* tmp commit for onbaording nma v2
* Remove test output file
* Remove unnecessary code when CNS onboard get nc version list without
token
* tmp commit to fix getnc version tests when onboarding nc version api v2
from nmagent.
* Fix the unit test for nmagent v2 api change.
* Fix unit test TestGetNetworkContainerVersionStatus
* Revert back to GetNCVersionF test.
* Roll back to get nc version api v1 for test.
* Continue revert back and store nc version url
* Onboard nmagent get nc version api v2.
* Address pr feedback of returning early and remove comment out code.
* Remove unnecessary ncVersionURLs and NCVersionRequest.
* Remove unnecessary variables.
* Update nmagent get nc version api v2 to v2 url
* Remove comment out code.
* tmp commit for onbaording nma v2
* Remove test output file
* Remove unnecessary code when CNS onboard get nc version list without
token
* tmp commit to fix getnc version tests when onboarding nc version api v2
from nmagent.
* Fix the unit test for nmagent v2 api change.
* Fix unit test TestGetNetworkContainerVersionStatus
* Revert back to GetNCVersionF test.
* Roll back to get nc version api v1 for test.
* Continue revert back and store nc version url
* Onboard nmagent get nc version api v2.
* Address pr feedback of returning early and remove comment out code.
* Remove unnecessary ncVersionURLs and NCVersionRequest.
* Remove unnecessary variables.
* Update nmagent get nc version api v2 to v2 url
* Remove comment out code.
* Update nmagent get nc version list.
* Address feedback and fix golint
* Fix lint issue.
* Fix the remaining 2 lint issues.
* Revert back test error generation to address feedback.
* add validation for matchExpression values
* fix lint
* make regex identical to kubectl validation and include more test cases
* remove debugging lines
* Fix incorrect HTTP status from publish NC
CNS was responding with an HTTP status code of "0" from NMAgent.
Successes are supposed to be 200. The C-style var block at the beginning
of publishNetworkContainer was the reason for this. During refactoring,
the location where this status code was set to a successful value of 200
was accidentally removed. Because the var block declared the variable
and silently initialized it to 0, the compiler did not flag this bug as
it otherwise would have. The status code has been removed from this
block and explicitly defined and initialized to a correct value of 200.
Subsequent error handling will change this as necessary.
Also, despite consumers depending on this status, there were no tests to
verify that the status was set correctly. Tests have been added to
reflect this dependency.
* Ensure that NMAgent body is always set
DNC depends on the NMAgent body being set for its vestigial functions of
retrying failed requests. Since failed requests will now be retried
internally (to CNS) by the NMAgent client, this isn't really necessary
anymore. There are versions of DNC out there that depend on this body
though, so it needs to be present in order for NC publishing to actually
work.
* Fix missing NMAgent status for Unpublish
It was discovered that the Unpublish endpoints also omitted the status
codes and bodies expected by clients. This adds those and fixes the
associated tests to guarantee the expected behavior.
* Silence the linter
There were two instances where the linter was flagging dynamic errors,
but this is just in a test. It's perfectly fine to bend the rules there,
since we don't expect to re-use the errors (they really should be
t.Fatal / t.Error anyway, but due to legacy we're returning errors here
instead).
* update linux conformance binary
* temporarily comment out test profiles until one works
* Revert "temporarily comment out test profiles until one works"
This reverts commit db623d3833.
* undo change to git checkout for windows
* Moving the lock from InitializeKeyValueStore() function to restore/save functions to improve cni performance on windows.
* fix: use defer function to unlock statefile.
* fix: fixing the IPAM lock and defer func
* fix: Optimizing cni file lock by moving SetSdnRemoteArpMacAddress() on startup for CRD and MultitenantCRD mode.
* adding store lock on telemetry service start to avoid race condition on windows.
* Updated aks-engine to unblock the pipeline.
* Use the latest aks-e dependancy.
* Update aks-e dependency to unblock acn pipeline and set retry to 0 to
get quick result.
In cases where clients using a WireserverTransport (namely the NMAgent
one) do not wish to provide a body, one must be provided to satisfy
quirks of Wireserver. Initially, an empty Go string was thought to be
sufficient, but this is not. Wireserver expects an empty JSON string:
specifically the 2-byte sequence "".
