api,adaptation,generate: allow adjusting linux net devices.

Allow adding and removing container linux net devices.

Signed-off-by: Krisztian Litkey <[email protected]>

Author: klihub

pkg/adaptation/adaptation_suite_test.go

@@ -508,6 +508,17 @@ var _ = Describe("Plugin container creation adjustments", func() {
 				},
 			)
 
+		case "linux net device":
+			if overwrite {
+				a.RemoveLinuxNetDevice("hostIf")
+			}
+			a.AddLinuxNetDevice(
+				"hostIf",
+				&api.LinuxNetDevice{
+					Name: "containerIf",
+				},
+			)
+
 		case "resources/cpu":
 			a.SetLinuxCPUShares(123)
 			a.SetLinuxCPUQuota(456)
@@ -693,6 +704,17 @@ var _ = Describe("Plugin container creation adjustments", func() {
 					},
 				},
 			),
+			Entry("adjust linux net devices", "linux net device",
+				&api.ContainerAdjustment{
+					Linux: &api.LinuxContainerAdjustment{
+						NetDevices: map[string]*api.LinuxNetDevice{
+							"hostIf": {
+								Name: "containerIf",
+							},
+						},
+					},
+				},
+			),
 			Entry("adjust CPU resources", "resources/cpu",
 				&api.ContainerAdjustment{
 					Linux: &api.LinuxContainerAdjustment{
@@ -914,6 +936,19 @@ var _ = Describe("Plugin container creation adjustments", func() {
 				},
 			),
 			Entry("adjust resources", "resources/classes", false, true, nil),
+			Entry("adjust linux net devices", "linux net device", true, false,
+				&api.ContainerAdjustment{
+					Linux: &api.LinuxContainerAdjustment{
+						NetDevices: map[string]*api.LinuxNetDevice{
+							"-hostIf": nil,
+							"hostIf": {
+								Name: "containerIf",
+							},
+						},
+					},
+				},
+			),
+			Entry("adjust linux net devices (conflicts)", "linux net device", false, true, nil),
 		)
 	})
 
@@ -2055,7 +2090,9 @@ func stripLinuxAdjustment(a *api.ContainerAdjustment) {
 	}
 	stripLinuxDevices(a)
 	a.Linux.Resources = stripLinuxResources(a.Linux.Resources)
-	if a.Linux.Devices == nil && a.Linux.Resources == nil && a.Linux.CgroupsPath == "" {
+	stripLinuxNetDevices(a)
+	if a.Linux.Devices == nil && a.Linux.Resources == nil && a.Linux.CgroupsPath == "" &&
+		a.Linux.OomScoreAdj == nil && a.Linux.NetDevices == nil {
 		a.Linux = nil
 	}
 }
@@ -2066,6 +2103,12 @@ func stripLinuxDevices(a *api.ContainerAdjustment) {
 	}
 }
 
+func stripLinuxNetDevices(a *api.ContainerAdjustment) {
+	if len(a.Linux.NetDevices) == 0 {
+		a.Linux.NetDevices = nil
+	}
+}
+
 func stripCDIDevices(a *api.ContainerAdjustment) {
 	if len(a.CDIDevices) == 0 {
 		a.CDIDevices = nil

pkg/adaptation/api.go

@@ -82,6 +82,7 @@ type (
 	LinuxMemory              = api.LinuxMemory
 	LinuxDevice              = api.LinuxDevice
 	LinuxDeviceCgroup        = api.LinuxDeviceCgroup
+	LinuxNetDevice           = api.LinuxNetDevice
 	CDIDevice                = api.CDIDevice
 	HugepageLimit            = api.HugepageLimit
 	Hooks                    = api.Hooks

pkg/adaptation/result.go

@@ -80,6 +80,9 @@ func collectCreateContainerResult(request *CreateContainerRequest) *result {
 	if request.Container.Linux.Resources.Unified == nil {
 		request.Container.Linux.Resources.Unified = map[string]string{}
 	}
+	if request.Container.Linux.NetDevices == nil {
+		request.Container.Linux.NetDevices = map[string]*LinuxNetDevice{}
+	}
 
 	return &result{
 		request: resultRequest{
@@ -101,6 +104,7 @@ func collectCreateContainerResult(request *CreateContainerRequest) *result {
 						HugepageLimits: []*HugepageLimit{},
 						Unified:        map[string]string{},
 					},
+					NetDevices: map[string]*LinuxNetDevice{},
 				},
 			},
 		},
@@ -223,6 +227,9 @@ func (r *result) adjust(rpl *ContainerAdjustment, plugin string) error {
 		if err := r.adjustOomScoreAdj(rpl.Linux.OomScoreAdj, plugin); err != nil {
 			return err
 		}
+		if err := r.adjustLinuxNetDevices(rpl.Linux.NetDevices, plugin); err != nil {
+			return err
+		}
 	}
 	if err := r.adjustRlimits(rpl.Rlimits, plugin); err != nil {
 		return err
@@ -777,6 +784,41 @@ func (r *result) adjustRlimits(rlimits []*POSIXRlimit, plugin string) error {
 	return nil
 }
 
