test: remove RuntimePolicyEnforcement tests

These cases are now covered by unit tests, specifically `pkg/policy/repository_test.go:TestComputePolicyEnforcementAndRules`. So, no need to have Ginkgo tests set up which are much costlier to run than unit tests. Signed-off by: Ian Vernon <ian@cilium.io>
dvandra · Jul 18, 2019 · d0eff29 · d0eff29
1 parent 0d7d198
commit d0eff29
Showing 1 changed file with 0 additions and 192 deletions.
diff --git a/test/runtime/Policies.go b/test/runtime/Policies.go
@@ -46,7 +46,6 @@ const (
 	// Policy files
 	policyJSON                      = "policy.json"
 	invalidJSON                     = "invalid.json"
-	sampleJSON                      = "sample_policy.json"
 	multL7PoliciesJSON              = "Policies-l7-multiple.json"
 	policiesL7JSON                  = "Policies-l7-simple.json"
 	policiesL3JSON                  = "Policies-l3-policy.json"
@@ -55,197 +54,6 @@ const (
 	policiesReservedInitJSON        = "Policies-reserved-init.json"
 )
 
-var _ = Describe("RuntimePolicyEnforcement", func() {
-
-	var (
-		vm               *helpers.SSHMeta
-		appContainerName = "app"
-	)
-
-	BeforeAll(func() {
-		vm = helpers.InitRuntimeHelper(helpers.Runtime, logger)
-		ExpectCiliumReady(vm)
-
-		vm.ContainerCreate(appContainerName, constants.HttpdImage, helpers.CiliumDockerNetwork, "-l id.app")
-		areEndpointsReady := vm.WaitEndpointsReady()
-		Expect(areEndpointsReady).Should(BeTrue(), "Endpoints are not ready after timeout")
-	})
-
-	AfterAll(func() {
-		vm.ContainerRm(appContainerName)
-		vm.CloseSSHClient()
-	})
-
-	BeforeEach(func() {
-		vm.PolicyDelAll()
-
-		areEndpointsReady := vm.WaitEndpointsReady()
-		Expect(areEndpointsReady).Should(BeTrue(), "Endpoints are not ready after timeout")
-	})
-
-	JustAfterEach(func() {
-		vm.ValidateNoErrorsInLogs(CurrentGinkgoTestDescription().Duration)
-	})
-
-	AfterFailed(func() {
-		vm.ReportFailed("cilium config", "cilium policy get")
-	})
-
-	Context("Policy Enforcement Default", func() {
-
-		BeforeEach(func() {
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementDefault)
-		})
-
-		It("Default values", func() {
-
-			By("Policy Enforcement should be disabled for containers", func() {
-				ExpectEndpointSummary(vm, helpers.Disabled, 1)
-			})
-
-			By("Apply a new sample policy")
-			_, err := vm.PolicyImportAndWait(vm.GetFullPath(sampleJSON), helpers.HelperTimeout)
-			Expect(err).Should(BeNil())
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-		})
-
-		It("Default to Always without policy", func() {
-			By("Check no policy enforcement")
-			ExpectEndpointSummary(vm, helpers.Disabled, 1)
-
-			By("Setting to Always")
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementAlways)
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-
-			By("Setting to default from Always")
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementDefault)
-			ExpectEndpointSummary(vm, helpers.Disabled, 1)
-		})
-
-		It("Default to Always with policy", func() {
-			_, err := vm.PolicyImportAndWait(vm.GetFullPath(sampleJSON), helpers.HelperTimeout)
-			Expect(err).Should(BeNil())
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementAlways)
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementDefault)
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-		})
-
-		It("Default to Never without policy", func() {
-			ExpectEndpointSummary(vm, helpers.Disabled, 1)
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementNever)
-			ExpectEndpointSummary(vm, helpers.Disabled, 1)
-		})
-
-		It("Default to Never with policy", func() {
-			_, err := vm.PolicyImportAndWait(vm.GetFullPath(sampleJSON), helpers.HelperTimeout)
-			Expect(err).Should(BeNil())
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementNever)
-			ExpectEndpointSummary(vm, helpers.Enabled, 0)
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementDefault)
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-		})
-	})
-
