Add Linux bundle transformation and testing for VM adaptation

Author: aledbf

internal/shim/transform/bundle.go internal/shim/bundle/transform_linux.gointernal/shim/transform/bundle.go renamed to internal/shim/bundle/transform_linux.go

@@ -1,7 +1,6 @@
 //go:build linux
 
-// Package transform provides OCI bundle transformations for VM compatibility.
-package transform
+package bundle
 
 import (
 	"context"
@@ -12,12 +11,10 @@ import (
 	"github.com/containerd/log"
 	"github.com/opencontainers/runc/libcontainer/capabilities"
 	"github.com/opencontainers/runtime-spec/specs-go"
-
-	"github.com/spin-stack/spinbox/internal/shim/bundle"
 )
 
 // TransformBindMounts converts bind mounts to extra files for the VM.
-func TransformBindMounts(ctx context.Context, b *bundle.Bundle) error {
+func TransformBindMounts(ctx context.Context, b *Bundle) error {
 	for i, m := range b.Spec.Mounts {
 		if m.Type == "bind" {
 			filename := filepath.Base(m.Source)
@@ -44,7 +41,7 @@ func TransformBindMounts(ctx context.Context, b *bundle.Bundle) error {
 // - Remove network/cgroup namespaces (container uses VM's)
 // - Ensure cgroup2 mount exists
 // - Grant full capabilities (VM is the security boundary)
-func AdaptForVM(ctx context.Context, b *bundle.Bundle) error {
+func AdaptForVM(ctx context.Context, b *Bundle) error {
 	// Remove network and cgroup namespaces
 	if b.Spec.Linux != nil {
 		var namespaces []specs.LinuxNamespace
@@ -117,8 +114,8 @@ func ensureRW(opts []string) []string {
 }
 
 // LoadForCreate loads and transforms an OCI bundle for container creation.
-func LoadForCreate(ctx context.Context, bundlePath string) (*bundle.Bundle, error) {
-	return bundle.Load(ctx, bundlePath,
+func LoadForCreate(ctx context.Context, bundlePath string) (*Bundle, error) {
+	return Load(ctx, bundlePath,
 		TransformBindMounts,
 		AdaptForVM,
 	)

internal/shim/transform/bundle_test.go …rnal/shim/bundle/transform_linux_test.gointernal/shim/transform/bundle_test.go renamed to internal/shim/bundle/transform_linux_test.go internal/shim/transform/bundle_test.go renamed to internal/shim/bundle/transform_linux_test.go

@@ -1,6 +1,6 @@
 //go:build linux
 
-package transform
+package bundle
 
 import (
 	"context"
@@ -12,13 +12,11 @@ import (
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-
-	"github.com/spin-stack/spinbox/internal/shim/bundle"
 )
 
 const cgroupPath = "/sys/fs/cgroup"
 
-func createTestBundle(t *testing.T, bundlePath string) {
+func setupTransformTestBundle(t *testing.T, bundlePath string) {
 	t.Helper()
 	require.NoError(t, os.MkdirAll(bundlePath, 0750))
 
@@ -48,13 +46,13 @@ func TestTransformBindMounts(t *testing.T) {
 	t.Run("transforms bind mount from bundle path", func(t *testing.T) {
 		tmpDir := t.TempDir()
 		bundlePath := filepath.Join(tmpDir, "test-container")
-		createTestBundle(t, bundlePath)
+		setupTransformTestBundle(t, bundlePath)
 
 		testFile := filepath.Join(bundlePath, "config.yaml")
 		testContent := []byte("key: value\n")
 		require.NoError(t, os.WriteFile(testFile, testContent, 0600))
 
-		b, err := bundle.Load(ctx, bundlePath)
+		b, err := Load(ctx, bundlePath)
 		require.NoError(t, err)
 
 		b.Spec.Mounts = append(b.Spec.Mounts, specs.Mount{
@@ -75,14 +73,14 @@ func TestTransformBindMounts(t *testing.T) {
 	t.Run("ignores bind mount from different path", func(t *testing.T) {
 		tmpDir := t.TempDir()
 		bundlePath := filepath.Join(tmpDir, "test-container")
-		createTestBundle(t, bundlePath)
+		setupTransformTestBundle(t, bundlePath)
 
 		otherDir := filepath.Join(tmpDir, "other")
 		require.NoError(t, os.MkdirAll(otherDir, 0750))
 		testFile := filepath.Join(otherDir, "secret.txt")
 		require.NoError(t, os.WriteFile(testFile, []byte("secret"), 0600))
 
-		b, err := bundle.Load(ctx, bundlePath)
+		b, err := Load(ctx, bundlePath)
 		require.NoError(t, err)
 
 		b.Spec.Mounts = append(b.Spec.Mounts, specs.Mount{
@@ -104,9 +102,9 @@ func TestAdaptForVM(t *testing.T) {
 	t.Run("removes network and cgroup namespaces", func(t *testing.T) {
 		tmpDir := t.TempDir()
 		bundlePath := filepath.Join(tmpDir, "test-container")
-		createTestBundle(t, bundlePath)
+		setupTransformTestBundle(t, bundlePath)
 
-		b, err := bundle.Load(ctx, bundlePath)
+		b, err := Load(ctx, bundlePath)
 		require.NoError(t, err)
 
 		err = AdaptForVM(ctx, b)
@@ -134,9 +132,9 @@ func TestAdaptForVM(t *testing.T) {
 	t.Run("adds cgroup2 mount if missing", func(t *testing.T) {
 		tmpDir := t.TempDir()
 		bundlePath := filepath.Join(tmpDir, "test-container")
-		createTestBundle(t, bundlePath)
+		setupTransformTestBundle(t, bundlePath)
 