Furthermore, this logic was only being triggered on cases where a nil
body was presented to the WireserverTransport's logic. Given that there
are now more linters enforcing the use of `http.NoBody`, this is
distinct from `nil` and must be separately checked for (but treated in
the same way).
Tests and inline documentation have been updated to reflect this new
understanding.
* Add Content-Type for outgoing Wireserver POSTs
Because the Body of the request was replaced, Go also has no idea what
the content type should be. It can't read from the reader to perform the
detection, so this just sets it to JSON manually. As mentioned in the
comments, this is a good idea anyway since we're being explicit rather
than relying on heuristic methods to do the right thing.
* fix: [NPM-WIN] Get only local endpoints to apply ACLs on
* addding a const
* fix lints
* update UTs (TODO: uncomment multi-job test when fixed)
* resolve lint again
* true backwards compatibility
* resolve TODO by uncommenting UT
* fix lint
Co-authored-by: Hunter Gregory <hunterlgregory@gmail.com>
There was insufficient coverage over cases involving different
permutations of the "WireserverIP" configuration option. Consequently,
there were instances where reasonable values for this option caused CNS
to fail to start.
This moves the logic for transforming the CNS configuration into
configuration suitable for the NMAgent client into a method off the
CNSConfig. It also permits adding coverage over different scenarios that
are likely to emerge.
* feat: add cni conflist generator for v4 overlay scenario
* feat: use atomic fs operations
* fix: use same directory as temp dir since /tmp is a tmpfs
* adaptively modify linux max restore try count to prevent perpetual errors
* remove debug print
* log restore file and send ipsetmanager_linux errors
* send other appropriate errors
* fix handleLineError function
* fix printing restore lines and enhance a log
* fix lints and wrap chainLineNumber errors
* fix one off error for logging the try count
* revert exponential increase to try limit
* update try count to 5 and update UTs
* do not log lines for every restore call until perf is understood
* test repo trigger
* add resources label
* add repositories under resources
* test with endpoint
* testing with tag check
* typo in condition line
* evaulate version in condition
* compare tag vars
* test cancellation stage
* add job to cancel stage
* change name of cancel stage
* add pool and msg to cancel job
* change cancellation dependency
* add second tag validation stage
* spcaing ofvalidation1
* test ne and cancellation script
* check tag versions
* set currentTagx variable
* test new tag var
* fix value mapping
* check_tag job
* update current tag in manifest stage
* reading tags
* adjust variable assignment
* uncomment sleep
* read out different tags
* test validation dependency
* use succeeded/failed in condition check
* fix condition
* fix call to succeeded()
* omit condition on validation stages to read tags
* remove sleep, just validate condition
* fix error with submod swift naming
* add hack overlay make target and e2e templates
* update pipeline.yaml with new overlay stage
* use dropgz/overlay-byocni in acn pr and submodule pipeline
* name overlay clusters for submodule pipeline
* modify dropgz setup
* test ipam + overlay
* use azilium conflist
* add overlay configmap
* add deployment of ip-masq-agent to cluster
* set flag in ip-masq-agent deployment
* update deployment
* configmap creation
* Fix inability to unmarshal nmagent request
During the previous switchover to using the client from the
`nmagent` client (as opposed to the `cns/nmagent` client), an assumption
was made that "proxied" requests to NMAgent were provided by clients as
nested JSON. This assumption was wrong--they are Base64-encoded strings
of JSON. Even though they're ultimately similar, they're very different
from the perspective of the JSON unmarshaler. Consequently, this
restores the nested request body back to a []byte and performs the
second-stage decoding manually (similarly to how it was previously
done).
Fixes#1694
* Fix swallowed error when body is not JSON
In one instance, an error was accidentally swallowed because the
existing code does not return errors (it sets variables instead). This
makes controlling the flow of execution difficult. To fix this, the
offending code has been moved to a separate function where returns can
be used effectively.
* don't apply policy to IP's old pod owner
* fix podkey/ip check
* test case for pod key check
* clarify error message
* fix windows lint and have complete UT coverage of isIPAffiliated
* comment out flaky UT for now
shchen
dependabot[bot]
Evan Baker
Camryn Lee
Hunter Gregory
Timothy J. Raymond
ZetaoZhuang
Paul Johnston
Behzad Mirkhanzadeh
aegal
estebancams
Vamsi Kalapala
Matthew Long