Merge pull request 'OZG-6354-pvog-based-routing-helm-chart' (#164) from...

Merge pull request 'OZG-6354-pvog-based-routing-helm-chart' (#164) from OZG-6354-pvog-based-routing-helm-chart into master Reviewed-on: https://git.ozg-sh.de/ozgcloud-app/eingang-manager/pulls/164 Reviewed-by: OZG-Cloud Team <noreply@ozg-sh.de> Reviewed-by: OZG-Cloud Team <noreply@ozg-sh.de>

Merge pull request 'OZG-6354-pvog-based-routing-helm-chart' (#164) from...
6d3388d3 · OZG-Cloud Team · 082ecf32 · 1fb9cb21 · 6d3388d3 · 6d3388d3
Commit 6d3388d3 authored 8 months ago by OZG-Cloud Team
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -83,6 +83,13 @@ spec:
        - name: grpc_client_vorgang-manager-{{ (.Values.routing).targetVorgangManagerName}}_negotiationType
          value: {{ (.Values.routing).negotiationType | default "TLS" }}
        {{- end }}
+        {{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+        - name: grpc_client_zufi-manager_address
+          value: {{ required "routing.zufiManager.address must be set when routingStrategy=ZUFI" ((.Values.routing).zufiManager).address | quote }}
+        - name: grpc_client_zufi-manager_negotiationType
+          value: {{ ((.Values.routing).zufiManager).negotiationType | default "PLAINTEXT" }}
+        {{- end }}
+
        {{- with include "app.getCustomList" . }}
 {{ . | indent 8 }}
        {{- end }}

--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -59,4 +59,26 @@ spec:
        protocol: UDP
      - port: 5353
        protocol: TCP
+
+{{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ required "routing.zufiManager.namespace must be set if routingStrategy=ZUFI" ((.Values.routing).zufiManager).namespace }}
+      podSelector: 
+        matchLabels:
+          component: zufi-server
+    ports:
+      - port: 9090
+        protocol: TCP
+  - to:
+    - namespaceSelector: {}
+      podSelector: 
+        matchLabels:
+          component: vorgang-manager
+    ports:
+      - port: 9090
+        protocol: TCP
+{{- end }}
+
 {{- end }} 
\ No newline at end of file
--- a/src/test/helm/deployment_routing_strategy_env.yaml
+++ b/src/test/helm/deployment_routing_strategy_env.yaml
 #
-# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
 # Ministerpräsidenten des Landes Schleswig-Holstein
 # Staatskanzlei
 # Abteilung Digitalisierung und zentrales IT-Management der Landesregierung

--- a/src/test/helm/deployment_routing_zufi_test.yaml
+++ b/src/test/helm/deployment_routing_zufi_test.yaml
+#
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test deployment zufi routing
+release:
+  name: intelliform-adapter
+  namespace: sh-helm-test
+templates:
+  - deployment.yaml
+set:
+  image.tag: latest
+  ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
+tests:
+  - it: should set zufi routing values when zufi is enabled
+    set:
+      routing:
+        routingStrategy: "ZUFI"
+        zufiManager:
+          address: "127.0.0.1"
+          negotiationType: "TLS"
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_address
+            value: "127.0.0.1"
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_negotiationType
+            value: "TLS"
+  
+  - it: should not set zufi routing values when zufi is disabled
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_address
+          any: true
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_negotiationType
+          any: true
+
+  - it: should throw error if zufi manager address is not set
+    set:
+      routing:
+        routingStrategy: "ZUFI"
+        zufiManager:
+          negotiationType: "PLAINTEXT"
+    asserts:
+      - failedTemplate:
+          errorMessage: "routing.zufiManager.address must be set when routingStrategy=ZUFI"
+
+  - it: should set default value for zufi negotiationType
+    set:
+      routing:
+        routingStrategy: "ZUFI"
+        zufiManager:
+          address: "127.0.0.1"
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_negotiationType
+            value: "PLAINTEXT"
\ No newline at end of file
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -123,4 +123,79 @@ tests:
        dnsServerNamespace: test-dns-server-namespace
    asserts:
      - hasDocuments:
-          count: 1
\ No newline at end of file
+          count: 1
+
+
+  - it: should add zufi rules when zufi-routing is enabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        routingStrategy: ZUFI
+        zufiManager: 
+          namespace: zufi-namespace
+    asserts:
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zufi-namespace
+            podSelector: 
+              matchLabels:
+                component: zufi-server
+          ports:
+          - port: 9090
+            protocol: TCP
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector: {}
+            podSelector: 
+              matchLabels:
+                component: vorgang-manager
+          ports:
+            - port: 9090
+              protocol: TCP
+
+  - it: should throw error when zufi is enabled but zufi namespace not set
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        routingStrategy: ZUFI
+    asserts:
+    - failedTemplate:
+        errorMessage: routing.zufiManager.namespace must be set if routingStrategy=ZUFI
+
+  - it: should not add zufi rule when zufi-routing is disabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        zufiManager: 
+          namespace: zufi-namespace
+    asserts:
+    - notContains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zufi-namespace
+            podSelector: 
+              matchLabels:
+                component: zufi-server
+    - notContains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector: {}
+            podSelector: 
+              matchLabels:
+                component: vorgang-manager
+          ports:
+            - port: 9090
+              protocol: TCP
\ No newline at end of file
--- a/xta-adapter/src/main/helm/templates/network_policy.yaml
+++ b/xta-adapter/src/main/helm/templates/network_policy.yaml
@@ -66,6 +66,28 @@ spec:
        protocol: TCP
      - port: 9000
        protocol: TCP
+
+{{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ required "routing.zufiManager.namespace must be set if routingStrategy=ZUFI" ((.Values.routing).zufiManager).namespace }}
+      podSelector: 
+        matchLabels:
+          component: zufi-server
+    ports:
+      - port: 9090
+        protocol: TCP
+  - to:
+    - namespaceSelector: {}
+      podSelector: 
+        matchLabels:
+          component: vorgang-manager
+    ports:
+      - port: 9090
+        protocol: TCP
+{{- end }}
+
 {{- with (.Values.networkPolicy).additionalEgressConfigLocal }}
 {{ toYaml . | indent 2 }}
 {{- end }}