-		b, err := bundle.Load(ctx, bundlePath)
+		b, err := Load(ctx, bundlePath)
 		require.NoError(t, err)
 
 		err = AdaptForVM(ctx, b)
@@ -171,7 +169,7 @@ func TestAdaptForVM(t *testing.T) {
 		require.NoError(t, os.WriteFile(filepath.Join(bundlePath, "config.json"), specBytes, 0600))
 		require.NoError(t, os.MkdirAll(filepath.Join(bundlePath, "rootfs"), 0750))
 
-		b, err := bundle.Load(ctx, bundlePath)
+		b, err := Load(ctx, bundlePath)
 		require.NoError(t, err)
 
 		err = AdaptForVM(ctx, b)
@@ -185,9 +183,9 @@ func TestAdaptForVM(t *testing.T) {
 	t.Run("grants full capabilities", func(t *testing.T) {
 		tmpDir := t.TempDir()
 		bundlePath := filepath.Join(tmpDir, "test-container")
-		createTestBundle(t, bundlePath)
+		setupTransformTestBundle(t, bundlePath)
 
-		b, err := bundle.Load(ctx, bundlePath)
+		b, err := Load(ctx, bundlePath)
 		require.NoError(t, err)
 
 		err = AdaptForVM(ctx, b)
@@ -212,7 +210,7 @@ func TestAdaptForVM(t *testing.T) {
 		require.NoError(t, os.WriteFile(filepath.Join(bundlePath, "config.json"), specBytes, 0600))
 		require.NoError(t, os.MkdirAll(filepath.Join(bundlePath, "rootfs"), 0750))
 
-		b, err := bundle.Load(ctx, bundlePath)
+		b, err := Load(ctx, bundlePath)
 		require.NoError(t, err)
 
 		err = AdaptForVM(ctx, b)
@@ -226,7 +224,7 @@ func TestLoadForCreate(t *testing.T) {
 	t.Run("applies all transforms", func(t *testing.T) {
 		tmpDir := t.TempDir()
 		bundlePath := filepath.Join(tmpDir, "test-container")
-		createTestBundle(t, bundlePath)
+		setupTransformTestBundle(t, bundlePath)
 
 		testFile := filepath.Join(bundlePath, "app.conf")
 		require.NoError(t, os.WriteFile(testFile, []byte("config"), 0600))

internal/shim/cpuhotplug/controller.go

@@ -51,13 +51,13 @@ type Config struct {
 }
 
 const (
-	defaultMonitorInterval   = 5 * time.Second
-	defaultScaleUpCooldown   = 10 * time.Second
-	defaultScaleDownCooldown = 30 * time.Second
-	defaultScaleUpThreshold  = 80.0
+	defaultMonitorInterval    = 5 * time.Second
+	defaultScaleUpCooldown    = 10 * time.Second
+	defaultScaleDownCooldown  = 30 * time.Second
+	defaultScaleUpThreshold   = 80.0
 	defaultScaleDownThreshold = 50.0
-	defaultThrottleLimit     = 5.0
-	defaultScaleUpStability  = 2
+	defaultThrottleLimit      = 5.0
+	defaultScaleUpStability   = 2
 	defaultScaleDownStability = 6
 )
 
@@ -253,7 +253,7 @@ func (c *Controller) ScaleUp(ctx context.Context) error {
 	}
 
 	// Find first available CPU ID
-	for nextID := 0; nextID < c.maxCPUs; nextID++ {
+	for nextID := range c.maxCPUs {
 		if existingCPUs[nextID] {
 			continue
 		}

internal/shim/hotplug/monitor_test.go

@@ -21,8 +21,8 @@ type mockScaler struct {
 	scaleUpErr     error
 	scaleDownErr   error
 
-	evaluateCalls atomic.Int32
-	scaleUpCalls  atomic.Int32
+	evaluateCalls  atomic.Int32
+	scaleUpCalls   atomic.Int32
 	scaleDownCalls atomic.Int32
 }
 
@@ -50,9 +50,9 @@ func (m *mockScaler) ScaleDown(ctx context.Context) error {
 }
 
 func TestScaleDirection(t *testing.T) {
-	assert.Equal(t, ScaleDirection(0), ScaleNone)
-	assert.Equal(t, ScaleDirection(1), ScaleUp)
-	assert.Equal(t, ScaleDirection(2), ScaleDown)
+	assert.Equal(t, ScaleNone, ScaleDirection(0))
+	assert.Equal(t, ScaleUp, ScaleDirection(1))
+	assert.Equal(t, ScaleDown, ScaleDirection(2))
 }
 
 func TestNewMonitor(t *testing.T) {

internal/shim/task/create.go

@@ -26,7 +26,6 @@ import (
 	"github.com/spin-stack/spinbox/internal/shim/lifecycle"
 	platformNetwork "github.com/spin-stack/spinbox/internal/shim/platform/network"
 	"github.com/spin-stack/spinbox/internal/shim/resources"
-	"github.com/spin-stack/spinbox/internal/shim/transform"
 )
 
 // createCleanup tracks resources that need cleanup on failure.
@@ -121,7 +120,7 @@ func (s *service) setupVMInstance(ctx context.Context, state *createState) error
 	}
 
 	// Load and transform bundle
-	b, err := transform.LoadForCreate(ctx, r.Bundle)
+	b, err := bundle.LoadForCreate(ctx, r.Bundle)
 	if err != nil {
 		return err
 	}