C-WCOW: Use existing policy related function

MahatiC · MahatiC · commit d74438553bba · 2025-09-18T13:24:12.000+01:00
Signed-off-by: Mahati Chamarthy &lt;mahati.chamarthy@gmail.com&gt;
diff --git a/internal/hcsoci/create.go b/internal/hcsoci/create.go
@@ -265,11 +265,7 @@ func CreateContainer(ctx context.Context, createOptions *CreateOptions) (_ cow.C
 			// v1 Argon or Xenon. Pass the document directly to HCS.
 			hcsDocument = v1
 		} else if coi.HostingSystem != nil {
-			isCWCOWUVM := false
-			if createOptions.HostingSystem.WCOWconfidentialUVMOptions != nil {
-				isCWCOWUVM = true
-			}
-			if isCWCOWUVM {
+			if coi.HostingSystem.HasConfidentialPolicy() {
 				// confidential wcow uvm
 				gcsDocument = &guestresource.CWCOWHostedSystem{
 					Spec: *createOptions.Spec,
diff --git a/internal/uvm/start.go b/internal/uvm/start.go
@@ -337,10 +337,10 @@ func (uvm *UtilityVM) Start(ctx context.Context) (err error) {
 		}
 	}
 
-	if uvm.WCOWconfidentialUVMOptions != nil && uvm.OS() == "windows" {
+	if uvm.HasConfidentialPolicy() && uvm.OS() == "windows" {
 		copts := []WCOWConfidentialUVMOpt{
-			WithWCOWSecurityPolicy(uvm.WCOWconfidentialUVMOptions.WCOWSecurityPolicy),
-			WithWCOWSecurityPolicyEnforcer(uvm.WCOWconfidentialUVMOptions.WCOWSecurityPolicyEnforcer),
+			WithWCOWSecurityPolicy(uvm.createOpts.(OptionsWCOW).SecurityPolicy),
+			WithWCOWSecurityPolicyEnforcer(uvm.createOpts.(OptionsWCOW).SecurityPolicyEnforcer),
 		}
 		if err := uvm.SetWCOWConfidentialUVMOptions(ctx, copts...); err != nil {
 			return err
diff --git a/internal/uvm/types.go b/internal/uvm/types.go
@@ -14,7 +14,6 @@ import (
 	"github.com/Microsoft/hcsshim/hcn"
 	"github.com/Microsoft/hcsshim/internal/gcs"
 	"github.com/Microsoft/hcsshim/internal/hcs"
-	"github.com/Microsoft/hcsshim/internal/protocol/guestresource"
 	"github.com/Microsoft/hcsshim/internal/uvm/scsi"
 )
 
@@ -147,8 +146,6 @@ type UtilityVM struct {
 	// ref counting for block CIMs
 	blockCIMMounts    map[string]*UVMMountedBlockCIMs
 	blockCIMMountLock sync.Mutex
-	// WCOWconfidentialUVMOptions hold confidential UVM specific options
-	WCOWconfidentialUVMOptions *guestresource.WCOWConfidentialOptions
 }
 
 func (uvm *UtilityVM) ScratchEncryptionEnabled() bool {

Original file line number	Diff line number	Diff line change
`@@ -337,10 +337,10 @@ func (uvm *UtilityVM) Start(ctx context.Context) (err error) {`
`337`	`337`	`}`
`338`	`338`	`}`
`339`	`339`
`340`		`- if uvm.WCOWconfidentialUVMOptions != nil && uvm.OS() == "windows" {`
	`340`	`+ if uvm.HasConfidentialPolicy() && uvm.OS() == "windows" {`
`341`	`341`	`copts := []WCOWConfidentialUVMOpt{`
`342`		`- WithWCOWSecurityPolicy(uvm.WCOWconfidentialUVMOptions.WCOWSecurityPolicy),`
`343`		`- WithWCOWSecurityPolicyEnforcer(uvm.WCOWconfidentialUVMOptions.WCOWSecurityPolicyEnforcer),`
	`342`	`+ WithWCOWSecurityPolicy(uvm.createOpts.(OptionsWCOW).SecurityPolicy),`
	`343`	`+ WithWCOWSecurityPolicyEnforcer(uvm.createOpts.(OptionsWCOW).SecurityPolicyEnforcer),`
`344`	`344`	`}`
`345`	`345`	`if err := uvm.SetWCOWConfidentialUVMOptions(ctx, copts...); err != nil {`
`346`	`346`	`return err`
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,6 @@ import (`
`14`	`14`	`"github.com/Microsoft/hcsshim/hcn"`
`15`	`15`	`"github.com/Microsoft/hcsshim/internal/gcs"`
`16`	`16`	`"github.com/Microsoft/hcsshim/internal/hcs"`
`17`		`- "github.com/Microsoft/hcsshim/internal/protocol/guestresource"`
`18`	`17`	`"github.com/Microsoft/hcsshim/internal/uvm/scsi"`
`19`	`18`	`)`
`20`	`19`
`@@ -147,8 +146,6 @@ type UtilityVM struct {`
`147`	`146`	`// ref counting for block CIMs`
`148`	`147`	`blockCIMMounts map[string]*UVMMountedBlockCIMs`
`149`	`148`	`blockCIMMountLock sync.Mutex`
`150`		`- // WCOWconfidentialUVMOptions hold confidential UVM specific options`
`151`		`- WCOWconfidentialUVMOptions *guestresource.WCOWConfidentialOptions`
`152`	`149`	`}`
`153`	`150`
`154`	`151`	`func (uvm *UtilityVM) ScratchEncryptionEnabled() bool {`