[EV-6333] Clarify flow log policy fields in datatypes reference #2472
+16
−16
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for calico-docs-preview-next ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
✅ Deploy Preview succeeded!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR clarifies the descriptions of flow log policy fields in the datatypes reference documentation for Calico Enterprise and Calico Cloud. The changes improve the technical documentation by clearly explaining the differences between all_policies, enforced_policies, pending_policies, and transit_policies, marking all_policies as deprecated, and providing more precise explanations of when and how each field is populated.
Changes:
- Marked
all_policiesas deprecated with a clear explanation of why it can be misleading - Clarified that
enforced_policiesrepresents actual dataplane-enforced actions fixed at flow start time - Explained
pending_policiesas a simulation showing hypothetical policy evaluation at log generation time - Simplified and clarified the
transit_policiesdescription for Apply On Forward and pre-DNAT scenarios
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| calico-enterprise/observability/elastic/flow/datatypes.mdx | Updated policy field descriptions in the flow log datatypes reference table to clarify the purpose and behavior of each policy tracking field |
| calico-cloud/observability/elastic/flow/datatypes.mdx | Applied identical policy field description updates to maintain consistency with Calico Enterprise documentation |
rene-dekker
reviewed
Jan 19, 2026
| | `all_policies` | array of keywords | **Deprecated.** This field is a legacy field calculated at flow start time that combines both enforced and staged policies. Because it mixes actual verdicts with simulated ones, it can be misleading and is planned for removal. <br/><br/>**Note:** This field may still appear in logs from older clusters reporting to a newer management cluster. | | ||
| | `enforced_policies` | array of keywords | The policies that were actually enforced on the flow. This list is determined by the dataplane when the flow starts and remains fixed for the flow's lifetime. It represents the concrete actions taken on the traffic. | | ||
| | `pending_policies` | array of keywords | A simulation of what policy evaluation would look like at the time of log generation. It represents a hypothetical restart of the flow where all staged policies are considered active. <br/>This field captures two types of updates: <br/> 1. Changes to active policies made after the flow started. <br/> 2. Staged policies treated as if they were enforced. | | ||
| | `transit_policies` | array of keywords | Policies applied to traffic transiting through the node (Apply On Forward) or during pre-DNAT processing. This field functions like `enforced_policies` but specifically for traffic being forwarded rather than terminating at a local workload. | |
Member
There was a problem hiding this comment.
Suggested change
| | `transit_policies` | array of keywords | Policies applied to traffic transiting through the node (Apply On Forward) or during pre-DNAT processing. This field functions like `enforced_policies` but specifically for traffic being forwarded rather than terminating at a local workload. | | |
| | `transit_policies` | array of keywords | Policies applied to traffic transiting through the node (Apply On Forward) or during pre-DNAT processing. This field functions like `enforced_policies` but specifically for traffic being evaluated at the host endpoint. | |
Would this be better? I was not sure about "local workload".
Collaborator
There was a problem hiding this comment.
I'm not sure myself what the correct options is. But 'the host endpoint' is much clearer that 'a local workload' in this line.
rene-dekker
approved these changes
Jan 20, 2026
Collaborator
|
LGTM. |
dimitri-nicolo
force-pushed
the
dimitri-EV-6333
branch
from
edcff81 to
a491102
Compare
Contributor
Author
|
@ctauchen I've made the last couple of updates based on the comments in the slack thread . I've also backported into CE v3.22 and CC v22.2. Could you do one more check? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Product Version(s):
Calico Enterprise, Calico Cloud
Issue:
EV-6333
Link to docs preview:
https://deploy-preview-2472--calico-docs-preview-next.netlify.app/calico-enterprise/next/observability/elastic/flow/datatypes
SME review:
DOCS review:
Additional information:
Merge checklist: