microsoft · helsaawy · Sep 20, 2023 · Sep 20, 2023
@@ -818,7 +818,7 @@ func hcsPropertiesToWindowsStats(props *hcsschema.Properties) *stats.Statistics_
 
 func (ht *hcsTask) Stats(ctx context.Context) (*stats.Statistics, error) {
  s := &stats.Statistics{}
- props, err := ht.c.PropertiesV2(ctx, hcsschema.PTStatistics)
+ props, err := ht.c.PropertiesV2(ctx, hcsschema.SystemPropertyType_STATISTICS)
  if err != nil {
  if isStatsNotFound(err) {
  return nil, errors.Wrapf(errdefs.ErrNotFound, "failed to fetch stats: %s", err)
@@ -869,22 +869,22 @@ func (ht *hcsTask) updateTaskContainerResources(ctx context.Context, data interf
 }
 
 func (ht *hcsTask) updateWCOWContainerCPU(ctx context.Context, cpu *specs.WindowsCPUResources) error {
- // if host is 20h2+ then we can make a request directly to hcs
+ // if host is 20h2+ then we can make a request directly to HCS
  if osversion.Get().Build >= osversion.V20H2 {
- req := &hcsschema.Processor{}
+ req := &hcsschema.ContainerProcessor{}
  if cpu.Count != nil {
  procCount := int32(*cpu.Count)
  hostProcs := processorinfo.ProcessorCount()
  if ht.host != nil {
  hostProcs = ht.host.ProcessorCount()
  }
- req.Count = hcsoci.NormalizeProcessorCount(ctx, ht.id, procCount, hostProcs)
+ req.Count = uint32(hcsoci.NormalizeProcessorCount(ctx, ht.id, procCount, hostProcs))
  }
  if cpu.Maximum != nil {
- req.Maximum = int32(*cpu.Maximum)
+ req.Maximum = int64(*cpu.Maximum)
  }
  if cpu.Shares != nil {
- req.Weight = int32(*cpu.Shares)
+ req.Weight = int64(*cpu.Shares)
  }
  return ht.requestUpdateContainer(ctx, resourcepaths.SiloProcessorResourcePath, req)
  }
@@ -935,10 +935,14 @@ func (ht *hcsTask) updateLCOWResources(ctx context.Context, data interface{}, an
 func (ht *hcsTask) requestUpdateContainer(ctx context.Context, resourcePath string, settings interface{}) error {
  var modification interface{}
  if ht.isWCOW {
- modification = &hcsschema.ModifySettingRequest{
- ResourcePath: resourcePath,
- RequestType: guestrequest.RequestTypeUpdate,
- Settings: settings,
+ var err error
+ if modification, err = hcsschema.NewModifySettingRequest(
+ resourcePath,
+ hcsschema.ModifyRequestType_UPDATE,
+ settings,
+ nil, // guestRequest
+ ); err != nil {
+ return err
  }
  } else {
  modification = guestrequest.ModificationRequest{

@@ -90,6 +90,10 @@ func (err *ExitError) Error() string {
  return fmt.Sprintf("process exited with exit code %d", err.ExitCode())
 }
 
+// TODO: replace with [hcsschema.LinuxProcessParameters]
+// NOTE: the Linux GCS uses the hcsschema.ProcessParameters field to exec an (external) process
+// in the uVM, which is a custom modification to the bridge protocol.
+
 // Additional fields to hcsschema.ProcessParameters used by LCOW
 type lcowProcessParameters struct {
  hcsschema.ProcessParameters
@@ -167,9 +171,9 @@ func (c *Cmd) Start() error {
  wpp.Environment = environment
 
  if c.Spec.ConsoleSize != nil {
- wpp.ConsoleSize = []int32{
- int32(c.Spec.ConsoleSize.Height),
- int32(c.Spec.ConsoleSize.Width),
+ wpp.ConsoleSize = []uint16{
+ uint16(c.Spec.ConsoleSize.Height),
+ uint16(c.Spec.ConsoleSize.Width),
  }
  }
  x = wpp

