diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index b3bfd90e14e00c464ea72646affc1408ee4f9923..c68b9d69be88de512c6cca216e756aad79d6f46f 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -83,6 +83,13 @@ spec:
- name: grpc_client_vorgang-manager-{{ (.Values.routing).targetVorgangManagerName}}_negotiationType
value: {{ (.Values.routing).negotiationType | default "TLS" }}
{{- end }}
+ {{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+ - name: grpc_client_zufi-manager_address
+ value: {{ required "routing.zufiManager.address must be set when routingStrategy=ZUFI" ((.Values.routing).zufiManager).address | quote }}
+ - name: grpc_client_zufi-manager_negotiationType
+ value: {{ ((.Values.routing).zufiManager).negotiationType | default "PLAINTEXT" }}
+ {{- end }}
+
{{- with include "app.getCustomList" . }}
{{ . | indent 8 }}
{{- end }}
diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index 2d70106bb1690fc7ca90516a8f9f1e7e4c01afc7..1f2f9e15f26f38f39b91143e9e2801c794c6f0a6 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -59,4 +59,26 @@ spec:
protocol: UDP
- port: 5353
protocol: TCP
+
+{{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+ - to:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: {{ required "routing.zufiManager.namespace must be set if routingStrategy=ZUFI" ((.Values.routing).zufiManager).namespace }}
+ podSelector:
+ matchLabels:
+ component: zufi-server
+ ports:
+ - port: 9090
+ protocol: TCP
+ - to:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ component: vorgang-manager
+ ports:
+ - port: 9090
+ protocol: TCP
+{{- end }}
+
{{- end }}
\ No newline at end of file
diff --git a/src/test/helm/deployment_routing_strategy_env.yaml b/src/test/helm/deployment_routing_strategy_env_test.yaml
similarity index 97%
rename from src/test/helm/deployment_routing_strategy_env.yaml
rename to src/test/helm/deployment_routing_strategy_env_test.yaml
index cd24633dbc3eed6ed59ccd58b70dbf4397b847a1..8ae56386a24a3f0f74e3bdb3395b2aed9f4d2be4 100644
--- a/src/test/helm/deployment_routing_strategy_env.yaml
+++ b/src/test/helm/deployment_routing_strategy_env_test.yaml
@@ -1,5 +1,5 @@
#
-# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
# Ministerpräsidenten des Landes Schleswig-Holstein
# Staatskanzlei
# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
diff --git a/src/test/helm/deployment_routing_zufi_test.yaml b/src/test/helm/deployment_routing_zufi_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..85c3e1b73b83bca9bc5f183d2a4a03bb96963d3b
--- /dev/null
+++ b/src/test/helm/deployment_routing_zufi_test.yaml
@@ -0,0 +1,89 @@
+#
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test deployment zufi routing
+release:
+ name: intelliform-adapter
+ namespace: sh-helm-test
+templates:
+ - deployment.yaml
+set:
+ image.tag: latest
+ ozgcloud.environment: test
+ imagePullSecret: image-pull-secret
+tests:
+ - it: should set zufi routing values when zufi is enabled
+ set:
+ routing:
+ routingStrategy: "ZUFI"
+ zufiManager:
+ address: "127.0.0.1"
+ negotiationType: "TLS"
+ asserts:
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: grpc_client_zufi-manager_address
+ value: "127.0.0.1"
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: grpc_client_zufi-manager_negotiationType
+ value: "TLS"
+
+ - it: should not set zufi routing values when zufi is disabled
+ asserts:
+ - notContains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: grpc_client_zufi-manager_address
+ any: true
+ - notContains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: grpc_client_zufi-manager_negotiationType
+ any: true
+
+ - it: should throw error if zufi manager address is not set
+ set:
+ routing:
+ routingStrategy: "ZUFI"
+ zufiManager:
+ negotiationType: "PLAINTEXT"
+ asserts:
+ - failedTemplate:
+ errorMessage: "routing.zufiManager.address must be set when routingStrategy=ZUFI"
+
+ - it: should set default value for zufi negotiationType
