From ed13709b1e10fc602b9d8b8cdb3862a250d4eddd Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Wed, 24 Jan 2024 19:50:45 +0100
Subject: [PATCH] OZG-3880 network- policy add dns egress role for user-manager

---
 src/main/helm/templates/network_policy.yaml | 18 ++++++--
 src/test/helm/network_policy_test.yaml      | 51 +++++++++++++++------
 2 files changed, 52 insertions(+), 17 deletions(-)

diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index e5dc19013b..ce4d6d3250 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -14,10 +14,9 @@ spec:
   ingress:
   - ports:
     - port: 8080
-  {{- with (.Values.networkPolicy).additionalIngressConfig }}
-  - from:
-{{ toYaml . | indent 8 }}
-  {{- end }}
+{{- with (.Values.networkPolicy).additionalIngressConfig }}
+{{ toYaml . | indent 2 }}
+{{- end }}
   egress:
   - to:
     - podSelector: 
@@ -43,4 +42,15 @@ spec:
         protocol: UDP
       - port: 5353
         protocol: TCP
+  - to:
+    - podSelector: 
+        matchLabels:
+          component: user-manager
+    ports:
+      - port: 9000
+        protocol: TCP
+{{- with (.Values.networkPolicy).additionalEgressConfig }}
+{{ toYaml . | indent 2 }}
+{{- end }}
+
 {{- end }}
\ No newline at end of file
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index 48ff2afe0c..31383e6c22 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -91,25 +91,50 @@ tests:
                   protocol: UDP
                 - port: 5353
                   protocol: TCP
+            - to:
+              - podSelector: 
+                  matchLabels:
+                    component: user-manager
+              ports:
+                - port: 9000
+                  protocol: TCP
+
   - it: add ingress rule by values
     set:
       networkPolicy:
-        ssoPublicIp: 1.1.1.1
-        dnsServerNamespace: kube-system
+        ssoPublicIp: 51.89.117.53/32
+        dnsServerNamespace: test-namespace-dns
         additionalIngressConfig:
-        - podSelector: 
-            matchLabels:
-              component: client2
+        - from:
+          - podSelector: 
+              matchLabels:
+                component: client2
     asserts:
-      - equal:
+      - contains:
           path: spec.ingress
-          value:
-            - ports:
-              - port: 8080
-            - from:
-              - podSelector: 
-                  matchLabels:
-                    component: client2
+          content:
+            from:
+            - podSelector: 
+                matchLabels:
+                  component: client2
+
+  - it: add egress rules by values
+    set:
+      networkPolicy:
+        ssoPublicIp: 51.89.117.53/32
+        dnsServerNamespace: test-dns-namespace
+        additionalEgressConfig:
+        - to:
+          - ipBlock:
+              cidr: 1.2.3.4/32
+    asserts:
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - ipBlock:
+              cidr: 1.2.3.4/32
+
 
   - it: test network policy disabled
     set:
-- 
GitLab