@@ -55,7 +55,7 @@ type ProcessHost interface {
  // (either hcsschema.ProcessParameters or lcow.ProcessParameters).
  CreateProcess(ctx context.Context, config interface{}) (Process, error)
  // OS returns the host's operating system, "linux" or "windows".
- OS() string
+ OS() string // TODO: switch to either hcsschema.OSType or a custom enum defined here
  // IsOCI specifies whether this is an OCI-compliant process host. If true,
  // then the configuration passed to CreateProcess should have an OCI process
  // spec (or nil if this is the initial process in an OCI container).
@@ -75,7 +75,7 @@ type Container interface {
  // Properties returns the requested container properties targeting a V1 schema container.
  Properties(ctx context.Context, types ...schema1.PropertyType) (*schema1.ContainerProperties, error)
  // PropertiesV2 returns the requested container properties targeting a V2 schema container.
- PropertiesV2(ctx context.Context, types ...hcsschema.PropertyType) (*hcsschema.Properties, error)
+ PropertiesV2(ctx context.Context, types ...hcsschema.SystemPropertyType) (*hcsschema.Properties, error)
  // Start starts a container.
  Start(ctx context.Context) error
  // Shutdown sends a shutdown request to the container (but does not wait for

@@ -15,62 +15,75 @@ import (
 
 const NullGroupID = "00000000-0000-0000-0000-000000000000"
 
-// ErrHVStatusInvalidCPUGroupState corresponds to the internal error code for HV_STATUS_INVALID_CPU_GROUP_STATE
+// ErrHVStatusInvalidCPUGroupState corresponds to the internal error code for HV_STATUS_INVALID_CPU_GROUP_STATE.
 var ErrHVStatusInvalidCPUGroupState = errors.New("The hypervisor could not perform the operation because the CPU group is entering or in an invalid state.")
 
 // Delete deletes the cpugroup from the host
 func Delete(ctx context.Context, id string) error {
- operation := hcsschema.DeleteGroup
+ operation := hcsschema.ModifyServiceOperation_DELETE_GROUP
  details := hcsschema.DeleteGroupOperation{
- GroupId: id,
+ GroupID: id,
  }
 
  return modifyCPUGroupRequest(ctx, operation, details)
 }
 
-// modifyCPUGroupRequest is a helper function for making modify calls to a cpugroup
-func modifyCPUGroupRequest(ctx context.Context, operation hcsschema.CPUGroupOperation, details interface{}) error {
- req := hcsschema.ModificationRequest{
- PropertyType: hcsschema.PTCPUGroup,
- Settings: &hcsschema.HostProcessorModificationRequest{
- Operation: operation,
- OperationDetails: details,
+// modifyCPUGroupRequest is a helper function for making modify calls to a cpugroup.
+func modifyCPUGroupRequest(ctx context.Context, operation hcsschema.ModifyServiceOperation, details interface{}) error {
+ d, err := hcsschema.ToRawMessage(details)
+ if err != nil {
+ return fmt.Errorf("encode CPU group operation %q details (%+v) to json: %w", operation, details, err)
+ }
+
+ req, err := hcsschema.NewModificationRequest(
+ hcsschema.ModifyPropertyType_CPU_GROUP,
+ hcsschema.HostProcessorModificationRequest{
+ Operation: &operation,
+ OperationDetails: d,
  },
+ )
+ if err != nil {
+ return err
  }
 
  return hcs.ModifyServiceSettings(ctx, req)
 }
 
-// Create creates a new cpugroup on the host with a prespecified id
+// Create creates a new cpugroup on the host with a prespecified id.
 func Create(ctx context.Context, id string, logicalProcessors []uint32) error {
- operation := hcsschema.CreateGroup
+ operation := hcsschema.ModifyServiceOperation_CREATE_GROUP
+
  details := &hcsschema.CreateGroupOperation{
- GroupId: strings.ToLower(id),
+ GroupID: strings.ToLower(id),
  LogicalProcessors: logicalProcessors,
  LogicalProcessorCount: uint32(len(logicalProcessors)),
  }
+
  if err := modifyCPUGroupRequest(ctx, operation, details); err != nil {
  return errors.Wrapf(err, "failed to make cpugroups CreateGroup request for details %+v", details)
  }
  return nil
 }
 
