readCredentialSpecFile is a helper function to read a credential spec from a file. If not found, we return an empty string and warn in the log. This allows for staging on machines which do not have the necessary components.
(id, root, location string)
| 516 | // a file. If not found, we return an empty string and warn in the log. |
| 517 | // This allows for staging on machines which do not have the necessary components. |
| 518 | func readCredentialSpecFile(id, root, location string) (string, error) { |
| 519 | if filepath.IsAbs(location) { |
| 520 | return "", fmt.Errorf("invalid credential spec: file:// path cannot be absolute") |
| 521 | } |
| 522 | base := filepath.Join(root, credentialSpecFileLocation) |
| 523 | full := filepath.Join(base, location) |
| 524 | if !strings.HasPrefix(full, base) { |
| 525 | return "", fmt.Errorf("invalid credential spec: file:// path must be under %s", base) |
| 526 | } |
| 527 | bcontents, err := os.ReadFile(full) |
| 528 | if err != nil { |
| 529 | return "", errors.Wrapf(err, "failed to load credential spec for container %s", id) |
| 530 | } |
| 531 | return string(bcontents[:]), nil |
| 532 | } |
| 533 | |
| 534 | func setupWindowsDevices(devices []containertypes.DeviceMapping) ([]specs.WindowsDevice, error) { |
| 535 | var specDevices []specs.WindowsDevice |
no test coverage detected
searching dependent graphs…