ozg-7200 add elster-transfer network policy

d74bbbc0 · Bastian · 5224329e · d74bbbc0 · d74bbbc0 · d74bbbc0
Commit d74bbbc0 authored 2 months ago by Bastian
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -143,6 +143,18 @@ spec:
    ports:
      - port: 9090
        protocol: TCP
+{{- end }}
+{{- if ((.Values.ozgcloud).muk).enabled }}
+  - to:
+    - podSelector:
+        matchLabels:
+          app.kubernetes.io/name: {{ (((.Values.ozgcloud).muk).elsterTransfer).name }}
+      namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: {{ required "ozgcloud.muk.elsterTransfer.namespace must be set if muk is enabled" (((.Values.ozgcloud).muk).elsterTransfer).namespace }}
+    ports:
+      - protocol: TCP
+        port: 8081
 {{- end }}
  - to:
    - namespaceSelector:

--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
@@ -61,4 +61,11 @@ elasticsearch:
    certificateSecretName: elasticsearch-certificate

 networkPolicy:
-  zentralerEingangNamespace: zentraler-eingang
\ No newline at end of file
+  zentralerEingangNamespace: zentraler-eingang
+
+ozgcloud:
+  muk:
+    enabled: false
+    elsterTransfer:
+      name: elster-transfer
+      namespace:
\ No newline at end of file
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -649,4 +649,86 @@ tests:
        dnsServerNamespace: test-dns-server-namespace
    asserts:
      - hasDocuments:
-          count: 1
\ No newline at end of file
+          count: 1
+
+  - it: should require elster transfer namespace if muk is enabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+      ozgcloud:
+        muk:
+          enabled: true
+    asserts:
+      - failedTemplate:
+          errorMessage: ozgcloud.muk.elsterTransfer.namespace must be set if muk is enabled
+
+  - it: should add egress rule to elster transfer if muk is enabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+      ozgcloud:
+        muk:
+          enabled: true
+          elsterTransfer:
+            namespace: elster-transfer
+    asserts:
+      - contains:
+          path: spec.egress
+          content:
+            to:
+            - podSelector: 
+                matchLabels:
+                  app.kubernetes.io/name: elster-transfer
+              namespaceSelector:
+                matchLabels:
+                  kubernetes.io/metadata.name: elster-transfer
+            ports:
+            - port: 8081
+              protocol: TCP
+
+  - it: should set elster transfer name
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+      ozgcloud:
+        muk:
+          enabled: true
+          elsterTransfer:
+            namespace: elster-transfer
+            name: elster-transfer-test
+    asserts:
+      - contains:
+          path: spec.egress
+          content:
+            to:
+            - podSelector: 
+                matchLabels:
+                  app.kubernetes.io/name: elster-transfer-test
+              namespaceSelector:
+                matchLabels:
+                  kubernetes.io/metadata.name: elster-transfer
+            ports:
+            - port: 8081
+              protocol: TCP
+
+  - it: should not add egress rule for elster-transfer if muk is disabled
+    set:
+      networkPolicy:
+        dnsServerNamespace: test-dns-namespace
+      ozgcloud:
+        muk:
+          enabled: false
+          elsterTransfer:
+            namespace: elster-transfer
+    asserts:
+      - notContains:
+          path: spec.egress
+          content:
+            to:
+            - podSelector: 
+                matchLabels:
+                  app.kubernetes.io/name: elster-transfer
+              namespaceSelector:
+                matchLabels:
+                  kubernetes.io/metadata.name: elster-transfer
+          any: true
\ No newline at end of file