diff options
Diffstat (limited to 'spec/lib/gitlab/kubernetes/network_policy_spec.rb')
-rw-r--r-- | spec/lib/gitlab/kubernetes/network_policy_spec.rb | 288 |
1 files changed, 229 insertions, 59 deletions
diff --git a/spec/lib/gitlab/kubernetes/network_policy_spec.rb b/spec/lib/gitlab/kubernetes/network_policy_spec.rb index f23d215a9a1..5a920d78436 100644 --- a/spec/lib/gitlab/kubernetes/network_policy_spec.rb +++ b/spec/lib/gitlab/kubernetes/network_policy_spec.rb @@ -39,28 +39,30 @@ describe Gitlab::Kubernetes::NetworkPolicy do describe '.from_yaml' do let(:manifest) do - <<-POLICY -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: example-name - namespace: example-namespace -spec: - podSelector: - matchLabels: - role: db - policyTypes: - - Ingress - ingress: - - from: - - namespaceSelector: - matchLabels: - project: myproject + <<~POLICY + apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: example-name + namespace: example-namespace + labels: + app: foo + spec: + podSelector: + matchLabels: + role: db + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + project: myproject POLICY end let(:resource) do ::Kubeclient::Resource.new( - metadata: { name: name, namespace: namespace }, + metadata: { name: name, namespace: namespace, labels: { app: 'foo' } }, spec: { podSelector: pod_selector, policyTypes: %w(Ingress), ingress: ingress, egress: nil } ) end @@ -83,20 +85,20 @@ spec: context 'with manifest without metadata' do let(:manifest) do - <<-POLICY -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -spec: - podSelector: - matchLabels: - role: db - policyTypes: - - Ingress - ingress: - - from: - - namespaceSelector: - matchLabels: - project: myproject + <<~POLICY + apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + spec: + podSelector: + matchLabels: + role: db + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + project: myproject POLICY end @@ -105,12 +107,12 @@ spec: context 'with manifest without spec' do let(:manifest) do - <<-POLICY -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: example-name - namespace: example-namespace + <<~POLICY + apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: example-name + namespace: example-namespace POLICY end @@ -119,24 +121,24 @@ metadata: context 'with disallowed class' do let(:manifest) do - <<-POLICY -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: example-name - namespace: example-namespace - creationTimestamp: 2020-04-14T00:08:30Z -spec: - podSelector: - matchLabels: - role: db - policyTypes: - - Ingress - ingress: - - from: - - namespaceSelector: - matchLabels: - project: myproject + <<~POLICY + apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: example-name + namespace: example-namespace + creationTimestamp: 2020-04-14T00:08:30Z + spec: + podSelector: + matchLabels: + role: db + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + project: myproject POLICY end @@ -147,13 +149,16 @@ spec: describe '.from_resource' do let(:resource) do ::Kubeclient::Resource.new( - metadata: { name: name, namespace: namespace, creationTimestamp: '2020-04-14T00:08:30Z', resourceVersion: '4990' }, + metadata: { + name: name, namespace: namespace, creationTimestamp: '2020-04-14T00:08:30Z', + labels: { app: 'foo' }, resourceVersion: '4990' + }, spec: { podSelector: pod_selector, policyTypes: %w(Ingress), ingress: ingress, egress: nil } ) end let(:generated_resource) do ::Kubeclient::Resource.new( - metadata: { name: name, namespace: namespace }, + metadata: { name: name, namespace: namespace, labels: { app: 'foo' } }, spec: { podSelector: pod_selector, policyTypes: %w(Ingress), ingress: ingress, egress: nil } ) end @@ -213,7 +218,9 @@ spec: metadata: { name: name, namespace: namespace }, spec: { podSelector: pod_selector, policyTypes: %w(Ingress Egress), ingress: ingress, egress: egress } }.deep_stringify_keys - ) + ), + is_autodevops: false, + is_enabled: true } end @@ -221,4 +228,167 @@ spec: it { is_expected.to eq(json_policy) } end + + describe '#autodevops?' do + subject { policy.autodevops? } + + let(:chart) { nil } + let(:policy) do + described_class.new( + name: name, + namespace: namespace, + labels: { chart: chart }, + pod_selector: pod_selector, + ingress: ingress + ) + end + + it { is_expected.to be false } + + context 'with non-autodevops chart' do + let(:chart) { 'foo' } + + it { is_expected.to be false } + end + + context 'with autodevops chart' do + let(:chart) { 'auto-deploy-app-0.6.0' } + + it { is_expected.to be true } + end + end + + describe '#enabled?' do + subject { policy.enabled? } + + let(:pod_selector) { nil } + let(:policy) do + described_class.new( + name: name, + namespace: namespace, + pod_selector: pod_selector, + ingress: ingress + ) + end + + it { is_expected.to be true } + + context 'with empty pod_selector' do + let(:pod_selector) { {} } + + it { is_expected.to be true } + end + + context 'with nil matchLabels in pod_selector' do + let(:pod_selector) { { matchLabels: nil } } + + it { is_expected.to be true } + end + + context 'with empty matchLabels in pod_selector' do + let(:pod_selector) { { matchLabels: {} } } + + it { is_expected.to be true } + end + + context 'with disabled_by label in matchLabels in pod_selector' do + let(:pod_selector) do + { matchLabels: { Gitlab::Kubernetes::NetworkPolicy::DISABLED_BY_LABEL => 'gitlab' } } + end + + it { is_expected.to be false } + end + end + + describe '#enable' do + subject { policy.enabled? } + + let(:pod_selector) { nil } + let(:policy) do + described_class.new( + name: name, + namespace: namespace, + pod_selector: pod_selector, + ingress: ingress + ) + end + + before do + policy.enable + end + + it { is_expected.to be true } + + context 'with empty pod_selector' do + let(:pod_selector) { {} } + + it { is_expected.to be true } + end + + context 'with nil matchLabels in pod_selector' do + let(:pod_selector) { { matchLabels: nil } } + + it { is_expected.to be true } + end + + context 'with empty matchLabels in pod_selector' do + let(:pod_selector) { { matchLabels: {} } } + + it { is_expected.to be true } + end + + context 'with disabled_by label in matchLabels in pod_selector' do + let(:pod_selector) do + { matchLabels: { Gitlab::Kubernetes::NetworkPolicy::DISABLED_BY_LABEL => 'gitlab' } } + end + + it { is_expected.to be true } + end + end + + describe '#disable' do + subject { policy.enabled? } + + let(:pod_selector) { nil } + let(:policy) do + described_class.new( + name: name, + namespace: namespace, + pod_selector: pod_selector, + ingress: ingress + ) + end + + before do + policy.disable + end + + it { is_expected.to be false } + + context 'with empty pod_selector' do + let(:pod_selector) { {} } + + it { is_expected.to be false } + end + + context 'with nil matchLabels in pod_selector' do + let(:pod_selector) { { matchLabels: nil } } + + it { is_expected.to be false } + end + + context 'with empty matchLabels in pod_selector' do + let(:pod_selector) { { matchLabels: {} } } + + it { is_expected.to be false } + end + + context 'with disabled_by label in matchLabels in pod_selector' do + let(:pod_selector) do + { matchLabels: { Gitlab::Kubernetes::NetworkPolicy::DISABLED_BY_LABEL => 'gitlab' } } + end + + it { is_expected.to be false } + end + end end |