-	Context("Policy Enforcement Always", func() {
-		//The test Always to Default is already tested in from default-always
-		BeforeEach(func() {
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementAlways)
-		})
-
-		It("Container creation", func() {
-			//Check default containers are in place.
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-			ExpectEndpointSummary(vm, helpers.Disabled, 0)
-
-			By("Create a new container")
-			vm.ContainerCreate("new", constants.HttpdImage, helpers.CiliumDockerNetwork, "-l id.new")
-			areEndpointsReady := vm.WaitEndpointsReady()
-			Expect(areEndpointsReady).Should(BeTrue(), "Endpoints are not ready after timeout")
-			ExpectEndpointSummary(vm, helpers.Enabled, 2)
-			ExpectEndpointSummary(vm, helpers.Disabled, 0)
-			vm.ContainerRm("new")
-		}, 300)
-
-		It("Always to Never with policy", func() {
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-			ExpectEndpointSummary(vm, helpers.Disabled, 0)
-
-			_, err := vm.PolicyImportAndWait(vm.GetFullPath(sampleJSON), helpers.HelperTimeout)
-			Expect(err).Should(BeNil())
-
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-			ExpectEndpointSummary(vm, helpers.Disabled, 0)
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementNever)
-			ExpectEndpointSummary(vm, helpers.Enabled, 0)
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementAlways)
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-		})
-
-		It("Always to Never without policy", func() {
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-			ExpectEndpointSummary(vm, helpers.Disabled, 0)
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementNever)
-			ExpectEndpointSummary(vm, helpers.Enabled, 0)
-			ExpectEndpointSummary(vm, helpers.Disabled, 1)
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementAlways)
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-		})
-
-	})
-
-	Context("Policy Enforcement Never", func() {
-		//The test Always to Default is already tested in from default-always
-		BeforeEach(func() {
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementNever)
-		})
-
-		It("Container creation", func() {
-			//Check default containers are in place.
-			ExpectEndpointSummary(vm, helpers.Enabled, 0)
-			ExpectEndpointSummary(vm, helpers.Disabled, 1)
-
-			vm.ContainerCreate("new", constants.HttpdImage, helpers.CiliumDockerNetwork, "-l id.new")
-			areEndpointsReady := vm.WaitEndpointsReady()
-			Expect(areEndpointsReady).Should(BeTrue(), "Endpoints are not ready after timeout")
-
-			ExpectEndpointSummary(vm, helpers.Enabled, 0)
-			ExpectEndpointSummary(vm, helpers.Disabled, 2)
-			vm.ContainerRm("new")
-		}, 300)
-
-		It("Never to default with policy", func() {
-			ExpectEndpointSummary(vm, helpers.Enabled, 0)
-			ExpectEndpointSummary(vm, helpers.Disabled, 1)
-
-			_, err := vm.PolicyImportAndWait(vm.GetFullPath(sampleJSON), helpers.HelperTimeout)
-			Expect(err).Should(BeNil())
-
-			ExpectEndpointSummary(vm, helpers.Enabled, 0)
-			ExpectEndpointSummary(vm, helpers.Disabled, 1)
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementDefault)
-			ExpectEndpointSummary(vm, helpers.Enabled, 1)
-			ExpectEndpointSummary(vm, helpers.Disabled, 0)
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementNever)
-			ExpectEndpointSummary(vm, helpers.Enabled, 0)
-			ExpectEndpointSummary(vm, helpers.Disabled, 1)
-		})
-
-		It("Never to default without policy", func() {
-			ExpectEndpointSummary(vm, helpers.Enabled, 0)
-			ExpectEndpointSummary(vm, helpers.Disabled, 1)
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementDefault)
-			ExpectEndpointSummary(vm, helpers.Enabled, 0)
-			ExpectEndpointSummary(vm, helpers.Disabled, 1)
-			ExpectPolicyEnforcementUpdated(vm, helpers.PolicyEnforcementNever)
-			ExpectEndpointSummary(vm, helpers.Enabled, 0)
-			ExpectEndpointSummary(vm, helpers.Disabled, 1)
-		})
-	})
-})
-
 var _ = Describe("RuntimePolicies", func() {
 
 	var (