cilium-cli icon indicating copy to clipboard operation
cilium-cli copied to clipboard
verified publisher icon cilium

Revisit policy enforcement check

Open viktor-kurchenko opened this issue 1 year ago • 0 comments

We want to run tests in parallel in different namespaces.

Review and improve policy enforcement check if needed, so a test runs only after policy is applied.

Looks like we can try the following algorithm:

1. Read policy UID via `cilium policy get`
2. Apply policy
3. Read policy UID and revision number until:
  3.1. policy appears in the output (create case)
  3.2. new policy UID appears in the output compared to the step 1 output (update case)
4. Run cilium policy wait <revision> --max-wait-time ... to make sure that policy has been applied

More context: https://github.com/cilium/cilium/issues/4248

viktor-kurchenko avatar Mar 13 '24 07:03 viktor-kurchenko