From 606261d95d635b48ed486c499da3bef5d6ac92c8 Mon Sep 17 00:00:00 2001
From: "Zheao.Li" <me@manjusaka.me>
Date: Tue, 27 Dec 2022 21:31:06 +0800
Subject: [PATCH] Refactor the apparmor flagging process

Signed-off-by: Zheao.Li <me@manjusaka.me>
---
 cmd/nerdctl/apparmor_inspect_linux.go | 12 ++--
 cmd/nerdctl/apparmor_load_linux.go    |  6 +-
 cmd/nerdctl/apparmor_ls_linux.go      | 60 +++-----------------
 cmd/nerdctl/apparmor_unload_linux.go  |  9 +--
 cmd/nerdctl/info.go                   |  2 +-
 pkg/api/types/apparmor_types.go       | 38 +++++++++++++
 pkg/cmd/apparmor/inspect_linux.go     | 34 ++++++++++++
 pkg/cmd/apparmor/load_linux.go        | 28 ++++++++++
 pkg/cmd/apparmor/ls_linux.go          | 79 +++++++++++++++++++++++++++
 pkg/cmd/apparmor/unload_linux.go      | 28 ++++++++++
 10 files changed, 227 insertions(+), 69 deletions(-)
 create mode 100644 pkg/api/types/apparmor_types.go
 create mode 100644 pkg/cmd/apparmor/inspect_linux.go
 create mode 100644 pkg/cmd/apparmor/load_linux.go
 create mode 100644 pkg/cmd/apparmor/ls_linux.go
 create mode 100644 pkg/cmd/apparmor/unload_linux.go

diff --git a/cmd/nerdctl/apparmor_inspect_linux.go b/cmd/nerdctl/apparmor_inspect_linux.go
index a47f812a64c..66ee4299f88 100644
--- a/cmd/nerdctl/apparmor_inspect_linux.go
+++ b/cmd/nerdctl/apparmor_inspect_linux.go
@@ -19,7 +19,8 @@ package main
 import (
 	"fmt"
 
-	"github.com/containerd/containerd/contrib/apparmor"
+	"github.com/containerd/nerdctl/pkg/api/types"
+	"github.com/containerd/nerdctl/pkg/cmd/apparmor"
 	"github.com/containerd/nerdctl/pkg/defaults"
 	"github.com/spf13/cobra"
 )
@@ -37,10 +38,7 @@ func newApparmorInspectCommand() *cobra.Command {
 }
 
 func apparmorInspectAction(cmd *cobra.Command, args []string) error {
-	b, err := apparmor.DumpDefaultProfile(defaults.AppArmorProfileName)
-	if err != nil {
-		return err
-	}
-	_, err = fmt.Fprint(cmd.OutOrStdout(), b)
-	return err
+	options := &types.InspectCommandOptions{}
+	options.Writer = cmd.OutOrStdout()
+	return apparmor.Inspect(options)
 }
diff --git a/cmd/nerdctl/apparmor_load_linux.go b/cmd/nerdctl/apparmor_load_linux.go
index f295faf795c..38b7547242b 100644
--- a/cmd/nerdctl/apparmor_load_linux.go
+++ b/cmd/nerdctl/apparmor_load_linux.go
@@ -19,9 +19,8 @@ package main
 import (
 	"fmt"
 
-	"github.com/containerd/containerd/contrib/apparmor"
+	"github.com/containerd/nerdctl/pkg/cmd/apparmor"
 	"github.com/containerd/nerdctl/pkg/defaults"
-	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
@@ -38,6 +37,5 @@ func newApparmorLoadCommand() *cobra.Command {
 }
 
 func apparmorLoadAction(cmd *cobra.Command, args []string) error {
-	logrus.Infof("Loading profile %q", defaults.AppArmorProfileName)
-	return apparmor.LoadDefaultProfile(defaults.AppArmorProfileName)
+	return apparmor.Load()
 }
diff --git a/cmd/nerdctl/apparmor_ls_linux.go b/cmd/nerdctl/apparmor_ls_linux.go
index 57ad991ad5b..f05bb72c776 100644
--- a/cmd/nerdctl/apparmor_ls_linux.go
+++ b/cmd/nerdctl/apparmor_ls_linux.go
@@ -17,14 +17,8 @@
 package main
 
 import (
-	"bytes"
-	"errors"
-	"fmt"
-	"text/tabwriter"
-	"text/template"
-
-	"github.com/containerd/nerdctl/pkg/apparmorutil"
-	"github.com/containerd/nerdctl/pkg/formatter"
+	"github.com/containerd/nerdctl/pkg/api/types"
+	"github.com/containerd/nerdctl/pkg/cmd/apparmor"
 	"github.com/spf13/cobra"
 )
 
