Skip to content

Commit

Permalink
Remove old pre-1.3 migration code
Browse files Browse the repository at this point in the history 
Also removes only use of IMDS vpc-ipv4-cidr-block
  • Loading branch information
@anguslees @mogren
anguslees authored and mogren committed Aug 3, 2020
1 parent cbee9e3 commit d1447ad
Show file tree
Hide file tree
Showing 8 changed files with 16 additions and 112 deletions.
18 changes: 0 additions & 18 deletions pkg/awsutils/awsutils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,6 @@ const (
metadataSGs = "/security-group-ids/"
metadataSubnetID = "/subnet-id/"
metadataVPCcidrs = "/vpc-ipv4-cidr-blocks/"
metadataVPCcidr = "/vpc-ipv4-cidr-block/"
metadataDeviceNum = "/device-number/"
metadataInterface = "/interface-id/"
metadataSubnetCIDR = "/subnet-ipv4-cidr-block"
Expand Down Expand Up @@ -139,9 +138,6 @@ type APIs interface {
// DeallocIPAddresses deallocates the list of IP addresses from a ENI
DeallocIPAddresses(eniID string, ips []string) error

// GetVPCIPv4CIDR returns VPC's 1st CIDR
GetVPCIPv4CIDR() string

// GetVPCIPv4CIDRs returns VPC's CIDRs from instance metadata
GetVPCIPv4CIDRs() []string

Expand Down Expand Up @@ -353,15 +349,6 @@ func (cache *EC2InstanceMetadataCache) initWithEC2Metadata(ctx context.Context)
}
log.Debugf("Found subnet-id: %s ", cache.subnetID)

// retrieve vpc-ipv4-cidr-block
cache.vpcIPv4CIDR, err = cache.ec2Metadata.GetMetadata(metadataMACPath + mac + metadataVPCcidr)
if err != nil {
awsAPIErrInc("GetMetadata", err)
log.Errorf("Failed to retrieve vpc-ipv4-cidr-block from instance metadata service")
return errors.Wrap(err, "get instance metadata: failed to retrieve vpc-ipv4-cidr-block data")
}
log.Debugf("Found vpc-ipv4-cidr-block: %s ", cache.vpcIPv4CIDR)

// retrieve security groups
err = cache.refreshSGIDs(mac)
if err != nil {
Expand Down Expand Up @@ -1339,11 +1326,6 @@ func (cache *EC2InstanceMetadataCache) getFilteredListOfNetworkInterfaces() ([]*
return networkInterfaces, nil
}

// GetVPCIPv4CIDR returns VPC CIDR
func (cache *EC2InstanceMetadataCache) GetVPCIPv4CIDR() string {
return cache.vpcIPv4CIDR
}

// GetVPCIPv4CIDRs returns VPC CIDRs
func (cache *EC2InstanceMetadataCache) GetVPCIPv4CIDRs() []string {
return cache.vpcIPv4CIDRs.SortedList()
Expand Down
27 changes: 0 additions & 27 deletions pkg/awsutils/awsutils_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,6 @@ func TestInitWithEC2metadata(t *testing.T) {
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataInterface).Return(primaryMAC, nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataSGs).Return(sgs, nil).AnyTimes()
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataSubnetID).Return(subnetID, nil).AnyTimes()
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataVPCcidr).Return(vpcCIDR, nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataVPCcidrs).Return(metadataVPCIPv4CIDRs, nil).AnyTimes()

ins := &EC2InstanceMetadataCache{ec2Metadata: mockMetadata}
Expand All @@ -98,33 +97,9 @@ func TestInitWithEC2metadata(t *testing.T) {
assert.Equal(t, ins.primaryENImac, primaryMAC)
assert.Equal(t, len(ins.securityGroups.SortedList()), 2)
assert.Equal(t, subnetID, ins.subnetID)
assert.Equal(t, vpcCIDR, ins.vpcIPv4CIDR)
assert.Equal(t, len(ins.vpcIPv4CIDRs.SortedList()), 2)
}

