feat: CNS RequestIPAddress branching for MT/V2

cni/plugin.go

@@ -24,8 +24,10 @@ import (
 	"go.uber.org/zap"
 )
 
-var logger = log.CNILogger.With(zap.String("component", "cni-plugin"))
-var storeLogger = log.CNILogger.With(zap.String("component", "cni-store"))
+var (
+	logger      = log.CNILogger.With(zap.String("component", "cni-plugin"))
+	storeLogger = log.CNILogger.With(zap.String("component", "cni-store"))
+)
 
 var errEmptyContent = errors.New("read content is zero bytes")
 

cns/NetworkContainerContract.go

@@ -187,6 +187,8 @@ type PodInfo interface {
 	Equals(PodInfo) bool
 	// String implements string for logging PodInfos
 	String() string
+	// SecondaryInterfacesExist returns true if there exist a secondary interface for this pod
+	SecondaryInterfacesExist() bool
 }
 
 type KubernetesPodInfo struct {
@@ -199,9 +201,10 @@ var _ PodInfo = (*podInfo)(nil)
 // podInfo implements PodInfo for multiple schemas of Key
 type podInfo struct {
 	KubernetesPodInfo
-	PodInfraContainerID string
-	PodInterfaceID      string
-	Version             podInfoScheme
+	PodInfraContainerID   string
+	PodInterfaceID        string
+	Version               podInfoScheme
+	SecondaryInterfaceSet bool
 }
 
 func (p podInfo) String() string {
@@ -255,6 +258,10 @@ func (p *podInfo) OrchestratorContext() (json.RawMessage, error) {
 	return jsonContext, nil
 }
 
+func (p *podInfo) SecondaryInterfacesExist() bool {
+	return p.SecondaryInterfaceSet
+}
+
 // NewPodInfo returns an implementation of PodInfo that returns the passed
 // configuration for their namesake functions.
 func NewPodInfo(infraContainerID, interfaceID, name, namespace string) PodInfo {
@@ -292,6 +299,7 @@ func NewPodInfoFromIPConfigsRequest(req IPConfigsRequest) (PodInfo, error) {
 	}
 	p.(*podInfo).PodInfraContainerID = req.InfraContainerID
 	p.(*podInfo).PodInterfaceID = req.PodInterfaceID
+	p.(*podInfo).SecondaryInterfaceSet = req.SecondaryInterfacesExist
 	return p, nil
 }
 
@@ -453,11 +461,12 @@ type IPConfigRequest struct {
 
 // Same as IPConfigRequest except that DesiredIPAddresses is passed in as a slice
 type IPConfigsRequest struct {
-	DesiredIPAddresses  []string        `json:"desiredIPAddresses"`
-	PodInterfaceID      string          `json:"podInterfaceID"`
-	InfraContainerID    string          `json:"infraContainerID"`
-	OrchestratorContext json.RawMessage `json:"orchestratorContext"`
-	Ifname              string          `json:"ifname"` // Used by delegated IPAM
+	DesiredIPAddresses       []string        `json:"desiredIPAddresses"`
+	PodInterfaceID           string          `json:"podInterfaceID"`
+	InfraContainerID         string          `json:"infraContainerID"`
+	OrchestratorContext      json.RawMessage `json:"orchestratorContext"`
+	Ifname                   string          `json:"ifname"`                   // Used by delegated IPAM
+	SecondaryInterfacesExist bool            `json:"secondaryInterfacesExist"` // will be set by SWIFT v2 validator func
 }
 
 // IPConfigResponse is used in CNS IPAM mode as a response to CNI ADD

cns/api.go

@@ -48,8 +48,18 @@ type HTTPService interface {
 	GetPendingReleaseIPConfigs() []IPConfigurationStatus
 	GetPodIPConfigState() map[string]IPConfigurationStatus
 	MarkIPAsPendingRelease(numberToMark int) (map[string]IPConfigurationStatus, error)
+	AttachSWIFTv2Middleware(middleware SWIFTv2Middleware)
 }
 
