Add ability in CNS to setup networking for a docker container (#298)

* Limiting the size of our buffered payload to ~2MB

* CNI Update operation support

* Adding APIs for attach/detach network container to/from network.

* Updating new apis.

* Addressing Tamilmani's review/comments.

* Renaming Batch APIs and Request members for better clarity.

* Adding check for pluginsSection length before accessing element.

* Renaming ConfigureNetworkContainerNetworkingRequest to ConfigureContainerNetworkRequest.

* Adding default k8s cni paths for windows.

* Adding AzureFirstParty orchestrator type and Basic container type.

* Addressing Sushant's comments.

Author: jaer-tsun

cni/network/mutlitenancy.go cni/network/multitenancy.go

@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"net"
-	"strings"
 
 	"github.com/Azure/azure-container-networking/cni"
 	"github.com/Azure/azure-container-networking/cns"
@@ -50,7 +49,7 @@ func getContainerNetworkConfiguration(
 	var podNameWithoutSuffix string
 
 	if !nwCfg.EnableExactMatchForPodName {
-		podNameWithoutSuffix = getPodNameWithoutSuffix(podName)
+		podNameWithoutSuffix = network.GetPodNameWithoutSuffix(podName)
 	} else {
 		podNameWithoutSuffix = podName
 	}
@@ -134,19 +133,6 @@ func convertToCniResult(networkConfig *cns.GetNetworkContainerResponse, ifName s
 	return result
 }
 
-func getPodNameWithoutSuffix(podName string) string {
-	nameSplit := strings.Split(podName, "-")
-	log.Printf("namesplit %v", nameSplit)
-	if len(nameSplit) > 2 {
-		nameSplit = nameSplit[:len(nameSplit)-2]
-	} else {
-		return podName
-	}
-
-	log.Printf("Pod name after splitting based on - : %v", nameSplit)
-	return strings.Join(nameSplit, "-")
-}
-
 func getInfraVnetIP(
 	enableInfraVnet bool,
 	infraSubnet string,

cni/network/network.go

@@ -760,7 +760,7 @@ func (plugin *netPlugin) Update(args *cniSkel.CmdArgs) error {
 
 	// Query the existing endpoint since this is an update.
 	// Right now, we do not support updating pods that have multiple endpoints.
-	existingEpInfo, err = plugin.nm.GetEndpointInfoBasedOnPODDetails(networkID, k8sPodName, k8sNamespace)
+	existingEpInfo, err = plugin.nm.GetEndpointInfoBasedOnPODDetails(networkID, k8sPodName, k8sNamespace, nwCfg.EnableExactMatchForPodName)
 	if err != nil {
 		plugin.Errorf("Failed to retrieve target endpoint for CNI UPDATE [name=%v, namespace=%v]: %v", k8sPodName, k8sNamespace, err)
 		return err

cns/NetworkContainerContract.go

@@ -10,19 +10,31 @@ const (
 	GetNetworkContainerStatus                = "/network/getnetworkcontainerstatus"
 	GetInterfaceForContainer                 = "/network/getinterfaceforcontainer"
 	GetNetworkContainerByOrchestratorContext = "/network/getnetworkcontainerbyorchestratorcontext"
+	AttachContainerToNetwork                 = "/network/attachcontainertonetwork"
+	DetachContainerFromNetwork               = "/network/detachcontainerfromnetwork"
+)
+
+// NetworkContainer Prefixes
+const (
+	SwiftPrefix = "Swift_"
 )
 
 // NetworkContainer Types
 const (
 	AzureContainerInstance = "AzureContainerInstance"
 	WebApps                = "WebApps"
 	ClearContainer         = "ClearContainer"
+	Docker                 = "Docker"
+	Basic                  = "Basic"
 )
 
 // Orchestrator Types
 const (
-	Kubernetes    = "Kubernetes"
-	ServiceFabric = "ServiceFabric"
+	Kubernetes      = "Kubernetes"
+	ServiceFabric   = "ServiceFabric"
+	Batch           = "Batch"
+	DBforPostgreSQL = "DBforPostgreSQL"
+	AzureFirstParty = "AzureFirstParty"
 )
 
