(configDigest digest.Digest, privileges *plugin.Privileges)
| 268 | } |
| 269 | |
| 270 | func (pm *Manager) setupNewPlugin(configDigest digest.Digest, privileges *plugin.Privileges) (plugin.Config, error) { |
| 271 | configRA, err := pm.blobStore.ReaderAt(context.TODO(), ocispec.Descriptor{Digest: configDigest}) |
| 272 | if err != nil { |
| 273 | return plugin.Config{}, err |
| 274 | } |
| 275 | defer configRA.Close() |
| 276 | |
| 277 | configR := content.NewReader(configRA) |
| 278 | |
| 279 | var config plugin.Config |
| 280 | dec := json.NewDecoder(configR) |
| 281 | if err := dec.Decode(&config); err != nil { |
| 282 | return plugin.Config{}, errors.Wrapf(err, "failed to parse config") |
| 283 | } |
| 284 | if dec.More() { |
| 285 | return plugin.Config{}, errors.New("invalid config json") |
| 286 | } |
| 287 | |
| 288 | requiredPrivileges := computePrivileges(config) |
| 289 | if privileges != nil { |
| 290 | if err := validatePrivileges(requiredPrivileges, *privileges); err != nil { |
| 291 | return plugin.Config{}, err |
| 292 | } |
| 293 | } |
| 294 | |
| 295 | return config, nil |
| 296 | } |
| 297 | |
| 298 | // createPlugin creates a new plugin. take lock before calling. |
| 299 | func (pm *Manager) createPlugin(name string, configDigest, manifestDigest digest.Digest, blobsums []digest.Digest, rootFSDir string, privileges *plugin.Privileges, opts ...CreateOpt) (_ *v2.Plugin, retErr error) { |
no test coverage detected