[NPM] Generic Dataplane interface for windows and linux

[vakalapa]

Reason for Change:

This PR helps outline the DataPlane interface which acts as an abstraction layer for similar functionalities in Windows and Linux.

a. Addition of new dataplane APIs for control plane to use
b. specific build target functions to convert ipsets and acl policies accoridngly

Issue Fixed:

Requirements:

• uses conventional commit messages
• includes documentation
• adds unit tests

Notes:

[vakalapa]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 2 pipeline(s).

[huntergregory]

different arg name (below func too)?

[vakalapa]

essentially what we are adding is the network policy name if its a selector ref or a normal ref.

[matmerr]

some comments

[matmerr]

tbh I think there's room for what defines a set here, taking linux vernacular could be misleading in windows, but I think in terms of platform agnostic, what about something like hashset is "set" and list is "superset" since it contains only "sets"(?)

[vakalapa]

I like this "superset" since it is intuitive. But keeping list since we have been used to calling it as list. We can use "nestedset" which windows is using ?

[matmerr]

is this still needed with properties?

[vakalapa]

Yes we derive the kind from type of set input.

[JungukCho]

Before I put other comments, there are structural (i.e., architectural) comments of this PR.
I may misunderstand the codes and intentions, but some of them are different from what I expected.

1. I thought interface will be used for ipsetmanager and dataplane to abstract linux and windows. But it seems you use composition with concrete struct instead of interface. I think both ipsetmanager and dataplane are nicely abstract with interface (Example in npm - https://github.com/Azure/azure-container-networking/blob/master/npm/iptm/ioshim.go).
   Do I know why you decide this direction?

2. There are many almost inline method (just one or two lines) for exposed members. In this case, if you want to keep methods, I think non-capitalizing members if possible since it is good to maintain code as our code base becomes bigger and bigger. In addition, some of them can be removed with interface direction instead of concrete struct.
   I may be wrong, but I think function or method having one line is not very useful. wdyt?

3. It would be nice to have UTs for ipsetmanager_windows.go and dataplane_windows.go in this PR to guarantee their functionality, but as you said, it will be next PR. So, I think it is ok in this PR.

4. While I read this PR, there are many common variables and const with debugTools. I think it is good to remove redundant declarations by checking debugTools code carefully. One examaple, is ipset.go and rule.pb.go generated from rule.proto.

[vakalapa]

@JungukCho thanks foe the comments

1. I felt there is not much abstraction to be made with interfaces. As part of our design exercise we did find that most of the core logic is same for both dataplanes, only the dataplane specific artifact conversions and application is different. So i took the https://golang.org/src/os/executable.go approach. The main executable package contains a publicly exposed function Executable() and each dataplane specific file will implement the executable() like https://golang.org/src/os/executable_windows.go. I felt this is much easier to read as the flow of code is pretty straight forward. Please let me know if you think there is any issue with this approach
2. Sure, most of the dataplane.go function may stay inline like above executable approach but some will get filled up with abstractions needed for both dataplanes. Also a single dataplane call will make our lifes easier in terms extending dataplane with a gprc call in between later on for operator model. Like you mentioned i will try to see if i can non-capitalize any members.
3. Agreed, tests are important and will definitely be one focus area when adding windows dataplane support.
4. I did not want to increase the scope of this PR. We do have a debug tools work item in pipeline and as part of that work item and also as part of dataplane integration we should be able to clean pkg/dataplane all together. Will be a incremental process. Idea is to not touch any existing code as much possible.

[JungukCho]

seems this case is not necessary.

[vakalapa]

Windows dataplane does accept rules on both directions, in case of network policies with both ingress and egress rules i can use a DENY all with BOTH, that way we get away with single rule than 2

[JungukCho]

I meant case Both is not necessary based on logic. Anyway, by default it returns ""

[JungukCho]

@JungukCho thanks foe the comments

1. I felt there is not much abstraction to be made with interfaces. As part of our design exercise we did find that most of the core logic is same for both dataplanes, only the dataplane specific artifact conversions and application is different. So i took the https://golang.org/src/os/executable.go approach. The main executable package contains a publicly exposed function Executable() and each dataplane specific file will implement the executable() like https://golang.org/src/os/executable_windows.go. I felt this is much easier to read as the flow of code is pretty straight forward.
   Please let me know if you think there is any issue with this approach

If they are almost identical, this approach seems reasonable. How about Dataplane? I think they are pretty different implementations. I will first take a look at your reference. I may find better patterns instead of interface. I will let you know if I still prefer to interface and we can discuss more.

2. Sure, most of the dataplane.go function may stay inline like above executable approach but some will get filled up with abstractions needed for both dataplanes. Also a single dataplane call will make our lifes easier in terms extending dataplane with a gprc call in between later on for operator model. Like you mentioned i will try to see if i can non-capitalize any members.

Still I think those inline functions will be nicely removed with interface. Further more dataplane-specific functions will be added in next PRs. So, it will increase more these inline functions. I will check your above reference and let you know.
I think in this stage thinking a grpc call in design is not very helpful since it is too future. wdyt?

3. Agreed, tests are important and will definitely be one focus area when adding windows dataplane support.
4. I did not want to increase the scope of this PR. We do have a debug tools work item in pipeline and as part of that work item and also as part of dataplane integration we should be able to clean pkg/dataplane all together. Will be a incremental process. Idea is to not touch any existing code as much possible.

I am not sure it increases scope of the PR. I meant checking the existing variables and then reusing them to avoid redundant codes in this PR without touching existing logics.

[JungukCho]

LGTM. Thank you for applying comments.
This PR will be foundation of next NPM!

[matmerr]

🚀

[matmerr]

🚀

[JungukCho]

lgtm