 // Encap Types
@@ -46,6 +58,12 @@ type CreateNetworkContainerRequest struct {
 	Routes                     []Route
 }
 
+// ConfigureContainerNetworkingRequest - specifies request to attach/detach container to network.
+type ConfigureContainerNetworkingRequest struct {
+	Containerid        string
+	NetworkContainerid string
+}
+
 // KubernetesPodInfo is an OrchestratorContext that holds PodName and PodNamespace.
 type KubernetesPodInfo struct {
 	PodName      string
@@ -143,6 +161,16 @@ type GetInterfaceForContainerResponse struct {
 	Response                Response
 }
 
+// AttachContainerToNetworkResponse specifies response of attaching network container to network.
+type AttachContainerToNetworkResponse struct {
+	Response Response
+}
+
+// DetachNetworkContainerToNetworkResponse specifies response of detaching network container from network.
+type DetachContainerFromNetworkResponse struct {
+	Response Response
+}
+
 // NetworkInterface specifies the information that can be used to unquely identify an interface.
 type NetworkInterface struct {
 	Name      string

cns/networkcontainers/networkcontainers.go

@@ -4,19 +4,53 @@
 package networkcontainers
 
 import (
+	"bytes"
+	"encoding/json"
 	"errors"
 	"fmt"
+	"go/types"
+	"io/ioutil"
 	"net"
+	"os"
+	"os/exec"
 
 	"github.com/Azure/azure-container-networking/cns"
 	"github.com/Azure/azure-container-networking/log"
+	"github.com/containernetworking/cni/libcni"
+	"github.com/containernetworking/cni/pkg/invoke"
+)
+
+const (
+	versionStr              = "cniVersion"
+	pluginsStr              = "plugins"
+	nameStr                 = "name"
+	k8sPodNamespaceStr      = "K8S_POD_NAMESPACE"
+	k8sPodNameStr           = "K8S_POD_NAME"
+	k8sPodInfraContainerStr = "K8S_POD_INFRA_CONTAINER_ID"
+	cniAdd                  = "ADD"
+	cniDelete               = "DEL"
+	cniUpdate               = "UPDATE"
 )
 
 // NetworkContainers can be used to perform operations on network containers.
 type NetworkContainers struct {
 	logpath string
 }
 
+// NetPluginConfiguration represent network plugin configuration that is used during Update operation
+type NetPluginConfiguration struct {
+	path              string
+	networkConfigPath string
+}
+
+// NewNetPluginConfiguration create a new netplugin configuration.
+func NewNetPluginConfiguration(binPath string, configPath string) *NetPluginConfiguration {
+	return &NetPluginConfiguration{
+		path:              binPath,
+		networkConfigPath: configPath,
+	}
+}
+
 func interfaceExists(iFaceName string) (bool, error) {
 	_, err := net.InterfaceByName(iFaceName)
 	if err != nil {
@@ -40,9 +74,9 @@ func (cn *NetworkContainers) Create(createNetworkContainerRequest cns.CreateNetw
 }
 
