Update calico lib

fix struct definition error in v3

Signed-off-by: Duan Jiong <djduanjiong@gmail.com>

vendor/github.com/projectcalico/libcalico-go/lib/apis/v3/globalnetworkpolicy.go

@@ -90,7 +90,7 @@ type GlobalNetworkPolicySpec struct {
 	// 	type in {"frontend", "backend"}
 	// 	deployment != "dev"
 	// 	! has(label_name)
-	Selector string `json:"selector,omitempty" validate:"selector"`
+	Selector string `json:"selector" validate:"selector"`
 	// Types indicates whether this policy applies to ingress, or to egress, or to both.  When
 	// not explicitly specified (and so the value on creation is empty or nil), Calico defaults
 	// Types according to what Ingress and Egress rules are present in the policy.  The

vendor/github.com/projectcalico/libcalico-go/lib/apis/v3/ipam_block.go

@@ -43,7 +43,7 @@ type IPAMBlockSpec struct {
 	Allocations    []*int                `json:"allocations"`
 	Unallocated    []int                 `json:"unallocated"`
 	Attributes     []AllocationAttribute `json:"attributes"`
-	Deleted        bool                  `json:"deleted`
+	Deleted        bool                  `json:"deleted"`
 }
 
 type AllocationAttribute struct {

vendor/github.com/projectcalico/libcalico-go/lib/apis/v3/networkpolicy.go

@@ -71,7 +71,7 @@ type NetworkPolicySpec struct {
 	// 	type in {"frontend", "backend"}
 	// 	deployment != "dev"
 	// 	! has(label_name)
-	Selector string `json:"selector,omitempty" validate:"selector"`
+	Selector string `json:"selector" validate:"selector"`
 	// Types indicates whether this policy applies to ingress, or to egress, or to both.  When
 	// not explicitly specified (and so the value on creation is empty or nil), Calico defaults
 	// Types according to what Ingress and Egress are present in the policy.  The

vendor/github.com/projectcalico/libcalico-go/lib/backend/k8s/conversion/conversion.go

@@ -535,15 +535,45 @@ func (c Converter) k8sRuleToCalico(rPeers []networkingv1.NetworkPolicyPeer, rPor
 		ports = []*networkingv1.NetworkPolicyPort{nil}
 	}
 
-	// Combine destinations with sources to generate rules.
-	// TODO: This currently creates a lot of rules by making every combination of from / ports
-	// into a rule.  We can combine these so that we don't need as many rules!
+	protocolPorts := map[string][]numorstring.Port{}
+
 	for _, port := range ports {
 		protocol, calicoPorts, err := c.k8sPortToCalicoFields(port)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse k8s port: %s", err)
 		}
 
+		// These are either both present or both nil
+		if protocol == nil && calicoPorts == nil {
+			// If nil, no ports were specified, or an empty port struct was provided, which we translate to allowing all.
+			// We want to use a nil protocol and a nil list of ports, which will allow any destination (for ingress).
+			// Given we're gonna allow all, we may as well break here and keep only this rule
+			protocolPorts = map[string][]numorstring.Port{"": nil}
+			break
+		}
+
+		pStr := protocol.String()
+		protocolPorts[pStr] = append(protocolPorts[pStr], calicoPorts...)
+	}
+
+	protocols := make([]string, 0, len(protocolPorts))
+	for k := range protocolPorts {
+		protocols = append(protocols, k)
+	}
+	// Ensure deterministic output
+	sort.Strings(protocols)
+
+	// Combine destinations with sources to generate rules. We generate one rule per protocol,
+	// with each rule containing all the allowed ports.
+	for _, protocolStr := range protocols {
+		calicoPorts := protocolPorts[protocolStr]
+
+		var protocol *numorstring.Protocol
+		if protocolStr != "" {
+			p := numorstring.ProtocolFromString(protocolStr)
+			protocol = &p
+		}
+
 		for _, peer := range peers {
 			selector, nsSelector, nets, notNets := c.k8sPeerToCalicoFields(peer, ns)
 			if ingress {

vendor/github.com/projectcalico/libcalico-go/lib/backend/model/block.go

@@ -120,7 +120,7 @@ func (b *AllocationBlock) IsDeleted() bool {
 
 func (b *AllocationBlock) Host() string {
 	if b.Affinity != nil && strings.HasPrefix(*b.Affinity, "host:") {
-		return strings.TrimPrefix(*b.Affinity, "host:")
+		return strings.TrimLeft(*b.Affinity, "host:")
 	}
 	return ""
 }