From d18f19e5826cff53694e74bb259a03bac756931b Mon Sep 17 00:00:00 2001 From: shireenf-ibm Date: Tue, 10 Dec 2024 16:12:22 +0200 Subject: [PATCH] shorten warnings --- docs/connlist_output.md | 2 +- pkg/netpol/internal/alerts/warnings.go | 14 +++++--------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/docs/connlist_output.md b/docs/connlist_output.md index 85a0ad90..60c8abb2 100644 --- a/docs/connlist_output.md +++ b/docs/connlist_output.md @@ -104,6 +104,6 @@ The frames in the graph represent namespaces of the analyzed cluster. Since the analysis assumes the manifest of the ingress controller is unknown, it checks whether an arbitrary workload can access the destination workloads specified in Ingress/Route rules. If such access is not permitted by network policies, this connection is removed from the report. It may be an allowed connection if a network policy specifically allows ingress access to that workload from a specific workload/namespace of the actual ingress controller installed. -`IPv6 addresses are not supported; it will be ignored, and will not appear in the connectivity results.` +`IPv6 addresses are not supported` While egress rules with `networks` field in an (baseline-)admin-network-policy may select an external destination by IPv6 address format, such addresses will be ignored and omitted from the connectivity report, since the analysis supports only IPv4 addresses for external IP-blocks. diff --git a/pkg/netpol/internal/alerts/warnings.go b/pkg/netpol/internal/alerts/warnings.go index 862f621c..5a706fa5 100644 --- a/pkg/netpol/internal/alerts/warnings.go +++ b/pkg/netpol/internal/alerts/warnings.go @@ -8,26 +8,22 @@ package alerts import "fmt" func WarnUnmatchedNamedPort(namedPort, peerStr string) string { - return fmt.Sprintf("%s %q has no match in the configuration of the destination peer %q; %s", - WarnPrefixPortName, namedPort, peerStr, ignoreMsg) + return fmt.Sprintf("%s %q has no match in the configuration of the destination peer %q", + WarnPrefixPortName, namedPort, peerStr) // examples this warning is raised: // - tests/netpol_named_port_test // - tests/anp_banp_test_with_named_port_unmatched } const ( - WarnPrefixPortName = "port name: " - ignoreMsg = "it will be ignored, and will not appear in the connectivity results." - WarnEmptyPortRange = "port range is empty, skipped." - // example raising this warning: tests/anp_test_with_empty_port_range - + WarnPrefixPortName = "port name: " WarnNamedPortIgnoredForIP = "named port is not defined for IP addresses; skipped" // example raising this warning: tests/anp_test_named_ports_multiple_peers ) var ( - WarnUnsupportedIPv6Address = "IPv6 addresses are not supported; " + ignoreMsg // example raising this warning: + WarnUnsupportedIPv6Address = "IPv6 addresses are not supported" // example raising this warning: // tests/anp_and_banp_using_networks_with_ipv6_test - WarnUnsupportedNodesField = "Nodes field of an AdminNetworkPolicyEgressPeer is not supported; " + ignoreMsg // example raising this + WarnUnsupportedNodesField = "Nodes field of an AdminNetworkPolicyEgressPeer is not supported" // example raising this // warning: tests/anp_and_banp_using_networks_and_nodes_test )