Skip to content

Commit 975e5bf

Browse files
Marc Paquettedsabeti
Marc Paquette
authored and
dsabeti
committed
Remove Dynamic Egress from Acceptance tests and documentation
1 parent f8efe59 commit 975e5bf

File tree

7 files changed

+8
-773
lines changed

7 files changed

+8
-773
lines changed

docs/arch.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ On every Diego cell
2828
- Egress traffic is tagged with a unique identifier per source application, using the [VXLAN GBP header](https://tools.ietf.org/html/draft-smith-vxlan-group-policy-02#section-2.1)
2929
- Optionally [limit bandwidth](bandwidth-limiting.md) in and out of each container
3030
- Traffic destined for container IPs travels in the overlay network. This traffic is subject to container to container network policies.
31-
- Traffic destined for the Internet or any other non container IPs travels in the underlay network. This traffic is subject to application security groups and dynamic egress network policies.
31+
- Traffic destined for the Internet or any other non container IPs travels in the underlay network. This traffic is subject to application security groups and dynamic ASG network policies.
3232

3333
| Multi Diego Cell |
3434
:-------------------------:

docs/network-policy-database-overview.md

-11
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,6 @@ This document is intended to help people who are poking around the `network_poli
1414
* [Migration Related Tables](#migration-tables)
1515
* [Gorp_migrations](#gorp-migrations-table)
1616
* [Gorp_lock](#gorp-lock-table)
17-
* [Dynamic Egress Related Tables](#dynamic-egress-tables)
18-
1917
-------------------------------------------------------------------------------------------
2018

2119
## <a name="access-db"></a> How to access an internal database
@@ -213,12 +211,3 @@ mysql> describe gorp_lock;
213211
| lock | A value representing the policy-server that is currently running a migration.|
214212
| applied_at | The time that the policy-server claimed the lock. |
215213

216-
217-
## <a name="dynamic-egress-tables"></a> Dynamic Egress Related Tables
218-
219-
There are 7 tables related to dynamic egress policies: apps, defaults, destination_metadatas, egress_policies, ip_ranges, terminals, and spaces.
220-
221-
Dynamic egress was a beta feature that we are no longer planning on taking GA. These tables should be empty.
222-
223-
224-

src/code.cloudfoundry.org/lib/rules/rules.go

-17
Original file line numberDiff line numberDiff line change
@@ -74,14 +74,6 @@ func NewMarkSetRule(sourceIP, tag, appGUID string) IPTablesRule {
7474
}, fmt.Sprintf("src:%s", appGUID))
7575
}
7676

77-
func NewDefaultEgressRule(localSubnet, deviceName string) IPTablesRule {
78-
return IPTablesRule{
79-
"--source", localSubnet,
80-
"!", "-o", deviceName,
81-
"--jump", "MASQUERADE",
82-
}
83-
}
84-
8577
func NewLogRule(rule IPTablesRule, name string) IPTablesRule {
8678
return IPTablesRule(append(
8779
rule, "-m", "limit", "--limit", "2/min",
@@ -253,15 +245,6 @@ func NewOverlayDefaultRejectLogRule(containerHandle, containerIP string, deniedL
253245
}
254246
}
255247

256-
func NewOverlayAllowEgress(deviceName, containerIP string) IPTablesRule {
257-
return IPTablesRule{
258-
"-s", containerIP,
259-
"-o", deviceName,
260-
"-m", "mark", "!", "--mark", "0x0",
261-
"--jump", "ACCEPT",
262-
}
263-
}
264-
265248
func NewOverlayRelatedEstablishedRule(containerIP string) IPTablesRule {
266249
return IPTablesRule{
267250
"-d", containerIP,

src/code.cloudfoundry.org/policy-server/store/migrations/migrator_test.go

+7-7
Original file line numberDiff line numberDiff line change
@@ -1777,7 +1777,7 @@ var _ = Describe("migrations", func() {
17771777
migrateTo("67")
17781778

17791779
By("Looking for existing Dynamic Egress Table")
1780-
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
1780+
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
17811781
var count int
17821782
err := realDb.QueryRow(query).Scan(&count)
17831783
Expect(err).NotTo(HaveOccurred())
@@ -1803,7 +1803,7 @@ var _ = Describe("migrations", func() {
18031803
migrateTo("68")
18041804

18051805
By("Looking for existing Dynamic Egress Table")
1806-
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
1806+
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
18071807
var count int
18081808
err := realDb.QueryRow(query).Scan(&count)
18091809
Expect(err).NotTo(HaveOccurred())
@@ -1829,7 +1829,7 @@ var _ = Describe("migrations", func() {
18291829
migrateTo("69")
18301830

18311831
By("Looking for existing Dynamic Egress Table")
1832-
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
1832+
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
18331833
var count int
18341834
err := realDb.QueryRow(query).Scan(&count)
18351835
Expect(err).NotTo(HaveOccurred())
@@ -1855,7 +1855,7 @@ var _ = Describe("migrations", func() {
18551855
migrateTo("70")
18561856

18571857
By("Looking for existing Dynamic Egress Table")
1858-
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
1858+
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
18591859
var count int
18601860
err := realDb.QueryRow(query).Scan(&count)
18611861
Expect(err).NotTo(HaveOccurred())
@@ -1881,7 +1881,7 @@ var _ = Describe("migrations", func() {
18811881
migrateTo("71")
18821882

18831883
By("Looking for existing Dynamic Egress Table")
1884-
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
1884+
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
18851885
var count int
18861886
err := realDb.QueryRow(query).Scan(&count)
18871887
Expect(err).NotTo(HaveOccurred())
@@ -1907,7 +1907,7 @@ var _ = Describe("migrations", func() {
19071907
migrateTo("72")
19081908

19091909
By("Looking for existing Dynamic Egress Tables")
1910-
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
1910+
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
19111911
var count int
19121912
err := realDb.QueryRow(query).Scan(&count)
19131913
Expect(err).NotTo(HaveOccurred())
@@ -1933,7 +1933,7 @@ var _ = Describe("migrations", func() {
19331933
migrateTo("73")
19341934

19351935
By("Looking for existing Dynamic Egress Table")
1936-
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' AND TABLE_NAME = '%s'", dbConf.DatabaseName, table_name)
1936+
query := fmt.Sprintf("SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '%s'", table_name)
19371937
var count int
19381938
err := realDb.QueryRow(query).Scan(&count)
19391939
Expect(err).NotTo(HaveOccurred())

src/code.cloudfoundry.org/test/acceptance/asg_dynamic_egress_interaction_test.go

-183
This file was deleted.

0 commit comments

Comments
 (0)