Fix networkpolicy related antctl commands #6487
Conversation
|
Sample output: |
pkg/antctl/antctl.go
Outdated
| @@ -399,9 +400,14 @@ $ antctl get podmulticaststats pod -n namespace`, | |||
| }, | |||
| { | |||
| name: "networkpolicy", | |||
| usage: "NetworkPolicy name. If present, Namespace must be provided.", | |||
| usage: "NetworkPolicy name. If present, type must be provided. Namespace must be provided for non-cluster-scoped policy types.", | |||
There was a problem hiding this comment.
If present, type must be provided
So with the latest version, there is no way to enforce that?
There was a problem hiding this comment.
If accommodating for the missing policy type in the API is too cumbersome, I think it is ok to just require the policy type unconditionally at the API level. This is an Agent-specific API, which means it is hard to consume directly without executing antctl in the Agent Pod. I think it generally makes sense to strive to preserve backwards-compatibility, even for this API, but not if it means adding too much complexity (considering that again this is an Agent-specific API, only used for advanced troubleshooting and as far as we know exclusively consumed via antctl).
There was a problem hiding this comment.
In the latest version I've updated the logic so that 1. type is not strictly required, just like before 2. if a type is provided, validation on whether that type requires a namespace is performed 3. if there's ambiguity, a BadRequest will be returned
Dyanngg
force-pushed
the
antctl-np-fix
branch
2 times, most recently
from
e753804
to
14ff27d
Compare
Dyanngg
force-pushed
the
antctl-np-fix
branch
3 times, most recently
from
3912ce4
to
e13237c
Compare
|
@antoninbas Could you take another look and see if you have additional comments? |
Dyanngg
force-pushed
the
antctl-np-fix
branch
2 times, most recently
from
34207d9
to
5693126
Compare
This commit contains numerous fixes for antctl, including the get ovsflows and get networkpolicy commands: 1. Update the `antctl get networkpolicy` flag type=ANP to point the correct AdminNetworkPolicy type since ANP<->AntreaNetworkPolicy mapping has been deprecated. 2. Update the `antctl get ovsflows` command so that when dumping flows for a specific policy, a type is now required to eliminate ambiguity. 3. Since v1.13 the `antctl get ovsflows` command will not work properly for dumping networkpolicy flows. This is due to the matcher for dumping flows include priority, which is not supported by openvswitch. This PR fixes this issue. Signed-off-by: Dyanngg <[email protected]>
Signed-off-by: Dyanngg <[email protected]>
| policyTypeToReturn := tc.policyType | ||
| if policyTypeToReturn == "" { | ||
| // Test the case where policy type is omitted from the query but the result is not ambiguous | ||
| policyTypeToReturn = cpv1beta.AntreaNetworkPolicy | ||
| } |
There was a problem hiding this comment.
may be better to have policyType and policyTypeToReturn as fields in the test case definition, to avoid the special case here, but I don't feel very strongly about it
There was a problem hiding this comment.
@Dyanngg just checking that you didn't address it intentionally?
There was a problem hiding this comment.
Yes for now, since this is not functionality related. I've updated it locally. Once the CI passes for Jenkins, I'll update the PR again with the changes in UT
There was a problem hiding this comment.
So to clarify I should wait before I approve & merge the PR?
There was a problem hiding this comment.
Yes I'll mention you in this thread once that's done, thanks
There was a problem hiding this comment.
@antoninbas Done. The jenkins tests were passing before I pushed a refactor in UT.
|
/test-all |
Signed-off-by: Dyanngg <[email protected]>
Dyanngg
force-pushed
the
antctl-np-fix
branch
from
bd03340
to
7b798ac
Compare
|
/skip-all |
antoninbas
added
the
action/release-note
This commit contains numerous fixes for antctl, including the get ovsflows and get networkpolicy commands: 1. Update the `antctl get networkpolicy` flag type=ANP to point the correct AdminNetworkPolicy type since ANP<->AntreaNetworkPolicy mapping has been deprecated. 2. Update the `antctl get ovsflows` command so that when dumping flows for a specific policy, a type is now required to eliminate ambiguity. 3. Since v1.13 the `antctl get ovsflows` command will not work properly for dumping networkpolicy flows. This is due to the matcher for dumping flows include priority, which is not supported by openvswitch. This PR fixes this issue. Signed-off-by: Dyanngg <[email protected]>
This commit contains numerous fixes for antctl, including the get ovsflows and get networkpolicy commands:
antctl get networkpolicyflag type=ANP to point the correct AdminNetworkPolicy type since ANP<->AntreaNetworkPolicy mapping has been deprecated.antctl get ovsflowscommand so that when dumping flows for a specific policy, a type can be specified to eliminate ambiguity.antctl get ovsflowscommand will not work properly for dumping networkpolicy flows. This is due to the matcher for dumping flows include priority, which is not supported by openvswitch. This PR fixes this issue.