--- a/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
+++ b/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
@@ -85,6 +85,12 @@ spec:
                - name: grpc_client_vorgang-manager-{{ (.Values.routing).targetVorgangManagerName }}_negotiationType
                  value: {{ (.Values.routing).negotiationType | default "PLAINTEXT" }}
                {{- end }}
+                {{- if eq (.Values.routing).routingStrategy "ZUFI" }}
+                - name: grpc_client_zufi-manager_address
+                  value: {{ required "routing.zufiManager.address must be set when routingStrategy=ZUFI" ((.Values.routing).zufiManager).address | quote }}
+                - name: grpc_client_zufi-manager_negotiationType
+                  value: {{ ((.Values.routing).zufiManager).negotiationType | default "PLAINTEXT" }}
+                {{- end }}
                {{- with include "app.getCustomList" . }}
 {{ . | indent 16 }}
                {{- end }}

--- a/xta-adapter/src/test/helm/network_policy_test.yaml
+++ b/xta-adapter/src/test/helm/network_policy_test.yaml
@@ -162,4 +162,78 @@ tests:
        dnsServerNamespace: test-dns-server-namespace
    asserts:
      - hasDocuments:
-          count: 1
\ No newline at end of file
+          count: 1
+
+  - it: should add zufi rules when zufi-routing is enabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        routingStrategy: ZUFI
+        zufiManager: 
+          namespace: zufi-namespace
+    asserts:
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zufi-namespace
+            podSelector: 
+              matchLabels:
+                component: zufi-server
+          ports:
+          - port: 9090
+            protocol: TCP
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector: {}
+            podSelector: 
+              matchLabels:
+                component: vorgang-manager
+          ports:
+            - port: 9090
+              protocol: TCP
+          
+  - it: should throw error when zufi is enabled but zufi namespace not set
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        routingStrategy: ZUFI
+    asserts:
+    - failedTemplate:
+        errorMessage: routing.zufiManager.namespace must be set if routingStrategy=ZUFI
+
+  - it: should not add zufi rule when zufi-routing is disabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
+      routing:
+        zufiManager: 
+          namespace: zufi-namespace
+    asserts:
+    - notContains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector:
+              matchLabels:
+                kubernetes.io/metadata.name: zufi-namespace
+            podSelector: 
+              matchLabels:
+                component: zufi-server
+    - notContains:
+        path: spec.egress
+        content:
+          to:
+          - namespaceSelector: {}
+            podSelector: 
+              matchLabels:
+                component: vorgang-manager
+          ports:
+            - port: 9090
+              protocol: TCP
--- a/xta-adapter/src/test/helm/xta_adapter_cronjob_routing_zufi_test.yaml
+++ b/xta-adapter/src/test/helm/xta_adapter_cronjob_routing_zufi_test.yaml
+#
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test deployment zufi routing
+release:
+  name: intelliform-adapter
+  namespace: sh-helm-test
+templates:
+  - templates/xta_adapter_cronjob.yaml
+set:
+  ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
+tests:
+  - it: should set zufi routing values when zufi is enabled
+    set:
+      routing:
+        routingStrategy: "ZUFI"
+        zufiManager:
+          address: "127.0.0.1"
+          negotiationType: "TLS"
+    asserts:
+      - contains:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_address
+            value: "127.0.0.1"
+      - contains:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_negotiationType
+            value: "TLS"
+  
+  - it: should not set zufi routing values when zufi is disabled
+    asserts:
+      - notContains:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_address
+          any: true
+      - notContains:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_negotiationType
+          any: true
+
+  - it: should throw error if zufi manager address is not set
+    set:
+      routing:
+        routingStrategy: "ZUFI"
+        zufiManager:
+          negotiationType: "PLAINTEXT"
+    asserts:
+      - failedTemplate:
+          errorMessage: "routing.zufiManager.address must be set when routingStrategy=ZUFI"
+
+  - it: should set default value for zufi negotiationType
+    set:
+      routing:
+        routingStrategy: "ZUFI"
+        zufiManager:
+          address: "127.0.0.1"
+    asserts:
+      - contains:
+          path: spec.jobTemplate.spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_zufi-manager_negotiationType
+            value: "PLAINTEXT"
\ No newline at end of file