+func (r *result) adjustLinuxNetDevices(devices map[string]*LinuxNetDevice, plugin string) error {
+	if len(devices) == 0 {
+		return nil
+	}
+
+	create, id := r.request.create, r.request.create.Container.Id
+	del := map[string]struct{}{}
+	for k := range devices {
+		if key, marked := IsMarkedForRemoval(k); marked {
+			del[key] = struct{}{}
+			delete(devices, k)
+		}
+	}
+
+	for k, v := range devices {
+		if _, ok := del[k]; ok {
+			r.owners.clearLinuxNetDevice(id, k)
+			delete(create.Container.Linux.NetDevices, k)
+			r.reply.adjust.Linux.NetDevices[MarkForRemoval(k)] = nil
+		}
+		if err := r.owners.claimLinuxNetDevice(id, k, plugin); err != nil {
+			return err
+		}
+		create.Container.Linux.NetDevices[k] = v
+		r.reply.adjust.Linux.NetDevices[k] = v
+		delete(del, k)
+	}
+
+	for k := range del {
+		r.reply.adjust.Linux.NetDevices[MarkForRemoval(k)] = nil
+	}
+
+	return nil
+}
+
 func (r *result) updateResources(reply, u *ContainerUpdate, plugin string) error {
 	if u.Linux == nil || u.Linux.Resources == nil {
 		return nil
@@ -1004,6 +1046,7 @@ type owners struct {
 	cgroupsPath         string
 	oomScoreAdj         string
 	rlimits             map[string]string
+	linuxNetDevices     map[string]string
 }
 
 func (ro resultOwners) ownersFor(id string) *owners {
@@ -1131,6 +1174,10 @@ func (ro resultOwners) claimRlimits(id, typ, plugin string) error {
 	return ro.ownersFor(id).claimRlimit(typ, plugin)
 }
 
+func (ro resultOwners) claimLinuxNetDevice(id, key, plugin string) error {
+	return ro.ownersFor(id).claimLinuxNetDevice(key, plugin)
+}
+
 func (o *owners) claimAnnotation(key, plugin string) error {
 	if o.annotations == nil {
 		o.annotations = make(map[string]string)
@@ -1388,6 +1435,17 @@ func (o *owners) claimOomScoreAdj(plugin string) error {
 	return nil
 }
 
+func (o *owners) claimLinuxNetDevice(key, plugin string) error {
+	if o.linuxNetDevices == nil {
+		o.linuxNetDevices = make(map[string]string)
+	}
+	if other, taken := o.linuxNetDevices[key]; taken {
+		return conflict(plugin, other, "linux net device", key)
+	}
+	o.linuxNetDevices[key] = plugin
+	return nil
+}
+
 func (ro resultOwners) clearAnnotation(id, key string) {
 	ro.ownersFor(id).clearAnnotation(key)
 }
@@ -1408,6 +1466,10 @@ func (ro resultOwners) clearArgs(id string) {
 	ro.ownersFor(id).clearArgs()
 }
 
+func (ro resultOwners) clearLinuxNetDevice(id, key string) {
+	ro.ownersFor(id).clearLinuxNetDevice(key)
+}
+
 func (o *owners) clearAnnotation(key string) {
 	if o.annotations == nil {
 		return
@@ -1440,6 +1502,13 @@ func (o *owners) clearArgs() {
 	o.args = ""
 }
 
+func (o *owners) clearLinuxNetDevice(key string) {
+	if o.linuxNetDevices == nil {
+		return
+	}
+	delete(o.linuxNetDevices, key)
+}
+
 func conflict(plugin, other, subject string, qualif ...string) error {
 	return fmt.Errorf("plugins %q and %q both tried to set %s",
 		plugin, other, strings.Join(append([]string{subject}, qualif...), " "))

pkg/api/adjustment.go

@@ -147,6 +147,24 @@ func (a *ContainerAdjustment) AddCDIDevice(d *CDIDevice) {
 	a.CDIDevices = append(a.CDIDevices, d) // TODO: should we dup d here ?
 }
 
+// AddLinuxNetDevice records the addition of the given network device to a container.
+func (a *ContainerAdjustment) AddLinuxNetDevice(hostDev string, d *LinuxNetDevice) {
+	if d == nil {
+		return
+	}
+	a.initLinuxNetDevices()
+	a.Linux.NetDevices[hostDev] = d
+}
+
+// RemoveNetLinuxDevice records the removal of a network device from a container.
+// Normally it is an error for a plugin to try and alter a network device
+// touched by another container. However, this is not an error if
+// the plugin removes that device prior to touching it.
+func (a *ContainerAdjustment) RemoveLinuxNetDevice(hostDev string) {
+	a.initLinuxNetDevices()
+	a.Linux.NetDevices[MarkForRemoval(hostDev)] = nil
+}
+
 // SetLinuxMemoryLimit records setting the memory limit for a container.
 func (a *ContainerAdjustment) SetLinuxMemoryLimit(value int64) {
 	a.initLinuxResourcesMemory()
@@ -345,3 +363,10 @@ func (a *ContainerAdjustment) initLinuxResourcesUnified() {
 		a.Linux.Resources.Unified = make(map[string]string)
 	}
 }
+
+func (a *ContainerAdjustment) initLinuxNetDevices() {
+	a.initLinux()
+	if a.Linux.NetDevices == nil {
+		a.Linux.NetDevices = make(map[string]*LinuxNetDevice)
+	}
+}