 // Update updates a network container.
-func (cn *NetworkContainers) Update(createNetworkContainerRequest cns.CreateNetworkContainerRequest) error {
+func (cn *NetworkContainers) Update(createNetworkContainerRequest cns.CreateNetworkContainerRequest, netpluginConfig *NetPluginConfiguration) error {
 	log.Printf("[Azure CNS] NetworkContainers.Update called")
-	err := createOrUpdateInterface(createNetworkContainerRequest)
+	err := updateInterface(createNetworkContainerRequest, netpluginConfig)
 	if err == nil {
 		err = setWeakHostOnInterface(createNetworkContainerRequest.PrimaryInterfaceIdentifier)
 	}
@@ -57,3 +91,105 @@ func (cn *NetworkContainers) Delete(networkContainerID string) error {
 	log.Printf("[Azure CNS] NetworkContainers.Delete finished.")
 	return err
 }
+
+// This function gets the flattened network configuration (compliant with azure cni) in byte array format
+func getNetworkConfig(configFilePath string) ([]byte, error) {
+	content, err := ioutil.ReadFile(configFilePath)
+	if err != nil {
+		return nil, err
+	}
+
+	var configMap map[string]interface{}
+	if err = json.Unmarshal(content, &configMap); err != nil {
+		log.Printf("[Azure CNS] Failed to unmarshal network configuration with error %v", err)
+		return nil, err
+	}
+
+	// Get the plugins section
+	var flatNetConfigMap map[string]interface{}
+	if pluginsSection, ok := configMap[pluginsStr]; ok && len(pluginsSection.([]interface{})) > 0 {
+		flatNetConfigMap = pluginsSection.([]interface{})[0].(map[string]interface{})
+	}
+
+	if flatNetConfigMap == nil {
+		msg := "[Azure CNS] " + pluginsStr + " section of the network configuration cannot be empty."
+		log.Printf(msg)
+		return nil, errors.New(msg)
+	}
+
+	// insert version and name fields
+	flatNetConfigMap[versionStr] = configMap[versionStr].(string)
+	flatNetConfigMap[nameStr] = configMap[nameStr].(string)
+
+	// convert into bytes format
+	netConfig, err := json.Marshal(flatNetConfigMap)
+	if err != nil {
+		log.Printf("[Azure CNS] Failed to marshal flat network configuration with error %v", err)
+		return nil, err
+	}
+
+	return netConfig, nil
+}
+
+func args(action, path string, rt *libcni.RuntimeConf) *invoke.Args {
+	return &invoke.Args{
+		Command:     action,
+		ContainerID: rt.ContainerID,
+		NetNS:       rt.NetNS,
+		PluginArgs:  rt.Args,
+		IfName:      rt.IfName,
+		Path:        path,
+	}
+}
+
+func pluginErr(err error, output []byte) error {
+	if err != nil {
+		if _, ok := err.(*exec.ExitError); ok {
+			emsg := types.Error{}
+			if err := json.Unmarshal(output, &emsg); err != nil {
+				emsg.Msg = fmt.Sprintf("netplugin failed but error parsing its diagnostic message %s: %+v", string(output), err)
+			}
+
+			return &emsg
+		}
+	}
+
+	return err
+}
+
+func execPlugin(rt *libcni.RuntimeConf, netconf []byte, operation, path string) error {
+	switch operation {
+	case cniAdd:
+		fallthrough
+	case cniDelete:
+		fallthrough
+	case cniUpdate:
+		environ := args(operation, path, rt).AsEnv()
+		log.Printf("[Azure CNS] CNI called with environ variables %v", environ)
+		stdout := &bytes.Buffer{}
+		command := exec.Command(path + string(os.PathSeparator) + "azure-vnet")
+		command.Env = environ
+		command.Stdin = bytes.NewBuffer(netconf)
+		command.Stdout = stdout
+		command.Stderr = os.Stderr
+		return pluginErr(command.Run(), stdout.Bytes())
+	default:
+		return fmt.Errorf("[Azure CNS] Invalid operation being passed to CNI: %s", operation)
+	}
+}
+
+// Attach - attaches network container to network.
+func (cn *NetworkContainers) Attach(podName, podNamespace, dockerContainerid string, netPluginConfig *NetPluginConfiguration) error {
+	log.Printf("[Azure CNS] NetworkContainers.Attach called")
+	err := configureNetworkContainerNetworking(cniAdd, podName, podNamespace, dockerContainerid, netPluginConfig)
+	log.Printf("[Azure CNS] NetworkContainers.Attach finished")
+	return err
+}
+
+// Detach - attaches network container to network.
+func (cn *NetworkContainers) Detach(podName, podNamespace, dockerContainerid string, netPluginConfig *NetPluginConfiguration) error {
+	log.Printf("[Azure CNS] NetworkContainers.Detach called")
+	err := configureNetworkContainerNetworking(cniDelete, podName, podNamespace, dockerContainerid, netPluginConfig)
+	log.Printf("[Azure CNS] NetworkContainers.Detach finished")
+	return err
+}

