* v2 profile (with azure chain first) and v1 profile for both chain positions
* disable pprof and remove chain placement toggle for v2
* parallelize cyclonus tests for multiple NPM profiles
* rename things and try 2 different profiles run in parallel
* update v2 toggle name in profiles
* remove v2 cyclonus test and add one for placing azure chain first (v1)
* added dsr changes for windows
* fixed lint and added unit test
removed unused error
* skip adding dsr policy for hnsv1
* addressed comments
lint fix
* fixed windows uts
* [NPM] Expanding HNS fake usage with internal state
* adding some test cases for windows DP
* adding some test cases for windows DP
* Correcting some issues with windows DP
* Splitting each modify call into two, one for 1st level sets and another for nested sets
* Fixing a build issue in linux
* Enhancing windows ipset tests
* Adding ipset mgr windows tests
* fixing a build issue
* Adding in ACL verify code
* addressing some lint issues
* addressing some lint issues
* removing apply ipset in generic ipsetMgr tests
* fixing a build issue with windows
* fixing windows build issue
* Update codes to enable V2 NPM
* Deleted dead codes (if we want to keep it, please let me know)
* Update azure-npm.yaml to add toggle parameters
* Fix incorrect call for v2 NPM
* fix: for prometheus ResetIPSetEntries & feat: reset ipsets in NPM v2
* add note about difference in prometheus metrics in v1 vs v2, and strengthen a UT
* add comment to delegate prometheus metrics from generic ipsetmanager to OS-specific ones
* fix UT for dataplane_test.go and fix lint
* rename variables based on suggestions
* switch to unnamed return values (will throw a go lint error)
* Minor fixes (does not change functions, but for maintanance)
* Reorganizes codes
* Address lint warning
* Resolve compile error by removing ICMP related codes in windows
* Handle 0.0.0.0/0 ipblock and duplicated elements in except field
* Update v1 as well and remove unneeded comments
* Address comments (reoganize UTs and except handler in dataplane)
* Format except cidr for better handling and updated UTs accordingly
* cleanup old policy chains and reboot iptables chains when there are no more policies
* remove get prefix for all functions per junguks feedback
* clean up code for port specs and fix a lint
* address comments
* remove stop channel in OS-specific reconcile
* move policy methods to policy_linux.go
* add comments based on suggestions
* fix build issue: move a constant from linux file to generic file
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* put jump from forward to azure-npm chain above the one to kube-services
* update unit test
* add toggle for chain position
* incorporate toggle in iptm and update UTs. v1 controller tests seem broken
* rename toggle name
* jump to azure chain on new ct state and update default toggle (UTs will break)
* make util constant for UTs and fix UT errors (besides ones I get for controllers)
* added missing module args for ctstate NEW
* reconcile jump to azure chain at top
* delete deprecated jump to azure chain on uninit, and fix go lint
* assign correct default toggle value
* addressed comments
* fix UTs after removing index 1 for placing chain first. Also make all tests subtests for check and add forward chain
* set PlaceAzureChainFirst: true
* switch to correct default for PlaceAzureChainFirst
* use ipset save to update members and update error handling logic for ipsets to skip previously run lines. Also update some logging for iptables chain management
* remove unused code
* add comment block describing high level ipset restore logic
* fix bug in piping to grep. need to add pipe errors for fexec UTs so that we dont revert on dataplane UTs
* grep for npm sets working for ipsets save, but this breaks DP UTs
* VerifyCalls method for mock ioshim
* add ability to unit test piped commands
* update logging
* UTs for piping a command to grep
* grep for npm sets in ipset save, verify number of calls in UTs, and update ApplyIPSets test calls for dataplane UTs
* update comments based on PR suggestions
* addressing comments
* remove out-of-scope policy changes for this PR
* rename restore file creator files
* FIXME: setting v2 controllers toggle to true to create an image in pipeline
* Revert "FIXME: setting v2 controllers toggle to true to create an image in pipeline"
This reverts commit 31148c3034.
* wrap errors
* Generallize function for ingress and egress
* Use function to support both ingress and egress and update UTs
* Simplify UTs and correct comments
* Add more comments and correct policies.MatchType
* Reorganize codes to better understand and simplify UTs
* Addresses comments (e.g., fix typo and correct wrong comments)
* Address comments (e.g., srcList and dstList) and correct MatchType values
* Address comments (fromRulesExists -> peerRuleExists)
* Delete unneeded codes for podSelector and update UTs
* Delete unneeded codes for nameSpaceSelector and UTs
* Delete unneeded codes in parseSelector
* Use nil slices instead of zero slices for TranslatedIPSet from namespaceSelector
* Use Variadic functions in NewTranslatedIPSet to use nil slice instead of empty slice and update UTs accordingly
* Use right settype for all-namespaces
* no export for flattenNameSpaceSelector function in parseSelector (vamsi's comments)
* Add comments for package and functions
* Handle namespaceSelector in simple way and remove unnecessary code for ipBlock field
* Translate podSelector in a simple way and update its UTs.
