feat: CNS RequestIPAddress branching for MT/V2

cns/NetworkContainerContract.go

@@ -182,6 +182,8 @@ type PodInfo interface {
 	Equals(PodInfo) bool
 	// String implements string for logging PodInfos
 	String() string
+	// SecondaryInterfacesExist returns true if there exist a secondary interface for this pod
+	SecondaryInterfacesExist() bool
 }
 
 type KubernetesPodInfo struct {
@@ -194,9 +196,10 @@ var _ PodInfo = (*podInfo)(nil)
 // podInfo implements PodInfo for multiple schemas of Key
 type podInfo struct {
 	KubernetesPodInfo
-	PodInfraContainerID string
-	PodInterfaceID      string
-	Version             podInfoScheme
+	PodInfraContainerID   string
+	PodInterfaceID        string
+	Version               podInfoScheme
+	SecondaryInterfaceSet bool
 }
 
 func (p podInfo) String() string {
@@ -250,6 +253,10 @@ func (p *podInfo) OrchestratorContext() (json.RawMessage, error) {
 	return jsonContext, nil
 }
 
+func (p *podInfo) SecondaryInterfacesExist() bool {
+	return p.SecondaryInterfaceSet
+}
+
 // NewPodInfo returns an implementation of PodInfo that returns the passed
 // configuration for their namesake functions.
 func NewPodInfo(infraContainerID, interfaceID, name, namespace string) PodInfo {
@@ -287,6 +294,7 @@ func NewPodInfoFromIPConfigsRequest(req IPConfigsRequest) (PodInfo, error) {
 	}
 	p.(*podInfo).PodInfraContainerID = req.InfraContainerID
 	p.(*podInfo).PodInterfaceID = req.PodInterfaceID
+	p.(*podInfo).SecondaryInterfaceSet = req.SecondaryInterfacesExist
 	return p, nil
 }
 
@@ -442,11 +450,12 @@ type IPConfigRequest struct {
 
 // Same as IPConfigRequest except that DesiredIPAddresses is passed in as a slice
 type IPConfigsRequest struct {
-	DesiredIPAddresses  []string        `json:"desiredIPAddresses"`
-	PodInterfaceID      string          `json:"podInterfaceID"`
-	InfraContainerID    string          `json:"infraContainerID"`
-	OrchestratorContext json.RawMessage `json:"orchestratorContext"`
-	Ifname              string          `json:"ifname"` // Used by delegated IPAM
+	DesiredIPAddresses       []string        `json:"desiredIPAddresses"`
+	PodInterfaceID           string          `json:"podInterfaceID"`
+	InfraContainerID         string          `json:"infraContainerID"`
+	OrchestratorContext      json.RawMessage `json:"orchestratorContext"`
+	Ifname                   string          `json:"ifname"`                   // Used by delegated IPAM
+	SecondaryInterfacesExist bool            `json:"secondaryInterfacesExist"` // will be set by SWIFT v2 validator func
 }
 
 // IPConfigResponse is used in CNS IPAM mode as a response to CNI ADD

cns/api.go

@@ -48,8 +48,18 @@ type HTTPService interface {
 	GetPendingReleaseIPConfigs() []IPConfigurationStatus
 	GetPodIPConfigState() map[string]IPConfigurationStatus
 	MarkIPAsPendingRelease(numberToMark int) (map[string]IPConfigurationStatus, error)
+	AttachSWIFTv2Middleware(middleware SWIFTv2Middleware)
 }
 
+// Middleware interface for testing later on
+type SWIFTv2Middleware interface {
+	ValidateIPConfigsRequest(context.Context, *IPConfigsRequest) (types.ResponseCode, string)
+	GetIPConfig(context.Context, PodInfo) (PodIpInfo, error)
+	SetRoutes(*PodIpInfo) error
+}
+
+type IPConfigsRequestValidator func(context.Context, *IPConfigsRequest) (types.ResponseCode, string)
+
 // This is used for KubernetesCRD orchestrator Type where NC has multiple ips.
 // This struct captures the state for SecondaryIPs associated to a given NC
 type IPConfigurationStatus struct {

cns/configuration/env.go

@@ -11,13 +11,23 @@ const (
 	EnvNodeName = "NODENAME"
 	// EnvNodeIP is the IP of the node running this CNS binary
 	EnvNodeIP = "NODE_IP"
-	// LabelSwiftV2 is the Node label for Swift V2
-	LabelSwiftV2 = "kubernetes.azure.com/podnetwork-multi-tenancy"
+	// LabelNodeSwiftV2 is the Node label for Swift V2
+	LabelNodeSwiftV2 = "kubernetes.azure.com/podnetwork-multi-tenancy-enabled"
+	// LabelPodSwiftV2 is the Pod label for Swift V2
+	LabelPodSwiftV2 = "kubernetes.azure.com/pod-network"
+	EnvPodCIDRs     = "POD_CIDRs"
+	EnvServiceCIDRs = "SERVICE_CIDRs"
 )
 
