Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd: enhance cilium bpf policy list&get #25389

Merged
merged 3 commits into from May 18, 2023
Merged

cmd: enhance cilium bpf policy list&get #25389

merged 3 commits into from May 18, 2023

Conversation

mhofstetter
Copy link
Member

@mhofstetter mhofstetter commented May 11, 2023
edited

This PR introduces the following changes related to the cilium commands cilium bpf policy get/list:

  • Fixing structured output (JSON/YAML) when listing all policy maps, by formatting the whole content - and not on a per map basis
  • The Endpoint ID gets printed before the actual policy map content in addition to the path when listing in table form
  • The recently introduced Auth Type (e.g. mtls-spiffe) gets printed when getting/listing in the table form

Listing all policy maps as JSON/YAML

Currently, when listing all policy maps with structured output (e.g. cilium bpf policy list -o json), the output as a whole isn't structured as JSON, only the individual policy maps per endpoint. This prevents piping its output into other tools - e.g. jq.

/sys/fs/bpf/tc/globals/cilium_policy_00035:

[
  {
    // map entry
  },
  {
    // map entry
  }
]

/sys/fs/bpf/tc/globals/cilium_policy_00038:

[
  {
    // map entry
  },
  {
    // map entry
  }
]

This commits changes this by formatting the full output as JSON/YAML with EndpointID, Path & Content.

[
  {
    "EndpointID": "35",
    "Path": "/sys/fs/bpf/tc/globals/cilium_policy_00035",
    "Content": [
      {
        // map entry
      },
      {
        // map entry
      }
    ]
  },
  {
    "EndpointID": "38",
    "Path": "/sys/fs/bpf/tc/globals/cilium_policy_00038",
    "Content": [
      {
        // map entry
      },
      {
        // map entry
      }
    ]
  },
...
]

Endpoint ID

Explicitly display Endpoint ID in addition to path (where it might not be that obvious that it contains the endpoint id)

before

...
/sys/fs/bpf/tc/globals/cilium_policy_03642:

POLICY   DIRECTION   LABELS (source:key[=value])                                                  PORT/PROTO   PROXY PORT   AUTH TYPE   BYTES   PACKETS   PREFIX   
Allow    Ingress     reserved:unknown                                                             ANY          NONE         none        0       0         0        
Allow    Ingress     reserved:host                                                                ANY          NONE         none        0       0         0        
...

after

...
Endpoint ID: 3642
Path: /sys/fs/bpf/tc/globals/cilium_policy_03642

POLICY   DIRECTION   LABELS (source:key[=value])                                                  PORT/PROTO   PROXY PORT   AUTH TYPE   BYTES   PACKETS   PREFIX   
Allow    Ingress     reserved:unknown                                                             ANY          NONE         none        0       0         0        
Allow    Ingress     reserved:host                                                                ANY          NONE         none        0       0         0        
...

@mhofstetter
cmd: proper JSON/YAML output when listing all policy maps
a778774 
Currently, when listing all policy maps with structured output
(e.g. `cilium bpf policy list -o json`), the output as a whole isn't
structured as JSON, only the individual policy maps per endpoint. This
prevents piping its output into other tools - e.g. jq.

This commits changes this by formatting the full output as JSON/YAML
with EndpointID, Path & Content.

```
[
  {
    "EndpointID": "35",
    "Path": "/sys/fs/bpf/tc/globals/cilium_policy_00035",
    "Content": [
      {
        // map entry
      },
      {
        // map entry
      }
    ]
  },
  {
    "EndpointID": "38",
    "Path": "/sys/fs/bpf/tc/globals/cilium_policy_00038",
    "Content": [
      {
        // map entry
      },
      {
        // map entry
      }
    ]
  },

```

Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
@mhofstetter
cmd: explicitly print Endpoint ID before policy map content
8293b95 
Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
@mhofstetter
cmd: add auth type to cilium bpf policy get/list
858db3c 
This commit adds the recently introduced auth type to the list of
attributes which get printed when listing the policies with
`cilium bpf policy get/list`.

Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
@mhofstetter mhofstetter added the release-note/misc This PR makes changes that have no direct user impact. label May 11, 2023
@mhofstetter mhofstetter marked this pull request as ready for review May 11, 2023 15:53
@mhofstetter mhofstetter requested a review from a team as a code owner May 11, 2023 15:53
@mhofstetter mhofstetter requested a review from asauber May 11, 2023 15:53
@mhofstetter
Copy link
Member Author

mhofstetter commented May 15, 2023
edited by maintainer-s-little-helper bot

/test

Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed:

Click to show.

Test Name

K8sDatapathServicesTest Checks N/S loadbalancing With host policy Tests NodePort

Failure Output

FAIL: Can not connect to service "tftp://192.168.56.11:32194/hello" from outside cluster (1/10)

Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/2301/

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.26-kernel-net-next so I can create one.

Then please upload the Jenkins artifacts to that issue.

Job 'Cilium-PR-K8s-1.26-kernel-net-next' failed:

Click to show.

Test Name

K8sDatapathServicesTest Checks N/S loadbalancing With host policy Tests NodePort

Failure Output

FAIL: Can not connect to service "http://192.168.56.12:30805" from outside cluster (1/10)

Jenkins URL: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.26-kernel-net-next/2312/

If it is a flake and a GitHub issue doesn't already exist to track it, comment /mlh new-flake Cilium-PR-K8s-1.26-kernel-net-next so I can create one.

Then please upload the Jenkins artifacts to that issue.

@mhofstetter
Copy link
Member Author

mhofstetter commented May 16, 2023
edited

testrun flaked with #25411
/test-1.26-net-next

@mhofstetter
Copy link
Member Author

mhofstetter commented May 16, 2023
edited

testrun flaked with #25411
/test-1.26-net-next

asauber
asauber approved these changes May 18, 2023
View reviewed changes
Copy link
Member

@asauber asauber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label May 18, 2023
@aditighag aditighag merged commit e6406f9 into cilium:main May 18, 2023
58 checks passed
@mhofstetter mhofstetter deleted the pr/mhofstetter/cmd-policy-list-structured branch May 19, 2023 05:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asauber asauber asauber approved these changes

Assignees
No one assigned
Labels
ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mhofstetter @asauber @aditighag