-// GetCPUGroupConfig finds the cpugroup config information for group with `id`
+// GetCPUGroupConfig finds the cpugroup config information for group with `id`.
 func GetCPUGroupConfig(ctx context.Context, id string) (*hcsschema.CpuGroupConfig, error) {
- query := hcsschema.PropertyQuery{
- PropertyTypes: []hcsschema.PropertyType{hcsschema.PTCPUGroup},
+ query := hcsschema.ServicePropertyQuery{
+ PropertyTypes: []hcsschema.GetPropertyType{hcsschema.GetPropertyType_CPU_GROUP},
  }
  cpuGroupsPresent, err := hcs.GetServiceProperties(ctx, query)
  if err != nil {
  return nil, err
  }
+ if n := len(cpuGroupsPresent.Properties); n != 1 {
+ return nil, fmt.Errorf("expected exactly one service property, received %d", n)
+ }
  groupConfigs := &hcsschema.CpuGroupConfigurations{}
  if err := json.Unmarshal(cpuGroupsPresent.Properties[0], groupConfigs); err != nil {
  return nil, errors.Wrap(err, "failed to unmarshal host cpugroups")
  }
 
  for _, c := range groupConfigs.CpuGroups {
- if strings.EqualFold(c.GroupId, id) {
+ if strings.EqualFold(c.GroupID, id) {
  return &c, nil
  }
  }

@@ -68,27 +68,27 @@ func CreateCredentialGuard(ctx context.Context, id, credSpec string, hypervisorI
  // to HCS for creation. For pod scenarios currently we don't have the OCI
  // spec of a container at UVM creation time, therefore the service table entry
  // for the CCG instance will have to be hot added.
- transport := "LRPC"
+ transport := hcsschema.ContainerCredentialGuardTransport_LRPC
  if hypervisorIsolated {
- transport = "HvSocket"
+ transport = hcsschema.ContainerCredentialGuardTransport_HV_SOCKET
  }
- req := hcsschema.ModificationRequest{
- PropertyType: hcsschema.PTContainerCredentialGuard,
- Settings: &hcsschema.ContainerCredentialGuardOperationRequest{
- Operation: hcsschema.AddInstance,
- OperationDetails: &hcsschema.ContainerCredentialGuardAddInstanceRequest{
- Id: id,
- CredentialSpec: credSpec,
- Transport: transport,
- },
+ req, err := newCredentialGuardRequest(
+ hcsschema.ContainerCredentialGuardModifyOperation_ADD_INSTANCE,
+ hcsschema.ContainerCredentialGuardAddInstanceRequest{
+ ID: id,
+ CredentialSpec: credSpec,
+ Transport: &transport,
  },
+ )
+ if err != nil {
+ return nil, nil, err
  }
  if err := hcs.ModifyServiceSettings(ctx, req); err != nil {
  return nil, nil, fmt.Errorf("failed to generate container credential guard instance: %s", err)
  }
 
- q := hcsschema.PropertyQuery{
- PropertyTypes: []hcsschema.PropertyType{hcsschema.PTContainerCredentialGuard},
+ q := hcsschema.ServicePropertyQuery{
+ PropertyTypes: []hcsschema.GetPropertyType{hcsschema.GetPropertyType_CONTAINER_CREDENTIAL_GUARD},
  }
  serviceProps, err := hcs.GetServiceProperties(ctx, q)
  if err != nil {
@@ -103,7 +103,7 @@ func CreateCredentialGuard(ctx context.Context, id, credSpec string, hypervisorI
  return nil, nil, fmt.Errorf("failed to unmarshal container credential guard instances: %s", err)
  }
  for _, ccgInstance := range ccgSysInfo.Instances {
- if ccgInstance.Id == id {
+ if ccgInstance.ID == id {
  ccgResource := &CCGResource{
  id,
  }
@@ -117,14 +117,33 @@ func CreateCredentialGuard(ctx context.Context, id, credSpec string, hypervisorI
 func removeCredentialGuard(ctx context.Context, id string) error {
  log.G(ctx).WithField("containerID", id).Debug("removing container credential guard")
 
