Skip to content

Commit

Permalink
Remove Dynamic Egress from Acceptance tests and documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@MarcPaquette @dsabeti
MarcPaquette authored and dsabeti committed May 10, 2022
1 parent f8efe59 commit 975e5bf
Show file tree
Hide file tree
Showing 7 changed files with 8 additions and 773 deletions.
2 changes: 1 addition & 1 deletion docs/arch.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ On every Diego cell
- Egress traffic is tagged with a unique identifier per source application, using the [VXLAN GBP header](https://tools.ietf.org/html/draft-smith-vxlan-group-policy-02#section-2.1)
- Optionally [limit bandwidth](bandwidth-limiting.md) in and out of each container
- Traffic destined for container IPs travels in the overlay network. This traffic is subject to container to container network policies.
- Traffic destined for the Internet or any other non container IPs travels in the underlay network. This traffic is subject to application security groups and dynamic egress network policies.
- Traffic destined for the Internet or any other non container IPs travels in the underlay network. This traffic is subject to application security groups and dynamic ASG network policies.

| Multi Diego Cell |
:-------------------------:
Expand Down
11 changes: 0 additions & 11 deletions docs/network-policy-database-overview.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,6 @@ This document is intended to help people who are poking around the `network_poli
* [Migration Related Tables](#migration-tables)
* [Gorp_migrations](#gorp-migrations-table)
* [Gorp_lock](#gorp-lock-table)
* [Dynamic Egress Related Tables](#dynamic-egress-tables)

-------------------------------------------------------------------------------------------

## <a name="access-db"></a> How to access an internal database
Expand Down Expand Up @@ -213,12 +211,3 @@ mysql> describe gorp_lock;
| lock | A value representing the policy-server that is currently running a migration.|
| applied_at | The time that the policy-server claimed the lock. |


## <a name="dynamic-egress-tables"></a> Dynamic Egress Related Tables

There are 7 tables related to dynamic egress policies: apps, defaults, destination_metadatas, egress_policies, ip_ranges, terminals, and spaces.

Dynamic egress was a beta feature that we are no longer planning on taking GA. These tables should be empty.



17 changes: 0 additions & 17 deletions src/code.cloudfoundry.org/lib/rules/rules.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,14 +74,6 @@ func NewMarkSetRule(sourceIP, tag, appGUID string) IPTablesRule {
}, fmt.Sprintf("src:%s", appGUID))
}

func NewDefaultEgressRule(localSubnet, deviceName string) IPTablesRule {
return IPTablesRule{
"--source", localSubnet,
"!", "-o", deviceName,
"--jump", "MASQUERADE",
}
}

func NewLogRule(rule IPTablesRule, name string) IPTablesRule {
return IPTablesRule(append(
rule, "-m", "limit", "--limit", "2/min",
Expand Down Expand Up @@ -253,15 +245,6 @@ func NewOverlayDefaultRejectLogRule(containerHandle, containerIP string, deniedL
}
}

func NewOverlayAllowEgress(deviceName, containerIP string) IPTablesRule {
return IPTablesRule{
"-s", containerIP,
"-o", deviceName,
"-m", "mark", "!", "--mark", "0x0",
"--jump", "ACCEPT",
}
}

func NewOverlayRelatedEstablishedRule(containerIP string) IPTablesRule {
return IPTablesRule{
"-d", containerIP,
Expand Down
14 changes: 7 additions & 7 deletions src/code.cloudfoundry.org/policy-server/store/migrations/migrator_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1777,7 +1777,7 @@ var _ = Describe("migrations", func() {
migrateTo("67")

By("Looking for existing Dynamic Egress Table")
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
var count int
err := realDb.QueryRow(query).Scan(&count)
Expect(err).NotTo(HaveOccurred())
Expand All @@ -1803,7 +1803,7 @@ var _ = Describe("migrations", func() {
migrateTo("68")

By("Looking for existing Dynamic Egress Table")
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
var count int
err := realDb.QueryRow(query).Scan(&count)
Expect(err).NotTo(HaveOccurred())
Expand All @@ -1829,7 +1829,7 @@ var _ = Describe("migrations", func() {
migrateTo("69")

By("Looking for existing Dynamic Egress Table")
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
var count int
err := realDb.QueryRow(query).Scan(&count)
Expect(err).NotTo(HaveOccurred())
Expand All @@ -1855,7 +1855,7 @@ var _ = Describe("migrations", func() {
migrateTo("70")

By("Looking for existing Dynamic Egress Table")
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
var count int
err := realDb.QueryRow(query).Scan(&count)
Expect(err).NotTo(HaveOccurred())
Expand All @@ -1881,7 +1881,7 @@ var _ = Describe("migrations", func() {
migrateTo("71")

By("Looking for existing Dynamic Egress Table")
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
var count int
err := realDb.QueryRow(query).Scan(&count)
Expect(err).NotTo(HaveOccurred())
Expand All @@ -1907,7 +1907,7 @@ var _ = Describe("migrations", func() {
migrateTo("72")

By("Looking for existing Dynamic Egress Tables")
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
var count int
err := realDb.QueryRow(query).Scan(&count)
Expect(err).NotTo(HaveOccurred())
Expand All @@ -1933,7 +1933,7 @@ var _ = Describe("migrations", func() {
migrateTo("73")

By("Looking for existing Dynamic Egress Table")
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
var count int
err := realDb.QueryRow(query).Scan(&count)
Expect(err).NotTo(HaveOccurred())
Expand Down
183 changes: 0 additions & 183 deletions src/code.cloudfoundry.org/test/acceptance/asg_dynamic_egress_interaction_test.go
View file

This file was deleted.

Loading

0 comments on commit 975e5bf

Please sign in to comment.