Merge pull request 'OZG-5100 add namespace additionamNetworkRules' (#331) from...

Merge pull request 'OZG-5100 add namespace additionamNetworkRules' (#331) from OZG-5100-separate-network-rules into master Reviewed-on: https://git.ozg-sh.de/ozgcloud-app/vorgang-manager/pulls/331 Reviewed-by: OZGCloud <ozgcloud@mgm-tp.com>

Merge pull request 'OZG-5100 add namespace additionamNetworkRules' (#331) from...
6e485c87 · OZGCloud · 427c6223 · 8b17e368 · 6e485c87 · 6e485c87
Commit 6e485c87 authored 1 year ago by OZGCloud
--- a/nachrichten-bayernid-proxy/src/main/helm/templates/network_policy.yaml
+++ b/nachrichten-bayernid-proxy/src/main/helm/templates/network_policy.yaml
@@ -44,6 +44,9 @@ spec:
          component: vorgang-manager
 {{- with (.Values.networkPolicy).additionalIngressConfig }}
 {{ toYaml . | indent 2 }}
+{{- end }}
+{{- with (.Values.networkPolicy).additionalIngressConfigNamespace }}
+{{ toYaml . | indent 2 }}
 {{- end }}
  egress:
  - to:
@@ -62,5 +65,8 @@ spec:
 {{- with (.Values.networkPolicy).additionalEgressConfig }}
 {{ toYaml . | indent 2 }}
 {{- end }}
+{{- with (.Values.networkPolicy).additionalEgressConfigNamespace }}
+{{ toYaml . | indent 2 }}
+{{- end }}

 {{- end }}
\ No newline at end of file
--- a/nachrichten-bayernid-proxy/src/test/helm/network_policy_test.yaml
+++ b/nachrichten-bayernid-proxy/src/test/helm/network_policy_test.yaml
@@ -91,16 +91,15 @@ tests:
                - port: 5353
                  protocol: TCP

-  - it: add ingress rule by values
+  - it: should add additionalIngressConfig
    set:
      networkPolicy:
-        ssoPublicIp: 51.89.117.53/32
-        dnsServerNamespace: test-namespace-dns
+        dnsServerNamespace: test-dns-namespace
        additionalIngressConfig:
        - from:
          - podSelector: 
              matchLabels:
-                component: client2
+                additionalIngressConfig: yes
    asserts:
      - contains:
          path: spec.ingress
@@ -108,41 +107,62 @@ tests:
            from:
            - podSelector: 
                matchLabels:
-                  component: client2
+                  additionalIngressConfig: yes

-  - it: add egress rules by values
+  - it: should add additionalEgressConfig
    set:
      networkPolicy: 
+        dnsServerNamespace: test-dns-namespace
        additionalEgressConfig:
-        - to:
-          - ipBlock:
-              cidr: 1.2.3.4/32
        - to:
          - podSelector:
              matchLabels:
-                component: ozg-testservice
-          ports:
-            - port: 12345
-              protocol: TCP
-
-        dnsServerNamespace: test-dns-namespace
+                additionalEgressConfig: yes
    asserts:
    - contains:
        path: spec.egress
        content:
          to:
-          - ipBlock:
-              cidr: 1.2.3.4/32
+          - podSelector:
+              matchLabels:
+                additionalEgressConfig: yes
+
+
+  - it: should add additionalIngressConfigNamespace
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+        additionalIngressConfigNamespace:
+        - from:
+          - podSelector: 
+              matchLabels:
+                additionalIngressConfigNamespace: yes
+    asserts:
+      - contains:
+          path: spec.ingress
+          content:
+            from:
+            - podSelector: 
+                matchLabels:
+                  additionalIngressConfigNamespace: yes
+
+  - it: should add additionalEgressConfigNamespace
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+        additionalEgressConfigNamespace:
+        - to:
+          - podSelector:
+              matchLabels:
+                additionalEgressConfigNamespace: yes
+    asserts:
    - contains:
        path: spec.egress
        content:
          to:
          - podSelector:
              matchLabels:
-                component: ozg-testservice
-          ports:
-            - port: 12345
-              protocol: TCP
+                additionalEgressConfigNamespace: yes

  - it: test network policy disabled
    set:

--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -47,6 +47,9 @@ spec:
          ozg-component: eingangsadapter
 {{- with (.Values.networkPolicy).additionalIngressConfig }}
 {{ toYaml . | indent 2 }}
+{{- end }}
+{{- with (.Values.networkPolicy).additionalIngressConfigNamespace }}
+{{ toYaml . | indent 2 }}
 {{- end }}
  egress:
  - to:
@@ -101,5 +104,8 @@ spec:
 {{- with (.Values.networkPolicy).additionalEgressConfig }}
 {{ toYaml . | indent 2 }}
 {{- end }}
+{{- with (.Values.networkPolicy).additionalEgressConfigNamespace }}
+{{ toYaml . | indent 2 }}
+{{- end }}

 {{- end }}
\ No newline at end of file
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -253,39 +253,78 @@ tests:
                matchLabels:
                  component: client2

-  - it: add egress rules by values
+  - it: should add additionalIngressConfig
    set:
      networkPolicy:
+        dnsServerNamespace: test-namespace-dns
+        additionalIngressConfig:
+        - from:
+          - podSelector: 
+              matchLabels:
+                additionalIngressConfig: yes
+    asserts:
+      - contains:
+          path: spec.ingress
+          content:
+            from:
+            - podSelector: 
+                matchLabels:
+                  additionalIngressConfig: yes
+
+  - it: should add additionalEgressConfig
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-namespace-dns
        additionalEgressConfig:
-        - to:
-          - ipBlock:
-              cidr: 1.2.3.4/32
        - to:
          - podSelector:
              matchLabels:
-                component: ozg-testservice
-          ports:
-            - port: 12345
-              protocol: TCP
-
-        dnsServerNamespace: test-dns-namespace
+                additionalEgressConfig: yes
    asserts:
    - contains:
        path: spec.egress
        content:
          to:
-          - ipBlock:
-              cidr: 1.2.3.4/32
+          - podSelector:
+              matchLabels:
+                additionalEgressConfig: yes
+
+
+  - it: should add additionalIngressConfigNamespace
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-namespace-dns
+        additionalIngressConfigNamespace:
+        - from:
+          - podSelector: 
+              matchLabels:
+                additionalIngressConfigNamespace: yes
+    asserts:
+      - contains:
+          path: spec.ingress
+          content:
+            from:
+            - podSelector: 
+                matchLabels:
+                  additionalIngressConfigNamespace: yes
+
+  - it: should add additionalEgressConfigNamespace
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+        additionalEgressConfigNamespace:
+        - to:
+          - podSelector:
+              matchLabels:
+                additionalEgressConfigNamespace: yes
+    asserts:
    - contains:
        path: spec.egress
        content:
          to:
          - podSelector:
              matchLabels:
-                component: ozg-testservice
-          ports:
-            - port: 12345
-              protocol: TCP
+                additionalEgressConfigNamespace: yes

  - it: test network policy disabled
    set: