diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index 5f0379fb0b9282535629388fd90504144917f73b..a46a7a8c1cdceee6441b95349d7ab82545bca67d 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -114,7 +114,7 @@ spec:
- to:
- namespaceSelector:
matchLabels:
- kubernetes.io/metadata.name: {{ required "zufiManager.namespace must be set if zufiManager server is enabled" (.Values.zufiManager).namespace }}
+ kubernetes.io/metadata.name: {{ (.Values.zufiManager).namespace }}
podSelector:
matchLabels:
component: zufi-server
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index 944367ec01a36d71366321d3ebf36a3ccc832e9c..71d9fd5cd35c322547e89b8378850709566b428e 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -178,25 +178,6 @@ tests:
- port: 9200
protocol: TCP
- - it: should add egress rule to zufi-server
- set:
- networkPolicy:
- dnsServerNamespace: test-dns-namespace
- asserts:
- - contains:
- path: spec.egress
- content:
- to:
- - namespaceSelector:
- matchLabels:
- project: zufi
- podSelector:
- matchLabels:
- component : zufi-server
- ports:
- - port: 9090
- protocol: TCP
-
- it: should add egress rule to mongodb
set:
networkPolicy:
@@ -325,79 +306,6 @@ tests:
matchLabels:
component: info-manager
- - it: should add egress rule to zufi server if zufi is enabled
- set:
- networkPolicy:
- dnsServerNamespace: test-dns-namespace
- zufiManager:
- enabled: true
- namespace: zufi
- asserts:
- - contains:
- path: spec.egress
- content:
- to:
- - podSelector:
- matchLabels:
- component: zufi-server
- namespaceSelector:
- matchLabels:
- kubernetes.io/metadata.name: zufi
- ports:
- - port: 9090
- protocol: TCP
-
-
- - it: should not add egress rule to zufi server if zufi is disabled
- set:
- networkPolicy:
- dnsServerNamespace: test-dns-namespace
- zufiManager:
- enabled: false
- namespace: zufi
- asserts:
- - notContains:
- path: spec.egress
- content:
- to:
- - namespaceSelector:
- matchLabels:
- kubernetes.io/metadata.name: zufi
- podSelector:
- matchLabels:
- component: zufi-server
- any: true
-
- - it: should throw error if zufi is enabled but zufi namespace is not set
- set:
- networkPolicy:
- dnsServerNamespace: test-dns-namespace
- zufiManager:
- enabled: true
- asserts:
- - failedTemplate:
- errorMessage: zufiManager.namespace must be set if zufiManager server is enabled
-
- - it: should not enable zufi netpol by default
- set:
- zufiManager:
- namespace: zufi
- networkPolicy:
- dnsServerNamespace: test-dns-namespace
- asserts:
- - notContains:
- path: spec.egress
- content:
- to:
- - namespaceSelector:
- matchLabels:
- kubernetes.io/metadata.name: zufi
- podSelector:
- matchLabels:
- component: zufi-server
- any: true
-
-
- it: should add egress rule to dns service
set:
networkPolicy:
diff --git a/src/test/helm/network_policy_zufi_test.yaml b/src/test/helm/network_policy_zufi_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..61ac26c35cf7fa49bd05e30e8c75ccc6306129ac
--- /dev/null
+++ b/src/test/helm/network_policy_zufi_test.yaml
@@ -0,0 +1,103 @@
+#
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: network policy test
+release:
+ namespace: by-helm-test
+templates:
+ - templates/network_policy.yaml
+set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-namespace
+tests:
+ - it: should add egress rule to zufi-server with default zufi namespace
+ set:
+ zufiManager:
+ enabled: true
+ asserts:
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: zufi
+ podSelector:
+ matchLabels:
+ component : zufi-server
+ ports:
+ - port: 9090
+ protocol: TCP
+
+ - it: should add egress rule to zufi server with custom namespace
+ set:
+ zufiManager:
+ enabled: true
+ namespace: zufiCustomNamespace
+ asserts:
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - podSelector:
+ matchLabels:
+ component: zufi-server
+ namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: zufiCustomNamespace
+ ports:
+ - port: 9090
+ protocol: TCP
+
+
+ - it: should not add egress rule to zufi server if zufi is disabled
+ set:
+ zufiManager:
+ enabled: false
+ asserts:
+ - notContains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: zufi
+ podSelector:
+ matchLabels:
+ component: zufi-server
+ any: true
+
+ - it: should not enable zufi netpol by default
+ asserts:
+ - notContains:
+ path: spec.egress
+ content:
+ to:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: zufi
+ podSelector:
+ matchLabels:
+ component: zufi-server
+ any: true