@@ -48,57 +42,17 @@ func newApparmorLsCommand() *cobra.Command {
 }
 
 func apparmorLsAction(cmd *cobra.Command, args []string) error {
+	options := &types.LsCommandOptions{}
 	quiet, err := cmd.Flags().GetBool("quiet")
 	if err != nil {
 		return err
 	}
-	w := cmd.OutOrStdout()
-	var tmpl *template.Template
+	options.Quiet = quiet
+	options.Writer = cmd.OutOrStdout()
 	format, err := cmd.Flags().GetString("format")
 	if err != nil {
 		return err
 	}
-	switch format {
-	case "", "table", "wide":
-		w = tabwriter.NewWriter(cmd.OutOrStdout(), 4, 8, 4, ' ', 0)
-		if !quiet {
-			fmt.Fprintln(w, "NAME\tMODE")
-		}
-	case "raw":
-		return errors.New("unsupported format: \"raw\"")
-	default:
-		if quiet {
-			return errors.New("format and quiet must not be specified together")
-		}
-		var err error
-		tmpl, err = formatter.ParseTemplate(format)
-		if err != nil {
-			return err
-		}
-	}
-
-	profiles, err := apparmorutil.Profiles()
-	if err != nil {
-		return err
-	}
-
-	for _, f := range profiles {
-		if tmpl != nil {
-			var b bytes.Buffer
-			if err := tmpl.Execute(&b, f); err != nil {
-				return err
-			}
-			if _, err = fmt.Fprintf(w, b.String()+"\n"); err != nil {
-				return err
-			}
-		} else if quiet {
-			fmt.Fprintln(w, f.Name)
-		} else {
-			fmt.Fprintf(w, "%s\t%s\n", f.Name, f.Mode)
-		}
-	}
-	if f, ok := w.(formatter.Flusher); ok {
-		return f.Flush()
-	}
-	return nil
+	options.Format = format
+	return apparmor.Ls(options)
 }
diff --git a/cmd/nerdctl/apparmor_unload_linux.go b/cmd/nerdctl/apparmor_unload_linux.go
index 15154f3b95a..571b53b58de 100644
--- a/cmd/nerdctl/apparmor_unload_linux.go
+++ b/cmd/nerdctl/apparmor_unload_linux.go
@@ -19,9 +19,9 @@ package main
 import (
 	"fmt"
 
-	"github.com/containerd/nerdctl/pkg/apparmorutil"
+	"github.com/containerd/nerdctl/pkg/api/types"
+	"github.com/containerd/nerdctl/pkg/cmd/apparmor"
 	"github.com/containerd/nerdctl/pkg/defaults"
-	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
@@ -43,8 +43,9 @@ func apparmorUnloadAction(cmd *cobra.Command, args []string) error {
 	if len(args) > 0 {
 		target = args[0]
 	}
-	logrus.Infof("Unloading profile %q", target)
-	return apparmorutil.Unload(target)
+	options := &types.UnloadCommandOptions{}
+	options.Target = target
+	return apparmor.Unload(options)
 }
 
 func apparmorUnloadShellComplete(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
diff --git a/cmd/nerdctl/info.go b/cmd/nerdctl/info.go
index 3d7374426d3..27c0bd17384 100644
--- a/cmd/nerdctl/info.go
+++ b/cmd/nerdctl/info.go
@@ -23,11 +23,11 @@ import (
 	"strings"
 	"text/template"
 
-	"github.com/containerd/nerdctl/pkg/formatter"
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
 
