From 5c56f2025412eab4ab1d08bc4715d4662ad10c70 Mon Sep 17 00:00:00 2001
From: Bastian <bastian.heppener@mgm-tp.com>
Date: Mon, 24 Feb 2025 15:59:52 +0100
Subject: [PATCH] ozg-7581 add aggregation manager network policy

---
 src/main/helm/templates/network_policy.yaml |  9 +++++
 src/main/helm/values.yaml                   |  6 +++-
 src/test/helm/network_policy_test.yaml      | 37 ++++++++++++++++++++-
 3 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index b49c28235..81aa55fc1 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -48,6 +48,15 @@ spec:
     - podSelector:
         matchLabels:
           ozg-component: xta-adapter
+{{- if ((.Values.ozgcloud).aggregationManager).enabled }}
+  - from:
+    - podSelector: 
+        matchLabels:
+          component: aggregation-manager
+    ports:
+    - protocol: TCP
+      port: 9090
+{{- end }}
   - from:
     - namespaceSelector:
         matchLabels:
diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml
index 832dfa01e..593494119 100644
--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
@@ -61,4 +61,8 @@ elasticsearch:
     certificateSecretName: elasticsearch-certificate
 
 networkPolicy:
-  zentralerEingangNamespace: zentraler-eingang
\ No newline at end of file
+  zentralerEingangNamespace: zentraler-eingang
+
+ozgcloud:
+  aggregationManager:
+    enabled: false
\ No newline at end of file
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index 618dba796..9dd6c548b 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -649,4 +649,39 @@ tests:
         dnsServerNamespace: test-dns-server-namespace
     asserts:
       - hasDocuments:
-          count: 1
\ No newline at end of file
+          count: 1
+
+  - it: should add ingress rule for aggregation-manager
+    set: 
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+      ozgcloud:
+        aggregationManager:
+          enabled: true
+    asserts:
+      - contains:
+          path: spec.ingress
+          content:
+              ports:
+              - port: 9090
+                protocol: TCP
+              from:
+              - podSelector: 
+                  matchLabels:
+                    component: aggregation-manager
+
+  - it: should not add ingress rule for aggregation-manager
+    set: 
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+    asserts:
+      - notContains:
+          path: spec.ingress
+          content:
+              ports:
+              - port: 9090
+                protocol: TCP
+              from:
+              - podSelector: 
+                  matchLabels:
+                    component: aggregation-manager
-- 
GitLab