Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add appliedTo Pod namespace / name to audit logs #5101

Merged
merged 2 commits into from
Jun 13, 2023
Merged

Add appliedTo Pod namespace / name to audit logs #5101

merged 2 commits into from
Jun 13, 2023

Conversation

antoninbas
Copy link
Contributor

We include 2 new fields in the audit logs:

  • the "direction" of the NP rule (Ingress or Egress)
  • the reference of the Pod to which the NP rule is applied (as
    <namespace>/<name>).

These new fields are NOT added to the end of the logs, which could
break existing consumers.

We also refactor the e2e tests for AuditLogging to improve correctness
and readbility. Some logs were not validated properly because of an
early "break" statement, and some log fields (e.g., logLabel) were not
validated.

Fixes #3794

@antoninbas
Copy link
Contributor Author

antoninbas commented Jun 8, 2023
edited
Loading

Depends on #5098

That PR has been merged

@antoninbas antoninbas force-pushed the add-applied-to-pod-name-to-audit-logs branch from 7841ccf to ff1c882 Compare June 8, 2023 18:05
@antoninbas antoninbas marked this pull request as ready for review June 8, 2023 18:06
@antoninbas antoninbas added area/monitoring/auditing Issues or PRs related to auditing. area/network-policy Issues or PRs related to network policies. api-review Categorizes an issue or PR as actively needing an API review. action/release-note Indicates a PR that should be included in release notes. labels Jun 8, 2023
@antoninbas antoninbas requested review from tnqn and qiyueyao June 8, 2023 18:08
@antoninbas antoninbas force-pushed the add-applied-to-pod-name-to-audit-logs branch from ff1c882 to 00aa223 Compare June 8, 2023 21:04
tnqn
tnqn previously approved these changes Jun 9, 2023
View reviewed changes
Copy link
Member

@tnqn tnqn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

test/e2e/antreapolicy_test.go Outdated Show resolved Hide resolved
@antoninbas antoninbas force-pushed the add-applied-to-pod-name-to-audit-logs branch from 00aa223 to 97559a8 Compare June 9, 2023 17:26
@antoninbas antoninbas requested a review from tnqn June 9, 2023 17:26
@antoninbas
Copy link
Contributor Author

/test-all

@antoninbas
Add appliedTo Pod namespace / name to audit logs
451aa82 
We include 2 new fields in the audit logs:

* the "direction" of the NP rule (`Ingress` or `Egress`)
* the reference of the Pod to which the NP rule is applied (as
  `<namespace>/<name>`).

These new fields are *NOT* added to the end of the logs, which could
break existing consumers.

We also refactor the e2e tests for AuditLogging to improve correctness
and readbility. Some logs were not validated properly because of an
early "break" statement, and some log fields (e.g., logLabel) were not
validated.

Fixes antrea-io#3794

Signed-off-by: Antonin Bas <abas@vmware.com>
@antoninbas
Fix stale comment
9569680 
Signed-off-by: Antonin Bas <abas@vmware.com>
@antoninbas antoninbas force-pushed the add-applied-to-pod-name-to-audit-logs branch from 97559a8 to 9569680 Compare June 9, 2023 18:11
tnqn
tnqn approved these changes Jun 12, 2023
View reviewed changes
Copy link
Member

@tnqn tnqn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@antoninbas
Copy link
Contributor Author

/test-all

@antoninbas antoninbas merged commit 6d77347 into antrea-io:main Jun 13, 2023
@antoninbas antoninbas deleted the add-applied-to-pod-name-to-audit-logs branch June 13, 2023 00:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tnqn tnqn tnqn approved these changes

@qiyueyao qiyueyao Awaiting requested review from qiyueyao

Assignees
No one assigned
Labels
action/release-note Indicates a PR that should be included in release notes. api-review Categorizes an issue or PR as actively needing an API review. area/monitoring/auditing Issues or PRs related to auditing. area/network-policy Issues or PRs related to network policies.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add namespace name to antrea network policy logs
2 participants
@antoninbas @tnqn