func TestInitWithEC2metadataVPCcidrErr(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 1*time.Millisecond)
defer cancel()
ctrl, mockMetadata, _ := setup(t)
defer ctrl.Finish()

mockMetadata.EXPECT().GetMetadata(metadataAZ).Return(az, nil)
mockMetadata.EXPECT().GetMetadata(metadataLocalIP).Return(localIP, nil)
mockMetadata.EXPECT().GetMetadata(metadataInstanceID).Return(instanceID, nil)
mockMetadata.EXPECT().GetMetadata(metadataInstanceType).Return(instanceType, nil)
mockMetadata.EXPECT().GetMetadata(metadataMAC).Return(primaryMAC, nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath).Return(primaryMAC, nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataDeviceNum).Return(eni1Device, nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataOwnerID).Return("1234", nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataInterface).Return(primaryMAC, nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataSubnetID).Return(subnetID, nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataVPCcidr).Return(vpcCIDR, errors.New("Error on VPCcidr"))

ins := &EC2InstanceMetadataCache{ec2Metadata: mockMetadata}
err := ins.initWithEC2Metadata(ctx)
assert.Error(t, err)
}

func TestInitWithEC2metadataSubnetErr(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 1*time.Millisecond)
defer cancel()
Expand Down Expand Up @@ -163,7 +138,6 @@ func TestInitWithEC2metadataSGErr(t *testing.T) {
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataOwnerID).Return("1234", nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataInterface).Return(primaryMAC, nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataSubnetID).Return(subnetID, nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataVPCcidr).Return(vpcCIDR, nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataSGs).Return(sgs, errors.New("Error on SG"))

ins := &EC2InstanceMetadataCache{ec2Metadata: mockMetadata}
Expand Down Expand Up @@ -449,7 +423,6 @@ func TestTagEni(t *testing.T) {
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataInterface).Return(primaryMAC, nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataSGs).Return(sgs, nil).AnyTimes()
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataSubnetID).Return(subnetID, nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataVPCcidr).Return(vpcCIDR, nil)
mockMetadata.EXPECT().GetMetadata(metadataMACPath+primaryMAC+metadataVPCcidrs).Return(vpcCIDR, nil).AnyTimes()

ins := &EC2InstanceMetadataCache{ec2Metadata: mockMetadata, ec2SVC: mockEC2}
Expand Down
14 changes: 0 additions & 14 deletions pkg/awsutils/mocks/awsutils_mocks.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 1 addition & 6 deletions pkg/ipamd/ipamd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -338,14 +338,9 @@ func (c *IPAMContext) nodeInit() error {
return err
}

_, vpcCIDR, err := net.ParseCIDR(c.awsClient.GetVPCIPv4CIDR())
if err != nil {
return errors.Wrap(err, "ipamd init: failed to retrieve VPC CIDR")
}

vpcCIDRs := c.awsClient.GetVPCIPv4CIDRs()
primaryIP := net.ParseIP(c.awsClient.GetLocalIPv4())
err = c.networkClient.SetupHostNetwork(vpcCIDR, vpcCIDRs, c.awsClient.GetPrimaryENImac(), &primaryIP)
err = c.networkClient.SetupHostNetwork(vpcCIDRs, c.awsClient.GetPrimaryENImac(), &primaryIP)
if err != nil {
return errors.Wrap(err, "ipamd init: failed to set up host network")
}
Expand Down
4 changes: 1 addition & 3 deletions pkg/ipamd/ipamd_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,13 +100,11 @@ func TestNodeInit(t *testing.T) {
m.awsutils.EXPECT().GetENIipLimit().Return(14, nil)
m.awsutils.EXPECT().GetIPv4sFromEC2(eni1.ENIID).AnyTimes().Return(eni1.IPv4Addresses, nil)
m.awsutils.EXPECT().GetIPv4sFromEC2(eni2.ENIID).AnyTimes().Return(eni2.IPv4Addresses, nil)
m.awsutils.EXPECT().GetVPCIPv4CIDR().Return(vpcCIDR)

