Skip to content

policy: Fix enforcement status of host when PolicyEnforcement=always#12497

Merged
qmonnet merged 1 commit intomasterfrom
pr/pchaigno/fix-enforcement-status-host-under-always-enforce
Jul 14, 2020
Merged

policy: Fix enforcement status of host when PolicyEnforcement=always#12497
qmonnet merged 1 commit intomasterfrom
pr/pchaigno/fix-enforcement-status-host-under-always-enforce

Conversation

@pchaigno
Copy link
Copy Markdown
Member

@pchaigno pchaigno commented Jul 10, 2020
edited
Loading

3a9a353 updated computePolicyEnforcementAndRules() to display the host endpoint has having no policies enforced as long as the host firewall is disabled. It however did so only when PolicyEnforcement=default. This commit fixes it to mark the host policies are not enforced regardless of PolicyEnforcement's value.

Fixes: #11759
Fixes: #11507
Updates: #11799

@pchaigno
policy: Fix enforcement status of host when PolicyEnforcement=always
bfb3d98 
3a9a353 updated computePolicyEnforcementAndRules() to display the host
endpoint has having no policies enforced as long as the host firewall is
disabled. It however did so only when PolicyEnforcement=default. This
commit fixes it to mark the host policies are not enforced regardless of
PolicyEnforcement's value.

Fixes: 3a9a353 ("policy: Fix enforcement status for host endpoint")
Fixes: f9c205d ("pkg/policy: Host network policies")
Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno pchaigno added sig/policy Impacts whether traffic is allowed or denied based on user-defined policies. release-note/misc This PR makes changes that have no direct user impact. labels Jul 10, 2020
@pchaigno pchaigno mentioned this pull request Jul 10, 2020
Closed
34 tasks
@pchaigno pchaigno marked this pull request as ready for review July 10, 2020 17:31
@pchaigno pchaigno requested a review from a team July 10, 2020 17:31
@pchaigno
Copy link
Copy Markdown
Member Author

pchaigno commented Jul 10, 2020

test-me-please

@coveralls
Copy link
Copy Markdown

coveralls commented Jul 10, 2020

Coverage Status

Coverage increased (+0.01%) to 36.986% when pulling bfb3d98 on pr/pchaigno/fix-enforcement-status-host-under-always-enforce into 2c0da38 on master.

@maintainer-s-little-helper maintainer-s-little-helper Bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jul 10, 2020
@qmonnet qmonnet merged commit 6d691b6 into master Jul 14, 2020
@qmonnet qmonnet deleted the pr/pchaigno/fix-enforcement-status-host-under-always-enforce branch July 14, 2020 10:12
@brb brb mentioned this pull request Jul 15, 2020
Merged
@pchaigno pchaigno added the area/host-firewall Impacts the host firewall or the host endpoint. label Jul 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joestringer joestringer joestringer approved these changes

@qmonnet qmonnet qmonnet approved these changes

Assignees

No one assigned

Labels

area/host-firewall Impacts the host firewall or the host endpoint. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact. sig/policy Impacts whether traffic is allowed or denied based on user-defined policies.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@pchaigno @coveralls @joestringer @qmonnet @brb @christarazi