Merge branch 'master' into jainriya/npm-legacy-forwardport

Author: rejain456

build/tools/go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/golangci/golangci-lint v1.62.0
 	github.com/jstemmer/go-junit-report v1.0.0
 	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1
-	google.golang.org/protobuf v1.35.1
+	google.golang.org/protobuf v1.35.2
 	mvdan.cc/gofumpt v0.7.0
 	sigs.k8s.io/controller-tools v0.16.3
 )

build/tools/go.sum

@@ -591,8 +591,8 @@ google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo=
 google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 h1:F29+wU6Ee6qgu9TddPgooOdaqsxTMunOoj8KA5yuS5A=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1/go.mod h1:5KF+wpkbTSbGcR9zteSqZV6fqFOWBl4Yde8En8MryZA=
-google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

cni/Dockerfile

@@ -27,7 +27,7 @@ WORKDIR /payload
 COPY --from=azure-vnet /go/bin/* /payload/
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS.conflist /payload/azure.conflist
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift.conflist /payload/azure-swift.conflist
-COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-multitenancy-transparent-vlan.conflist /payload/azure-multitenancy-transparent-vlan.conflist
+COPY --from=azure-vnet /azure-container-networking/cni/azure-linux-multitenancy-transparent-vlan.conflist /payload/azure-multitenancy-transparent-vlan.conflist
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift-overlay.conflist /payload/azure-swift-overlay.conflist
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift-overlay-dualstack.conflist /payload/azure-swift-overlay-dualstack.conflist
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-multitenancy.conflist /payload/azure-multitenancy.conflist

cni/azure-windows-multitenancy-transparent-vlan.conflist

@@ -4,8 +4,6 @@
     "plugins": [
         {
             "type": "azure-vnet",
-            "mode": "bridge",
-            "bridge": "azure0",
             "multiTenancy":true,
             "enableSnatOnHost":true,
             "enableExactMatchForPodName": true,

cni/azure-windows-multitenancy.conflist

@@ -5,7 +5,6 @@
     "plugins": [
         {
             "type": "azure-vnet",
-            "bridge": "azure0",
             "capabilities": {
                 "portMappings": true,
                 "dns": true

cni/azure-windows-swift-overlay-dualstack.conflist

@@ -5,7 +5,6 @@
     "plugins": [
         {
             "type": "azure-vnet",
-            "bridge": "azure0",
             "capabilities": {
                 "portMappings": true,
                 "dns": true

cni/azure-windows-swift-overlay.conflist

@@ -5,7 +5,6 @@
     "plugins": [
         {
             "type": "azure-vnet",
-            "bridge": "azure0",
             "executionMode": "v4swift",
             "capabilities": {
                 "portMappings": true,

cni/azure-windows-swift.conflist

@@ -5,8 +5,6 @@
     "plugins": [
         {
             "type": "azure-vnet",
-            "mode": "bridge",
-            "bridge": "azure0",
             "capabilities": {
                 "portMappings": true,
                 "dns": true
@@ -45,4 +43,4 @@
             ]
         }
     ]
-}
+}

cni/azure-windows.conflist

@@ -899,6 +899,38 @@ func GetTestCNSResponseSecondaryWindows(macAddress string) map[string]network.In
 	}
 }
 
