OZG-6004 zufi connection, extra test for zufi network policy

4deab425 · OZGCloud · 6e8dc528 · 4deab425 · 4deab425 · 4deab425
Commit 4deab425 authored 8 months ago by OZGCloud
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -114,7 +114,7 @@ spec:
  - to:
    - namespaceSelector:
        matchLabels:
-          kubernetes.io/metadata.name: {{ required "zufiManager.namespace must be set if zufiManager server is enabled" (.Values.zufiManager).namespace }}
+          kubernetes.io/metadata.name: {{ (.Values.zufiManager).namespace }}
      podSelector: 
        matchLabels:
          component: zufi-server

--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -178,25 +178,6 @@ tests:
                - port: 9200
                  protocol: TCP
  
-  - it: should add egress rule to zufi-server
-    set:
-      networkPolicy:
-        dnsServerNamespace: test-dns-namespace
-    asserts:
-      - contains:
-          path: spec.egress
-          content:
-              to:
-              - namespaceSelector:
-                  matchLabels:
-                    project: zufi
-                podSelector:
-                  matchLabels:
-                    component : zufi-server
-              ports:
-                - port: 9090
-                  protocol: TCP
-
  - it: should add egress rule to mongodb
    set:
      networkPolicy:
@@ -325,79 +306,6 @@ tests:
                  matchLabels:
                    component: info-manager

-  - it: should add egress rule to zufi server if zufi is enabled
-    set:
-      networkPolicy:
-        dnsServerNamespace: test-dns-namespace
-      zufiManager:
-        enabled: true
-        namespace: zufi
-    asserts:
-      - contains:
-          path: spec.egress
-          content:
-            to:
-            - podSelector: 
-                matchLabels:
-                  component: zufi-server
-              namespaceSelector:
-                matchLabels:
-                      kubernetes.io/metadata.name: zufi
-            ports:
-            - port: 9090
-              protocol: TCP         
-                  
-
-  - it: should not add egress rule to zufi server if zufi is disabled
-    set:
-      networkPolicy:
-        dnsServerNamespace: test-dns-namespace
-      zufiManager:
-        enabled: false
-        namespace: zufi
-    asserts:
-      - notContains:
-          path: spec.egress
-          content:
-            to:
-            - namespaceSelector:
-                matchLabels:
-                  kubernetes.io/metadata.name: zufi
-              podSelector: 
-                matchLabels:
-                  component: zufi-server
-          any: true
-  
-  - it: should throw error if zufi is enabled but zufi namespace is not set
-    set:
-      networkPolicy:
-        dnsServerNamespace: test-dns-namespace
-      zufiManager:
-        enabled: true
-    asserts:
-      - failedTemplate:
-          errorMessage: zufiManager.namespace must be set if zufiManager server is enabled
-
-  - it: should not enable zufi netpol by default
-    set:
-      zufiManager:
-        namespace: zufi
-      networkPolicy:
-        dnsServerNamespace: test-dns-namespace
-    asserts:
-      - notContains:
-          path: spec.egress
-          content: 
-            to:
-            - namespaceSelector:
-                matchLabels:
-                  kubernetes.io/metadata.name: zufi
-              podSelector: 
-                matchLabels:
-                  component: zufi-server
-          any: true
-
-
  - it: should add egress rule to dns service
    set:
      networkPolicy:

--- a/src/test/helm/network_policy_zufi_test.yaml
+++ b/src/test/helm/network_policy_zufi_test.yaml
+#
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: network policy test
+release:
+  namespace: by-helm-test
+templates:
+  - templates/network_policy.yaml
+set:
+  networkPolicy:
+    dnsServerNamespace: test-dns-namespace
+tests:
+  - it: should add egress rule to zufi-server with default zufi namespace
+    set:
+      zufiManager:
+        enabled: true
+    asserts:
+      - contains:
+          path: spec.egress
+          content:
+              to:
+              - namespaceSelector:
+                  matchLabels:
+                    kubernetes.io/metadata.name: zufi
+                podSelector:
+                  matchLabels:
+                    component : zufi-server
+              ports:
+                - port: 9090
+                  protocol: TCP
+
+  - it: should add egress rule to zufi server with custom namespace
+    set:
+      zufiManager:
+        enabled: true
+        namespace: zufiCustomNamespace
+    asserts:
+      - contains:
+          path: spec.egress
+          content:
+            to:
+            - podSelector: 
+                matchLabels:
+                  component: zufi-server
+              namespaceSelector:
+                matchLabels:
+                      kubernetes.io/metadata.name: zufiCustomNamespace
+            ports:
+            - port: 9090
+              protocol: TCP         
+                  
+
+  - it: should not add egress rule to zufi server if zufi is disabled
+    set:
+      zufiManager:
+        enabled: false
+    asserts:
+      - notContains:
+          path: spec.egress
+          content:
+            to:
+            - namespaceSelector:
+                matchLabels:
+                  kubernetes.io/metadata.name: zufi
+              podSelector: 
+                matchLabels:
+                  component: zufi-server
+          any: true
+
+  - it: should not enable zufi netpol by default
+    asserts:
+      - notContains:
+          path: spec.egress
+          content: 
+            to:
+            - namespaceSelector:
+                matchLabels:
+                  kubernetes.io/metadata.name: zufi
+              podSelector: 
+                matchLabels:
+                  component: zufi-server
+          any: true