vendor: Bump hcsshim to 0.9.0

This change bumps hcsshim to 0.9.0. Main thing this tag contains is support for Kubernetes Host Process containers See: https://kubernetes.io/docs/tasks/configure-pod-container/create-hostprocess-pod/ Signed-off-by: Daniel Canter <dcanter@microsoft.com>
2021-10-07 20:56:16 -07:00
parent e648fa2e81
commit 46b152f81b
63 changed files with 1413 additions and 361 deletions
--- a/vendor/github.com/Microsoft/hcsshim/hcn/hcn.go
+++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcn.go
@@ -122,7 +122,7 @@ func defaultQuery() HostComputeQuery {

 // PlatformDoesNotSupportError happens when users are attempting to use a newer shim on an older OS
 func platformDoesNotSupportError(featureName string) error {
-	return fmt.Errorf("Platform does not support feature %s", featureName)
+	return fmt.Errorf("platform does not support feature %s", featureName)
 }

 // V2ApiSupported returns an error if the HCN version does not support the V2 Apis.
@@ -288,6 +288,30 @@ func TierAclPolicySupported() error {
 	return platformDoesNotSupportError("TierAcl")
 }

+// NetworkACLPolicySupported returns an error if the HCN version does not support NetworkACLPolicy
+func NetworkACLPolicySupported() error {
+	supported, err := GetCachedSupportedFeatures()
+	if err != nil {
+		return err
+	}
+	if supported.NetworkACL {
+		return nil
+	}
+	return platformDoesNotSupportError("NetworkACL")
+}
+
+// NestedIpSetSupported returns an error if the HCN version does not support NestedIpSet
+func NestedIpSetSupported() error {
+	supported, err := GetCachedSupportedFeatures()
+	if err != nil {
+		return err
+	}
+	if supported.NestedIpSet {
+		return nil
+	}
+	return platformDoesNotSupportError("NestedIpSet")
+}
+
 // RequestType are the different operations performed to settings.
 // Used to update the settings of Endpoint/Namespace objects.
 type RequestType string
--- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go
+++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go
@@ -76,6 +76,12 @@ var (

 	//HNS 14.0 allows for TierAcl Policy support
 	TierAclPolicyVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 14, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
+
+	//HNS 15.0 allows for NetworkACL Policy support
+	NetworkACLPolicyVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 15, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
+
+	//HNS 15.0 allows for NestedIpSet support
+	NestedIpSetVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 15, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}}
 )

 // GetGlobals returns the global properties of the HCN Service.
@@ -105,7 +111,7 @@ func hnsCall(method, path, request string, returnResponse interface{}) error {

 	err := _hnsCall(method, path, request, &responseBuffer)
 	if err != nil {
-		return hcserror.New(err, "hnsCall ", "")
+		return hcserror.New(err, "hnsCall", "")
 	}
 	response := interop.ConvertAndFreeCoTaskMemString(responseBuffer)

--- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go
+++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go
@@ -50,6 +50,7 @@ const (
 	SetPolicy           NetworkPolicyType = "SetPolicy"
 	NetworkL4Proxy      NetworkPolicyType = "L4Proxy"
 	LayerConstraint     NetworkPolicyType = "LayerConstraint"
+	NetworkACL          NetworkPolicyType = "NetworkACL"
 )

 // NetworkPolicy is a collection of Policy settings for a Network.
@@ -132,7 +133,7 @@ type AclPolicySetting struct {
 	RemotePorts     string        `json:",omitempty"`
 	RuleType        RuleType      `json:",omitempty"`
 	Priority        uint16        `json:",omitempty"`
-}
+} 

 // QosPolicySetting sets Quality of Service bandwidth caps on an Endpoint.
 type QosPolicySetting struct {
@@ -154,6 +155,19 @@ type SDNRoutePolicySetting struct {
 	NeedEncap         bool   `json:",omitempty"`
 }

+// NetworkACLPolicySetting creates ACL rules on a network
+type NetworkACLPolicySetting struct {
+	Protocols       string        `json:",omitempty"` // EX: 6 (TCP), 17 (UDP), 1 (ICMPv4), 58 (ICMPv6), 2 (IGMP)
+	Action          ActionType    `json:","`
+	Direction       DirectionType `json:","`
+	LocalAddresses  string        `json:",omitempty"`
+	RemoteAddresses string        `json:",omitempty"`
+	LocalPorts      string        `json:",omitempty"`
+	RemotePorts     string        `json:",omitempty"`
+	RuleType        RuleType      `json:",omitempty"`
+	Priority        uint16        `json:",omitempty"`
+} 
+
 // FiveTuple is nested in L4ProxyPolicySetting  for WFP support.
 type FiveTuple struct {
 	Protocols       string `json:",omitempty"`
@@ -271,6 +285,7 @@ type SetPolicyType string

 const (
 	SetPolicyTypeIpSet SetPolicyType = "IPSET"
+	SetPolicyTypeNestedIpSet SetPolicyType = "NESTEDIPSET"
 )

 // SetPolicySetting creates IPSets on network
@@ -305,7 +320,7 @@ type L4ProxyPolicySetting struct {
 	Protocol    ProtocolType `json:",omitempty"`
 	Exceptions  []string     `json:",omitempty"`
 	Destination string
-	OutboundNAT bool `json:",omitempty"`
+	OutboundNAT bool         `json:",omitempty"`
 }

 // TierAclRule represents an ACL within TierAclPolicySetting
--- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnroute.go
+++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnroute.go
@@ -137,7 +137,7 @@ func AddRoute(endpoints []HostComputeEndpoint, destinationPrefix string, nextHop
 	logrus.Debugf("hcn::HostComputeRoute::AddRoute endpointId=%v, destinationPrefix=%v, nextHop=%v, needEncapsulation=%v", endpoints, destinationPrefix, nextHop, needEncapsulation)

 	if len(endpoints) <= 0 {
-		return nil, errors.New("Missing endpoints")
+		return nil, errors.New("missing endpoints")
 	}

 	route := &HostComputeRoute{
--- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go
+++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go
@@ -32,6 +32,8 @@ type SupportedFeatures struct {
 	L4Proxy                  bool        `json:"L4Proxy"`    // network policy that applies VFP rules to all endpoints on the network to redirect traffic
 	L4WfpProxy               bool        `json:"L4WfpProxy"` // endpoint policy that applies WFP filters to redirect traffic to/from that endpoint
 	TierAcl                  bool        `json:"TierAcl"`
+	NetworkACL               bool        `json:"NetworkACL"`
+	NestedIpSet              bool        `json:"NestedIpSet"`
 }

 // AclFeatures are the supported ACL possibilities.
@@ -107,6 +109,8 @@ func getSupportedFeatures() (SupportedFeatures, error) {
 	features.L4Proxy = isFeatureSupported(globals.Version, L4ProxyPolicyVersion)
 	features.L4WfpProxy = isFeatureSupported(globals.Version, L4WfpProxyPolicyVersion)
 	features.TierAcl = isFeatureSupported(globals.Version, TierAclPolicyVersion)
+	features.NetworkACL = isFeatureSupported(globals.Version, NetworkACLPolicyVersion)
+	features.NestedIpSet = isFeatureSupported(globals.Version, NestedIpSetVersion)

 	logrus.WithFields(logrus.Fields{
 		"version":           fmt.Sprintf("%+v", globals.Version),