Merge remote-tracking branch 'origin/master' into OZG-6354_pvog-based-routing

src/main/helm/templates/deployment.yaml

@@ -83,6 +83,13 @@ spec:
         - name: grpc_client_vorgang-manager-{{ (.Values.routing).targetVorgangManagerName}}_negotiationType
           value: {{ (.Values.routing).negotiationType | default "TLS" }}
         {{- end }}
+        {{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+        - name: grpc_client_zufi-manager_address
+          value: {{ required "routing.zufiManager.address must be set when routingStrategy=ZUFI" ((.Values.routing).zufiManager).address | quote }}
+        - name: grpc_client_zufi-manager_negotiationType
+          value: {{ ((.Values.routing).zufiManager).negotiationType | default "PLAINTEXT" }}
+        {{- end }}
+
         {{- with include "app.getCustomList" . }}
 {{ . | indent 8 }}
         {{- end }}

src/main/helm/templates/network_policy.yaml

@@ -59,4 +59,26 @@ spec:
         protocol: UDP
       - port: 5353
         protocol: TCP
+
+{{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ required "routing.zufiManager.namespace must be set if routingStrategy=ZUFI" ((.Values.routing).zufiManager).namespace }}
+      podSelector: 
+        matchLabels:
+          component: zufi-server
+    ports:
+      - port: 9090
+        protocol: TCP
+  - to:
+    - namespaceSelector: {}
+      podSelector: 
+        matchLabels:
+          component: vorgang-manager
+    ports:
+      - port: 9090
+        protocol: TCP
+{{- end }}
+
 {{- end }} 
\ No newline at end of file

src/test/helm/deployment_routing_strategy_env.yaml → src/test/helm/deployment_routing_strategy_env_test.yaml

 #
-# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
 # Ministerpräsidenten des Landes Schleswig-Holstein
 # Staatskanzlei
 # Abteilung Digitalisierung und zentrales IT-Management der Landesregierung

src/test/helm/deployment_routing_zufi_test.yaml

+#
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test deployment zufi routing
+release:
+  name: intelliform-adapter
+  namespace: sh-helm-test
+templates:
+  - deployment.yaml
+set:
+  image.tag: latest
+  ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
+tests:
+  - it: should set zufi routing values when zufi is enabled
+    set:
+      routing:
+        routingStrategy: "ZUFI"
+        zufiManager:
+          address: "127.0.0.1"
+          negotiationType: "TLS"
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_address
+            value: "127.0.0.1"
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_negotiationType
+            value: "TLS"
+  
+  - it: should not set zufi routing values when zufi is disabled
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_address
+          any: true
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_negotiationType
+          any: true
+
+  - it: should throw error if zufi manager address is not set
+    set:
+      routing:
+        routingStrategy: "ZUFI"
+        zufiManager:
+          negotiationType: "PLAINTEXT"
+    asserts:
+      - failedTemplate:
+          errorMessage: "routing.zufiManager.address must be set when routingStrategy=ZUFI"
+
+  - it: should set default value for zufi negotiationType
+    set:
+      routing:
+        routingStrategy: "ZUFI"
+        zufiManager:
+          address: "127.0.0.1"
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_negotiationType
+            value: "PLAINTEXT"
\ No newline at end of file

src/test/helm/network_policy_test.yaml

@@ -124,3 +124,78 @@ tests:
     asserts:
       - hasDocuments:
           count: 1
+
+
+  - it: should add zufi rules when zufi-routing is enabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        routingStrategy: ZUFI
+        zufiManager: 
+          namespace: zufi-namespace
+    asserts:
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zufi-namespace
+            podSelector: 
+              matchLabels:
+                component: zufi-server
+          ports:
+          - port: 9090
+            protocol: TCP
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector: {}
+            podSelector: 
+              matchLabels:
+                component: vorgang-manager
+          ports:
+            - port: 9090
+              protocol: TCP
+
+  - it: should throw error when zufi is enabled but zufi namespace not set
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        routingStrategy: ZUFI
+    asserts:
+    - failedTemplate:
+        errorMessage: routing.zufiManager.namespace must be set if routingStrategy=ZUFI
+
+  - it: should not add zufi rule when zufi-routing is disabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        zufiManager: 
+          namespace: zufi-namespace
+    asserts:
+    - notContains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zufi-namespace
+            podSelector: 
+              matchLabels:
+                component: zufi-server
+    - notContains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector: {}
+            podSelector: 
+              matchLabels:
+                component: vorgang-manager
+          ports:
+            - port: 9090
+              protocol: TCP
\ No newline at end of file

