updated cni code to match network container contract update

Author: rejain789

cni/netconfig.go

@@ -7,7 +7,6 @@ import (
 	"encoding/json"
 	"strings"
 
-	acn "github.com/Azure/azure-container-networking/common"
 	"github.com/Azure/azure-container-networking/network/policy"
 	cniTypes "github.com/containernetworking/cni/pkg/types"
 )
@@ -16,6 +15,12 @@ const (
 	PolicyStr string = "Policy"
 )
 
+// KVPair represents a K-V pair of a json object.
+type KVPair struct {
+	Name  string          `json:"name"`
+	Value json.RawMessage `json:"value"`
+}
+
 type PortMapping struct {
 	HostPort      int    `json:"hostPort"`
 	ContainerPort int    `json:"containerPort"`
@@ -73,7 +78,7 @@ type NetworkConfig struct {
 	DNS                           cniTypes.DNS    `json:"dns,omitempty"`
 	RuntimeConfig                 RuntimeConfig   `json:"runtimeConfig,omitempty"`
 	WindowsSettings               WindowsSettings `json:"windowsSettings,omitempty"`
-	AdditionalArgs                []acn.KVPair    `json:"AdditionalArgs,omitempty"`
+	AdditionalArgs                []KVPair        `json:"AdditionalArgs,omitempty"`
 }
 
 type WindowsSettings struct {
@@ -116,7 +121,7 @@ func ParseNetworkConfig(b []byte) (*NetworkConfig, error) {
 }
 
 // GetPoliciesFromNwCfg returns network policies from network config.
-func GetPoliciesFromNwCfg(kvp []acn.KVPair) []policy.Policy {
+func GetPoliciesFromNwCfg(kvp []KVPair) []policy.Policy {
 	var policies []policy.Policy
 	for _, pair := range kvp {
 		if strings.Contains(pair.Name, PolicyStr) {

cni/network/invoker_cns.go

@@ -12,10 +12,10 @@ import (
 	"github.com/Azure/azure-container-networking/cns"
 	cnscli "github.com/Azure/azure-container-networking/cns/client"
 	"github.com/Azure/azure-container-networking/cns/fsnotify"
-	acn "github.com/Azure/azure-container-networking/common"
 	"github.com/Azure/azure-container-networking/iptables"
 	"github.com/Azure/azure-container-networking/network"
 	"github.com/Azure/azure-container-networking/network/networkutils"
+	"github.com/Azure/azure-container-networking/network/policy"
 	cniSkel "github.com/containernetworking/cni/pkg/skel"
 	"github.com/pkg/errors"
 	"go.uber.org/zap"
@@ -56,7 +56,7 @@ type IPResultInfo struct {
 	skipDefaultRoutes  bool
 	routes             []cns.Route
 	pnpID              string
-	defaultDenyACL     []acn.KVPair
+	endpointPolicies   []policy.Policy
 }
 
 func (i IPResultInfo) MarshalLogObject(encoder zapcore.ObjectEncoder) error {
@@ -161,7 +161,7 @@ func (invoker *CNSIPAMInvoker) Add(addConfig IPAMAddConfig) (IPAMAddResult, erro
 			skipDefaultRoutes:  response.PodIPInfo[i].SkipDefaultRoutes,
 			routes:             response.PodIPInfo[i].Routes,
 			pnpID:              response.PodIPInfo[i].PnPID,
-			defaultDenyACL:     response.PodIPInfo[i].DefaultDenyACL,
+			endpointPolicies:   response.PodIPInfo[i].EndpointPolicies,
 		}
 
 		logger.Info("Received info for pod",
@@ -456,7 +456,7 @@ func configureDefaultAddResult(info *IPResultInfo, addConfig *IPAMAddConfig, add
 			IPConfigs:         ipConfigs,
 			Routes:            resRoute,
 			HostSubnetPrefix:  *hostIPNet,
-			DefaultDenyACL:    info.defaultDenyACL,
+			EndpointPolicies:  info.endpointPolicies,
 		}
 	}
 

cni/network/invoker_cns_test.go

@@ -10,9 +10,9 @@ import (
 	"github.com/Azure/azure-container-networking/cni"
 	"github.com/Azure/azure-container-networking/cni/util"
 	"github.com/Azure/azure-container-networking/cns"
-	acn "github.com/Azure/azure-container-networking/common"
 	"github.com/Azure/azure-container-networking/iptables"
 	"github.com/Azure/azure-container-networking/network"
+	"github.com/Azure/azure-container-networking/network/policy"
 	cniSkel "github.com/containernetworking/cni/pkg/skel"
 	"github.com/stretchr/testify/require"
 )
@@ -536,14 +536,14 @@ func TestCNSIPAMInvoker_Add(t *testing.T) {
 		"Priority": 10000
 	}`)
 