 // ErrNodeNameUnset indicates the the $EnvNodeName variable is unset in the environment.
 var ErrNodeNameUnset = errors.Errorf("must declare %s environment variable", EnvNodeName)
 
+// ErrPodCIDRsUnset indicates the the $EnvPodCIDRs variable is unset in the environment.
+var ErrPodCIDRsUnset = errors.Errorf("must declare %s environment variable", EnvPodCIDRs)
+
+// ErrServiceCIDRsUnset indicates the the $EnvServiceCIDRs variable is unset in the environment.
+var ErrServiceCIDRsUnset = errors.Errorf("must declare %s environment variable", EnvServiceCIDRs)
+
 // NodeName checks the environment variables for the NODENAME and returns it or an error if unset.
 func NodeName() (string, error) {
 	nodeName := os.Getenv(EnvNodeName)
@@ -31,3 +41,19 @@ func NodeName() (string, error) {
 func NodeIP() string {
 	return os.Getenv(EnvNodeIP)
 }
+
+func PodCIDRs() (string, error) {
+	podCIDRs := os.Getenv(EnvPodCIDRs)
+	if podCIDRs == "" {
+		return "", ErrPodCIDRsUnset
+	}
+	return podCIDRs, nil
+}
+
+func ServiceCIDRs() (string, error) {
+	serviceCIDRs := os.Getenv(EnvServiceCIDRs)
+	if serviceCIDRs == "" {
+		return "", ErrServiceCIDRsUnset
+	}
+	return serviceCIDRs, nil
+}

cns/configuration/env_test.go

@@ -17,3 +17,23 @@ func TestNodeName(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, "test", name)
 }
+
+func TestPodCIDRs(t *testing.T) {
+	_, err := PodCIDRs()
+	require.Error(t, err)
+	require.ErrorIs(t, err, ErrPodCIDRsUnset)
+	os.Setenv(EnvPodCIDRs, "test")
+	cidr, err := PodCIDRs()
+	assert.NoError(t, err)
+	assert.Equal(t, "test", cidr)
+}
+
+func TestServiceCIDRs(t *testing.T) {
+	_, err := ServiceCIDRs()
+	require.Error(t, err)
+	require.ErrorIs(t, err, ErrServiceCIDRsUnset)
+	os.Setenv(EnvServiceCIDRs, "test")
+	cidr, err := ServiceCIDRs()
+	assert.NoError(t, err)
+	assert.Equal(t, "test", cidr)
+}

cns/fakes/cnsfake.go

@@ -276,3 +276,5 @@ func (fake *HTTPServiceFake) Init(*common.ServiceConfig) error {
 }
 
 func (fake *HTTPServiceFake) Stop() {}
+
+func (fake *HTTPServiceFake) AttachSWIFTv2Middleware(cns.SWIFTv2Middleware) {}

cns/middlewares/mock/mockClient.go

@@ -0,0 +1,65 @@
+package middlewares
+
+import (
+	"context"
+	"errors"
+
+	"github.com/Azure/azure-container-networking/cns/configuration"
+	"github.com/Azure/azure-container-networking/crd/multitenancy/api/v1alpha1"
+	v1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+var (
+	errPodNotFound   = errors.New("pod not found")
+	errMTPNCNotFound = errors.New("mtpnc not found")
+)
+
+// MockClient implements the client.Client interface for testing. We only care about Get, the rest is nil ops.
+type MockClient struct {
+	client.Client
+	mtPodCache map[string]*v1.Pod
+	mtpncCache map[string]*v1alpha1.MultitenantPodNetworkConfig
+}
+
+// NewMockClient returns a new MockClient.
+func NewMockClient() *MockClient {
+	testPod1 := v1.Pod{}
+	testPod1.Labels = make(map[string]string)
+	testPod1.Labels[configuration.LabelPodSwiftV2] = "true"
+
+	testMTPNC1 := v1alpha1.MultitenantPodNetworkConfig{}
+	testMTPNC1.Status.PrimaryIP = "192.168.0.1"
+	testMTPNC1.Status.MacAddress = "00:00:00:00:00:00"
+	testMTPNC1.Status.GatewayIP = "10.0.0.1"
+	testMTPNC1.Status.NCID = "testncid"
+
+	testMTPNC3 := v1alpha1.MultitenantPodNetworkConfig{}
+
+	return &MockClient{
+		mtPodCache: map[string]*v1.Pod{"testpod1namespace/testpod1": &testPod1},
+		mtpncCache: map[string]*v1alpha1.MultitenantPodNetworkConfig{
+			"testpod1namespace/testpod1": &testMTPNC1,
+			"testpod3namespace/testpod3": &testMTPNC3,
+		},
+	}
+}
+
+// Get implements client.Client.Get.
+func (c *MockClient) Get(_ context.Context, key client.ObjectKey, obj client.Object, _ ...client.GetOption) error {
+	switch o := obj.(type) {
+	case *v1.Pod:
+		if pod, ok := c.mtPodCache[key.String()]; ok {
+			*o = *pod
+		} else {
+			return errPodNotFound
+		}
+	case *v1alpha1.MultitenantPodNetworkConfig:
+		if mtpnc, ok := c.mtpncCache[key.String()]; ok {
+			*o = *mtpnc
+		} else {
+			return errMTPNCNotFound
+		}
+	}
+	return nil
+}

