Merge pull request #3702 from ohsoo/update-cni-current-dep

Update containernetworking/cni dependency to v1.1.2 and the vpc-cni plugin version
aws · Jun 15, 2023 · 7565a9a · 7565a9a
2 parents 0e22645 + f946a86
commit 7565a9a
Show file tree

Hide file tree

Showing 42 changed files with 1,239 additions and 536 deletions.
diff --git a/agent/config/config_unix_test.go b/agent/config/config_unix_test.go
@@ -23,11 +23,12 @@ import (
 	"testing"
 	"time"
 
-	"github.com/aws/amazon-ecs-agent/agent/dockerclient"
-	"github.com/aws/amazon-ecs-agent/agent/ec2"
-	cnitypes "github.com/containernetworking/cni/pkg/types"
+	cniTypes "github.com/containernetworking/cni/pkg/types"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/aws/amazon-ecs-agent/agent/dockerclient"
+	"github.com/aws/amazon-ecs-agent/agent/ec2"
 )
 
 func TestConfigDefault(t *testing.T) {
@@ -124,7 +125,7 @@ func TestConfigFromFile(t *testing.T) {
 	assert.Equal(t, testPauseImageName, cfg.PauseContainerImageName, "should read PauseContainerImageName")
 	assert.Equal(t, testPauseTag, cfg.PauseContainerTag, "should read PauseContainerTag")
 	assert.Equal(t, 1, len(cfg.AWSVPCAdditionalLocalRoutes), "should have one additional local route")
-	expectedLocalRoute, err := cnitypes.ParseCIDR("169.254.172.1/32")
+	expectedLocalRoute, err := cniTypes.ParseCIDR("169.254.172.1/32")
 	assert.NoError(t, err)
 	assert.Equal(t, expectedLocalRoute.IP, cfg.AWSVPCAdditionalLocalRoutes[0].IP, "should match expected route IP")
 	assert.Equal(t, expectedLocalRoute.Mask, cfg.AWSVPCAdditionalLocalRoutes[0].Mask, "should match expected route Mask")

diff --git a/agent/config/parse.go b/agent/config/parse.go
@@ -26,7 +26,7 @@ import (
 	"github.com/aws/amazon-ecs-agent/agent/utils"
 
 	"github.com/cihub/seelog"
-	cnitypes "github.com/containernetworking/cni/pkg/types"
+	cniTypes "github.com/containernetworking/cni/pkg/types"
 	"github.com/docker/go-connections/nat"
 )
 
@@ -216,8 +216,8 @@ func parseInstanceAttributes(errs []error) (map[string]string, []error) {
 	return instanceAttributes, errs
 }
 
-func parseAdditionalLocalRoutes(errs []error) ([]cnitypes.IPNet, []error) {
-	var additionalLocalRoutes []cnitypes.IPNet
+func parseAdditionalLocalRoutes(errs []error) ([]cniTypes.IPNet, []error) {
+	var additionalLocalRoutes []cniTypes.IPNet
 	additionalLocalRoutesEnv := os.Getenv("ECS_AWSVPC_ADDITIONAL_LOCAL_ROUTES")
 	if additionalLocalRoutesEnv != "" {
 		err := json.Unmarshal([]byte(additionalLocalRoutesEnv), &additionalLocalRoutes)

diff --git a/agent/config/types.go b/agent/config/types.go
@@ -16,8 +16,9 @@ package config
 import (
 	"time"
 
+	cniTypes "github.com/containernetworking/cni/pkg/types"
+
 	"github.com/aws/amazon-ecs-agent/agent/dockerclient"
-	cnitypes "github.com/containernetworking/cni/pkg/types"
 )
 
 // ImagePullBehaviorType is an enum variable type corresponding to different agent pull
@@ -247,12 +248,12 @@ type Config struct {
 	// will limit you to running one `awsvpc` task at a time. IPv4 addresses
 	// must be specified in decimal-octet form and also specify the subnet
 	// size (e.g., "169.254.172.42/22").
-	OverrideAWSVPCLocalIPv4Address *cnitypes.IPNet
+	OverrideAWSVPCLocalIPv4Address *cniTypes.IPNet
 
 	// AWSVPCAdditionalLocalRoutes allows the specification of routing table
 	// entries that will be added in the task's network namespace via the
 	// instance bridge interface rather than via the ENI.
-	AWSVPCAdditionalLocalRoutes []cnitypes.IPNet
+	AWSVPCAdditionalLocalRoutes []cniTypes.IPNet
 
 	// ContainerMetadataEnabled specifies if the agent should provide a metadata
 	// file for containers.

