delete log severity for drop acl when update networkpolicy (#1862)

* delete log severity for drop acl when update networkpolicy * replace io.ioutil with os
kubeovn · Aug 29, 2022 · e5735c2 · e5735c2
1 parent 4bcfb37
commit e5735c2
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/cmd/daemon/cniserver.go b/cmd/daemon/cniserver.go
@@ -4,9 +4,9 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"net/http/pprof" // #nosec
+	"os"
 	"strings"
 	"time"
 
@@ -92,11 +92,11 @@ func CmdMain() {
 }
 
 func mvCNIConf() error {
-	data, err := ioutil.ReadFile("/kube-ovn/01-kube-ovn.conflist")
+	data, err := os.ReadFile("/kube-ovn/01-kube-ovn.conflist")
 	if err != nil {
 		return err
 	}
-	return ioutil.WriteFile("/etc/cni/net.d/01-kube-ovn.conflist", data, 0444)
+	return os.WriteFile("/etc/cni/net.d/01-kube-ovn.conflist", data, 0444)
 }
 
 func Retry(attempts int, sleep int, f func(configuration *daemon.Configuration) error, ctrl *daemon.Configuration) (err error) {
@@ -114,7 +114,7 @@ func Retry(attempts int, sleep int, f func(configuration *daemon.Configuration)
 }
 
 func initChassisAnno(cfg *daemon.Configuration) error {
-	chassisID, err := ioutil.ReadFile(util.ChassisLoc)
+	chassisID, err := os.ReadFile(util.ChassisLoc)
 	if err != nil {
 		klog.Errorf("read chassis file failed, %v", err)
 		return err

diff --git a/pkg/ovnmonitor/util.go b/pkg/ovnmonitor/util.go
@@ -2,7 +2,7 @@ package ovnmonitor
 
 import (
 	"fmt"
-	"io/ioutil"
+	"os"
 	"os/exec"
 	"strconv"
 	"strings"
@@ -42,7 +42,7 @@ func (e *Exporter) getOvnStatus() map[string]int {
 	result["ovsdb-server-southbound"] = parseDbStatus(string(output))
 
 	// get ovn-northd status
-	pid, err := ioutil.ReadFile("/var/run/ovn/ovn-northd.pid")
+	pid, err := os.ReadFile("/var/run/ovn/ovn-northd.pid")
 	if err != nil {
 		klog.Errorf("read ovn-northd pid failed, err %v", err)
 		result["ovn-northd"] = 0

diff --git a/pkg/ovs/ovn-nbctl.go b/pkg/ovs/ovn-nbctl.go
@@ -1161,7 +1161,7 @@ func (c Client) CreateIngressACL(pgName, asIngressName, asExceptName, svcAsName,
 	if logEnable {
 		ovnArgs = []string{MayExist, "--type=port-group", "--log", fmt.Sprintf("--severity=%s", "warning"), "acl-add", pgName, "to-lport", util.IngressDefaultDrop, fmt.Sprintf("%s.dst == $%s", ipSuffix, pgAs), "drop"}
 	} else {
-		ovnArgs = []string{MayExist, "--type=port-group", fmt.Sprintf("--severity=%s", "warning"), "acl-add", pgName, "to-lport", util.IngressDefaultDrop, fmt.Sprintf("%s.dst == $%s", ipSuffix, pgAs), "drop"}
+		ovnArgs = []string{MayExist, "--type=port-group", "acl-add", pgName, "to-lport", util.IngressDefaultDrop, fmt.Sprintf("%s.dst == $%s", ipSuffix, pgAs), "drop"}
 	}
 
 	if len(npp) == 0 {
@@ -1192,7 +1192,7 @@ func (c Client) CreateEgressACL(pgName, asEgressName, asExceptName, protocol str
 	if logEnable {
 		ovnArgs = []string{"--", MayExist, "--type=port-group", "--log", fmt.Sprintf("--severity=%s", "warning"), "acl-add", pgName, "from-lport", util.EgressDefaultDrop, fmt.Sprintf("%s.src == $%s", ipSuffix, pgAs), "drop"}
 	} else {
-		ovnArgs = []string{"--", MayExist, "--type=port-group", fmt.Sprintf("--severity=%s", "warning"), "acl-add", pgName, "from-lport", util.EgressDefaultDrop, fmt.Sprintf("%s.src == $%s", ipSuffix, pgAs), "drop"}
+		ovnArgs = []string{"--", MayExist, "--type=port-group", "acl-add", pgName, "from-lport", util.EgressDefaultDrop, fmt.Sprintf("%s.src == $%s", ipSuffix, pgAs), "drop"}
 	}
 	if len(npp) == 0 {
 		allowArgs = []string{"--", MayExist, "--type=port-group", "acl-add", pgName, "from-lport", util.EgressAllowPriority, fmt.Sprintf("%s.dst == $%s && %s.dst != $%s && %s.src == $%s", ipSuffix, asEgressName, ipSuffix, asExceptName, ipSuffix, pgAs), "allow-related"}