Skip to content

G
gitlab-ce
Commit b007a9ba authored by Alan (Maciej) Paruszewski's avatar Alan (Maciej) Paruszewski Committed by Sean McGivern
Browse files
Options

Support providing kind to internal Network Policies edit API 

Changelog: added
EE: true
parent 1e94f6e8
Hide whitespace changes
Inline Side-by-side
Showing with 93 additions and 4 deletions
doc/api/graphql/reference/index.md
View file @ b007a9ba
......@@ -10957,6 +10957,7 @@ Represents the network policy.
| <a id="networkpolicyenabled"></a>`enabled` | [`Boolean!`](#boolean) | Indicates whether this policy is enabled. |
| <a id="networkpolicyenvironments"></a>`environments` | [`EnvironmentConnection`](#environmentconnection) | Environments where this policy is applied. (see [Connections](#connections)) |
| <a id="networkpolicyfromautodevops"></a>`fromAutoDevops` | [`Boolean!`](#boolean) | Indicates whether this policy is created from AutoDevops. |
| <a id="networkpolicykind"></a>`kind` | [`NetworkPolicyKind!`](#networkpolicykind) | Kind of the policy. |
| <a id="networkpolicyname"></a>`name` | [`String!`](#string) | Name of the policy. |
| <a id="networkpolicynamespace"></a>`namespace` | [`String!`](#string) | Namespace of the policy. |
| <a id="networkpolicyupdatedat"></a>`updatedAt` | [`Time!`](#time) | Timestamp of when the policy YAML was last updated. |
......@@ -14886,6 +14887,15 @@ Negated Iteration ID wildcard values.
| ----- | ----------- |
| <a id="negatediterationwildcardidcurrent"></a>`CURRENT` | Current iteration. |
### `NetworkPolicyKind`
Kind of the network policy.
| Value | Description |
| ----- | ----------- |
| <a id="networkpolicykindciliumnetworkpolicy"></a>`CiliumNetworkPolicy` | The policy kind of Cilium Network Policy. |
| <a id="networkpolicykindnetworkpolicy"></a>`NetworkPolicy` | The policy kind of Network Policy. |
### `OncallRotationUnitEnum`
Rotation length unit of an on-call rotation.
......
ee/app/controllers/projects/threat_monitoring_controller.rb
View file @ b007a9ba
......@@ -24,7 +24,7 @@ module Projects
response = NetworkPolicies::FindResourceService.new(
resource_name: @policy_name,
environment: @environment,
kind: Gitlab::Kubernetes::CiliumNetworkPolicy::KIND
kind: params[:kind].presence || Gitlab::Kubernetes::CiliumNetworkPolicy::KIND
).execute
if response.success?
......
ee/app/graphql/resolvers/network_policy_resolver.rb
View file @ b007a9ba
......@@ -25,6 +25,7 @@ module Resolvers
{
name: policy_json[:name],
kind: policy.resource[:kind],
namespace: policy_json[:namespace],
updated_at: Time.iso8601(policy_json[:creation_timestamp]),
yaml: policy_json[:manifest],
......
ee/app/graphql/types/network_policy_kind_enum.rb 0 → 100644
View file @ b007a9ba
# frozen_string_literal: true
module Types
class NetworkPolicyKindEnum < BaseEnum
graphql_name 'NetworkPolicyKind'
description 'Kind of the network policy'
value Gitlab::Kubernetes::CiliumNetworkPolicy::KIND, 'The policy kind of Cilium Network Policy.'
value Gitlab::Kubernetes::NetworkPolicy::KIND, 'The policy kind of Network Policy.'
end
end
ee/app/graphql/types/network_policy_type.rb
View file @ b007a9ba
......@@ -11,6 +11,11 @@ module Types
null: false,
description: 'Name of the policy.'
field :kind,
NetworkPolicyKindEnum,
null: false,
description: 'Kind of the policy.'
field :namespace,
GraphQL::STRING_TYPE,
null: false,
......
ee/app/services/network_policies/find_resource_service.rb
View file @ b007a9ba
......@@ -14,7 +14,10 @@ module NetworkPolicies
def execute
return no_platform_response unless @platform
ServiceResponse.success(payload: get_policy)
policy = get_policy
return unsupported_policy_kind if policy.blank?
ServiceResponse.success(payload: policy)
rescue Kubeclient::HttpError => e
kubernetes_error_response(e.message)
end
......@@ -26,7 +29,7 @@ module NetworkPolicies
if @kind == Gitlab::Kubernetes::CiliumNetworkPolicy::KIND
resource = client.get_cilium_network_policy(@resource_name, @kubernetes_namespace)
Gitlab::Kubernetes::CiliumNetworkPolicy.from_resource(resource)
