Add NetworkPolicies::ResourceService service

This commit adds a new service for fetching a single network policy from a kubernetes cluster.

Add NetworkPolicies::ResourceService service
This commit adds a new service for fetching a single network policy from a kubernetes cluster.
118c8e69 · ap4y · d345b28d · 118c8e69 · 118c8e69 · 118c8e69
Commit 118c8e69 authored Sep 02, 2020 by ap4y
3 changed files
--- a/ee/app/services/network_policies/find_resource_service.rb
+++ b/ee/app/services/network_policies/find_resource_service.rb
+# frozen_string_literal: true
+
+module NetworkPolicies
+  class FindResourceService
+    include NetworkPolicies::Responses
+
+    def initialize(resource_name:, environment:, kind: Gitlab::Kubernetes::NetworkPolicy::KIND)
+      @resource_name = resource_name
+      @platform = environment.deployment_platform
+      @kubernetes_namespace = environment.deployment_namespace
+      @kind = kind
+    end
+
+    def execute
+      return no_platform_response unless @platform
+
+      ServiceResponse.success(payload: get_policy)
+    rescue Kubeclient::HttpError => e
+      kubernetes_error_response(e)
+    end
+
+    private
+
+    def get_policy
+      client = @platform.kubeclient
+      if @kind == Gitlab::Kubernetes::CiliumNetworkPolicy::KIND
+        resource = client.get_cilium_network_policy(@resource_name, @kubernetes_namespace)
+        Gitlab::Kubernetes::CiliumNetworkPolicy.from_resource(resource)
+      else
+        resource = client.get_network_policy(@resource_name, @kubernetes_namespace)
+        Gitlab::Kubernetes::NetworkPolicy.from_resource(resource)
+      end
+    end
+  end
+end
--- a/ee/spec/services/network_policies/find_resource_service_spec.rb
+++ b/ee/spec/services/network_policies/find_resource_service_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe NetworkPolicies::FindResourceService do
+  let(:service) { described_class.new(resource_name: 'policy', environment: environment, kind: kind) }
+  let(:environment) { instance_double('Environment', deployment_platform: platform, deployment_namespace: 'namespace') }
+  let(:platform) { instance_double('Clusters::Platforms::Kubernetes', kubeclient: kubeclient) }
+  let(:kubeclient) { double('Kubeclient::Client') }
+  let(:policy) do
+    Gitlab::Kubernetes::NetworkPolicy.new(
+      name: 'policy',
+      namespace: 'another',
+      selector: { matchLabels: { role: 'db' } },
+      ingress: [{ from: [{ namespaceSelector: { matchLabels: { project: 'myproject' } } }] }]
+    )
+  end
+  let(:kind) { Gitlab::Kubernetes::NetworkPolicy::KIND }
+
+  describe '#execute' do
+    subject { service.execute }
+
+    it 'returns success response with a requested policy' do
+      expect(kubeclient).to(
+        receive(:get_network_policy)
+          .with('policy', environment.deployment_namespace) { policy.generate }
+      )
+      expect(subject).to be_success
+      expect(subject.payload.as_json).to eq(policy.as_json)
+    end
+
+    context 'with CiliumNetworkPolicy kind' do
+      let(:kind) { Gitlab::Kubernetes::CiliumNetworkPolicy::KIND }
+      let(:policy) do
+        Gitlab::Kubernetes::CiliumNetworkPolicy.new(
+          name: 'policy',
+          namespace: 'another',
+          selector: { matchLabels: { role: 'db' } },
+          ingress: [{ from: [{ namespaceSelector: { matchLabels: { project: 'myproject' } } }] }]
+        )
+      end
+
+      it 'returns success response with a requested policy' do
+        expect(kubeclient).to(
+          receive(:get_cilium_network_policy)
+            .with('policy', environment.deployment_namespace) { policy.generate }
+        )
+        expect(subject).to be_success
+        expect(subject.payload.as_json).to eq(policy.as_json)
+      end
+    end
+
+    context 'without deployment_platform' do
+      let(:platform) { nil }
+
+      it 'returns error response' do
+        expect(subject).to be_error
+        expect(subject.http_status).to eq(:bad_request)
+        expect(subject.message).not_to be_nil
+      end
+    end
+
+    context 'with Kubeclient::HttpError' do
+      before do
+        allow(kubeclient).to receive(:get_network_policy).and_raise(Kubeclient::HttpError.new(500, 'system failure', nil))
+      end
+
+      it 'returns error response' do
+        expect(subject).to be_error
+        expect(subject.http_status).to eq(:bad_request)
+        expect(subject.message).not_to be_nil
+      end
+    end
+  end
+end
--- a/lib/gitlab/kubernetes/cilium_network_policy.rb
+++ b/lib/gitlab/kubernetes/cilium_network_policy.rb
@@ -9,7 +9,7 @@ module Gitlab
      API_VERSION = "cilium.io/v2"
      KIND = 'CiliumNetworkPolicy'

-      def initialize(name:, namespace:, selector:, ingress:, resource_version:, labels: nil, creation_timestamp: nil, egress: nil)
+      def initialize(name:, namespace:, selector:, ingress:, resource_version: nil, labels: nil, creation_timestamp: nil, egress: nil)
        @name = name
        @namespace = namespace
        @labels = labels