diff --git a/agent/ecscni/mocks/ecscni_mocks.go b/agent/ecscni/mocks/ecscni_mocks.go
diff --git a/agent/ecscni/mocks/namespace_helper_mocks.go b/agent/ecscni/mocks/namespace_helper_mocks.go
diff --git a/agent/ecscni/namespace_helper.go b/agent/ecscni/namespace_helper.go
@@ -16,16 +16,17 @@ package ecscni
 import (
 	"context"
 
+	cniTypesCurrent "github.com/containernetworking/cni/pkg/types/100"
+
 	"github.com/aws/amazon-ecs-agent/agent/dockerclient/dockerapi"
 	apieni "github.com/aws/amazon-ecs-agent/ecs-agent/api/eni"
-	"github.com/containernetworking/cni/pkg/types/current"
 )
 
 // NamespaceHelper defines the methods for performing additional actions to setup/clean the task namespace.
 // Task namespace in awsvpc network mode is configured using pause container which is the first container
 // launched for the task. These commands are executed inside that container.
 type NamespaceHelper interface {
-	ConfigureTaskNamespaceRouting(ctx context.Context, taskENI *apieni.ENI, config *Config, result *current.Result) error
+	ConfigureTaskNamespaceRouting(ctx context.Context, taskENI *apieni.ENI, config *Config, result *cniTypesCurrent.Result) error
 }
 
 // helper is the client for executing methods of NamespaceHelper interface.

diff --git a/agent/ecscni/namespace_helper_linux.go b/agent/ecscni/namespace_helper_linux.go
@@ -19,12 +19,13 @@ package ecscni
 import (
 	"context"
 
+	cniTypesCurrent "github.com/containernetworking/cni/pkg/types/100"
+
 	apieni "github.com/aws/amazon-ecs-agent/ecs-agent/api/eni"
-	"github.com/containernetworking/cni/pkg/types/current"
 )
 
 // ConfigureTaskNamespaceRouting executes the commands required for setting up appropriate routing inside task namespace.
 // This is applicable only for Windows.
-func (nsHelper *helper) ConfigureTaskNamespaceRouting(ctx context.Context, taskENI *apieni.ENI, config *Config, result *current.Result) error {
+func (nsHelper *helper) ConfigureTaskNamespaceRouting(ctx context.Context, taskENI *apieni.ENI, config *Config, result *cniTypesCurrent.Result) error {
 	return nil
 }
diff --git a/agent/ecscni/namespace_helper_unsupported.go b/agent/ecscni/namespace_helper_unsupported.go
@@ -19,12 +19,13 @@ package ecscni
 import (
 	"context"
 
+	cniTypesCurrent "github.com/containernetworking/cni/pkg/types/100"
+
 	apieni "github.com/aws/amazon-ecs-agent/ecs-agent/api/eni"
-	"github.com/containernetworking/cni/pkg/types/current"
 )
 
 // ConfigureTaskNamespaceRouting executes the commands required for setting up appropriate routing inside task namespace.
 // This is applicable only for Windows.
-func (nsHelper *helper) ConfigureTaskNamespaceRouting(ctx context.Context, taskENI *apieni.ENI, config *Config, result *current.Result) error {
+func (nsHelper *helper) ConfigureTaskNamespaceRouting(ctx context.Context, taskENI *apieni.ENI, config *Config, result *cniTypesCurrent.Result) error {
 	return nil
 }
diff --git a/agent/ecscni/namespace_helper_windows.go b/agent/ecscni/namespace_helper_windows.go
@@ -22,12 +22,13 @@ import (
 	"net"
 	"strings"
 
-	"github.com/aws/amazon-ecs-agent/agent/dockerclient"
-	apieni "github.com/aws/amazon-ecs-agent/ecs-agent/api/eni"
 	"github.com/cihub/seelog"
-	"github.com/containernetworking/cni/pkg/types/current"
+	cniTypesCurrent "github.com/containernetworking/cni/pkg/types/100"
 	"github.com/docker/docker/api/types"
 	"github.com/pkg/errors"
+
+	"github.com/aws/amazon-ecs-agent/agent/dockerclient"
+	apieni "github.com/aws/amazon-ecs-agent/ecs-agent/api/eni"
 )
 