+func GetRawACLPolicy() (ret json.RawMessage) {
+	var data map[string]interface{}
+	formatted := []byte(`{
+		"Type": "ACL",
+		"Protocols": "6",
+		"Action": "Block",
+		"Direction": "Out",
+		"RemoteAddresses": "168.63.129.16/32",
+		"RemotePorts": "80",
+		"Priority": 200,
+		"RuleType": "Switch"
+	  }`)
+	json.Unmarshal(formatted, &data)  // nolint
+	minified, _ := json.Marshal(data) // nolint
+	ret = json.RawMessage(minified)
+	return ret
+}
+
+func GetRawOutBoundNATPolicy() (ret json.RawMessage) {
+	var data map[string]interface{}
+	formatted := []byte(`{
+		"Type": "OutBoundNAT",
+		"ExceptionList": [
+		  "10.224.0.0/16"
+		]
+	  }`)
+	json.Unmarshal(formatted, &data)  // nolint
+	minified, _ := json.Marshal(data) // nolint
+	ret = json.RawMessage(minified)
+	return ret
+}
+
 // Happy path scenario for add and delete
 func TestPluginWindowsAdd(t *testing.T) {
 	resources := GetTestResources()
@@ -908,6 +940,20 @@ func TestPluginWindowsAdd(t *testing.T) {
 		MultiTenancy:               true,
 		EnableExactMatchForPodName: true,
 		Master:                     "eth0",
+		// these are added to test that policies propagate to endpoint info
+		AdditionalArgs: []cni.KVPair{
+			{
+				Name:  "EndpointPolicy",
+				Value: GetRawOutBoundNATPolicy(),
+			},
+			{
+				Name:  "EndpointPolicy",
+				Value: GetRawACLPolicy(),
+			},
+		},
+		WindowsSettings: cni.WindowsSettings{ // included to test functionality
+			EnableLoopbackDSR: true,
+		},
 	}
 	nwCfg := cni.NetworkConfig{
 		CNIVersion:                 "0.3.0",
@@ -1002,6 +1048,31 @@ func TestPluginWindowsAdd(t *testing.T) {
 								Gateway: net.ParseIP("20.0.0.1"),
 							},
 						},
+						EndpointPolicies: []policy.Policy{
+							{
+								Type: policy.EndpointPolicy,
+								Data: GetRawOutBoundNATPolicy(),
+							},
+							{
+								Type: policy.EndpointPolicy,
+								Data: GetRawACLPolicy(),
+							},
+							{
+								Type: policy.EndpointPolicy,
+								// if enabled we create a loopback dsr policy based on the cns ip config
+								Data: json.RawMessage(`{"Type":"LoopbackDSR","IPAddress":"20.0.0.10"}`),
+							},
+						},
+						NetworkPolicies: []policy.Policy{
+							{
+								Type: policy.EndpointPolicy,
+								Data: GetRawOutBoundNATPolicy(),
+							},
+							{
+								Type: policy.EndpointPolicy,
+								Data: GetRawACLPolicy(),
+							},
+						},
 					},
 					epIDRegex: `.*`,
 				},
@@ -1047,6 +1118,30 @@ func TestPluginWindowsAdd(t *testing.T) {
 								Gateway: net.ParseIP("10.0.0.1"),
 							},
 						},
+						EndpointPolicies: []policy.Policy{
+							{
+								Type: policy.EndpointPolicy,
+								Data: GetRawOutBoundNATPolicy(),
+							},
+							{
+								Type: policy.EndpointPolicy,
+								Data: GetRawACLPolicy(),
+							},
+							{
+								Type: policy.EndpointPolicy,
+								Data: json.RawMessage(`{"Type":"LoopbackDSR","IPAddress":"10.0.0.10"}`),
+							},
+						},
+						NetworkPolicies: []policy.Policy{
+							{
+								Type: policy.EndpointPolicy,
+								Data: GetRawOutBoundNATPolicy(),
+							},
+							{
+								Type: policy.EndpointPolicy,
+								Data: GetRawACLPolicy(),
+							},
+						},
 					},
 					epIDRegex: `.*`,
 				},
@@ -1211,6 +1306,37 @@ func TestPluginWindowsAdd(t *testing.T) {
 				require.NoError(t, err)
 			}
 
+			// confirm separate entities
+			// that is, if one is modified, the other should not be modified
+			epInfos := []*network.EndpointInfo{}
+			for _, val := range allEndpoints {
+				epInfos = append(epInfos, val)
+			}
+			if len(epInfos) > 1 {
+				// ensure the endpoint data  and options are separate entities when in separate endpoint infos
+				epInfo1 := epInfos[0]
+				epInfo2 := epInfos[1]
+				epInfo1.Data["dummy"] = "dummy value"
+				epInfo1.Options["dummy"] = "another dummy value"
+				require.NotEqual(t, epInfo1.Data, epInfo2.Data)
+				require.NotEqual(t, epInfo1.Options, epInfo2.Options)
+
+				// ensure the endpoint policy slices are separate entities when in separate endpoint infos
+				if len(epInfo1.EndpointPolicies) > 0 {
+					epInfo1.EndpointPolicies[0] = policy.Policy{
+						Type: policy.ACLPolicy,
+					}
+					require.NotEqual(t, epInfo1.EndpointPolicies, epInfo2.EndpointPolicies)
+				}
+				// ensure the network policy slices are separate entities when in separate endpoint infos
+				if len(epInfo1.NetworkPolicies) > 0 {
+					epInfo1.NetworkPolicies[0] = policy.Policy{
+						Type: policy.ACLPolicy,
+					}
+					require.NotEqual(t, epInfo1.NetworkPolicies, epInfo2.NetworkPolicies)
+				}
+			}
+
 			// ensure deleted
 			require.Empty(t, allEndpoints)
 		})