fix: fixing Stateless CNI delete in SwiftV2 scenario

Author: behzad-mir

cni/network/network.go

@@ -716,7 +716,7 @@ func (plugin *NetPlugin) createEpInfo(opt *createEpInfoOpt) (*network.EndpointIn
 		*opt.infraSeen = true
 	} else {
 		ifName = "eth" + strconv.Itoa(opt.endpointIndex)
-		endpointID = plugin.nm.GetEndpointID(opt.args.ContainerID, ifName)
+		endpointID = plugin.nm.GetEndpointIDByNicType(opt.args.ContainerID, ifName, opt.ifInfo.NICType)
 	}
 
 	endpointInfo := network.EndpointInfo{

cns/restserver/ipam.go

@@ -1313,12 +1313,16 @@ func updateIPInfoMap(iPInfo map[string]*IPInfo, interfaceInfo *IPInfo, ifName, e
 		iPInfo[ifName].MacAddress = interfaceInfo.MacAddress
 		logger.Printf("[updateEndpoint] update the endpoint %s with MacAddress  %s", endpointID, interfaceInfo.MacAddress)
 	}
+	if interfaceInfo.NetworkNameSpace != "" {
+		iPInfo[ifName].NetworkNameSpace = interfaceInfo.NetworkNameSpace
+		logger.Printf("[updateEndpoint] update the endpoint %s with NetworkNameSpace  %s", endpointID, interfaceInfo.NetworkNameSpace)
+	}
 }
 
 // verifyUpdateEndpointStateRequest verify the CNI request body for the UpdateENdpointState API
 func verifyUpdateEndpointStateRequest(req map[string]*IPInfo) error {
 	for ifName, InterfaceInfo := range req {
-		if InterfaceInfo.HostVethName == "" && InterfaceInfo.HnsEndpointID == "" && InterfaceInfo.NICType == "" && InterfaceInfo.MacAddress == "" {
+		if InterfaceInfo.HostVethName == "" && InterfaceInfo.HnsEndpointID == "" && InterfaceInfo.NICType == "" && InterfaceInfo.MacAddress == "" && InterfaceInfo.NetworkNameSpace == "" {
 			return errors.New("[updateEndpoint] No NicType, MacAddress, HnsEndpointID or HostVethName has been provided")
 		}
 		if ifName == "" {

cns/restserver/restserver.go

@@ -126,13 +126,14 @@ type EndpointInfo struct {
 }
 
 type IPInfo struct {
-	IPv4          []net.IPNet
-	IPv6          []net.IPNet `json:",omitempty"`
-	HnsEndpointID string      `json:",omitempty"`
-	HnsNetworkID  string      `json:",omitempty"`
-	HostVethName  string      `json:",omitempty"`
-	MacAddress    string      `json:",omitempty"`
-	NICType       cns.NICType
+	IPv4             []net.IPNet
+	IPv6             []net.IPNet `json:",omitempty"`
+	HnsEndpointID    string      `json:",omitempty"`
+	HnsNetworkID     string      `json:",omitempty"`
+	HostVethName     string      `json:",omitempty"`
+	MacAddress       string      `json:",omitempty"`
+	NICType          cns.NICType `json:",omitempty"`
+	NetworkNameSpace string      `json:",omitempty"`
 }
 
