Skip to content

Consume ACL for APIPA Endpoint from CreateNC Req #535

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Apr 9, 2020
Merged

Consume ACL for APIPA Endpoint from CreateNC Req #535

merged 14 commits into from
Apr 9, 2020

Conversation

@aegal
Copy link
Contributor

@aegal aegal commented Apr 1, 2020

What this PR does / why we need it:

This PR consumes endpoint policies targeting APIPA endpoints. In the future, we are extending policies to requested by the orchestrator in a extensible way from the Create Network Container Request.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #533

Special notes for your reviewer:

Tested the successful creation of the HostNCApipaEndpoint with the additional policies requested.

Release note:

@aegal aegal requested a review from ashvindeodhar April 1, 2020 03:15
ashvindeodhar
ashvindeodhar requested changes Apr 1, 2020
View reviewed changes
cns/hnsclient/hnsclient_windows.go Outdated

var requestedAclPolicy hcn.AclPolicySetting

if err := json.Unmarshal(requestedPolicy.Settings, &requestedAclPolicy); err != nil {
Copy link
Member

@ashvindeodhar ashvindeodhar Apr 1, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you don't need to create new err here. ( err := )

Copy link
Contributor Author

@aegal aegal Apr 2, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed

@ashvindeodhar ashvindeodhar requested a review from ninzavivek April 1, 2020 19:49
@aegal aegal requested a review from ashvindeodhar April 1, 2020 20:03
ashvindeodhar
ashvindeodhar requested changes Apr 3, 2020
View reviewed changes
cns/NetworkContainerContract.go

// Validate - Validates network container request policies
func (networkContainerRequestPolicy *NetworkContainerRequestPolicies) Validate() error {
// validate ACL policy
Copy link
Member

@ashvindeodhar ashvindeodhar Apr 3, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As one of my comments said can we enforce the validation on apipa endpoint? Check if the provided acl is on apipa endpoint type, if not fail the validation because we don;t have support for acls on cust subnet endpoint. When we add that we should remove the enforced apipa endpoint validation you'll add here. Let me know if it makes sense / you want to discuss this further.

Copy link
Contributor Author

@aegal aegal Apr 3, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it, restricted this API only to APIPA in latest commit.

@ashvindeodhar
Copy link
Member

ashvindeodhar commented Apr 3, 2020

@tamilmani1989 can you please check the struct to see if this has everything we will need when we extend this to linux as well. If there is anything missing we should add those fields now.
type ValidAclPolicySetting struct {

@ashvindeodhar
Copy link
Member

ashvindeodhar commented Apr 3, 2020
edited by aegal
Loading

@aegal how did you e2e test this?

Tested invoking CNI via containerd which triggerd the CreateHostNCApipaEndpointRequest which reported success. I can send you a log file offline.

@aegal aegal requested a review from ashvindeodhar April 8, 2020 05:33
@aegal aegal merged commit 5319878 into master Apr 9, 2020
@aegal aegal deleted the consumeFromNCContainerRequest branch April 13, 2020 18:10
tamilmani1989 pushed a commit to tamilmani1989/azure-container-networking that referenced this pull request Jun 20, 2021
@aegal
Merged PR 2750702: DNC Endpoint policies in API surface and CreateOrU…
b0f8984 
…pdateNetworkContainerRequest

adding DNC changes here for early review, **Requires CNS changes to be checked in first**

Azure#535

-Includes a Endpoint policy in NetworkContainerRequest API
-Includes Endpoint policy in CNS CreateOrUpdateNetworkContainerRequest
-Includes Endpoint policy in CreateOrUpdateNetworkContainerRequest for Publish

PR URL: https://msazure.visualstudio.com/DefaultCollection/One/_git/Networking-Aquarius/pullrequest/2750702

Related work items: #6501471
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ashvindeodhar ashvindeodhar ashvindeodhar approved these changes

@ninzavivek ninzavivek Awaiting requested review from ninzavivek

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aegal @ashvindeodhar