+ set:
+ routing:
+ routingStrategy: "ZUFI"
+ zufiManager:
+ address: "127.0.0.1"
+ asserts:
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: grpc_client_zufi-manager_negotiationType
+ value: "PLAINTEXT"
\ No newline at end of file
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index ab74074fa631daa7404959e1e05d9d4e7faed1b6..9ef5c98f73dbc6764fb116a38c5f9209234d775e 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -123,4 +123,79 @@ tests:
dnsServerNamespace: test-dns-server-namespace
asserts:
- hasDocuments:
- count: 1
\ No newline at end of file
+ count: 1
+
+
+ - it: should add zufi rules when zufi-routing is enabled
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-server-namespace
+ routing:
+ routingStrategy: ZUFI
+ zufiManager:
+ namespace: zufi-namespace
+ asserts:
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: zufi-namespace
+ podSelector:
+ matchLabels:
+ component: zufi-server
+ ports:
+ - port: 9090
+ protocol: TCP
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ component: vorgang-manager
+ ports:
+ - port: 9090
+ protocol: TCP
+
+ - it: should throw error when zufi is enabled but zufi namespace not set
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-server-namespace
+ routing:
+ routingStrategy: ZUFI
+ asserts:
+ - failedTemplate:
+ errorMessage: routing.zufiManager.namespace must be set if routingStrategy=ZUFI
+
+ - it: should not add zufi rule when zufi-routing is disabled
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-server-namespace
+ routing:
+ zufiManager:
+ namespace: zufi-namespace
+ asserts:
+ - notContains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: zufi-namespace
+ podSelector:
+ matchLabels:
+ component: zufi-server
+ - notContains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ component: vorgang-manager
+ ports:
+ - port: 9090
+ protocol: TCP
\ No newline at end of file
diff --git a/xta-adapter/src/main/helm/templates/network_policy.yaml b/xta-adapter/src/main/helm/templates/network_policy.yaml
index b65e30f07ac0bc4277370f0879bc71c2c9c8adb5..ff1ebff546dae5ea3eeecf224e1652a6ab929091 100644
--- a/xta-adapter/src/main/helm/templates/network_policy.yaml
+++ b/xta-adapter/src/main/helm/templates/network_policy.yaml
@@ -66,6 +66,28 @@ spec:
protocol: TCP
- port: 9000
protocol: TCP
+
+{{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+ - to:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: {{ required "routing.zufiManager.namespace must be set if routingStrategy=ZUFI" ((.Values.routing).zufiManager).namespace }}
+ podSelector:
+ matchLabels:
+ component: zufi-server
+ ports:
+ - port: 9090
+ protocol: TCP
+ - to:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ component: vorgang-manager
+ ports:
+ - port: 9090
+ protocol: TCP
+{{- end }}
+
{{- with (.Values.networkPolicy).additionalEgressConfigLocal }}
{{ toYaml . | indent 2 }}
{{- end }}
diff --git a/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml b/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
index 25da0415e81e4921e726683f62a7f9e1526a3d5a..3835e3ec440eebbd71cdb1bb5c21bf366add83c6 100644
--- a/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
+++ b/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
@@ -85,6 +85,12 @@ spec:
- name: grpc_client_vorgang-manager-{{ (.Values.routing).targetVorgangManagerName }}_negotiationType
value: {{ (.Values.routing).negotiationType | default "PLAINTEXT" }}
{{- end }}
+ {{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+ - name: grpc_client_zufi-manager_address
+ value: {{ required "routing.zufiManager.address must be set when routingStrategy=ZUFI" ((.Values.routing).zufiManager).address | quote }}
+ - name: grpc_client_zufi-manager_negotiationType
+ value: {{ ((.Values.routing).zufiManager).negotiationType | default "PLAINTEXT" }}
+ {{- end }}
{{- with include "app.getCustomList" . }}