 type GetHTTPServiceDataResponse struct {

network/manager.go

@@ -116,6 +116,7 @@ type NetworkManager interface {
 	UpdateEndpoint(networkID string, existingEpInfo *EndpointInfo, targetEpInfo *EndpointInfo) error
 	GetNumberOfEndpoints(ifName string, networkID string) int
 	GetEndpointID(containerID, ifName string) string
+	GetEndpointIDByNicType(containerID, ifName string, nicType cns.NICType) string
 	IsStatelessCNIMode() bool
 	SaveState(eps []*endpoint) error
 	DeleteState(epInfos []*EndpointInfo) error
@@ -514,7 +515,7 @@ func (nm *networkManager) DeleteEndpointState(networkID string, epInfo *Endpoint
 	nw := &network{
 		Id:           networkID, // currently unused in stateless cni
 		HnsId:        epInfo.HNSNetworkID,
-		Mode:         opModeTransparentVlan,
+		Mode:         opModeTransparent,
 		SnatBridgeIP: "",
 		NetNs:        dummyGUID, // to trigger hns v2, windows
 		extIf: &externalInterface{
@@ -529,6 +530,7 @@ func (nm *networkManager) DeleteEndpointState(networkID string, epInfo *Endpoint
 		HNSNetworkID:             epInfo.HNSNetworkID, // unused (we use nw.HnsId for deleting the network)
 		HostIfName:               epInfo.HostIfName,
 		LocalIP:                  "",
+		IPAddresses:              epInfo.IPAddresses,
 		VlanID:                   0,
 		AllowInboundFromHostToNC: false, // stateless currently does not support apipa
 		AllowInboundFromNCToHost: false,
@@ -537,11 +539,12 @@ func (nm *networkManager) DeleteEndpointState(networkID string, epInfo *Endpoint
 		NetworkContainerID:       epInfo.NetworkContainerID, // we don't use this as long as AllowInboundFromHostToNC and AllowInboundFromNCToHost are false
 		NetNs:                    dummyGUID,                 // to trigger hnsv2, windows
 		NICType:                  epInfo.NICType,
+		NetworkNameSpace:         epInfo.NetNsPath,
 		IfName:                   epInfo.IfName, // TODO: For stateless cni linux populate IfName here to use in deletion in secondary endpoint client
 	}
 	logger.Info("Deleting endpoint with", zap.String("Endpoint Info: ", epInfo.PrettyString()), zap.String("HNISID : ", ep.HnsId))
 
-	err := nw.deleteEndpointImpl(netlink.NewNetlink(), platform.NewExecClient(logger), nil, nil, nil, nil, nil, ep)
+	err := nw.deleteEndpointImpl(nm.netlink, nm.plClient, nil, nm.netio, nm.nsClient, nm.iptablesClient, nm.dhcpClient, ep)
 	if err != nil {
 		return err
 	}
@@ -745,6 +748,16 @@ func (nm *networkManager) GetEndpointID(containerID, ifName string) string {
 	return containerID + "-" + ifName
 }
 
+// GetEndpointIDByNicType returns a unique endpoint ID based on the CNI mode and NIC type.
+func (nm *networkManager) GetEndpointIDByNicType(containerID, ifName string, nicType cns.NICType) string {
+	// For stateless CNI, secondary NICs use containerID-ifName as endpointID.
+	if nm.IsStatelessCNIMode() && nicType != cns.InfraNIC {
+		return containerID + "-" + ifName
+	}
+	// For InfraNIC, use GetEndpointID() logic.
+	return nm.GetEndpointID(containerID, ifName)
+}
+
 // saves the map of network ids to endpoints to the state file
 func (nm *networkManager) SaveState(eps []*endpoint) error {
 	nm.Lock()
@@ -809,6 +822,7 @@ func cnsEndpointInfotoCNIEpInfos(endpointInfo restserver.EndpointInfo, endpointI
 		epInfo.NICType = ipInfo.NICType
 		epInfo.HNSNetworkID = ipInfo.HnsNetworkID
 		epInfo.MacAddress = net.HardwareAddr(ipInfo.MacAddress)
+		epInfo.NetNsPath = ipInfo.NetworkNameSpace
 		ret = append(ret, epInfo)
 	}
 	return ret
@@ -837,11 +851,12 @@ func generateCNSIPInfoMap(eps []*endpoint) map[string]*restserver.IPInfo {
 
 	for _, ep := range eps {
 		ifNametoIPInfoMap[ep.IfName] = &restserver.IPInfo{ // in windows, the nicname is args ifname, in linux, it's ethX
-			NICType:       ep.NICType,
-			HnsEndpointID: ep.HnsId,
-			HnsNetworkID:  ep.HNSNetworkID,
-			HostVethName:  ep.HostIfName,
-			MacAddress:    ep.MacAddress.String(),
+			NICType:          ep.NICType,
+			HnsEndpointID:    ep.HnsId,
+			HnsNetworkID:     ep.HNSNetworkID,
+			HostVethName:     ep.HostIfName,
+			MacAddress:       ep.MacAddress.String(),
+			NetworkNameSpace: ep.NetworkNameSpace,
 		}
 	}
 

network/manager_mock.go

@@ -1,6 +1,7 @@
 package network
 
 import (
+	"github.com/Azure/azure-container-networking/cns"
 	"github.com/Azure/azure-container-networking/common"
 )
 
@@ -94,6 +95,16 @@ func (nm *MockNetworkManager) GetEndpointID(containerID, ifName string) string {
 	return containerID + "-" + ifName
 }
 