_, parsedVPCCIDR, _ := net.ParseCIDR(vpcCIDR)
primaryIP := net.ParseIP(ipaddr01)
m.awsutils.EXPECT().GetVPCIPv4CIDRs().AnyTimes().Return(cidrs)
m.awsutils.EXPECT().GetPrimaryENImac().Return("")
m.network.EXPECT().SetupHostNetwork(parsedVPCCIDR, cidrs, "", &primaryIP).Return(nil)
m.network.EXPECT().SetupHostNetwork(cidrs, "", &primaryIP).Return(nil)

m.awsutils.EXPECT().GetPrimaryENI().AnyTimes().Return(primaryENIid)

Expand Down
8 changes: 4 additions & 4 deletions pkg/networkutils/mocks/network_mocks.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 3 additions & 27 deletions pkg/networkutils/network.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ var log = logger.Get()
// NetworkAPIs defines the host level and the ENI level network related operations
type NetworkAPIs interface {
// SetupNodeNetwork performs node level network configuration
SetupHostNetwork(vpcCIDR *net.IPNet, vpcCIDRs []string, primaryMAC string, primaryAddr *net.IP) error
SetupHostNetwork(vpcCIDRs []string, primaryMAC string, primaryAddr *net.IP) error
// SetupENINetwork performs eni level network configuration
SetupENINetwork(eniIP string, mac string, table int, subnetCIDR string) error
UseExternalSNAT() bool
Expand Down Expand Up @@ -205,22 +205,10 @@ func findPrimaryInterfaceName(primaryMAC string) (string, error) {
}

// SetupHostNetwork performs node level network configuration
func (n *linuxNetwork) SetupHostNetwork(vpcCIDR *net.IPNet, vpcCIDRs []string, primaryMAC string, primaryAddr *net.IP) error {
func (n *linuxNetwork) SetupHostNetwork(vpcCIDRs []string, primaryMAC string, primaryAddr *net.IP) error {
log.Info("Setting up host network... ")

hostRule := n.netLink.NewRule()
hostRule.Dst = vpcCIDR
hostRule.Table = mainRoutingTable
hostRule.Priority = hostRulePriority
hostRule.Invert = true

// Cleanup previous rule first before CNI 1.3
err := n.netLink.RuleDel(hostRule)
if err != nil && !containsNoSuchRule(err) {
log.Errorf("Failed to cleanup old host IP rule: %v", err)
return errors.Wrapf(err, "host network setup: failed to delete old host rule")
}

var err error
primaryIntf := "eth0"
if n.nodePortSupportEnabled {
primaryIntf, err = findPrimaryInterfaceName(primaryMAC)
Expand Down Expand Up @@ -420,18 +408,6 @@ func (n *linuxNetwork) SetupHostNetwork(vpcCIDR *net.IPNet, vpcCIDRs []string, p
},
})

// remove pre-1.3 AWS SNAT rules
iptableRules = append(iptableRules, iptablesRule{
name: fmt.Sprintf("rule for primary address %s", primaryAddr),
shouldExist: false,
table: "nat",
chain: "POSTROUTING",
rule: []string{
"!", "-d", vpcCIDR.String(),
"-m", "comment", "--comment", "AWS, SNAT",
"-m", "addrtype", "!", "--dst-type", "LOCAL",
"-j", "SNAT", "--to-source", primaryAddr.String()}})

for _, rule := range iptableRules {
log.Debugf("execute iptable rule : %s", rule.name)

Expand Down
20 changes: 7 additions & 13 deletions pkg/networkutils/network_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,15 +156,12 @@ func TestSetupHostNetworkNodePortDisabled(t *testing.T) {
mockPrimaryInterfaceLookup(ctrl, mockNetLink)

mockNetLink.EXPECT().LinkSetMTU(gomock.Any(), testMTU).Return(nil)
var hostRule netlink.Rule
mockNetLink.EXPECT().NewRule().Return(&hostRule)
mockNetLink.EXPECT().RuleDel(&hostRule)
var mainENIRule netlink.Rule
mockNetLink.EXPECT().NewRule().Return(&mainENIRule)
mockNetLink.EXPECT().RuleDel(&mainENIRule)

var vpcCIDRs []string
err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, loopback, &testENINetIP)
err := ln.SetupHostNetwork(vpcCIDRs, loopback, &testENINetIP)
assert.NoError(t, err)
}