cns/middlewares/mock/mockSWIFTv2.go

@@ -0,0 +1,92 @@
+package middlewares
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	"github.com/Azure/azure-container-networking/cns"
+	"github.com/Azure/azure-container-networking/cns/configuration"
+	"github.com/Azure/azure-container-networking/cns/types"
+	"github.com/Azure/azure-container-networking/crd/multitenancy/api/v1alpha1"
+	v1 "k8s.io/api/core/v1"
+	k8types "k8s.io/apimachinery/pkg/types"
+)
+
+var (
+	errMTPNCNotReady  = errors.New("mtpnc is not ready")
+	errFailedToGetPod = errors.New("failed to get pod")
+)
+
+type MockSWIFTv2Middleware struct {
+	mtPodState map[string]*v1.Pod
+	mtpncState map[string]*v1alpha1.MultitenantPodNetworkConfig
+}
+
+func NewMockSWIFTv2Middleware() *MockSWIFTv2Middleware {
+	testPod1 := v1.Pod{}
+	testPod1.Labels = make(map[string]string)
+	testPod1.Labels[configuration.LabelPodSwiftV2] = "true"
+
+	testMTPNC1 := v1alpha1.MultitenantPodNetworkConfig{}
+	testMTPNC1.Status.PrimaryIP = "192.168.0.1"
+	testMTPNC1.Status.MacAddress = "00:00:00:00:00:00"
+	testMTPNC1.Status.GatewayIP = "10.0.0.1"
+	testMTPNC1.Status.NCID = "testncid"
+
+	return &MockSWIFTv2Middleware{
+		mtPodState: map[string]*v1.Pod{"testpod1namespace/testpod1": &testPod1},
+		mtpncState: map[string]*v1alpha1.MultitenantPodNetworkConfig{"testpod1namespace/testpod1": &testMTPNC1},
+	}
+}
+
+// validateMultitenantIPConfigsRequest validates if pod is multitenant
+// nolint
+func (m *MockSWIFTv2Middleware) ValidateIPConfigsRequest(_ context.Context, req *cns.IPConfigsRequest) (respCode types.ResponseCode, message string) {
+	// Retrieve the pod from the cluster
+	podInfo, err := cns.UnmarshalPodInfo(req.OrchestratorContext)
+	if err != nil {
+		errBuf := fmt.Sprintf("unmarshalling pod info from ipconfigs request %v failed with error %v", req, err)
+		return types.UnexpectedError, errBuf
+	}
+	podNamespacedName := k8types.NamespacedName{Namespace: podInfo.Namespace(), Name: podInfo.Name()}
+	pod, ok := m.mtPodState[podNamespacedName.String()]
+	if !ok {
+		errBuf := fmt.Sprintf("failed to get pod %v with error %v", podNamespacedName, err)
+		return types.UnexpectedError, errBuf
+	}
+	// check the pod labels for Swift V2, enrich the request with the multitenant flag.
+	if _, ok := pod.Labels[configuration.LabelPodSwiftV2]; ok {
+		req.SecondaryInterfacesExist = true
+	}
+	return types.Success, ""
+}
+
+// GetSWIFTv2IPConfig(podInfo PodInfo) (*PodIpInfo, error)
+// GetMultitenantIPConfig returns the IP config for a multitenant pod from the MTPNC CRD
+func (m *MockSWIFTv2Middleware) GetIPConfig(_ context.Context, podInfo cns.PodInfo) (cns.PodIpInfo, error) {
+	// Check if the MTPNC CRD exists for the pod, if not, return error
+	mtpncNamespacedName := k8types.NamespacedName{Namespace: podInfo.Namespace(), Name: podInfo.Name()}
+	mtpnc, ok := m.mtpncState[mtpncNamespacedName.String()]
+	if !ok {
+		return cns.PodIpInfo{}, errFailedToGetPod
+	}
+
+	// Check if the MTPNC CRD is ready. If one of the fields is empty, return error
+	if mtpnc.Status.PrimaryIP == "" || mtpnc.Status.MacAddress == "" || mtpnc.Status.NCID == "" || mtpnc.Status.GatewayIP == "" {
+		return cns.PodIpInfo{}, errMTPNCNotReady
+	}
+	podIPInfo := cns.PodIpInfo{}
+	podIPInfo.PodIPConfig = cns.IPSubnet{
+		IPAddress: mtpnc.Status.PrimaryIP,
+	}
+	podIPInfo.MacAddress = mtpnc.Status.MacAddress
+	podIPInfo.NICType = cns.DelegatedVMNIC
+	podIPInfo.SkipDefaultRoutes = false
+
+	return podIPInfo, nil
+}
+
+func (m *MockSWIFTv2Middleware) SetRoutes(_ *cns.PodIpInfo) error {
+	return nil
+}