-
Notifications
You must be signed in to change notification settings - Fork 244
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/observe: improve policy verdict output in compact mode #745
Conversation
From a user perspective, it is much easier to understand the flow type when policy verdict events verdicts use the term ALLOWED instead of REDIRECTED/FORWARDED and DENIED instead of DROPPED. See also: cilium/hubble#745 Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
lgtm! for
for edit: also it might be useful to indicate direction (ingress/egress) 💭
|
Fully agreed. I think having the match type is very useful in audit mode, to narrow down what part of a policy allowed it. |
The default output (compact) makes it hard for a user to tell the different event types apart. In particular, it is hard for a user to distinguish a trace event from a policy verdict one. This commit modifies the output for policy verdict events in two ways. First, instead of printing the drop reason (which is redundant as also printed out with the dropped flow) the string 'policy-verdict' along with the policy match type string for the event (L3-Only, L3-L4, L4-Only, all, none), is displayed. Additionally, flows that are forwarded or redirected are printed as ALLOWED, those that are dropped or error as DENIED and the audit ones as AUDITED. Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
3b5627f
to
53e2996
Compare
@gandro PTAL, I updated the output to also include the policy match type. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
time to ship |
The default output (compact) makes it hard for a user to tell the
different event types apart. In particular, it is hard for a user to
distinguish a trace event from a policy verdict one.
This commit modifies the output for policy verdict events in two ways.
First, instead of printing the drop reason (which is redundant as also
printed out with the dropped flow) the string 'policy-verdict' along
with the policy match type string for the event (L3-Only, L3-L4,
L4-Only, all, none), is displayed.
Additionally, flows that are forwarded or redirected are printed as
ALLOWED, those that are dropped or error as DENIED and the audit ones as
AUDITED.
Example output from #570:
Closes: #570