xta-adapter/src/main/helm/templates/network_policy.yaml

@@ -66,6 +66,28 @@ spec:
         protocol: TCP
       - port: 9000
         protocol: TCP
+
+{{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ required "routing.zufiManager.namespace must be set if routingStrategy=ZUFI" ((.Values.routing).zufiManager).namespace }}
+      podSelector: 
+        matchLabels:
+          component: zufi-server
+    ports:
+      - port: 9090
+        protocol: TCP
+  - to:
+    - namespaceSelector: {}
+      podSelector: 
+        matchLabels:
+          component: vorgang-manager
+    ports:
+      - port: 9090
+        protocol: TCP
+{{- end }}
+
 {{- with (.Values.networkPolicy).additionalEgressConfigLocal }}
 {{ toYaml . | indent 2 }}
 {{- end }}

xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml

@@ -85,6 +85,12 @@ spec:
                 - name: grpc_client_vorgang-manager-{{ (.Values.routing).targetVorgangManagerName }}_negotiationType
                   value: {{ (.Values.routing).negotiationType | default "PLAINTEXT" }}
                 {{- end }}
+                {{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+                - name: grpc_client_zufi-manager_address
+                  value: {{ required "routing.zufiManager.address must be set when routingStrategy=ZUFI" ((.Values.routing).zufiManager).address | quote }}
+                - name: grpc_client_zufi-manager_negotiationType
+                  value: {{ ((.Values.routing).zufiManager).negotiationType | default "PLAINTEXT" }}
+                {{- end }}
                 {{- with include "app.getCustomList" . }}
 {{ . | indent 16 }}
                 {{- end }}

xta-adapter/src/test/helm/network_policy_test.yaml

@@ -163,3 +163,77 @@ tests:
     asserts:
       - hasDocuments:
           count: 1
+
+  - it: should add zufi rules when zufi-routing is enabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        routingStrategy: ZUFI
+        zufiManager: 
+          namespace: zufi-namespace
+    asserts:
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zufi-namespace
+            podSelector: 
+              matchLabels:
+                component: zufi-server
+          ports:
+          - port: 9090
+            protocol: TCP
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector: {}
+            podSelector: 
+              matchLabels:
+                component: vorgang-manager
+          ports:
+            - port: 9090
+              protocol: TCP
+          
+  - it: should throw error when zufi is enabled but zufi namespace not set
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        routingStrategy: ZUFI
+    asserts:
+    - failedTemplate:
+        errorMessage: routing.zufiManager.namespace must be set if routingStrategy=ZUFI
+
+  - it: should not add zufi rule when zufi-routing is disabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        zufiManager: 
+          namespace: zufi-namespace
+    asserts:
+    - notContains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zufi-namespace
+            podSelector: 
+              matchLabels:
+                component: zufi-server
+    - notContains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector: {}
+            podSelector: 
+              matchLabels:
+                component: vorgang-manager
+          ports:
+            - port: 9090
+              protocol: TCP

xta-adapter/src/test/helm/xta_adapter_cronjob_routing_zufi_test.yaml

+#
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test deployment zufi routing
+release:
+  name: intelliform-adapter
+  namespace: sh-helm-test
+templates:
+  - templates/xta_adapter_cronjob.yaml
+set:
+  ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
+tests:
+  - it: should set zufi routing values when zufi is enabled
+    set:
+      routing:
+        routingStrategy: "ZUFI"
+        zufiManager:
+          address: "127.0.0.1"
+          negotiationType: "TLS"
+    asserts:
+      - contains:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_address
+            value: "127.0.0.1"
+      - contains:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_negotiationType
+            value: "TLS"
+  
+  - it: should not set zufi routing values when zufi is disabled
+    asserts:
+      - notContains:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_address
+          any: true
+      - notContains:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_negotiationType
+          any: true
+
+  - it: should throw error if zufi manager address is not set
+    set:
+      routing:
+        routingStrategy: "ZUFI"
+        zufiManager:
+          negotiationType: "PLAINTEXT"
+    asserts:
+      - failedTemplate:
+          errorMessage: "routing.zufiManager.address must be set when routingStrategy=ZUFI"
+
+  - it: should set default value for zufi negotiationType
+    set:
+      routing:
+        routingStrategy: "ZUFI"
+        zufiManager:
+          address: "127.0.0.1"
+    asserts:
+      - contains:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_negotiationType
+            value: "PLAINTEXT"
\ No newline at end of file