Expand Down Expand Up @@ -290,7 +287,7 @@ func TestSetupHostNetworkNodePortEnabled(t *testing.T) {

var vpcCIDRs []string

err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, loopback, &testENINetIP)
err := ln.SetupHostNetwork(vpcCIDRs, loopback, &testENINetIP)
assert.NoError(t, err)

assert.Equal(t, map[string]map[string][][]string{
Expand Down Expand Up @@ -359,7 +356,7 @@ func TestSetupHostNetworkWithExcludeSNATCIDRs(t *testing.T) {
mockProcSys.EXPECT().Set("net/ipv4/conf/lo/rp_filter", "2").Return(nil)

vpcCIDRs := []string{"10.10.0.0/16", "10.11.0.0/16"}
err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, loopback, &testENINetIP)
err := ln.SetupHostNetwork(vpcCIDRs, loopback, &testENINetIP)
assert.NoError(t, err)
assert.Equal(t,
map[string]map[string][][]string{
Expand Down Expand Up @@ -411,7 +408,7 @@ func TestSetupHostNetworkCleansUpStaleSNATRules(t *testing.T) {
_ = mockIptables.Append("nat", "POSTROUTING", "-m", "comment", "--comment", "AWS SNAT CHAIN", "-j", "AWS-SNAT-CHAIN-0")

vpcCIDRs := []string{"10.10.0.0/16", "10.11.0.0/16"}
err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, loopback, &testENINetIP)
err := ln.SetupHostNetwork(vpcCIDRs, loopback, &testENINetIP)
assert.NoError(t, err)

assert.Equal(t,
Expand Down Expand Up @@ -464,7 +461,7 @@ func TestSetupHostNetworkExcludedSNATCIDRsIdempotent(t *testing.T) {

// remove exclusions
vpcCIDRs := []string{"10.10.0.0/16", "10.11.0.0/16"}
err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, loopback, &testENINetIP)
err := ln.SetupHostNetwork(vpcCIDRs, loopback, &testENINetIP)
assert.NoError(t, err)

assert.Equal(t,
Expand Down Expand Up @@ -508,7 +505,7 @@ func TestSetupHostNetworkMultipleCIDRs(t *testing.T) {
mockProcSys.EXPECT().Set("net/ipv4/conf/lo/rp_filter", "2").Return(nil)

vpcCIDRs := []string{"10.10.0.0/16", "10.11.0.0/16"}
err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, loopback, &testENINetIP)
err := ln.SetupHostNetwork(vpcCIDRs, loopback, &testENINetIP)
assert.NoError(t, err)
}

Expand Down Expand Up @@ -559,17 +556,14 @@ func TestSetupHostNetworkIgnoringRpFilterUpdate(t *testing.T) {
setupNetLinkMocks(ctrl, mockNetLink)

var vpcCIDRs []string
err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, loopback, &testENINetIP)
err := ln.SetupHostNetwork(vpcCIDRs, loopback, &testENINetIP)
assert.NoError(t, err)
}

func setupNetLinkMocks(ctrl *gomock.Controller, mockNetLink *mock_netlinkwrapper.MockNetLink) {
mockPrimaryInterfaceLookup(ctrl, mockNetLink)
mockNetLink.EXPECT().LinkSetMTU(gomock.Any(), testMTU).Return(nil)

var hostRule netlink.Rule
mockNetLink.EXPECT().NewRule().Return(&hostRule)
mockNetLink.EXPECT().RuleDel(&hostRule)
var mainENIRule netlink.Rule
mockNetLink.EXPECT().NewRule().Return(&mainENIRule)
mockNetLink.EXPECT().RuleDel(&mainENIRule)
Expand Down

0 comments on commit d1447ad

Please sign in to comment.