From 33176ab409759c510c908b3e1e06b47c0e879d75 Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Wed, 24 Jan 2024 21:53:05 +0100
Subject: [PATCH] OZG-3880 network-policy fix xta egress rule

---
 .../main/helm/templates/network_policy.yaml   | 14 +++--
 .../src/test/helm/network_policy_test.yaml    | 60 ++++++-------------
 2 files changed, 25 insertions(+), 49 deletions(-)

diff --git a/xta-adapter/src/main/helm/templates/network_policy.yaml b/xta-adapter/src/main/helm/templates/network_policy.yaml
index 4b42df74f..ff4602138 100644
--- a/xta-adapter/src/main/helm/templates/network_policy.yaml
+++ b/xta-adapter/src/main/helm/templates/network_policy.yaml
@@ -62,11 +62,13 @@ spec:
     - namespaceSelector:
         matchLabels:
           kubernetes.io/metadata.name: ssh-port-forward
-      ports:
-      - port: 9000
+    ports:
+      - port: 443
         protocol: TCP
-  {{- with (.Values.networkPolicy).additionalEgressConfig }}
-  - to:
-{{ toYaml . | indent 8 }}
-  {{- end }}
+      - port: 80
+        protocol: TCP
+{{- with (.Values.networkPolicy).additionalEgressConfig }}
+{{ toYaml . | indent 2 }}
+{{- end }}
+
 {{- end }} 
\ No newline at end of file
diff --git a/xta-adapter/src/test/helm/network_policy_test.yaml b/xta-adapter/src/test/helm/network_policy_test.yaml
index 75530cbc1..99d1fade5 100644
--- a/xta-adapter/src/test/helm/network_policy_test.yaml
+++ b/xta-adapter/src/test/helm/network_policy_test.yaml
@@ -81,55 +81,29 @@ tests:
               - namespaceSelector:
                   matchLabels:
                     kubernetes.io/metadata.name: ssh-port-forward
-                ports:
-                - port: 9000
+              ports:
+                - port: 443
+                  protocol: TCP
+                - port: 80
                   protocol: TCP
 
-  - it: add ingress rule by values
+  - it: add egress rules by values
     set:
       networkPolicy:
+        ssoPublicIp: 51.89.117.53/32
+        dnsServerNamespace: test-dns-namespace
         additionalEgressConfig:
-        - podSelector: 
-            matchLabels:
-              component: client2
+        - to:
+          - ipBlock:
+              cidr: 1.2.3.4/32
     asserts:
-      - equal:
-          path: spec.egress
-          value:
-            - to:
-              - podSelector: 
-                  matchLabels:
-                    component: vorgang-manager
-              ports:
-                - port: 9090
-                  protocol: TCP
-            - to:
-              - namespaceSelector:
-                  matchLabels:
-                    kubernetes.io/metadata.name: kube-system
-                podSelector:
-                  matchLabels:
-                    k8s-app: kube-dns
-              ports:
-                - port: 53
-                  protocol: UDP
-                - port: 53
-                  protocol: TCP
-                - port: 5353
-                  protocol: UDP
-                - port: 5353
-                  protocol: TCP
-            - to:
-              - namespaceSelector:
-                  matchLabels:
-                    kubernetes.io/metadata.name: ssh-port-forward
-                ports:
-                - port: 9000
-                  protocol: TCP
-            - to:
-              - podSelector: 
-                  matchLabels:
-                    component: client2
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - ipBlock:
+              cidr: 1.2.3.4/32
+
 
   - it: test network policy disabled
     set:
-- 
GitLab