-	expectedDefaultDenyACL := []acn.KVPair{
+	expectedEndpointPolicies := []policy.Policy{
 		{
-			Name:  "EndpointPolicy",
-			Value: valueOut,
+			Type: policy.ACLPolicy,
+			Data: valueOut,
 		},
 		{
-			Name:  "EndpointPolicy",
-			Value: valueIn,
+			Type: policy.ACLPolicy,
+			Data: valueIn,
 		},
 	}
 	tests := []struct {
@@ -583,8 +583,8 @@ func TestCNSIPAMInvoker_Add(t *testing.T) {
 										PrimaryIP: "10.0.0.1",
 										Subnet:    "10.0.0.0/24",
 									},
-									NICType:        cns.InfraNIC,
-									DefaultDenyACL: expectedDefaultDenyACL,
+									NICType:          cns.InfraNIC,
+									EndpointPolicies: expectedEndpointPolicies,
 								},
 							},
 							Response: cns.Response{
@@ -613,7 +613,7 @@ func TestCNSIPAMInvoker_Add(t *testing.T) {
 						Gateway: net.ParseIP("10.0.0.1"),
 					},
 				},
-				DefaultDenyACL: expectedDefaultDenyACL,
+				EndpointPolicies: expectedEndpointPolicies,
 				Routes: []network.RouteInfo{
 					{
 						Dst: network.Ipv4DefaultRouteDstPrefix,
@@ -654,7 +654,7 @@ func TestCNSIPAMInvoker_Add(t *testing.T) {
 										PrimaryIP: "10.0.0.1",
 										Subnet:    "10.0.0.0/24",
 									},
-									DefaultDenyACL: expectedDefaultDenyACL,
+									EndpointPolicies: expectedEndpointPolicies,
 								},
 							},
 							Response: cns.Response{
@@ -683,7 +683,7 @@ func TestCNSIPAMInvoker_Add(t *testing.T) {
 						Gateway: net.ParseIP("10.0.0.1"),
 					},
 				},
-				DefaultDenyACL: expectedDefaultDenyACL,
+				EndpointPolicies: expectedEndpointPolicies,
 				Routes: []network.RouteInfo{
 					{
 						Dst: network.Ipv4DefaultRouteDstPrefix,
@@ -724,8 +724,8 @@ func TestCNSIPAMInvoker_Add(t *testing.T) {
 										PrimaryIP: "10.0.0.1",
 										Subnet:    "10.0.0.0/24",
 									},
-									NICType:        cns.InfraNIC,
-									DefaultDenyACL: expectedDefaultDenyACL,
+									NICType:          cns.InfraNIC,
+									EndpointPolicies: expectedEndpointPolicies,
 								},
 								{
 									PodIPConfig: cns.IPSubnet{
@@ -745,8 +745,8 @@ func TestCNSIPAMInvoker_Add(t *testing.T) {
 										PrimaryIP: "fe80::1234:5678:9abc",
 										Subnet:    "fd11:1234::/112",
 									},
-									NICType:        cns.InfraNIC,
-									DefaultDenyACL: expectedDefaultDenyACL,
+									NICType:          cns.InfraNIC,
+									EndpointPolicies: expectedEndpointPolicies,
 								},
 							},
 							Response: cns.Response{
@@ -779,7 +779,7 @@ func TestCNSIPAMInvoker_Add(t *testing.T) {
 						Gateway: net.ParseIP("fe80::1234:5678:9abc"),
 					},
 				},
-				DefaultDenyACL: expectedDefaultDenyACL,
+				EndpointPolicies: expectedEndpointPolicies,
 				Routes: []network.RouteInfo{
 					{
 						Dst: network.Ipv4DefaultRouteDstPrefix,
@@ -807,7 +807,7 @@ func TestCNSIPAMInvoker_Add(t *testing.T) {
 						result: &cns.IPConfigsResponse{
 							PodIPInfo: []cns.PodIpInfo{
 								{
-									DefaultDenyACL: expectedDefaultDenyACL,
+									EndpointPolicies: expectedEndpointPolicies,
 								},
 							},
 							Response: cns.Response{
@@ -836,7 +836,7 @@ func TestCNSIPAMInvoker_Add(t *testing.T) {
 			}
 			ipamAddResult, err := invoker.Add(IPAMAddConfig{nwCfg: tt.args.nwCfg, args: tt.args.args, options: tt.args.options})
 			if tt.wantErr {
-				require.Equalf([]acn.KVPair(nil), ipamAddResult.interfaceInfo[string(cns.InfraNIC)].DefaultDenyACL, "Correct default deny ACL")
+				require.Equalf([]policy.Policy(nil), ipamAddResult.interfaceInfo[string(cns.InfraNIC)].EndpointPolicies, "There was an error requesting IP addresses from cns")
 				require.Error(err)
 			} else {
 				require.NoError(err)
@@ -852,7 +852,7 @@ func TestCNSIPAMInvoker_Add(t *testing.T) {
 				}
 				if ifInfo.NICType == cns.InfraNIC {
 					require.Equalf(tt.wantDefaultResult, ifInfo, "incorrect default response")
-					require.Equalf(expectedDefaultDenyACL, ifInfo.DefaultDenyACL, "Correct default deny ACL")
+					require.Equalf(expectedEndpointPolicies, ifInfo.EndpointPolicies, "Correct default deny ACL")
 				}
 			}
 		})