{{ . | indent 16 }}
{{- end }}
diff --git a/xta-adapter/src/test/helm/network_policy_test.yaml b/xta-adapter/src/test/helm/network_policy_test.yaml
index 74ac285893aab5f14a2b7abe6e3d5c84fd55033d..863e8c70f6ae138eb7cbe584bf8c374504f99a49 100644
--- a/xta-adapter/src/test/helm/network_policy_test.yaml
+++ b/xta-adapter/src/test/helm/network_policy_test.yaml
@@ -162,4 +162,78 @@ tests:
dnsServerNamespace: test-dns-server-namespace
asserts:
- hasDocuments:
- count: 1
\ No newline at end of file
+ count: 1
+
+ - it: should add zufi rules when zufi-routing is enabled
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-server-namespace
+ routing:
+ routingStrategy: ZUFI
+ zufiManager:
+ namespace: zufi-namespace
+ asserts:
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: zufi-namespace
+ podSelector:
+ matchLabels:
+ component: zufi-server
+ ports:
+ - port: 9090
+ protocol: TCP
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ component: vorgang-manager
+ ports:
+ - port: 9090
+ protocol: TCP
+
+ - it: should throw error when zufi is enabled but zufi namespace not set
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-server-namespace
+ routing:
+ routingStrategy: ZUFI
+ asserts:
+ - failedTemplate:
+ errorMessage: routing.zufiManager.namespace must be set if routingStrategy=ZUFI
+
+ - it: should not add zufi rule when zufi-routing is disabled
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-server-namespace
+ routing:
+ zufiManager:
+ namespace: zufi-namespace
+ asserts:
+ - notContains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: zufi-namespace
+ podSelector:
+ matchLabels:
+ component: zufi-server
+ - notContains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector: {}
+ podSelector:
+ matchLabels:
+ component: vorgang-manager
+ ports:
+ - port: 9090
+ protocol: TCP
diff --git a/xta-adapter/src/test/helm/xta_adapter_cronjob_routing_zufi_test.yaml b/xta-adapter/src/test/helm/xta_adapter_cronjob_routing_zufi_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1414a4e8248f7fa5985c23322f4f39367fe74603
--- /dev/null
+++ b/xta-adapter/src/test/helm/xta_adapter_cronjob_routing_zufi_test.yaml
@@ -0,0 +1,88 @@
+#
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test deployment zufi routing
+release:
+ name: intelliform-adapter
+ namespace: sh-helm-test
+templates:
+ - templates/xta_adapter_cronjob.yaml
+set:
+ ozgcloud.environment: test
+ imagePullSecret: image-pull-secret
+tests:
+ - it: should set zufi routing values when zufi is enabled
+ set:
+ routing:
+ routingStrategy: "ZUFI"
+ zufiManager:
+ address: "127.0.0.1"
+ negotiationType: "TLS"
+ asserts:
+ - contains:
+ path: spec.jobTemplate.spec.template.spec.containers[0].env
+ content:
+ name: grpc_client_zufi-manager_address
+ value: "127.0.0.1"
+ - contains:
+ path: spec.jobTemplate.spec.template.spec.containers[0].env
+ content:
+ name: grpc_client_zufi-manager_negotiationType
+ value: "TLS"
+
+ - it: should not set zufi routing values when zufi is disabled
+ asserts:
+ - notContains:
+ path: spec.jobTemplate.spec.template.spec.containers[0].env
+ content:
+ name: grpc_client_zufi-manager_address
+ any: true
+ - notContains:
+ path: spec.jobTemplate.spec.template.spec.containers[0].env
+ content:
+ name: grpc_client_zufi-manager_negotiationType
+ any: true
+
+ - it: should throw error if zufi manager address is not set
+ set:
+ routing:
+ routingStrategy: "ZUFI"
+ zufiManager:
+ negotiationType: "PLAINTEXT"
+ asserts:
+ - failedTemplate:
+ errorMessage: "routing.zufiManager.address must be set when routingStrategy=ZUFI"
+
+ - it: should set default value for zufi negotiationType
+ set:
+ routing:
+ routingStrategy: "ZUFI"
+ zufiManager:
+ address: "127.0.0.1"
+ asserts:
+ - contains:
+ path: spec.jobTemplate.spec.template.spec.containers[0].env
+ content:
+ name: grpc_client_zufi-manager_negotiationType
+ value: "PLAINTEXT"
\ No newline at end of file