* Use parsedSelectors struct to reduce duplicated codes and update comments
* Address lint errors and add missing comments
* Correct comments
* Addressed comments
* Use correct settype for all-namespaces
* Address comments
* Addressed comments
* Support graceful shutdown in pod
* Update detailed comments and cleaning up codes
* Add Unit tests
* Address lint errors
* Address comments
* Addressed comment and add UTs
* adding a legacy build command
* Adding all v2 controller test files
* v2 podcontroller changes
* completing all pod v2 controllers uts
* Adding netpol v2 controller UTs
* Removing unused make file command
* Fixing lints and correcting a test case
* Fixing an error in expected values
* dealing with flaky tests
* Fixing an issue with HCN vendor, until we wait for the fix to be rolled out
* Addressing some comments
* Removing addPolicy call and relying on updatepolicy
* Saving only spec of netpol and not whole object
* changing name of rawNPMap to rawNPSpecMap
* changing name of rawNPMap to rawNPSpecMap
* Deep equal type for spec was not equal corrected the pointers
* Deep equal type for spec was not equal corrected the pointers
* added lockedfileapi support for CNI
* fixed interface changes
* addressed comments
fixed ut
* addressed comments
* fixed copy to buffer part in writer api
* fixed copy to buffer part in writer api
* keeping old code not changing it.
* Create generic translation struct and start using it networkPolicyController
* Update ipsm to get more information from NPMCache
* Working on translateIngress part and its UTs
* Done functions of Translate ingress rule (need to add UTs to test its functions and clean up codes)
* Use function for repeated codes
* Cleanup UTs
* Remove all unused codes in this PR except for ingress rules
* Create functions to make codes concise and reorganize ipsets for better readability
* Remove duplicated data for targetPod information in every ACL
* Move translation logics to /pkg/controlplane/translation dir
* Remove redundant codes and resolved some of lint errors
* Resolve lint errors and remove unused codes in parseSelector and its UTs
* Use unique id for acl policy among network policies and add UTs for port rules
* Addresses some comments (will resolve more later)
* Complete namespaceSelector UTs and correct some logics for handling namespaceSelector
* Use consistent variables and variable for flexibility in UTs
* Add more UTs for allowAll and defaultDrop rules and clean-up codes
* Remove unused codes
* Resolve lint errors
* Clean-up and reorganize codes
* Revert "Update ipsm to get more information from NPMCache"
This reverts commit 477bbaf43d56a6535f5cc035dfe15d5b6035647a.
* Address comments
* Resolve part of lint errors
* Add comments for todo things in next PR
* Delete unused file and clean-up code
* Fix Uts
* Remove unnecessary code
* feat: policy manager for linux
* remove composer from this PR (saving progress on my local machine)
* redesign iptables, rework/complete UTs
* use strings instead of constants in UTs
* fixed go lints
* fixed bug found in integration testing
* added integration tests for policymanager (should replace with dataplane interface calls later)
* rearrange UTs, add extra coverage for chain management, and fix bug for reporting error on chain destroy failures
* rename variable
* fixed lint (removed newline)
* update errors in policymanager and add an error in linux pMgr if we cant delete jump rules from ingress/egress chain to policy chain
* fix tiny lint
* address comments, update UTs in dataplane_test.go, update error wrapping, add windows UT files
* address more feedback and fix DP UTs by commenting out pMgr init/reset for now
* add comment
* [NPM] Windows Policy Manager changes for OS22
* Adding new NPM ACLSettings with ID
* first pass on both add and remove policies
* fixing a merge issue
* Working 1st level Setpolicy CRUD operations
* have NPMACl to HNSACL conversion logic ready
* updating policy endpoints only after adding policy to an endpoint
* updating policy endpoints only after adding policy to an endpoint
* fixing a build issue
* fixing issue in linux files
* Addressing some comments and also completing some integrations with V2 control plane
* Updating policy ID logic and update pod
* Updating policy ID logic and update pod
* Addressing some comments
* adding basic reset bits
* fixnig build issue in linux
* Fixing the _linux_test.go build failures
* fix lints
* Addressing some comments and correcting windows logic to apply set policies in order
* cleaning up logic for calculating set policies
* Applying some feedback.
* fixing a failing test and panic
Mathew Merrick
Hunter Gregory
Matthew Long
Evan Baker
tamilmani1989
Vamsi Kalapala
Paul Johnston
JungukCho
Eng Zer Jun
Paul Miller
Jaeryn