Merge pull request 'ozg-5100-customlist-and-networkpolicies' (#112) from...

Merge pull request 'ozg-5100-customlist-and-networkpolicies' (#112) from ozg-5100-customlist-and-networkpolicies into master Reviewed-on: https://git.ozg-sh.de/ozgcloud-app/user-manager/pulls/112 Reviewed-by: OZGCloud <ozgcloud@mgm-tp.com>

Merge pull request 'ozg-5100-customlist-and-networkpolicies' (#112) from...
cc21349b · OZGCloud · c8d84362 · 7eb8d4e3 · cc21349b · cc21349b
Commit cc21349b authored 1 year ago by OZGCloud
--- a/src/main/helm/templates/_helpers.tpl
+++ b/src/main/helm/templates/_helpers.tpl
@@ -138,3 +138,20 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 {{- define "app.serviceAccountName" -}}
 {{ printf "%s" ( (.Values.serviceAccount).name | default "user-manager-service-account" ) }}
 {{- end -}}
+
+{{- define "app.getCustomList" -}}
+{{- with (.Values.env).customList -}}
+{{- if kindIs "map" . -}}
+{{ include "app.dictToList" . }}
+{{- else if kindIs "slice" . -}}
+{{ . | toYaml }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "app.dictToList" -}}
+{{- range $key, $value := . -}}
+- name: {{ $key }}
+  value: {{ $value }}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -113,8 +113,8 @@ spec:
        - name: QUARKUS_GRPC_SERVER_SSL_KEY
          value: ""
        {{- end }}
-        {{- with (.Values.env).customList }}
-{{ toYaml . | indent 8 }}
+        {{- with include "app.getCustomList" . }}
+{{ . | indent 8 }}
        {{- end }}
        {{- if .Values.optionalTrustStoreSecretName }}
        - name: TRUST_STORE_PASSWORD

--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -49,7 +49,10 @@ spec:
    - podSelector: 
        matchLabels:
          component: alfa
-{{- with (.Values.networkPolicy).additionalIngressConfig }}
+{{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
+{{ toYaml . | indent 2 }}
+{{- end }}
+{{- with (.Values.networkPolicy).additionalIngressConfigGlobal }}
 {{ toYaml . | indent 2 }}
 {{- end }}
  egress:
@@ -77,7 +80,10 @@ spec:
        protocol: UDP
      - port: 5353
        protocol: TCP
-{{- with (.Values.networkPolicy).additionalEgressConfig }}
+{{- with (.Values.networkPolicy).additionalEgressConfigLocal }}
+{{ toYaml . | indent 2 }}
+{{- end }}
+{{- with (.Values.networkPolicy).additionalEgressConfigGlobal }}
 {{ toYaml . | indent 2 }}
 {{- end }}


--- a/src/test/helm/deployment_env_test.yaml
+++ b/src/test/helm/deployment_env_test.yaml
@@ -35,7 +35,7 @@ set:
  baseUrl: test.sh.ozg-cloud.de
  imagePullSecret: image-pull-secret
 tests:
-  - it: check customList
+  - it: check customList as list
    set:
      env.customList:
        - name: my_test_environment_name
@@ -46,6 +46,16 @@ tests:
          content:
            name: my_test_environment_name
            value: "A test value"
+  - it: check customList as dict
+    set:
+      env.customList:
+        my_test_environment_name: "A test value"
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: my_test_environment_name
+            value: "A test value"
  - it: check customList test value is not set by default
    asserts:
      - notContains:

--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -99,16 +99,16 @@ tests:
                - port: 5353
                  protocol: TCP

-  - it: add ingress rule by values
+  - it: should add additionalIngressConfigLocal
    set:
      networkPolicy:
        ssoPublicIp: 51.89.117.53/32
        dnsServerNamespace: test-namespace-dns
-        additionalIngressConfig:
+        additionalIngressConfigLocal:
        - from:
          - podSelector: 
              matchLabels:
-                component: client2
+                component: local-client
    asserts:
      - contains:
          path: spec.ingress
@@ -116,14 +116,64 @@ tests:
            from:
            - podSelector: 
                matchLabels:
-                  component: client2
+                  component: local-client

-  - it: add egress rules by values
+  - it: should add additionalIngressConfigGlobal
+    set:
+      networkPolicy:
+        ssoPublicIp: 51.89.117.53/32
+        dnsServerNamespace: test-namespace-dns
+        additionalIngressConfigGlobal:
+        - from:
+          - podSelector: 
+              matchLabels:
+                component: global-client
+    asserts:
+      - contains:
+          path: spec.ingress
+          content:
+            from:
+            - podSelector: 
+                matchLabels:
+                  component: global-client
+
+  - it: should add additionalIngressConfigGlobal and additionalIngressConfigLocal
+    set:
+      networkPolicy:
+        ssoPublicIp: 51.89.117.53/32
+        dnsServerNamespace: test-namespace-dns
+        additionalIngressConfigGlobal:
+        - from:
+          - podSelector: 
+              matchLabels:
+                component: global-client
+        additionalIngressConfigLocal:
+        - from:
+          - podSelector: 
+              matchLabels:
+                component: local-client
+    asserts:
+      - contains:
+          path: spec.ingress
+          content:
+            from:
+            - podSelector: 
+                matchLabels:
+                  component: global-client
+      - contains:
+          path: spec.ingress
+          content:
+            from:
+            - podSelector: 
+                matchLabels:
+                  component: local-client
+
+  - it: should add additionalEgressConfigLocal
    set:
      networkPolicy:
        ssoPublicIp: 51.89.117.53/32
        dnsServerNamespace: test-dns-namespace
-        additionalEgressConfig:
+        additionalEgressConfigLocal:
        - to:
          - ipBlock:
              cidr: 1.2.3.4/32
@@ -135,6 +185,50 @@ tests:
          - ipBlock:
              cidr: 1.2.3.4/32

+  - it: should add additionalEgressConfigGlobal
+    set:
+      networkPolicy:
+        ssoPublicIp: 51.89.117.53/32
+        dnsServerNamespace: test-dns-namespace
+        additionalEgressConfigGlobal:
+        - to:
+          - ipBlock:
+              cidr: 2.3.4.5/32
+    asserts:
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - ipBlock:
+              cidr: 2.3.4.5/32
+
+  - it: should add additionalEgressConfigLocal and additionalEgressConfigGlobal
+    set:
+      networkPolicy:
+        ssoPublicIp: 51.89.117.53/32
+        dnsServerNamespace: test-dns-namespace
+        additionalEgressConfigLocal:
+        - to:
+          - ipBlock:
+              cidr: 1.2.3.4/32
+        additionalEgressConfigGlobal:
+        - to:
+          - ipBlock:
+              cidr: 2.3.4.5/32
+    asserts:
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - ipBlock:
+              cidr: 1.2.3.4/32
+    - contains:
+        path: spec.egress
+        content:
+          to:
+          - ipBlock:
+              cidr: 2.3.4.5/32
+
  - it: test network policy disabled
    set:
      networkPolicy: