use configureMonitoringPolicy to process image labels

google · Sep 9, 2024 · 31b30b0 · 31b30b0
1 parent 1fef88d
commit 31b30b0
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 27 deletions.
diff --git a/launcher/container_runner.go b/launcher/container_runner.go
@@ -116,7 +116,7 @@ func NewRunner(ctx context.Context, cdClient *containerd.Client, token oauth2.To
 	}
 
 	logger.Printf("Image Labels               : %v\n", imageConfig.Labels)
-	launchPolicy, err := spec.GetLaunchPolicy(imageConfig.Labels)
+	launchPolicy, err := spec.GetLaunchPolicy(imageConfig.Labels, logger)
 	if err != nil {
 		return nil, err
 	}

diff --git a/launcher/spec/launch_policy.go b/launcher/spec/launch_policy.go
@@ -80,7 +80,7 @@ const (
 	mountDestinations = "tee.launch_policy.allow_mount_destinations"
 )
 
-func getMonitoringPolicy(imageLabels map[string]string, launchPolicy *LaunchPolicy, logger *log.Logger) error {
+func configureMonitoringPolicy(imageLabels map[string]string, launchPolicy *LaunchPolicy, logger *log.Logger) error {
 	// Old policy.
 	memVal, memOk := imageLabels[memoryMonitoring]
 	// New policies.
@@ -98,7 +98,7 @@ func getMonitoringPolicy(imageLabels map[string]string, launchPolicy *LaunchPoli
 			return fmt.Errorf("invalid image LABEL '%s'", memoryMonitoring)
 		}
 
-		logger.Printf("%s is deprecated, use %s and %s instead", memoryMonitoring, hardenedMonitoring, debugMonitoring)
+		logger.Printf("%s will be deprecated, use %s and %s instead", memoryMonitoring, hardenedMonitoring, debugMonitoring)
 
 		switch policy {
 		case always:
@@ -153,7 +153,7 @@ func toMonitoringType(label string) (monitoringType, error) {
 
 // GetLaunchPolicy takes in a map[string] string which should come from image labels,
 // and will try to parse it into a LaunchPolicy. Extra fields will be ignored.
-func GetLaunchPolicy(imageLabels map[string]string) (LaunchPolicy, error) {
+func GetLaunchPolicy(imageLabels map[string]string, logger *log.Logger) (LaunchPolicy, error) {
 	var err error
 	launchPolicy := LaunchPolicy{}
 	if v, ok := imageLabels[envOverride]; ok {
@@ -180,26 +180,8 @@ func GetLaunchPolicy(imageLabels map[string]string) (LaunchPolicy, error) {
 		}
 	}
 
-	if _, ok := imageLabels[memoryMonitoring]; ok {
-		return LaunchPolicy{}, fmt.Errorf("%v label is deprecated - use %v and %v instead", memoryMonitoring, hardenedMonitoring, debugMonitoring)
-	}
-
-	if v, ok := imageLabels[hardenedMonitoring]; ok {
-		launchPolicy.HardenedImageMonitoring, err = toMonitoringType(v)
-		if err != nil {
-			return LaunchPolicy{}, fmt.Errorf("invalid monitoring type for hardened image: %v", err)
-		}
-	} else {
-		launchPolicy.HardenedImageMonitoring = none
-	}
-
-	if v, ok := imageLabels[debugMonitoring]; ok {
-		launchPolicy.DebugImageMonitoring, err = toMonitoringType(v)
-		if err != nil {
-			return LaunchPolicy{}, fmt.Errorf("invalid monitoring type for debug image: %v", err)
-		}
-	} else {
-		launchPolicy.DebugImageMonitoring = health
+	if err := configureMonitoringPolicy(imageLabels, &launchPolicy, logger); err != nil {
+		return LaunchPolicy{}, err
 	}
 
 	if v, ok := imageLabels[mountDestinations]; ok {

diff --git a/launcher/spec/launch_policy_test.go b/launcher/spec/launch_policy_test.go
@@ -62,7 +62,7 @@ func TestLaunchPolicy(t *testing.T) {
 			testcase.expectedPolicy.HardenedImageMonitoring = none
 			testcase.expectedPolicy.DebugImageMonitoring = health
 
-			got, err := GetLaunchPolicy(testcase.imageLabels)
+			got, err := GetLaunchPolicy(testcase.imageLabels, log.Default())
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -818,7 +818,7 @@ func TestGetMonitoringPolicy(t *testing.T) {
 	for _, tc := range testcases {
 		t.Run(tc.name, func(t *testing.T) {
 			policy := &LaunchPolicy{}
-			if err := getMonitoringPolicy(tc.labels, policy, log.Default()); err != nil {
+			if err := configureMonitoringPolicy(tc.labels, policy, log.Default()); err != nil {
 				t.Errorf("getMonitoringPolicy returned error: %v", err)
 				return
 			}
@@ -880,7 +880,7 @@ func TestGetMonitoringPolicyErrors(t *testing.T) {
 	for _, tc := range testcases {
 		t.Run(tc.name, func(t *testing.T) {
 			policy := &LaunchPolicy{}
-			if err := getMonitoringPolicy(tc.labels, policy, log.Default()); err == nil {
+			if err := configureMonitoringPolicy(tc.labels, policy, log.Default()); err == nil {
 				t.Errorf("Expected getMonitoringPolicy to return error, returned successfully with policy %v", policy)
 			}
 		})