- req := hcsschema.ModificationRequest{
- PropertyType: hcsschema.PTContainerCredentialGuard,
- Settings: &hcsschema.ContainerCredentialGuardOperationRequest{
- Operation: hcsschema.RemoveInstance,
- OperationDetails: &hcsschema.ContainerCredentialGuardRemoveInstanceRequest{
- Id: id,
- },
+ req, err := newCredentialGuardRequest(
+ hcsschema.ContainerCredentialGuardModifyOperation_REMOVE_INSTANCE,
+ hcsschema.ContainerCredentialGuardRemoveInstanceRequest{
+ ID: id,
  },
+ )
+ if err != nil {
+ return err
  }
  return hcs.ModifyServiceSettings(ctx, req)
 }
+
+func newCredentialGuardRequest(
+ operation hcsschema.ContainerCredentialGuardModifyOperation,
+ details any,
+) (hcsschema.ModificationRequest, error) {
+ d, err := hcsschema.ToRawMessage(details)
+ if err != nil {
+ return hcsschema.ModificationRequest{},
+ fmt.Errorf("encode container credential guard operation %q details (%+v) to json: %w", operation, details, err)
+ }
+
+ return hcsschema.NewModificationRequest(
+ hcsschema.ModifyPropertyType_CONTAINER_CREDENTIAL_GUARD,
+ hcsschema.ContainerCredentialGuardOperationRequest{
+ Operation: &operation,
+ OperationDetails: d,
+ },
+ )
+}
@@ -157,7 +157,7 @@ func (c *Container) Properties(ctx context.Context, types ...schema1.PropertyTyp
 }
 
 // PropertiesV2 returns the requested container properties targeting a V2 schema container.
-func (c *Container) PropertiesV2(ctx context.Context, types ...hcsschema.PropertyType) (_ *hcsschema.Properties, err error) {
+func (c *Container) PropertiesV2(ctx context.Context, types ...hcsschema.SystemPropertyType) (_ *hcsschema.Properties, err error) {
  ctx, span := oc.StartSpan(ctx, "gcs::Container::PropertiesV2", oc.WithClientSpanKind)
  defer span.End()
  defer func() { oc.SetSpanStatus(span, err) }()

@@ -291,14 +291,14 @@ func (q *containerPropertiesQuery) UnmarshalText(b []byte) error {
  return json.Unmarshal(b, (*schema1.PropertyQuery)(q))
 }
 
-type containerPropertiesQueryV2 hcsschema.PropertyQuery
+type containerPropertiesQueryV2 hcsschema.SystemPropertyQuery
 
 func (q *containerPropertiesQueryV2) MarshalText() ([]byte, error) {
- return json.Marshal((*hcsschema.PropertyQuery)(q))
+ return json.Marshal((*hcsschema.SystemPropertyQuery)(q))
 }
 
 func (q *containerPropertiesQueryV2) UnmarshalText(b []byte) error {
- return json.Unmarshal(b, (*hcsschema.PropertyQuery)(q))
+ return json.Unmarshal(b, (*hcsschema.SystemPropertyQuery)(q))
 }
 
 type containerGetProperties struct {

@@ -0,0 +1,24 @@
+// Autogenerated code; DO NOT EDIT.
+
+// Schema retrieved from branch 'fe_release' and build '20348.1.210507-1500'.
+
+/*
+ * Schema Open API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type AppContainerLaunchType string
+
+// List of AppContainerLaunchType
+const (
+ AppContainerLaunchType_DEFAULT_ AppContainerLaunchType = "Default"
+ AppContainerLaunchType_NONE AppContainerLaunchType = "None"
+ AppContainerLaunchType_APP_CONTAINER AppContainerLaunchType = "AppContainer"
+ AppContainerLaunchType_LESS_PRIVILEGED_APP_CONTAINER AppContainerLaunchType = "LessPrivilegedAppContainer"
+)
@@ -0,0 +1,22 @@
+// Autogenerated code; DO NOT EDIT.
+
+// Schema retrieved from branch 'fe_release' and build '20348.1.210507-1500'.
+
+/*
+ * Schema Open API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ApplySecureBootTemplateType string
+
+// List of ApplySecureBootTemplateType
+const (
+ ApplySecureBootTemplateType_SKIP ApplySecureBootTemplateType = "Skip"
+ ApplySecureBootTemplateType_APPLY ApplySecureBootTemplateType = "Apply"
+)