 const (
@@ -57,7 +58,7 @@ const (
 // netsh interface ipv4 add route prefix=169.254.169.254/32 interface="vEthernet (task-br-<mac>-ep-<container_id>)
 // netsh interface ipv4 add route prefix=169.254.169.254/32 interface="Loopback"
 // netsh interface ipv4 add route prefix=<local-route> interface="vEthernet (nat-ep-<container_id>)
-func (nsHelper *helper) ConfigureTaskNamespaceRouting(ctx context.Context, taskENI *apieni.ENI, config *Config, result *current.Result) error {
+func (nsHelper *helper) ConfigureTaskNamespaceRouting(ctx context.Context, taskENI *apieni.ENI, config *Config, result *cniTypesCurrent.Result) error {
 	// Obtain the ecs-bridge endpoint's subnet IP address from the CNI plugin execution result.
 	ecsBridgeSubnetIPAddress := &net.IPNet{
 		IP:   result.IPs[0].Address.IP.Mask(result.IPs[0].Address.Mask),

diff --git a/agent/ecscni/namespace_helper_windows_test.go b/agent/ecscni/namespace_helper_windows_test.go
@@ -24,25 +24,25 @@ import (
 	"testing"
 	"time"
 
-	cnitypes "github.com/containernetworking/cni/pkg/types"
+	"github.com/golang/mock/gomock"
+	"github.com/stretchr/testify/assert"
 
+	cniTypes "github.com/containernetworking/cni/pkg/types"
+	cniTypesCurrent "github.com/containernetworking/cni/pkg/types/100"
 	"github.com/docker/docker/api/types"
-	"github.com/stretchr/testify/assert"
 
 	mock_dockerapi "github.com/aws/amazon-ecs-agent/agent/dockerclient/dockerapi/mocks"
-	"github.com/containernetworking/cni/pkg/types/current"
-	"github.com/golang/mock/gomock"
 )
 
 const (
 	containerID     = "abc12345"
 	containerExecID = "container1234"
 )
 
-// getECSBridgeResult returns an instance of current.Result.
-func getECSBridgeResult() *current.Result {
-	return &current.Result{
-		IPs: []*current.IPConfig{{
+// getECSBridgeResult returns an instance of cniTypesCurrent.Result.
+func getECSBridgeResult() *cniTypesCurrent.Result {
+	return &cniTypesCurrent.Result{
+		IPs: []*cniTypesCurrent.IPConfig{{
 			Address: net.IPNet{
 				IP:   net.ParseIP(ipv4),
 				Mask: net.CIDRMask(24, 32),
@@ -77,7 +77,7 @@ func TestConfigureTaskNamespaceRouting(t *testing.T) {
 			cniConfig := getCNIConfig()
 			cniConfig.BlockInstanceMetadata = tt.blockIMDS
 
-			cniConfig.AdditionalLocalRoutes = append(cniConfig.AdditionalLocalRoutes, cnitypes.IPNet{
+			cniConfig.AdditionalLocalRoutes = append(cniConfig.AdditionalLocalRoutes, cniTypes.IPNet{
 				IP:   net.ParseIP("10.0.0.0"),
 				Mask: net.CIDRMask(24, 32),
 			})

diff --git a/agent/ecscni/netconfig.go b/agent/ecscni/netconfig.go
@@ -19,7 +19,7 @@ import (
 	"github.com/aws/amazon-ecs-agent/ecs-agent/logger"
 
 	"github.com/containernetworking/cni/libcni"
-	cnitypes "github.com/containernetworking/cni/pkg/types"
+	cniTypes "github.com/containernetworking/cni/pkg/types"
 )
 
 // newNetworkConfig converts a network config to libcni's NetworkConfig.
@@ -35,7 +35,7 @@ func newNetworkConfig(netcfg interface{}, plugin string, cniVersion string) (*li
 	}
 
 	netConfig := &libcni.NetworkConfig{
-		Network: &cnitypes.NetConf{
+		Network: &cniTypes.NetConf{
 			Type:       plugin,
 			CNIVersion: cniVersion,
 			Name:       defaultNetworkName,

diff --git a/agent/ecscni/netconfig_linux.go b/agent/ecscni/netconfig_linux.go
@@ -27,7 +27,7 @@ import (
 
 	"github.com/cihub/seelog"
 	"github.com/containernetworking/cni/libcni"
-	cnitypes "github.com/containernetworking/cni/pkg/types"
+	cniTypes "github.com/containernetworking/cni/pkg/types"
 )
 
 // NewBridgeNetworkConfig creates the config of bridge for ADD command, where
@@ -89,7 +89,7 @@ func newIPAMConfig(cfg *Config) (IPAMConfig, error) {
 		return IPAMConfig{}, err
 	}
 