cni/network/network.go

@@ -589,13 +589,12 @@ func (plugin *NetPlugin) Add(args *cniSkel.CmdArgs) error {
 		// sendEvent(plugin, fmt.Sprintf("Allocated IPAddress from ipam DefaultInterface: %+v, SecondaryInterfaces: %+v", ipamAddResult.interfaceInfo[ifIndex], ipamAddResult.interfaceInfo))
 	}
 
+	policies := cni.GetPoliciesFromNwCfg(nwCfg.AdditionalArgs)
 	for key := range ipamAddResult.interfaceInfo {
 		if key == string(cns.InfraNIC) {
-			nwCfg.AdditionalArgs = append(nwCfg.AdditionalArgs, ipamAddResult.interfaceInfo[key].DefaultDenyACL...)
+			policies = append(policies, ipamAddResult.interfaceInfo[key].EndpointPolicies...)
 		}
 	}
-
-	policies := cni.GetPoliciesFromNwCfg(nwCfg.AdditionalArgs)
 	// moved to addIpamInvoker
 	// sendEvent(plugin, fmt.Sprintf("Allocated IPAddress from ipam interface: %+v", ipamAddResult.PrettyString()))
 

cni/network/network_windows_test.go

@@ -12,7 +12,6 @@ import (
 
 	"github.com/Azure/azure-container-networking/cni"
 	"github.com/Azure/azure-container-networking/cns"
-	acn "github.com/Azure/azure-container-networking/common"
 	"github.com/Azure/azure-container-networking/network"
 	"github.com/Azure/azure-container-networking/network/hnswrapper"
 	"github.com/Azure/azure-container-networking/network/policy"
@@ -942,7 +941,7 @@ func TestPluginWindowsAdd(t *testing.T) {
 		EnableExactMatchForPodName: true,
 		Master:                     "eth0",
 		// these are added to test that policies propagate to endpoint info
-		AdditionalArgs: []acn.KVPair{
+		AdditionalArgs: []cni.KVPair{
 			{
 				Name:  "EndpointPolicy",
 				Value: GetRawOutBoundNATPolicy(),

cns/NetworkContainerContract.go

@@ -8,8 +8,8 @@ import (
 	"strings"
 
 	"github.com/Azure/azure-container-networking/cns/types"
-	acn "github.com/Azure/azure-container-networking/common"
 	"github.com/Azure/azure-container-networking/crd/nodenetworkconfig/api/v1alpha"
+	"github.com/Azure/azure-container-networking/network/policy"
 	"github.com/google/uuid"
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
@@ -504,8 +504,8 @@ type PodIpInfo struct {
 	Routes []Route
 	// PnpId is set for backend interfaces, Pnp Id identifies VF. Plug and play id(pnp) is also called as PCI ID
 	PnPID string
-	// Defauly Deny ACL's to configure on HNS endpoints for Swiftv2 window nodes
-	DefaultDenyACL []acn.KVPair
+	// Default Deny ACL's to configure on HNS endpoints for Swiftv2 window nodes
+	EndpointPolicies []policy.Policy
 }
 
 type HostIPInfo struct {

common/config.go

@@ -3,8 +3,6 @@
 
 package common
 
-import "encoding/json"
-
 // Command line options.
 const (
 	// Operating environment.
@@ -148,9 +146,3 @@ const (
 	// OptCNIConflistScenarioAlias "shorthand" for the cni conflist scenairo, see above
 	OptCNIConflistScenarioAlias = "cniconflistscenario"
 )
-
-// KVPair represents a K-V pair of a json object.
-type KVPair struct {
-	Name  string          `json:"name"`
-	Value json.RawMessage `json:"value"`
-}

network/endpoint.go

@@ -11,7 +11,6 @@ import (
 
 	"github.com/Azure/azure-container-networking/cni/log"
 	"github.com/Azure/azure-container-networking/cns"
-	acn "github.com/Azure/azure-container-networking/common"
 	"github.com/Azure/azure-container-networking/netio"
 	"github.com/Azure/azure-container-networking/netlink"
 	"github.com/Azure/azure-container-networking/network/policy"
@@ -139,7 +138,7 @@ type InterfaceInfo struct {
 	HostSubnetPrefix  net.IPNet // Move this field from ipamAddResult
 	NCResponse        *cns.GetNetworkContainerResponse
 	PnPID             string
-	DefaultDenyACL    []acn.KVPair
+	EndpointPolicies  []policy.Policy
 }
 
 type IPConfig struct {