NETOBSERV-1890: read TCP flags as strings

[jotak]

Description

Dependencies

• FLP: NETOBSERV-1890: decode TCP flags (new stage/rule) flowlogs-pipeline#747
• operator: NETOBSERV-1890: expand TCP flags as string in FLP network-observability-operator#833

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
  • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

[openshift-ci-robot]

@jotak: This pull request references NETOBSERV-1890 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.18.0" version, but no target version was set.

In response to this:

Description

Dependencies

• FLP: NETOBSERV-1890: decode TCP flags (new stage/rule) flowlogs-pipeline#747
• operator: NETOBSERV-1890: expand TCP flags as string in FLP network-observability-operator#833

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

• Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
• Does this PR require product documentation?
• If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
• Does this PR require a product release notes entry?
• If so, fill in "Release Note Text" in the JIRA.
• Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
• If so, make sure it is described in the JIRA ticket.
• QE requirements (check 1 from the list):
• Standard QE validation, with pre-merge tests unless stated otherwise.
• Regression tests only (e.g. refactoring with no user-facing change).
• No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from jotak. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

Attention: Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 50.28%. Comparing base (f8abad2) to head (ee54496).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/model/fields/fields.go	50.00%	1 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (f8abad2) and HEAD (ee54496). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (f8abad2)	HEAD (ee54496)
uitests	1	0

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #632      +/-   ##
==========================================
- Coverage   55.35%   50.28%   -5.07%     
==========================================
  Files         193       37     -156     
  Lines       10098     3130    -6968     
  Branches     1218        0    -1218     
==========================================
- Hits         5590     1574    -4016     
+ Misses       4131     1392    -2739     
+ Partials      377      164     -213     

Flag	Coverage Δ
uitests	?
unittests	50.28% <50.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
pkg/model/fields/fields.go	88.88% <50.00%> (ø)

... and 156 files with indirect coverage changes

[jpinsonneau]

We should rely on field types in config since these were introduced for doc.
WDYT ?

We can create a followup for that

[jotak]

I'm seeing some discrepancies with the frontend config, so not sure if that would break something or if that's fine.
Frontend config number fields not mentioned here:

• IcmpType
• IcmpCode
• FlowDirection (probably because it's an index)
• IfDirections (btw, weird to say it's a number since it's an array?)
• PktDropBytes
• PktDropPackets
• PktDropLatestFlags
• DnsFlags

In the other way around, there is "Port" defined here which isn't a formal field...

So maybe it's doable to use frontend config here but that sounds more a work for a PR of its own

[jpinsonneau]

A string array will be more consistent with other implementations (network events, interfaces directions etc)

See netobserv/flowlogs-pipeline#747 (comment)

[jotak]

done 9407e7d