+// GetEndpointIDByNicType returns a unique endpoint ID based on the CNI mode and NIC type.
+func (nm *MockNetworkManager) GetEndpointIDByNicType(containerID, ifName string, nicType cns.NICType) string {
+	// For stateless CNI, secondary NICs use containerID-ifName as endpointID.
+	if nm.IsStatelessCNIMode() && nicType != cns.InfraNIC {
+		return containerID + "-" + ifName
+	}
+	// For InfraNIC, use GetEndpointID() logic.
+	return nm.GetEndpointID(containerID, ifName)
+}
+
 func (nm *MockNetworkManager) GetAllEndpoints(networkID string) (map[string]*EndpointInfo, error) {
 	return nm.TestEndpointInfoMap, nil
 }

network/manager_test.go

@@ -489,3 +489,108 @@ var _ = Describe("Test Manager", func() {
 		})
 	})
 })
+
+func TestGetEndpointIDByNicType_Cases(t *testing.T) {
+	nm := &networkManager{}
+
+	cases := []struct {
+		name           string
+		stateless      bool
+		containerID    string
+		ifName         string
+		nicType        cns.NICType
+		expectedResult string
+	}{
+		{
+			name:           "Stateless InfraNIC",
+			stateless:      true,
+			containerID:    "container123",
+			ifName:         "eth0",
+			nicType:        cns.InfraNIC,
+			expectedResult: "container123",
+		},
+		{
+			name:           "Stateless SecondaryNIC",
+			stateless:      true,
+			containerID:    "container123",
+			ifName:         "eth1",
+			nicType:        cns.DelegatedVMNIC,
+			expectedResult: "container123-eth1",
+		},
+		{
+			name:           "Stateful InfraNIC",
+			stateless:      false,
+			containerID:    "container123456789",
+			ifName:         "eth0",
+			nicType:        cns.InfraNIC,
+			expectedResult: "containe-eth0", // truncated to 8 chars
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			nm.statelessCniMode = tc.stateless
+			id := nm.GetEndpointIDByNicType(tc.containerID, tc.ifName, tc.nicType)
+			if id != tc.expectedResult {
+				t.Errorf("expected %s, got %s", tc.expectedResult, id)
+			}
+		})
+	}
+}
+
+func TestCnsEndpointInfotoCNIEpInfos_Cases(t *testing.T) {
+	cases := []struct {
+		name            string
+		ifName          string
+		ipInfo          restserver.IPInfo
+		expectedNetNs   string
+		expectedIfName  string
+		expectedNICType cns.NICType
+	}{
+		{
+			name:   "With NetworkNameSpace and DelegatedVMNIC",
+			ifName: "eth1",
+			ipInfo: restserver.IPInfo{
+				NetworkNameSpace: "/var/run/netns/testns",
+				NICType:          cns.DelegatedVMNIC,
+			},
+			expectedNetNs:   "/var/run/netns/testns",
+			expectedIfName:  "eth1",
+			expectedNICType: cns.DelegatedVMNIC,
+		},
+		{
+			name:   "Empty NetworkNameSpace and InfraNIC",
+			ifName: "eth0",
+			ipInfo: restserver.IPInfo{
+				NetworkNameSpace: "",
+				NICType:          cns.InfraNIC,
+			},
+			expectedNetNs:   "",
+			expectedIfName:  "eth0",
+			expectedNICType: cns.InfraNIC,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			endpointInfo := restserver.EndpointInfo{
+				IfnameToIPMap: map[string]*restserver.IPInfo{
+					tc.ifName: &tc.ipInfo,
+				},
+			}
+			epInfos := cnsEndpointInfotoCNIEpInfos(endpointInfo, "container123")
+			if len(epInfos) == 0 {
+				t.Fatalf("expected at least one epInfo")
+			}
+			if epInfos[0].NetNsPath != tc.expectedNetNs {
+				t.Errorf("expected NetNsPath %q, got %q", tc.expectedNetNs, epInfos[0].NetNsPath)
+			}
+			if epInfos[0].IfName != tc.expectedIfName {
+				t.Errorf("expected IfName %q, got %q", tc.expectedIfName, epInfos[0].IfName)
+			}
+			if epInfos[0].NICType != tc.expectedNICType {
+				t.Errorf("expected NICType %v, got %v", tc.expectedNICType, epInfos[0].NICType)
+			}
+		})
+	}
+}