-	routes := []*cnitypes.Route{
+	routes := []*cniTypes.Route{
 		{
 			Dst: *dst,
 		},
@@ -98,7 +98,7 @@ func newIPAMConfig(cfg *Config) (IPAMConfig, error) {
 	for _, route := range cfg.AdditionalLocalRoutes {
 		seelog.Debugf("[ECSCNI] Adding an additional route for %s", route)
 		ipNetRoute := (net.IPNet)(route)
-		routes = append(routes, &cnitypes.Route{Dst: ipNetRoute})
+		routes = append(routes, &cniTypes.Route{Dst: ipNetRoute})
 	}
 
 	ipamConfig := IPAMConfig{

diff --git a/agent/ecscni/plugin.go b/agent/ecscni/plugin.go
@@ -22,15 +22,12 @@ import (
 	"sync"
 	"time"
 
-	"github.com/aws/amazon-ecs-agent/ecs-agent/logger"
 	"github.com/cihub/seelog"
 	"github.com/containernetworking/cni/libcni"
-	"github.com/containernetworking/cni/pkg/types/current"
+	cniTypesCurrent "github.com/containernetworking/cni/pkg/types/100"
 	"github.com/pkg/errors"
-)
 
-const (
-	currentCNISpec = "0.3.1"
+	"github.com/aws/amazon-ecs-agent/ecs-agent/logger"
 )
 
 // CNIClient defines the method of setting/cleaning up container namespace
@@ -40,7 +37,7 @@ type CNIClient interface {
 	// Capabilities returns the capabilities supported by a plugin
 	Capabilities(string) ([]string, error)
 	// SetupNS sets up the namespace of container
-	SetupNS(context.Context, *Config, time.Duration) (*current.Result, error)
+	SetupNS(context.Context, *Config, time.Duration) (*cniTypesCurrent.Result, error)
 	// CleanupNS cleans up the container namespace
 	CleanupNS(context.Context, *Config, time.Duration) error
 	// ReleaseIPResource marks the ip available in the ipam db
@@ -96,7 +93,7 @@ func (client *cniClient) init() {
 func (client *cniClient) SetupNS(
 	ctx context.Context,
 	cfg *Config,
-	timeout time.Duration) (*current.Result, error) {
+	timeout time.Duration) (*cniTypesCurrent.Result, error) {
 	ctx, cancel := context.WithTimeout(ctx, timeout)
 	defer cancel()
 	return client.setupNS(ctx, cfg)

diff --git a/agent/ecscni/plugin_linux.go b/agent/ecscni/plugin_linux.go
@@ -22,12 +22,13 @@ import (
 	"os"
 	"time"
 
-	"github.com/aws/amazon-ecs-agent/ecs-agent/logger"
 	"github.com/cihub/seelog"
 	"github.com/containernetworking/cni/libcni"
-	cnitypes "github.com/containernetworking/cni/pkg/types"
-	"github.com/containernetworking/cni/pkg/types/current"
+	cniTypes "github.com/containernetworking/cni/pkg/types"
+	cniTypesCurrent "github.com/containernetworking/cni/pkg/types/100"
 	"github.com/pkg/errors"
+
+	"github.com/aws/amazon-ecs-agent/ecs-agent/logger"
 )
 
 const (
@@ -45,10 +46,10 @@ func newCNIGuard() cniGuard {
 }
 
 // setupNS is the called by SetupNS to setup the task namespace by invoking ADD for given CNI configurations
-func (client *cniClient) setupNS(ctx context.Context, cfg *Config) (*current.Result, error) {
+func (client *cniClient) setupNS(ctx context.Context, cfg *Config) (*cniTypesCurrent.Result, error) {
 	seelog.Debugf("[ECSCNI] Setting up the container namespace %s", cfg.ContainerID)
 
-	var bridgeResult cnitypes.Result
+	var bridgeResult cniTypes.Result
 	runtimeConfig := libcni.RuntimeConf{
 		ContainerID: cfg.ContainerID,
 		NetNS:       fmt.Sprintf(NetnsFormat, cfg.ContainerPID),
@@ -83,19 +84,8 @@ func (client *cniClient) setupNS(ctx context.Context, cfg *Config) (*current.Res
 		// Not every netns setup involves ECS Bridge Plugin
 		return nil, nil
 	}
-	if _, err := bridgeResult.GetAsVersion(currentCNISpec); err != nil {
-		seelog.Warnf("[ECSCNI] Unable to convert result to spec version %s; error: %v; result is of version: %s",
-			currentCNISpec, err, bridgeResult.Version())
-		return nil, err
-	}
-	var curResult *current.Result
-	curResult, ok := bridgeResult.(*current.Result)
-	if !ok {
-		return nil, errors.Errorf(
-			"cni setup: unable to convert result to expected version '%v'", bridgeResult)
-	}
 
-	return curResult, nil
+	return cniTypesCurrent.GetResult(bridgeResult)
 }
 
 // ReleaseIPResource marks the ip available in the ipam db