cns/networkcontainers/networkcontainers_linux.go

@@ -3,7 +3,15 @@
 
 package networkcontainers
 
-import "github.com/Azure/azure-container-networking/cns"
+import (
+	"encoding/json"
+	"errors"
+	"os"
+
+	"github.com/Azure/azure-container-networking/cns"
+	"github.com/Azure/azure-container-networking/log"
+	"github.com/containernetworking/cni/libcni"
+)
 
 func createOrUpdateInterface(createNetworkContainerRequest cns.CreateNetworkContainerRequest) error {
 	return nil
@@ -13,10 +21,71 @@ func setWeakHostOnInterface(ipAddress string) error {
 	return nil
 }
 
-func createOrUpdateWithOperation(createNetworkContainerRequest cns.CreateNetworkContainerRequest, operation string) error {
+func updateInterface(createNetworkContainerRequest cns.CreateNetworkContainerRequest, netpluginConfig *NetPluginConfiguration) error {
+	log.Printf("[Azure CNS] update interface operation called.")
+
+	// Currently update via CNI is only supported for ACI type
+	if createNetworkContainerRequest.NetworkContainerType != cns.AzureContainerInstance {
+		log.Printf("[Azure CNS] operation is only supported for AzureContainerInstance types.")
+		return nil
+	}
+
+	if netpluginConfig == nil {
+		err := errors.New("Network plugin configuration cannot be nil.")
+		log.Printf("[Azure CNS] Update interface failed with error %v", err)
+		return err
+	}
+
+	if _, err := os.Stat(netpluginConfig.path); err != nil {
+		if os.IsNotExist(err) {
+			msg := "[Azure CNS] Unable to find " + netpluginConfig.path + ", cannot continue."
+			log.Printf(msg)
+			return errors.New(msg)
+		}
+	}
+
+	var podInfo cns.KubernetesPodInfo
+	err := json.Unmarshal(createNetworkContainerRequest.OrchestratorContext, &podInfo)
+	if err != nil {
+		log.Printf("[Azure CNS] Unmarshalling %s failed with error %v", createNetworkContainerRequest.NetworkContainerType, err)
+		return err
+	}
+
+	log.Printf("[Azure CNS] Going to update networking for the pod with Pod info %+v", podInfo)
+
+	rt := &libcni.RuntimeConf{
+		ContainerID: "", // Not needed for CNI update operation
+		NetNS:       "", // Not needed for CNI update operation
+		IfName:      createNetworkContainerRequest.NetworkContainerid,
+		Args: [][2]string{
+			{k8sPodNamespaceStr, podInfo.PodNamespace},
+			{k8sPodNameStr, podInfo.PodName},
+		},
+	}
+
+	log.Printf("[Azure CNS] run time configuration for CNI plugin info %+v", rt)
+
+	netConfig, err := getNetworkConfig(netpluginConfig.networkConfigPath)
+	if err != nil {
+		log.Printf("[Azure CNS] Failed to build network configuration with error %v", err)
+		return err
+	}
+
+	log.Printf("[Azure CNS] network configuration info %v", string(netConfig))
+
+	err = execPlugin(rt, netConfig, cniUpdate, netpluginConfig.path)
+	if err != nil {
+		log.Printf("[Azure CNS] Failed to update network with error %v", err)
+		return err
+	}
+
 	return nil
 }
 
 func deleteInterface(networkContainerID string) error {
 	return nil
 }
+
+func configureNetworkContainerNetworking(operation, podName, podNamespace, dockerContainerid string, netPluginConfig *NetPluginConfiguration) (err error) {
+	return err
+}