OZG-5653 update netpol for zufi and add unittests

18e75974 · OZGCloud · 96394f1b · 18e75974 · 18e75974
Commit 18e75974 authored 11 months ago by OZGCloud
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -110,14 +110,17 @@ spec:
          matchLabels:
            component: info-manager
 {{- end }}
-{{- if ((.Values.ozgcloud).zufi).enabled }}
+{{- if (.Values.zufiManager).enabled }}
  - to:
    - namespaceSelector:
        matchLabels:
-          kubernetes.io/metadata.name: {{ required "ozgcloud.zufi.namespace must be set if zufi is enabled" ((.Values.ozgcloud).zufi).namespace }}
+          kubernetes.io/metadata.name: {{ required "zufiManager.namespace must be set if zufiManager server is enabled" (.Values.zufiManager).namespace }}
      podSelector: 
        matchLabels:
          component: zufi-server
+    ports:
+      - port: 9190
+        protocol: TCP
 {{- end }}
  - to:
    - namespaceSelector:

--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -264,12 +264,31 @@ tests:
  - it: should add egress rule to zufi server if zufi is enabled
    set:
-      ozgcloud:
+      zufiManager:
-        zufi:
        enabled: true
        namespace: zufi
    asserts:
      - contains:
+          path: spec.egress
+          content:
+            to:
+            - podSelector: 
+                matchLabels:
+                  component: zufi-server
+              namespaceSelector:
+                matchLabels:
+                      kubernetes.io/metadata.name: zufi
+            ports:
+            - port: 9190
+              protocol: TCP         
+  - it: should not add egress rule to zufi server if zufi is disabled
+    set:
+      zufiManager:
+        enabled: false
+    asserts:
+      - notContains:
          path: spec.egress
          content:
            to:
@@ -279,12 +298,19 @@ tests:
              podSelector: 
                matchLabels:
                  component: zufi-server
+            ports:
-  - it: should not add egress rule to zufi server if zufi is disabled
+            - port: 9190
+              protocol: TCP 
+  - it: should throw error if zufi is enabled but zufi namespace is not set
    set:
-      ozgcloud:
+      zufiManager:
-        zufi:
+        enabled: true
-          enabled: false
+        namespace: 
+    asserts:
+      - failedTemplate:
+          errorMessage: zufiManager.namespace must be set if zufiManager server is enabled
+  - it: should not enable zufi netpol by default
    asserts:
      - notContains:
          path: spec.egress
@@ -296,6 +322,10 @@ tests:
              podSelector: 
                matchLabels:
                  component: zufi-server
+            ports:
+            - port: 9190
+              protocol: TCP 
  - it: should add egress rule to dns service