cns changes based on update to network container contrac

Author: rejain789

cni/netconfig.go

@@ -7,7 +7,6 @@ import (
 	"encoding/json"
 	"strings"
 
-	acn "github.com/Azure/azure-container-networking/common"
 	"github.com/Azure/azure-container-networking/network/policy"
 	cniTypes "github.com/containernetworking/cni/pkg/types"
 )
@@ -16,6 +15,11 @@ const (
 	PolicyStr string = "Policy"
 )
 
+type KVPair struct {
+	Name  string          `json:"name"`
+	Value json.RawMessage `json:"value"`
+}
+
 type PortMapping struct {
 	HostPort      int    `json:"hostPort"`
 	ContainerPort int    `json:"containerPort"`
@@ -73,7 +77,7 @@ type NetworkConfig struct {
 	DNS                           cniTypes.DNS    `json:"dns,omitempty"`
 	RuntimeConfig                 RuntimeConfig   `json:"runtimeConfig,omitempty"`
 	WindowsSettings               WindowsSettings `json:"windowsSettings,omitempty"`
-	AdditionalArgs                []acn.KVPair    `json:"AdditionalArgs,omitempty"`
+	AdditionalArgs                []KVPair        `json:"AdditionalArgs,omitempty"`
 }
 
 type WindowsSettings struct {
@@ -116,7 +120,7 @@ func ParseNetworkConfig(b []byte) (*NetworkConfig, error) {
 }
 
 // GetPoliciesFromNwCfg returns network policies from network config.
-func GetPoliciesFromNwCfg(kvp []acn.KVPair) []policy.Policy {
+func GetPoliciesFromNwCfg(kvp []KVPair) []policy.Policy {
 	var policies []policy.Policy
 	for _, pair := range kvp {
 		if strings.Contains(pair.Name, PolicyStr) {

cni/network/network_windows_test.go

@@ -12,7 +12,6 @@ import (
 
 	"github.com/Azure/azure-container-networking/cni"
 	"github.com/Azure/azure-container-networking/cns"
-	acn "github.com/Azure/azure-container-networking/common"
 	"github.com/Azure/azure-container-networking/network"
 	"github.com/Azure/azure-container-networking/network/hnswrapper"
 	"github.com/Azure/azure-container-networking/network/policy"
@@ -942,7 +941,7 @@ func TestPluginWindowsAdd(t *testing.T) {
 		EnableExactMatchForPodName: true,
 		Master:                     "eth0",
 		// these are added to test that policies propagate to endpoint info
-		AdditionalArgs: []acn.KVPair{
+		AdditionalArgs: []cni.KVPair{
 			{
 				Name:  "EndpointPolicy",
 				Value: GetRawOutBoundNATPolicy(),

cns/NetworkContainerContract.go

@@ -8,8 +8,8 @@ import (
 	"strings"
 
 	"github.com/Azure/azure-container-networking/cns/types"
-	acn "github.com/Azure/azure-container-networking/common"
 	"github.com/Azure/azure-container-networking/crd/nodenetworkconfig/api/v1alpha"
+	"github.com/Azure/azure-container-networking/network/policy"
 	"github.com/google/uuid"
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
@@ -504,8 +504,8 @@ type PodIpInfo struct {
 	Routes []Route
 	// PnpId is set for backend interfaces, Pnp Id identifies VF. Plug and play id(pnp) is also called as PCI ID
 	PnPID string
-	// Defauly Deny ACL's to configure on HNS endpoints for Swiftv2 window nodes
-	DefaultDenyACL []acn.KVPair
+	// Default Deny ACL's to configure on HNS endpoints for Swiftv2 window nodes
+	EdpointPolicies []policy.Policy
 }
 
 type HostIPInfo struct {

cns/middlewares/k8sSwiftV2_windows.go

@@ -5,8 +5,8 @@ import (
 
 	"github.com/Azure/azure-container-networking/cns"
 	"github.com/Azure/azure-container-networking/cns/middlewares/utils"
-	acn "github.com/Azure/azure-container-networking/common"
 	"github.com/Azure/azure-container-networking/crd/multitenancy/api/v1alpha1"
+	"github.com/Azure/azure-container-networking/network/policy"
 	"github.com/Microsoft/hcsshim/hcn"
 	"github.com/pkg/errors"
 )
@@ -75,18 +75,18 @@ func addDefaultDenyACL(podIPInfo *cns.PodIpInfo) error {
 		return errors.Wrap(err, "Failed to create default deny ACL policy ingress")
 	}
 
-	additionalArgs := []acn.KVPair{
+	additionalArgs := []policy.Policy{
 		{
-			Name:  "EndpointPolicy",
-			Value: blockEgressACL,
+			Type: policy.ACLPolicy,
+			Data: blockEgressACL,
 		},
 		{
-			Name:  "EndpointPolicy",
-			Value: blockIngressACL,
+			Type: policy.ACLPolicy,
+			Data: blockIngressACL,
 		},
 	}
 
-	podIPInfo.DefaultDenyACL = append(podIPInfo.DefaultDenyACL, additionalArgs...)
+	podIPInfo.EdpointPolicies = append(podIPInfo.EdpointPolicies, additionalArgs...)
 
 	return nil
 }

cns/middlewares/k8sSwiftV2_windows_test.go

@@ -5,6 +5,7 @@ import (
 	"reflect"
 	"testing"
 
+	"github.com/Azure/azure-container-networking/cni"
 	"github.com/Azure/azure-container-networking/cns"
 	"github.com/Azure/azure-container-networking/cns/middlewares/mock"
 	acn "github.com/Azure/azure-container-networking/common"
@@ -119,7 +120,7 @@ func TestAddDefaultDenyACL(t *testing.T) {
 		"Priority": 10000
 	}`)
 
-	expectedDefaultDenyACL := []acn.KVPair{
+	expectedDefaultDenyACL := []cni.KVPair{
 		{
 			Name:  "EndpointPolicy",
 			Value: valueOut,
@@ -151,8 +152,8 @@ func TestAddDefaultDenyACL(t *testing.T) {
 }
 
 // normalizeKVPairs normalizes the JSON values in the KV pairs by unmarshaling them into a map, then marshaling them back to compact JSON to remove any extra space, new lines, etc
-func normalizeKVPairs(t *testing.T, kvPairs []acn.KVPair) []acn.KVPair {
-	normalized := make([]acn.KVPair, len(kvPairs))
+func normalizeKVPairs(t *testing.T, kvPairs []acn.KVPair) []cni.KVPair {
+	normalized := make([]cni.KVPair, len(kvPairs))
 
 	for i, kv := range kvPairs {
 		var unmarshaledValue map[string]interface{}

common/config.go

@@ -3,10 +3,6 @@
 
 package common
 
-import (
-	"encoding/json"
-)
-
 // Command line options.
 const (
 	// Operating environment.
@@ -150,9 +146,3 @@ const (
 	// OptCNIConflistScenarioAlias "shorthand" for the cni conflist scenairo, see above
 	OptCNIConflistScenarioAlias = "cniconflistscenario"
 )
-
-// KVPair represents a K-V pair of a json object.
-type KVPair struct {
-	Name  string          `json:"name"`
-	Value json.RawMessage `json:"value"`
-}