure of the configured directories you can run this command to find them
-out:
+In CRI-O CDI support is enabled by default. It is configured with the default
+`/etc/cdi, /var/run/cdi` CDI directory locations. Therefore you can start using
+CDI simply by dropping CDI configuration files in either of those directories,
+static configuration into `/etc/cdi` and dynamically updated one into
+`/var/run/cdi`. If you are unsure of the configured directories you can run this
+command to find them out:
 
 ```bash
 $ crio config |& grep -B1 -A5 cdi_spec_dirs
@@ -50,7 +65,11 @@ $ crio config |& grep -B1 -A5 cdi_spec_dirs
 
 ### Containerd configuration
 
-To enable and configure CDI support in the [containerd runtime](https://github.com/containerd/containerd) 2 configuration options `enable_cdi` and `cdi_spec_dirs` should be set in the `plugins."io.containerd.grpc.v1.cri` section of the containerd configuration file (`/etc/containerd/config.toml` by default):
+To enable and configure CDI support in the [containerd
+runtime](https://github.com/containerd/containerd) 2 configuration options
+`enable_cdi` and `cdi_spec_dirs` should be set in the
+`plugins."io.containerd.grpc.v1.cri` section of the containerd configuration
+file (`/etc/containerd/config.toml` by default):
 
 ```
 [plugins."io.containerd.grpc.v1.cri"]
@@ -59,14 +78,24 @@ To enable and configure CDI support in the [containerd runtime](https://github.c
 ```
 
 Remember to restart containerd for any configuration changes to take effect.
-
 ### Podman configuration
 
-[podman](https://github.com/containers/podman) does not require any specific configuration to enable CDI support and processes specified `--device` flags directly. If fully-qualified device selectors (e.g. `vendor.com/device=myDevice`) are included the CDI specifications at the default location (`/etc/cdi` and `/var/run/cdi`) are checked for matching devices.
+[podman](https://github.com/containers/podman) does not require any specific
+configuration to enable CDI support and processes specified `--device` flags
+directly. If fully-qualified device selectors (e.g.
+`vendor.com/device=myDevice`) are included the CDI specifications at the default
+location (`/etc/cdi` and `/var/run/cdi`) are checked for matching devices.
 
-*Note:* Although initial support was added in [`v3.2.0`](https://github.com/containers/podman/releases/tag/v3.2.0) this was updated for the tagged `v0.3.0` CDI spec in [`v4.1.0-rc.1`](https://github.com/containers/podman/releases/tag/v4.1.0-rc1) with [commit a234e4e](https://github.com/containers/podman/commit/a234e4e19662e172472877ce69523f4afea5c12e).
+*Note:* Although initial support was added in
+[`v3.2.0`](https://github.com/containers/podman/releases/tag/v3.2.0) this was
+updated for the tagged `v0.3.0` CDI spec in
+[`v4.1.0-rc.1`](https://github.com/containers/podman/releases/tag/v4.1.0-rc1)
+with [commit
+a234e4e](https://github.com/containers/podman/commit/a234e4e19662e172472877ce69523f4afea5c12e).
 
 ## Examples
+### Full-blown CDI specification
+
 ```bash
 $ mkdir /etc/cdi
 $ cat > /etc/cdi/vendor.json <<EOF
@@ -105,6 +134,32 @@ $ cat > /etc/cdi/vendor.json <<EOF
 }
 EOF
 
+### Using Annotations per device to add meta-information
+
+```bash
+$ mkdir /etc/cdi
+$ cat > /etc/cdi/vendor-annotations.json <<EOF
+{
+  "cdiVersion": "0.5.0",
+  "kind": "vendor.com/device",
+  "devices": [
+    {
+      "name": "myDevice",
+      "annotations": {
+        "whatever": "false"
+        "whenever": "true"
+      }
+      "containerEdits": {
+        "deviceNodes": [
+          {"path": "/dev/vfio/71"}
+        ]
+      }
+    }
+  ]
+}
+EOF
+
+
 # CLI examples below
 
 # Verbose
@@ -119,7 +174,7 @@ $ docker/podman run --device vendor.com/device=all ...
 
 ## Issues and Contributing
 
-[Checkout the Contributing document!](CONTRIBUTING.md)
+[Check out the Contributing document!](CONTRIBUTING.md)
 
-* Please let us know by [filing a new issue](https://github.com/RenaudWasTaken/cdi/issues/new)
-* You can contribute by opening a [pull request](https://help.github.com/articles/using-pull-requests/)
+- Please let us know by [filing a new issue](https://github.com/RenaudWasTaken/cdi/issues/new)
+- You can contribute by opening a [pull request](https://help.github.com/articles/using-pull-requests/)
diff --git a/pkg/cdi/spec.go b/pkg/cdi/spec.go
index 3dfbab2..c75d4e2 100644
--- a/pkg/cdi/spec.go
+++ b/pkg/cdi/spec.go
@@ -38,6 +38,7 @@ var (
 		"0.3.0": {},
 		"0.4.0": {},
 		"0.5.0": {},
+		"0.6.0": {},
 	}
 
 	// Externally set CDI Spec validation function.
diff --git a/schema/defs.json b/schema/defs.json
index 0d15b50..012de1a 100644
--- a/schema/defs.json
+++ b/schema/defs.json
@@ -23,6 +23,14 @@
         "Env": {
             "$ref": "#/definitions/ArrayOfStrings"
         },
+        "mapStringString": {
+            "type": "object",
+            "patternProperties": {
+                ".{1,}": {
+                    "type": "string"
+                }
+            }
+        },
         "DeviceNode": {
             "type": "object",
             "properties": {
@@ -128,6 +136,9 @@
                     }
                 }
             }
+        },
+        "annotations": {
+            "$ref": "#/definitions/mapStringString"
         }
     }
 }
diff --git a/schema/schema.json b/schema/schema.json
index 35c55b4..a8e57cc 100644
--- a/schema/schema.json
+++ b/schema/schema.json
@@ -11,6 +11,9 @@
             "description": "The kind of the device usually of the form 'vendor.com/device'",
             "type": "string"
         },
+        "annotations": {
+            "$ref": "defs.json#/definitions/annotations"
+        },
         "devices": {
             "type": "array",
             "items": {
@@ -20,6 +23,9 @@
                       "description": "The name of the device",
                       "type": "string"
                     },
+                    "annotations": {
+                        "$ref": "defs.json#/definitions/annotations"
+                    },
                     "containerEdits": {
                         "$ref": "defs.json#/definitions/containerEdits"
                     }
diff --git a/specs-go/config.go b/specs-go/config.go
index 3fa2e81..7ec8df6 100644
--- a/specs-go/config.go
+++ b/specs-go/config.go
@@ -3,7 +3,7 @@ package specs
 import "os"
 
 // CurrentVersion is the current version of the Spec.
-const CurrentVersion = "0.5.0"
+const CurrentVersion = "0.6.0"
 
 // Spec is the base configuration for CDI
 type Spec struct {
@@ -16,8 +16,9 @@ type Spec struct {
 
 // Device is a "Device" a container runtime can add to a container
 type Device struct {
-	Name           string         `json:"name"`
-	ContainerEdits ContainerEdits `json:"containerEdits"`
+	Name           string            `json:"name"`
+	Annotations    map[string]string `json:"annotations,omitempty"` // Annotations add meta information per device
+	ContainerEdits ContainerEdits    `json:"containerEdits"`
 }
 
 // ContainerEdits are edits a container runtime must make to the OCI spec to expose the device.