Commit 66e022e1 authored by Sashi Kumar Kumaresan's avatar Sashi Kumar Kumaresan Committed by Etienne Baqué

Fix network policies update to support name updation

parent 1f1314a7
...@@ -36,7 +36,6 @@ module NetworkPolicies ...@@ -36,7 +36,6 @@ module NetworkPolicies
def setup_resource def setup_resource
@resource = policy.generate @resource = policy.generate
resource[:metadata][:namespace] = kubernetes_namespace resource[:metadata][:namespace] = kubernetes_namespace
resource[:metadata][:name] = resource_name if resource_name
end end
def load_policy_from_resource def load_policy_from_resource
...@@ -56,18 +55,26 @@ module NetworkPolicies ...@@ -56,18 +55,26 @@ module NetworkPolicies
end end
def deploy_cilium_network_policy def deploy_cilium_network_policy
if resource_name return platform.kubeclient.create_cilium_network_policy(resource) unless resource_name
platform.kubeclient.update_cilium_network_policy(resource)
else if resource_name != resource.dig(:metadata, :name)
platform.kubeclient.delete_cilium_network_policy(resource_name, kubernetes_namespace)
resource[:metadata][:resourceVersion] = nil
platform.kubeclient.create_cilium_network_policy(resource) platform.kubeclient.create_cilium_network_policy(resource)
else
platform.kubeclient.update_cilium_network_policy(resource)
end end
end end
def deploy_network_policy def deploy_network_policy
if resource_name return platform.kubeclient.create_network_policy(resource) unless resource_name
platform.kubeclient.update_network_policy(resource)
else if resource_name != resource.dig(:metadata, :name)
platform.kubeclient.delete_network_policy(resource_name, kubernetes_namespace)
resource[:metadata][:resourceVersion] = nil
platform.kubeclient.create_network_policy(resource) platform.kubeclient.create_network_policy(resource)
else
platform.kubeclient.update_network_policy(resource)
end end
end end
end end
......
...@@ -59,19 +59,42 @@ RSpec.describe NetworkPolicies::DeployResourceService do ...@@ -59,19 +59,42 @@ RSpec.describe NetworkPolicies::DeployResourceService do
end end
context 'with resource_name' do context 'with resource_name' do
let(:resource_name) { 'policy2' } let(:resource_name) { 'policy' }
context 'when name is not updated' do
it 'updates resource in the deployment namespace and returns success response with a policy' do it 'updates resource in the deployment namespace and returns success response with a policy' do
namespaced_policy = policy.generate namespaced_policy = policy.generate
namespaced_policy[:metadata][:namespace] = environment.deployment_namespace namespaced_policy[:metadata][:namespace] = environment.deployment_namespace
namespaced_policy[:metadata][:name] = 'policy2'
expect(kubeclient).to receive(:update_network_policy).with(namespaced_policy) { policy.generate } expect(kubeclient).to receive(:update_network_policy).with(namespaced_policy)
expect(subject).to be_success expect(subject).to be_success
expect(subject.payload.as_json).to eq(policy.as_json) expect(subject.payload.as_json).to eq(policy.as_json)
end end
end end
context 'when name is updated' do
let(:policy) do
Gitlab::Kubernetes::NetworkPolicy.new(
name: 'policy2',
namespace: 'another',
selector: { matchLabels: { role: 'db' } },
ingress: [{ from: [{ namespaceSelector: { matchLabels: { project: 'myproject' } } }] }]
)
end
it 'destroys and recreates resource in the deployment namespace and returns success response with a policy' do
namespaced_policy = policy.generate
namespaced_policy[:metadata][:namespace] = environment.deployment_namespace
namespaced_policy[:metadata][:resourceVersion] = nil
expect(kubeclient).to receive(:delete_network_policy).with(resource_name, environment.deployment_namespace)
expect(kubeclient).to receive(:create_network_policy).with(namespaced_policy)
expect(subject).to be_success
expect(subject.payload.as_json).to eq(policy.as_json)
end
end
end
context 'without manifest' do context 'without manifest' do
let(:manifest) { nil } let(:manifest) { nil }
let(:policy) { nil } let(:policy) { nil }
...@@ -137,16 +160,64 @@ RSpec.describe NetworkPolicies::DeployResourceService do ...@@ -137,16 +160,64 @@ RSpec.describe NetworkPolicies::DeployResourceService do
context 'with resource_name' do context 'with resource_name' do
let(:resource_name) { 'policy' } let(:resource_name) { 'policy' }
before do
allow(Gitlab::Kubernetes::CiliumNetworkPolicy).to receive(:from_resource).and_return policy
allow(Gitlab::Kubernetes::CiliumNetworkPolicy).to receive(:from_yaml).and_return policy
end
context 'when name is not updated' do
it 'updates resource in the deployment namespace and returns success response with a policy' do it 'updates resource in the deployment namespace and returns success response with a policy' do
namespaced_policy = policy.generate namespaced_policy = policy.generate
namespaced_policy[:metadata][:namespace] = environment.deployment_namespace namespaced_policy[:metadata][:namespace] = environment.deployment_namespace
namespaced_policy[:metadata][:name] = resource_name
expect(kubeclient).to receive(:update_cilium_network_policy).with(namespaced_policy) { policy.generate } expect(kubeclient).to receive(:update_cilium_network_policy).with(namespaced_policy)
expect(subject).to be_success expect(subject).to be_success
expect(subject.payload.as_json).to eq(policy.as_json) expect(subject.payload.as_json).to eq(policy.as_json)
end end
end end
context 'when name is updated' do
let(:policy) do
Gitlab::Kubernetes::CiliumNetworkPolicy.new(
name: 'policy2',
namespace: 'namespace',
resource_version: 101,
selector: { matchLabels: { role: 'db' } },
ingress: [{ fromEndpoints: [{ matchLabels: { project: 'myproject' } }] }]
)
end
let(:manifest) do
<<~POLICY
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: policy2
namespace: another
resourceVersion: 101
spec:
endpointSelector:
matchLabels:
role: db
ingress:
- fromEndpoints:
- matchLabels:
project: myproject
POLICY
end
it 'destroys and recreates resource in the deployment namespace and returns success response with a policy' do
namespaced_policy = policy.generate
namespaced_policy[:metadata][:namespace] = environment.deployment_namespace
namespaced_policy[:metadata][:resourceVersion] = nil
expect(kubeclient).to receive(:delete_cilium_network_policy).with(resource_name, environment.deployment_namespace)
expect(kubeclient).to receive(:create_cilium_network_policy).with(namespaced_policy)
expect(subject).to be_success
expect(subject.payload.as_json).to eq(policy.as_json)
end
end
end
end end
context 'with enabled set to true' do context 'with enabled set to true' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment