New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cilium: Improve user experience of policy trace with regard to port a… #15929
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please also fill in the PR template, specifically the release notes. The release notes should probably something like "Require --dport flag in cilium policy trace command".
a2c3048
to
e2a387e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the updates. The author of the commit is currently vagrant@vagrant.vm
which does not match the Signed-Off-By line in the commit message. Please could you change this.
e2a387e
to
31e8fd9
Compare
Yeah I have changed accordingly -Thank you |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
test-me-please |
Hi @twpayne, Looks like some test suites are failed and after inspecting those failed logs => It looks like it's due to the change of command (--dport is a mandatory option now). Do we need to rewrite the test cases according to this fix? -Thanks |
Yes, the test cases need to be updated for the code change. |
Commit e2e509b6e7c006b7d6abb057ff93f6547da88a15 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, no... Sorry I posted on the wrong PR 😅
I think the test cases should be updated to work with the now mandatory option, not removed ;)
Yeah I have updated the test cases as well Kindly review it -Thanks |
@Maddy007-maha Can you double-check that you did push the updates? In the current set of changes, I only see test removals, not updates. Am I missing something? |
If you see the test cases, we have 2 categories as follows
As we made -Thanks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Maddy007-maha I re-read #15387 in more details, and actually what we want is not to require --dport
, but rather than when --dport
is used, always require both ports and protocol to be provided.
Hi @nbusseneau, If we do skip the For Eg please refer #15387 (comment) |
@Maddy007-maha Yes, I did see Thomas' comment, and while I agree on first read it might look like an argument for having |
@Maddy007-maha Following clarification on Slack, and contrary to my previous comments, you are indeed right and we do want to mark Can you please re-review my comment here about how we can move forward to fix the tests? |
Thanks for the modifications, just triggered the CI tests :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, all tests have passed, I think this should be OK from a CI perspective.
Description: As part of 'cilium policy trace' command, dport was an optional paramter due to which it takes port and protocol as 0 and ANY respectively due to which it causing undefined behaviors. Root Cause: --dport parameter is an optional argument under 'cilium policy trace' Fix: We made this --dport parameter as mandatory argument under 'cilium policy trace' Fixes: cilium#15387 Signed-off-by: Maddy007-maha <mahadev.panchal@accuknox.com> ``` --dport flag is a mandatory argument in cilium policy trace command with port and protocol ```
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like you rebased and re-requested a review, right? I see no changes, so still LGTM.
I've re-triggered CI to get checks green in order to merge. |
1.16 on netnext failed on
I think this is a flake that hasn't been filed yet. EDIT: Logged as #16203. |
cilium: Improve user experience of policy trace related to port/protocol
Description: As part of 'cilium policy trace' command, dport was an optional paramter due to which it takes port and protocol
as 0 and ANY respectively due to which it causing undefined behaviors.
Root Cause: --dport parameter is an optional argument under 'cilium policy trace'
Fix: We made this --dport parameter as mandatory argument under 'cilium policy trace'
Fixes: #15387
Signed-off-by: Maddy007-maha mahadev.panchal@accuknox.com