windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink

[kevpar]

This change splits the definition of pkg/cri/os.ResolveSymbolicLink by
platform (windows/!windows), and switches to an alternate implementation
for Windows. This aims to fix the issue described in #5405.

The previous implementation which just called filepath.EvalSymlinks has
historically had issues on Windows. One of these issues we were able to
fix in Go, but EvalSymlinks's behavior is not well specified on
Windows, and there could easily be more issues in the future, so it
seems prudent to move to a separate implementation for Windows.

The new implementation uses the Windows GetFinalPathNameByHandle API,
which takes a handle to an open file or directory and some flags, and
returns the "real" name for the object. See comments in the code for
details on the implementation.

I have tested this change with a variety of mounts and everything seems
to work as expected. Functions that make incorrect assumptions on what a
Windows path can look like may have some trouble with the \\?\ path
syntax. For instance EvalSymlinks fails when given a \\?\UNC\ path. For
this reason, the resolvePath implementation modifies the returned path
to translate to the more common form (\\?\UNC\server\share ->
\\server\share).

Signed-off-by: Kevin Parsons kevpar@microsoft.com

[ambarve]

LGTM!

[kevpar]

I've fixed up some logic, expanded the comments to explain better why we are doing it this way, and added some unit tests. However, I'm having trouble getting some of the more interesting tests to work currently, as they require creating/mounting VHDs. I initially used the Hyper-V PowerShell cmdlets, but those are not present on the CI machines, and my attempt to install them was not successful.

I'm looking into if there's another way I can do the VHD setup that is needed. Otherwise I'll probably need to take out some of the test cases, or find a way to put them behind a feature flag.

The implementation of resolvePath and intent behind what we are testing should still be suitable for review. @AkihiroSuda if you can take a look again that would be appreciated. :)

[kevpar]

Okay! Finally got the tests to run properly. Everything passes now except for pull-containerd-node-e2e, which looks unrelated.

The only issue I see is that to properly implement VHD formatting I had to detect the Windows OS version we are running on, which brings in the github.com/Microsoft/hcsshim/test module as a new dependency. I'm not sure if pulling this in to the main containerd module is desired, but this test doesn't look like it would make sense under integration/client, either.

I could remove the version detection given the CI only runs on WS2019, but that's not ideal since someone might need to run it locally, and we don't want to prevent the CI machines from being upgraded.

I could also move the github.com/Microsoft/hcsshim/test/functional/manifest package out of the test module, but that will require a new hcsshim release to update to, and that might complicate backporting this to v1.4.

[theopenlab-ci]

Build succeeded.

• containerd-build-arm64 : SUCCESS in 7m 50s (non-voting)
• containerd-test-arm64 : SUCCESS in 23m 41s (non-voting)
• containerd-integration-test-arm64 : SUCCESS in 29m 07s (non-voting)

[mainred]

Thanks for your effort, @kevpar .
Thanks, @AkihiroSuda for sharing so many valuable inputs in this PR, could you please take another look?

cc @estesp

[estesp]

/test pull-containerd-node-e2e

[theopenlab-ci]

Build succeeded.

• containerd-build-arm64 : SUCCESS in 4m 58s (non-voting)
• containerd-test-arm64 : SUCCESS in 5m 34s (non-voting)
• containerd-integration-test-arm64 : SUCCESS in 23m 05s (non-voting)

[kevpar]

@estesp looks like this is properly signed off. Could you please help merge?

[ibabou]

@kevpar Is there a plan to get this cherry-picked into 1.4.x as well ? Or the only path will be into 1.5.1 ?
We currently facing issues with our csi driver on 1.4.4, so wants to see if we can get this backported.

[kevpar]

@kevpar Is there a plan to get this cherry-picked into 1.4.x as well ? Or the only path will be into 1.5.1 ?
We currently facing issues with our csi driver on 1.4.4, so wants to see if we can get this backported.

@ibabou yes, I have a PR out to backport to containerd/cri for 1.4 here: containerd/cri#1636

[ibabou]

@kevpar Is there a plan to get this cherry-picked into 1.4.x as well ? Or the only path will be into 1.5.1 ?
We currently facing issues with our csi driver on 1.4.4, so wants to see if we can get this backported.

@ibabou yes, I have a PR out to backport to containerd/cri for 1.4 here: containerd/cri#1636

That's awesome, thanks Kevin!

[ibabou]

@kevpar I don't see the change in release/1.5. Is there a pending thing related to it ? Seems both 1.5.1 and 1.5.2 got published without it ?

[kevpar]

@kevpar I don't see the change in release/1.5. Is there a pending thing related to it ? Seems both 1.5.1 and 1.5.2 got published without it ?

It looks like the backport PR (#5454) for 1.5 accidentally went into master instead of release/1.5. I'll send a new PR to get this in. :)

[kevpar]

@kevpar I don't see the change in release/1.5. Is there a pending thing related to it ? Seems both 1.5.1 and 1.5.2 got published without it ?

It looks like the backport PR (#5454) for 1.5 accidentally went into master instead of release/1.5. I'll send a new PR to get this in. :)

PR: #5537

[ibabou]

@kevpar I don't see the change in release/1.5. Is there a pending thing related to it ? Seems both 1.5.1 and 1.5.2 got published without it ?

It looks like the backport PR (#5454) for 1.5 accidentally went into master instead of release/1.5. I'll send a new PR to get this in. :)

PR: #5537

Yeah, I noticed too that the PR of the cherry-pick did seem to not have gone in release/1.5 :). Thanks a lot Kevin!