update iptables

vendor/github.com/containernetworking/cni/libcni/api.go

@@ -69,7 +69,6 @@ type CNI interface {
 	AddNetworkList(ctx context.Context, net *NetworkConfigList, rt *RuntimeConf) (types.Result, error)
 	CheckNetworkList(ctx context.Context, net *NetworkConfigList, rt *RuntimeConf) error
 	DelNetworkList(ctx context.Context, net *NetworkConfigList, rt *RuntimeConf) error
-	GetNetworkListCachedResult(net *NetworkConfigList, rt *RuntimeConf) (types.Result, error)
 
 	AddNetwork(ctx context.Context, net *NetworkConfig, rt *RuntimeConf) (types.Result, error)
 	CheckNetwork(ctx context.Context, net *NetworkConfig, rt *RuntimeConf) error

vendor/github.com/containernetworking/cni/pkg/invoke/args.go

@@ -15,7 +15,6 @@
 package invoke
 
 import (
-	"fmt"
 	"os"
 	"strings"
 )
@@ -23,8 +22,6 @@ import (
 type CNIArgs interface {
 	// For use with os/exec; i.e., return nil to inherit the
 	// environment from this process
-	// For use in delegation; inherit the environment from this
-	// process and allow overrides
 	AsEnv() []string
 }
 
@@ -60,17 +57,17 @@ func (args *Args) AsEnv() []string {
 		pluginArgsStr = stringify(args.PluginArgs)
 	}
 
-	// Duplicated values which come first will be overrided, so we must put the
-	// custom values in the end to avoid being overrided by the process environments.
-	env = append(env,
-		"CNI_COMMAND="+args.Command,
-		"CNI_CONTAINERID="+args.ContainerID,
-		"CNI_NETNS="+args.NetNS,
-		"CNI_ARGS="+pluginArgsStr,
-		"CNI_IFNAME="+args.IfName,
-		"CNI_PATH="+args.Path,
-	)
-	return dedupEnv(env)
+	// Ensure that the custom values are first, so any value present in
+	// the process environment won't override them.
+	env = append([]string{
+		"CNI_COMMAND=" + args.Command,
+		"CNI_CONTAINERID=" + args.ContainerID,
+		"CNI_NETNS=" + args.NetNS,
+		"CNI_ARGS=" + pluginArgsStr,
+		"CNI_IFNAME=" + args.IfName,
+		"CNI_PATH=" + args.Path,
+	}, env...)
+	return env
 }
 
 // taken from rkt/networking/net_plugin.go
@@ -83,46 +80,3 @@ func stringify(pluginArgs [][2]string) string {
 
 	return strings.Join(entries, ";")
 }
-
-// DelegateArgs implements the CNIArgs interface
-// used for delegation to inherit from environments
-// and allow some overrides like CNI_COMMAND
-var _ CNIArgs = &DelegateArgs{}
-
-type DelegateArgs struct {
-	Command string
-}
-
-func (d *DelegateArgs) AsEnv() []string {
-	env := os.Environ()
-
-	// The custom values should come in the end to override the existing
-	// process environment of the same key.
-	env = append(env,
-		"CNI_COMMAND="+d.Command,
-	)
-	return dedupEnv(env)
-}
-
-// dedupEnv returns a copy of env with any duplicates removed, in favor of later values.
-// Items not of the normal environment "key=value" form are preserved unchanged.
-func dedupEnv(env []string) []string {
-	out := make([]string, 0, len(env))
-	envMap := map[string]string{}
-
-	for _, kv := range env {
-		// find the first "=" in environment, if not, just keep it
-		eq := strings.Index(kv, "=")
-		if eq < 0 {
-			out = append(out, kv)
-			continue
-		}
-		envMap[kv[:eq]] = kv[eq+1:]
-	}
-
-	for k, v := range envMap {
-		out = append(out, fmt.Sprintf("%s=%s", k, v))
-	}
-
-	return out
-}

vendor/github.com/containernetworking/cni/pkg/invoke/delegate.go

@@ -16,17 +16,22 @@ package invoke
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"path/filepath"
 
 	"github.com/containernetworking/cni/pkg/types"
 )
 
-func delegateCommon(delegatePlugin string, exec Exec) (string, Exec, error) {
+func delegateCommon(expectedCommand, delegatePlugin string, exec Exec) (string, Exec, error) {
 	if exec == nil {
 		exec = defaultExec
 	}
 
+	if os.Getenv("CNI_COMMAND") != expectedCommand {
+		return "", nil, fmt.Errorf("CNI_COMMAND is not " + expectedCommand)
+	}
+
 	paths := filepath.SplitList(os.Getenv("CNI_PATH"))
 	pluginPath, err := exec.FindInPath(delegatePlugin, paths)
 	if err != nil {
@@ -39,42 +44,32 @@ func delegateCommon(delegatePlugin string, exec Exec) (string, Exec, error) {
 // DelegateAdd calls the given delegate plugin with the CNI ADD action and
 // JSON configuration
 func DelegateAdd(ctx context.Context, delegatePlugin string, netconf []byte, exec Exec) (types.Result, error) {
-	pluginPath, realExec, err := delegateCommon(delegatePlugin, exec)
+	pluginPath, realExec, err := delegateCommon("ADD", delegatePlugin, exec)
 	if err != nil {
 		return nil, err
 	}
 
-	// DelegateAdd will override the original "CNI_COMMAND" env from process with ADD
-	return ExecPluginWithResult(ctx, pluginPath, netconf, delegateArgs("ADD"), realExec)
+	return ExecPluginWithResult(ctx, pluginPath, netconf, ArgsFromEnv(), realExec)
 }
 
 // DelegateCheck calls the given delegate plugin with the CNI CHECK action and
 // JSON configuration
 func DelegateCheck(ctx context.Context, delegatePlugin string, netconf []byte, exec Exec) error {
-	pluginPath, realExec, err := delegateCommon(delegatePlugin, exec)
+	pluginPath, realExec, err := delegateCommon("CHECK", delegatePlugin, exec)
 	if err != nil {
 		return err
 	}
 
-	// DelegateCheck will override the original CNI_COMMAND env from process with CHECK
-	return ExecPluginWithoutResult(ctx, pluginPath, netconf, delegateArgs("CHECK"), realExec)
+	return ExecPluginWithoutResult(ctx, pluginPath, netconf, ArgsFromEnv(), realExec)
 }
 
 // DelegateDel calls the given delegate plugin with the CNI DEL action and
 // JSON configuration
 func DelegateDel(ctx context.Context, delegatePlugin string, netconf []byte, exec Exec) error {
-	pluginPath, realExec, err := delegateCommon(delegatePlugin, exec)
+	pluginPath, realExec, err := delegateCommon("DEL", delegatePlugin, exec)
 	if err != nil {
 		return err
 	}
 
-	// DelegateDel will override the original CNI_COMMAND env from process with DEL
-	return ExecPluginWithoutResult(ctx, pluginPath, netconf, delegateArgs("DEL"), realExec)
-}
-
-// return CNIArgs used by delegation
-func delegateArgs(action string) *DelegateArgs {
-	return &DelegateArgs{
-		Command: action,
-	}
+	return ExecPluginWithoutResult(ctx, pluginPath, netconf, ArgsFromEnv(), realExec)
 }