+// Middleware interface for testing later on
+type SWIFTv2Middleware interface {
+	ValidateIPConfigsRequest(context.Context, *IPConfigsRequest) (types.ResponseCode, string)
+	GetIPConfig(context.Context, PodInfo) (PodIpInfo, error)
+	SetRoutes(*PodIpInfo) error
+}
+
+type IPConfigsRequestValidator func(context.Context, *IPConfigsRequest) (types.ResponseCode, string)
+
 // This is used for KubernetesCRD orchestrator Type where NC has multiple ips.
 // This struct captures the state for SecondaryIPs associated to a given NC
 type IPConfigurationStatus struct {

cns/azure-cns.yaml

@@ -189,4 +189,4 @@ data:
       "ManageEndpointState": false,
       "ProgramSNATIPTables" : false
     }
-# Toggle ManageEndpointState and ProgramSNATIPTables to true for delegated IPAM use case.
+# Toggle ManageEndpointState and ProgramSNATIPTables to true for delegated IPAM use case.

cns/configuration/env.go

@@ -11,13 +11,27 @@ const (
 	EnvNodeName = "NODENAME"
 	// EnvNodeIP is the IP of the node running this CNS binary
 	EnvNodeIP = "NODE_IP"
-	// LabelSwiftV2 is the Node label for Swift V2
-	LabelSwiftV2 = "kubernetes.azure.com/podnetwork-multi-tenancy"
+	// LabelNodeSwiftV2 is the Node label for Swift V2
+	LabelNodeSwiftV2 = "kubernetes.azure.com/podnetwork-multi-tenancy-enabled"
+	// LabelPodSwiftV2 is the Pod label for Swift V2
+	LabelPodSwiftV2 = "kubernetes.azure.com/pod-network"
+	EnvPodCIDRs     = "POD_CIDRs"
+	EnvServiceCIDRs = "SERVICE_CIDRs"
+	EnvNodeCIDRs    = "NODE_CIDRs"
 )
 
 // ErrNodeNameUnset indicates the the $EnvNodeName variable is unset in the environment.
 var ErrNodeNameUnset = errors.Errorf("must declare %s environment variable", EnvNodeName)
 
+// ErrPodCIDRsUnset indicates the the $EnvPodCIDRs variable is unset in the environment.
+var ErrPodCIDRsUnset = errors.Errorf("must declare %s environment variable", EnvPodCIDRs)
+
+// ErrServiceCIDRsUnset indicates the the $EnvServiceCIDRs variable is unset in the environment.
+var ErrServiceCIDRsUnset = errors.Errorf("must declare %s environment variable", EnvServiceCIDRs)
+
+// ErrNodeCIDRsUnset indicates the the $EnvNodeCIDRs variable is unset in the environment.
+var ErrNodeCIDRsUnset = errors.Errorf("must declare %s environment variable", EnvNodeCIDRs)
+
 // NodeName checks the environment variables for the NODENAME and returns it or an error if unset.
 func NodeName() (string, error) {
 	nodeName := os.Getenv(EnvNodeName)
@@ -31,3 +45,27 @@ func NodeName() (string, error) {
 func NodeIP() string {
 	return os.Getenv(EnvNodeIP)
 }
+
+func PodCIDRs() (string, error) {
+	podCIDRs := os.Getenv(EnvPodCIDRs)
+	if podCIDRs == "" {
+		return "", ErrPodCIDRsUnset
+	}
+	return podCIDRs, nil
+}
+
+func ServiceCIDRs() (string, error) {
+	serviceCIDRs := os.Getenv(EnvServiceCIDRs)
+	if serviceCIDRs == "" {
+		return "", ErrServiceCIDRsUnset
+	}
+	return serviceCIDRs, nil
+}
+
+func NodeCIDRs() (string, error) {
+	nodeCIDRs := os.Getenv(EnvNodeCIDRs)
+	if nodeCIDRs == "" {
+		return "", ErrNodeCIDRsUnset
+	}
+	return nodeCIDRs, nil
+}