else
elsif @kind == Gitlab::Kubernetes::NetworkPolicy::KIND
resource = client.get_network_policy(@resource_name, @kubernetes_namespace)
Gitlab::Kubernetes::NetworkPolicy.from_resource(resource)
end
......
ee/app/services/network_policies/responses.rb
View file @ b007a9ba
......@@ -23,5 +23,12 @@ module NetworkPolicies
message: s_('NetworkPolicies|Environment does not have deployment platform')
)
end
def unsupported_policy_kind
ServiceResponse.error(
http_status: :bad_request,
message: s_('NetworkPolicies|Invalid or unsupported policy kind')
)
end
end
end
ee/spec/controllers/projects/threat_monitoring_controller_spec.rb
View file @ b007a9ba
......@@ -135,12 +135,13 @@ RSpec.describe Projects::ThreatMonitoringController do
describe 'GET edit' do
subject do
get :edit, params: { namespace_id: project.namespace, project_id: project, id: 'policy', environment_id: environment_id }
get :edit, params: { namespace_id: project.namespace, project_id: project, id: 'policy', environment_id: environment_id, kind: kind }
end
let_it_be(:environment) { create(:environment, :with_review_app, project: project) }
let(:environment_id) { environment.id }
let(:kind) { 'CiliumNetworkPolicy' }
context 'with authorized user' do
before do
......@@ -176,6 +177,32 @@ RSpec.describe Projects::ThreatMonitoringController do
expect(response).to render_template(:edit)
end
context 'when different policy kind is requested' do
let(:policy) do
Gitlab::Kubernetes::NetworkPolicy.new(
name: 'not-cilium-policy',
namespace: 'another',
selector: { matchLabels: { role: 'db' } },
ingress: [{ from: [{ namespaceSelector: { matchLabels: { project: 'myproject' } } }] }]
)
end
before do
allow(NetworkPolicies::FindResourceService).to(
receive(:new)
.with(resource_name: 'policy', environment: environment, kind: Gitlab::Kubernetes::NetworkPolicy::KIND)
.and_return(service)
)
end
it 'renders the new template' do
subject
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template(:edit)
end
end
context 'when environment is missing' do
let(:environment_id) { 'missing' }
......
ee/spec/graphql/resolvers/network_policy_resolver_spec.rb
View file @ b007a9ba
......@@ -95,6 +95,7 @@ RSpec.describe Resolvers::NetworkPolicyResolver do
expected_resolved = [
{
name: 'policy',
kind: 'NetworkPolicy',
namespace: 'another',
enabled: true,
yaml: policy.as_json[:manifest],
......@@ -105,6 +106,7 @@ RSpec.describe Resolvers::NetworkPolicyResolver do
},
{
name: 'cilium_policy',
kind: 'CiliumNetworkPolicy',
namespace: 'another',
enabled: true,
yaml: cilium_policy.as_json[:manifest],
......
ee/spec/graphql/types/network_policy_kind_enum_spec.rb 0 → 100644
View file @ b007a9ba
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe GitlabSchema.types['NetworkPolicyKind'] do
it 'exposes all kinds of network policies' do
expect(described_class.values.keys).to contain_exactly(*%w[CiliumNetworkPolicy NetworkPolicy])
end
end
ee/spec/graphql/types/network_policy_type_spec.rb
View file @ b007a9ba
......@@ -8,6 +8,7 @@ RSpec.describe GitlabSchema.types['NetworkPolicy'] do
it 'has the expected fields' do
expect(described_class).to have_graphql_fields(
:name,
:kind,
:namespace,
:enabled,
:from_auto_devops,
......
ee/spec/services/network_policies/find_resource_service_spec.rb
View file @ b007a9ba
......@@ -51,6 +51,16 @@ RSpec.describe NetworkPolicies::FindResourceService do
end
end
context 'with invalid policy kind' do
let(:kind) { 'InvalidKind' }
it 'returns error response' do
expect(subject).to be_error
expect(subject.http_status).to eq(:bad_request)
expect(subject.message).not_to be_nil
end
end
context 'without deployment_platform' do
let(:platform) { nil }
......
locale/gitlab.pot
View file @ b007a9ba
......@@ -21652,6 +21652,9 @@ msgstr ""
msgid "NetworkPolicies|Invalid or empty policy"
msgstr ""
msgid "NetworkPolicies|Invalid or unsupported policy kind"
msgstr ""
msgid "NetworkPolicies|Kubernetes error: %{error}"
msgstr ""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7