Commit 66e022e1 authored by Sashi Kumar Kumaresan's avatar Sashi Kumar Kumaresan Committed by Etienne Baqué

Fix network policies update to support name updation

parent 1f1314a7
......@@ -36,7 +36,6 @@ module NetworkPolicies
def setup_resource
@resource = policy.generate
resource[:metadata][:namespace] = kubernetes_namespace
resource[:metadata][:name] = resource_name if resource_name
end
def load_policy_from_resource
......@@ -56,18 +55,26 @@ module NetworkPolicies
end
def deploy_cilium_network_policy
if resource_name
platform.kubeclient.update_cilium_network_policy(resource)
else
return platform.kubeclient.create_cilium_network_policy(resource) unless resource_name
if resource_name != resource.dig(:metadata, :name)
platform.kubeclient.delete_cilium_network_policy(resource_name, kubernetes_namespace)
resource[:metadata][:resourceVersion] = nil
platform.kubeclient.create_cilium_network_policy(resource)
else
platform.kubeclient.update_cilium_network_policy(resource)
end
end
def deploy_network_policy
if resource_name
platform.kubeclient.update_network_policy(resource)
else
return platform.kubeclient.create_network_policy(resource) unless resource_name
if resource_name != resource.dig(:metadata, :name)
platform.kubeclient.delete_network_policy(resource_name, kubernetes_namespace)
resource[:metadata][:resourceVersion] = nil
platform.kubeclient.create_network_policy(resource)
else
platform.kubeclient.update_network_policy(resource)
end
end
end
......
......@@ -59,19 +59,42 @@ RSpec.describe NetworkPolicies::DeployResourceService do
end
context 'with resource_name' do
let(:resource_name) { 'policy2' }
let(:resource_name) { 'policy' }
context 'when name is not updated' do
it 'updates resource in the deployment namespace and returns success response with a policy' do
namespaced_policy = policy.generate
namespaced_policy[:metadata][:namespace] = environment.deployment_namespace
namespaced_policy[:metadata][:name] = 'policy2'
expect(kubeclient).to receive(:update_network_policy).with(namespaced_policy) { policy.generate }
expect(kubeclient).to receive(:update_network_policy).with(namespaced_policy)
expect(subject).to be_success
expect(subject.payload.as_json).to eq(policy.as_json)
end
end
context 'when name is updated' do
let(:policy) do
Gitlab::Kubernetes::NetworkPolicy.new(
name: 'policy2',
namespace: 'another',
selector: { matchLabels: { role: 'db' } },
ingress: [{ from: [{ namespaceSelector: { matchLabels: { project: 'myproject' } } }] }]
)
end
it 'destroys and recreates resource in the deployment namespace and returns success response with a policy' do
namespaced_policy = policy.generate
namespaced_policy[:metadata][:namespace] = environment.deployment_namespace
namespaced_policy[:metadata][:resourceVersion] = nil
expect(kubeclient).to receive(:delete_network_policy).with(resource_name, environment.deployment_namespace)
expect(kubeclient).to receive(:create_network_policy).with(namespaced_policy)
expect(subject).to be_success
expect(subject.payload.as_json).to eq(policy.as_json)
end
end
end
context 'without manifest' do
let(:manifest) { nil }
let(:policy) { nil }
......@@ -137,16 +160,64 @@ RSpec.describe NetworkPolicies::DeployResourceService do
context 'with resource_name' do
let(:resource_name) { 'policy' }
before do
allow(Gitlab::Kubernetes::CiliumNetworkPolicy).to receive(:from_resource).and_return policy
allow(Gitlab::Kubernetes::CiliumNetworkPolicy).to receive(:from_yaml).and_return policy
end
context 'when name is not updated' do
it 'updates resource in the deployment namespace and returns success response with a policy' do
namespaced_policy = policy.generate
namespaced_policy[:metadata][:namespace] = environment.deployment_namespace
namespaced_policy[:metadata][:name] = resource_name
expect(kubeclient).to receive(:update_cilium_network_policy).with(namespaced_policy) { policy.generate }
expect(kubeclient).to receive(:update_cilium_network_policy).with(namespaced_policy)
expect(subject).to be_success
expect(subject.payload.as_json).to eq(policy.as_json)
end
end
context 'when name is updated' do
let(:policy) do
Gitlab::Kubernetes::CiliumNetworkPolicy.new(
name: 'policy2',
namespace: 'namespace',
resource_version: 101,
selector: { matchLabels: { role: 'db' } },
ingress: [{ fromEndpoints: [{ matchLabels: { project: 'myproject' } }] }]
)
end
let(:manifest) do
<<~POLICY
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: policy2
namespace: another
resourceVersion: 101
spec:
endpointSelector:
matchLabels:
role: db
ingress:
- fromEndpoints:
- matchLabels:
project: myproject
POLICY
end
it 'destroys and recreates resource in the deployment namespace and returns success response with a policy' do
namespaced_policy = policy.generate
namespaced_policy[:metadata][:namespace] = environment.deployment_namespace
namespaced_policy[:metadata][:resourceVersion] = nil
expect(kubeclient).to receive(:delete_cilium_network_policy).with(resource_name, environment.deployment_namespace)
expect(kubeclient).to receive(:create_cilium_network_policy).with(namespaced_policy)
expect(subject).to be_success
expect(subject.payload.as_json).to eq(policy.as_json)
end
end
end
end
context 'with enabled set to true' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment