OZG-6105 add netpol required values unittests

a98e56ca · OZGCloud · 991904e9 · a98e56ca
Commit a98e56ca authored 10 months ago by OZGCloud
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -27,21 +27,28 @@ release:
  namespace: by-helm-test
 templates:
  - templates/network_policy.yaml
+
+tests:
+  - it: should match apiVersion
    set: 
      networkPolicy:
        dnsServerNamespace: test-dns-namespace
-tests:
-  - it: should match apiVersion
    asserts:
      - isAPIVersion:
          of: networking.k8s.io/v1

  - it: should match kind
+    set: 
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
    asserts:
      - isKind:
          of: NetworkPolicy

  - it: validate metadata
+    set: 
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
    asserts:
      - equal:
          path: metadata
@@ -50,6 +57,9 @@ tests:
            namespace: by-helm-test

  - it: should set policy target matchLabel
+    set: 
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
    asserts:
      - equal:
          path: spec.podSelector
@@ -59,18 +69,27 @@ tests:


  - it: should add policyType Egress
+    set: 
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
    asserts:
      - contains:
          path: spec.policyTypes
          content: Egress

  - it: should add policyType Ingress
+    set: 
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
    asserts:
      - contains:
          path: spec.policyTypes
          content: Ingress

  - it: should add ingress rule for eingangsmanager and alfa
+    set: 
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
    asserts:
      - contains:
          path: spec.ingress
@@ -90,6 +109,8 @@ tests:

  - it: should add ingress rule for antragraum if antragraum is enabled
    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
      ozgcloud:
        antragraum:
          enabled: true
@@ -109,6 +130,8 @@ tests:

  - it: should not add ingress rule for antragraum if antragraum is disabled
    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
      ozgcloud:
        antragraum:
          enabled: false
@@ -126,6 +149,8 @@ tests:

  - it: should throw error if antragraum is enabled but antragraum namespace is not set
    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
      ozgcloud:
        antragraum:
          enabled: true
@@ -135,6 +160,9 @@ tests:


  - it: should add egress rule to elasticsearch
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
    asserts:
      - contains:
          path: spec.egress
@@ -151,6 +179,9 @@ tests:
                  protocol: TCP

  - it: should add egress rule to mongodb
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
    asserts:
      - contains:
          path: spec.egress
@@ -164,6 +195,9 @@ tests:
                  protocol: TCP

  - it: should add egress rule to user-manager
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
    asserts:
      - contains:
          path: spec.egress
@@ -178,6 +212,8 @@ tests:

  - it: should add egress rule to nachrichten-bayernid-proxy if bayernid is enabled
    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
      ozgcloud:
        bayernid:
          enabled: true
@@ -200,6 +236,8 @@ tests:

  - it: should not add egress rule to bayernid-proxy if bayernid is disabled
    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
      ozgcloud:
        bayernid:
          enabled: false
@@ -220,6 +258,8 @@ tests:
  
  - it: should throw error if bayernid-proxy is enabled but bayernid namespace is not set
    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
      ozgcloud:
        bayernid:
          enabled: true
@@ -229,6 +269,8 @@ tests:

  - it: should add egress rule to info-manager if antragraum is enabled
    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
      ozgcloud:
        antragraum:
          enabled: true
@@ -247,6 +289,8 @@ tests:

  - it: should not add egress rule to info-manager if antragraum is disabled
    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
      ozgcloud:
        antragraum:
          enabled: false
@@ -264,6 +308,8 @@ tests:

  - it: should add egress rule to zufi server if zufi is enabled
    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
      zufiManager:
        enabled: true
        namespace: zufi
@@ -285,6 +331,8 @@ tests:

  - it: should not add egress rule to zufi server if zufi is disabled
    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
      zufiManager:
        enabled: false
    asserts:
@@ -302,6 +350,8 @@ tests:
  
  - it: should throw error if zufi is enabled but zufi namespace is not set
    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
      zufiManager:
        enabled: true
    asserts:
@@ -309,6 +359,9 @@ tests:
          errorMessage: zufiManager.namespace must be set if zufiManager server is enabled

  - it: should not enable zufi netpol by default
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
    asserts:
      - notContains:
          path: spec.egress
@@ -324,6 +377,9 @@ tests:


  - it: should add egress rule to dns service
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
    asserts:
      - contains:
          path: spec.egress
@@ -345,6 +401,7 @@ tests:
  - it: add ingress rule local by values
    set:
      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
        ssoPublicIp: 51.89.117.53/32
        additionalIngressConfigGlobal:
        - from:
@@ -362,6 +419,7 @@ tests:
  - it: add ingress rule global by values
    set:
      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
        ssoPublicIp: 51.89.117.53/32
        additionalIngressConfigLocal:
        - from:
@@ -380,6 +438,7 @@ tests:
  - it: add egress rules local by values
    set:
      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
        additionalEgressConfigGlobal:
        - to:
          - ipBlock:
@@ -411,6 +470,7 @@ tests:
  - it: add egress rules global by values
    set:
      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
        additionalEgressConfigLocal:
        - to:
          - ipBlock:
@@ -440,6 +500,22 @@ tests:
    set:
      networkPolicy:
        disabled: false
+        dnsServerNamespace: test-dns-namespace
+    asserts:
+      - hasDocuments:
+          count: 1
+  - it: test network policy dnsServerNamespace must be set message
+    set:
+      networkPolicy:
+        disabled: false
+    asserts:
+      - failedTemplate:
+          errorMessage: networkPolicy.dnsServerNamespace must be set
+
+  - it: test network policy should be enabled by default
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-server-namespace
    asserts:
      - hasDocuments:
          count: 1
\ No newline at end of file