 	"github.com/containerd/containerd/api/services/introspection/v1"
+	"github.com/containerd/nerdctl/pkg/formatter"
 	"github.com/containerd/nerdctl/pkg/infoutil"
 	"github.com/containerd/nerdctl/pkg/inspecttypes/dockercompat"
 	"github.com/containerd/nerdctl/pkg/inspecttypes/native"
diff --git a/pkg/api/types/apparmor_types.go b/pkg/api/types/apparmor_types.go
new file mode 100644
index 00000000000..1ed519cf6bd
--- /dev/null
+++ b/pkg/api/types/apparmor_types.go
@@ -0,0 +1,38 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package types
+
+import "io"
+
+type InspectCommandOptions struct {
+	// Writer is the output writer
+	Writer io.Writer
+}
+
+type UnloadCommandOptions struct {
+	// Target is the profile name
+	Target string
+}
+
+type LsCommandOptions struct {
+	// Only display profile names
+	Quiet bool
+	// Format the output using the given go template
+	Format string
+	// Writer is the output writer
+	Writer io.Writer
+}
diff --git a/pkg/cmd/apparmor/inspect_linux.go b/pkg/cmd/apparmor/inspect_linux.go
new file mode 100644
index 00000000000..0274de78e99
--- /dev/null
+++ b/pkg/cmd/apparmor/inspect_linux.go
@@ -0,0 +1,34 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package apparmor
+
+import (
+	"fmt"
+
+	"github.com/containerd/containerd/contrib/apparmor"
+	"github.com/containerd/nerdctl/pkg/api/types"
+	"github.com/containerd/nerdctl/pkg/defaults"
+)
+
+func Inspect(options *types.InspectCommandOptions) error {
+	b, err := apparmor.DumpDefaultProfile(defaults.AppArmorProfileName)
+	if err != nil {
+		return err
+	}
+	_, err = fmt.Fprint(options.Writer, b)
+	return err
+}
diff --git a/pkg/cmd/apparmor/load_linux.go b/pkg/cmd/apparmor/load_linux.go
new file mode 100644
index 00000000000..b8112aa99e0
--- /dev/null
+++ b/pkg/cmd/apparmor/load_linux.go
@@ -0,0 +1,28 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package apparmor
+
+import (
+	"github.com/containerd/containerd/contrib/apparmor"
+	"github.com/containerd/nerdctl/pkg/defaults"
+	"github.com/sirupsen/logrus"
+)
+
+func Load() error {
+	logrus.Infof("Loading profile %q", defaults.AppArmorProfileName)
+	return apparmor.LoadDefaultProfile(defaults.AppArmorProfileName)
+}
diff --git a/pkg/cmd/apparmor/ls_linux.go b/pkg/cmd/apparmor/ls_linux.go
new file mode 100644
index 00000000000..a55733c7c4d
--- /dev/null
+++ b/pkg/cmd/apparmor/ls_linux.go
@@ -0,0 +1,79 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package apparmor
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"text/tabwriter"
+	"text/template"
+
+	"github.com/containerd/nerdctl/pkg/api/types"
+	"github.com/containerd/nerdctl/pkg/apparmorutil"
+	"github.com/containerd/nerdctl/pkg/formatter"
+)
+
+func Ls(options *types.LsCommandOptions) error {
+	quiet := options.Quiet
+	w := options.Writer
+	var tmpl *template.Template
+	format := options.Format
+	switch format {
+	case "", "table", "wide":
+		w = tabwriter.NewWriter(options.Writer, 4, 8, 4, ' ', 0)
+		if !quiet {
+			fmt.Fprintln(w, "NAME\tMODE")
+		}
+	case "raw":
+		return errors.New("unsupported format: \"raw\"")
+	default:
+		if quiet {
+			return errors.New("format and quiet must not be specified together")
+		}
+		var err error
+		tmpl, err = formatter.ParseTemplate(format)
+		if err != nil {
+			return err
+		}
+	}
+
+	profiles, err := apparmorutil.Profiles()
+	if err != nil {
+		return err
+	}
+
+	for _, f := range profiles {
+		if tmpl != nil {
+			var b bytes.Buffer
+			if err := tmpl.Execute(&b, f); err != nil {
+				return err
+			}
+			if _, err = fmt.Fprintf(w, b.String()+"\n"); err != nil {
+				return err
+			}
+		} else if quiet {
+			fmt.Fprintln(w, f.Name)
+		} else {
+			fmt.Fprintf(w, "%s\t%s\n", f.Name, f.Mode)
+		}
+	}
+	if f, ok := w.(formatter.Flusher); ok {
+		return f.Flush()
+	}
+	return nil
+}
diff --git a/pkg/cmd/apparmor/unload_linux.go b/pkg/cmd/apparmor/unload_linux.go
new file mode 100644
index 00000000000..b92ec64821c
--- /dev/null
+++ b/pkg/cmd/apparmor/unload_linux.go
@@ -0,0 +1,28 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package apparmor
+
+import (
+	"github.com/containerd/nerdctl/pkg/api/types"
+	"github.com/containerd/nerdctl/pkg/apparmorutil"
+	"github.com/sirupsen/logrus"
+)
+
+func Unload(options *types.UnloadCommandOptions) error {
+	logrus.Infof("Unloading profile %q", options.Target)
+	return apparmorutil.Unload(options.Target)
+}