cns/configuration/env_test.go

@@ -17,3 +17,23 @@ func TestNodeName(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, "test", name)
 }
+
+func TestPodCIDRs(t *testing.T) {
+	_, err := PodCIDRs()
+	require.Error(t, err)
+	require.ErrorIs(t, err, ErrPodCIDRsUnset)
+	os.Setenv(EnvPodCIDRs, "test")
+	cidr, err := PodCIDRs()
+	assert.NoError(t, err)
+	assert.Equal(t, "test", cidr)
+}
+
+func TestServiceCIDRs(t *testing.T) {
+	_, err := ServiceCIDRs()
+	require.Error(t, err)
+	require.ErrorIs(t, err, ErrServiceCIDRsUnset)
+	os.Setenv(EnvServiceCIDRs, "test")
+	cidr, err := ServiceCIDRs()
+	assert.NoError(t, err)
+	assert.Equal(t, "test", cidr)
+}

cns/fakes/cnsfake.go

@@ -276,3 +276,5 @@ func (fake *HTTPServiceFake) Init(*common.ServiceConfig) error {
 }
 
 func (fake *HTTPServiceFake) Stop() {}
+
+func (fake *HTTPServiceFake) AttachSWIFTv2Middleware(cns.SWIFTv2Middleware) {}

cns/middlewares/mock/mockClient.go

@@ -0,0 +1,76 @@
+package mock
+
+import (
+	"context"
+
+	"github.com/Azure/azure-container-networking/cns/configuration"
+	"github.com/Azure/azure-container-networking/crd/multitenancy/api/v1alpha1"
+	"github.com/pkg/errors"
+	v1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+var (
+	ErrPodNotFound   = errors.New("pod not found")
+	ErrMTPNCNotFound = errors.New("mtpnc not found")
+)
+
+// Client implements the client.Client interface for testing. We only care about Get, the rest is nil ops.
+type Client struct {
+	client.Client
+	mtPodCache map[string]*v1.Pod
+	mtpncCache map[string]*v1alpha1.MultitenantPodNetworkConfig
+}
+
+// NewClient returns a new MockClient.
+func NewClient() *Client {
+	const podNetwork = "azure"
+
+	testPod1 := v1.Pod{}
+	testPod1.Labels = make(map[string]string)
+	testPod1.Labels[configuration.LabelPodSwiftV2] = podNetwork
+
+	testPod3 := v1.Pod{}
+	testPod3.Labels = make(map[string]string)
+	testPod3.Labels[configuration.LabelPodSwiftV2] = podNetwork
+
+	testPod4 := v1.Pod{}
+	testPod4.Labels = make(map[string]string)
+	testPod4.Labels[configuration.LabelPodSwiftV2] = podNetwork
+
+	testMTPNC1 := v1alpha1.MultitenantPodNetworkConfig{}
+
+	testMTPNC1.Status.PrimaryIP = "192.168.0.1/32"
+	testMTPNC1.Status.MacAddress = "00:00:00:00:00:00"
+	testMTPNC1.Status.GatewayIP = "10.0.0.1"
+	testMTPNC1.Status.NCID = "testncid"
+
+	testMTPNC4 := v1alpha1.MultitenantPodNetworkConfig{}
+
+	return &Client{
+		mtPodCache: map[string]*v1.Pod{"testpod1namespace/testpod1": &testPod1, "testpod3namespace/testpod3": &testPod3, "testpod4namespace/testpod4": &testPod4},
+		mtpncCache: map[string]*v1alpha1.MultitenantPodNetworkConfig{
+			"testpod1namespace/testpod1": &testMTPNC1,
+			"testpod4namespace/testpod4": &testMTPNC4,
+		},
+	}
+}
+
+// Get implements client.Client.Get.
+func (c *Client) Get(_ context.Context, key client.ObjectKey, obj client.Object, _ ...client.GetOption) error {
+	switch o := obj.(type) {
+	case *v1.Pod:
+		if pod, ok := c.mtPodCache[key.String()]; ok {
+			*o = *pod
+		} else {
+			return ErrPodNotFound
+		}
+	case *v1alpha1.MultitenantPodNetworkConfig:
+		if mtpnc, ok := c.mtpncCache[key.String()]; ok {
+			*o = *mtpnc
+		} else {
+			return ErrMTPNCNotFound
+		}
+	}
+	return nil
+}