Add NetworkPolicy rule name in traceflow observation

Signed-off-by: Kumar Atish <atish.iaf@gmail.com>
antrea-io · Nov 3, 2023 · 4621040 · 4621040
1 parent c9bbcb1
commit 4621040
Show file tree

Hide file tree

Showing 9 changed files with 25 additions and 0 deletions.
diff --git a/build/charts/antrea/crds/traceflow.yaml b/build/charts/antrea/crds/traceflow.yaml
@@ -438,6 +438,8 @@ spec:
                               type: string
                             networkPolicy:
                               type: string
+                            networkPolicyRule:
+                              type: string
                             ttl:
                               type: integer
                               minimum: 0

diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml
@@ -5048,6 +5048,8 @@ spec:
                               type: string
                             networkPolicy:
                               type: string
+                            networkPolicyRule:
+                              type: string
                             ttl:
                               type: integer
                               minimum: 0

diff --git a/build/yamls/antrea-crds.yml b/build/yamls/antrea-crds.yml
@@ -5021,6 +5021,8 @@ spec:
                               type: string
                             networkPolicy:
                               type: string
+                            networkPolicyRule:
+                              type: string
                             ttl:
                               type: integer
                               minimum: 0

diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml
@@ -5048,6 +5048,8 @@ spec:
                               type: string
                             networkPolicy:
                               type: string
+                            networkPolicyRule:
+                              type: string
                             ttl:
                               type: integer
                               minimum: 0

diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml
@@ -5048,6 +5048,8 @@ spec:
                               type: string
                             networkPolicy:
                               type: string
+                            networkPolicyRule:
+                              type: string
                             ttl:
                               type: integer
                               minimum: 0

diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml
@@ -5048,6 +5048,8 @@ spec:
                               type: string
                             networkPolicy:
                               type: string
+                            networkPolicyRule:
+                              type: string
                             ttl:
                               type: integer
                               minimum: 0

diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml
@@ -5048,6 +5048,8 @@ spec:
                               type: string
                             networkPolicy:
                               type: string
+                            networkPolicyRule:
+                              type: string
                             ttl:
                               type: integer
                               minimum: 0

diff --git a/pkg/agent/controller/traceflow/packetin.go b/pkg/agent/controller/traceflow/packetin.go
@@ -207,6 +207,10 @@ func (c *Controller) parsePacketIn(pktIn *ofctrl.PacketIn) (*crdv1beta1.Traceflo
 			npRef := c.networkPolicyQuerier.GetNetworkPolicyByRuleFlowID(egressInfo)
 			if npRef != nil {
 				ob.NetworkPolicy = npRef.ToString()
+				ruleRef := c.networkPolicyQuerier.GetRuleByFlowID(egressInfo)
+				if ruleRef != nil {
+					ob.NetworkPolicyRule = ruleRef.Name
+				}
 			}
 			obs = append(obs, *ob)
 		}
@@ -222,6 +226,10 @@ func (c *Controller) parsePacketIn(pktIn *ofctrl.PacketIn) (*crdv1beta1.Traceflo
 		npRef := c.networkPolicyQuerier.GetNetworkPolicyByRuleFlowID(ingressInfo)
 		if npRef != nil {
 			ob.NetworkPolicy = npRef.ToString()
+			ruleRef := c.networkPolicyQuerier.GetRuleByFlowID(ingressInfo)
+			if ruleRef != nil {
+				ob.NetworkPolicyRule = ruleRef.Name
+			}
 		}
 		obs = append(obs, *ob)
 	}
@@ -237,6 +245,7 @@ func (c *Controller) parsePacketIn(pktIn *ofctrl.PacketIn) (*crdv1beta1.Traceflo
 			if ruleRef := c.networkPolicyQuerier.GetRuleByFlowID(notAllowConjInfo); ruleRef != nil {
 				if npRef := ruleRef.PolicyRef; npRef != nil {
 					ob.NetworkPolicy = npRef.ToString()
+					ob.NetworkPolicyRule = ruleRef.Name
 				}
 				if ruleRef.Action != nil && *ruleRef.Action == crdv1beta1.RuleActionReject {
 					ob.Action = crdv1beta1.ActionRejected

diff --git a/pkg/apis/crd/v1beta1/types.go b/pkg/apis/crd/v1beta1/types.go
@@ -1135,6 +1135,8 @@ type Observation struct {
 	DstMAC string `json:"dstMAC,omitempty" yaml:"dstMAC,omitempty"`
 	// NetworkPolicy is the combination of Namespace and NetworkPolicyName.
 	NetworkPolicy string `json:"networkPolicy,omitempty" yaml:"networkPolicy,omitempty"`
+	// NetworkPolicyRule is the name of an ingress or an egress rule in NetworkPolicy.
+	NetworkPolicyRule string `json:"networkPolicyRule,omitempty" yaml:"networkPolicyRule,omitempty"`
 	// Egress is the name of the Egress.
 	Egress string `json:"egress,omitempty" yaml:"egress,omitempty"`
 	// TTL is the observation TTL.