add network policy towards gitserver in gitops tests

Author: kwiatekus

tests/serverless/internal/resources/app/networkpolicy.go

@@ -0,0 +1,79 @@
+package app
+
+import (
+	"context"
+
+	"github.com/kyma-project/serverless/tests/serverless/internal/utils"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	networkingv1 "k8s.io/api/networking/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	networkingclient "k8s.io/client-go/kubernetes/typed/networking/v1"
+)
+
+type NetworkPolicy struct {
+	name          string
+	namespace     string
+	networkingCli networkingclient.NetworkPolicyInterface
+	log           *logrus.Entry
+}
+
+func NewNetworkPolicy(name, namespace string, networkpolicies networkingclient.NetworkPolicyInterface, log *logrus.Entry) NetworkPolicy {
+	return NetworkPolicy{
+		name:          name,
+		namespace:     namespace,
+		networkingCli: networkpolicies,
+		log:           log,
+	}
+}
+
+func (n NetworkPolicy) Create() error {
+	//this will ensure a network policy allowing incomming trafic towards gitserver pod
+	networkpolicy := &networkingv1.NetworkPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: n.name,
+			Labels: map[string]string{
+				componentLabel: n.name,
+			},
+		},
+		Spec: networkingv1.NetworkPolicySpec{
+			PodSelector: metav1.LabelSelector{
+				MatchLabels: map[string]string{
+					"component": "gitserver",
+				},
+			},
+			PolicyTypes: []networkingv1.PolicyType{
+				networkingv1.PolicyTypeIngress,
+			},
+			Ingress: []networkingv1.NetworkPolicyIngressRule{
+				networkingv1.NetworkPolicyIngressRule{},
+			},
+		},
+	}
+	_, err := n.networkingCli.Create(context.Background(), networkpolicy, metav1.CreateOptions{})
+	return errors.Wrapf(err, "while creating NetworkPolicy %s in namespace %s", n.name, n.namespace)
+}
+
+func (n NetworkPolicy) Delete(ctx context.Context, options metav1.DeleteOptions) error {
+	return n.networkingCli.Delete(ctx, n.name, options)
+}
+
+func (n NetworkPolicy) Get(ctx context.Context, options metav1.GetOptions) (*networkingv1.NetworkPolicy, error) {
+	networkpolicy, err := n.networkingCli.Get(ctx, n.name, options)
+	if err != nil {
+		return nil, errors.Wrapf(err, "while getting network policy %s in namespace %s", n.name, n.namespace)
+	}
+	return networkpolicy, nil
+}
+func (n NetworkPolicy) LogResource() error {
+	networkpolicy, err := n.Get(context.TODO(), metav1.GetOptions{})
+	if err != nil {
+		return errors.Wrap(err, "while getting network policy")
+	}
+	out, err := utils.PrettyMarshall(networkpolicy)
+	if err != nil {
+		return errors.Wrap(err, "while marshalling network policy")
+	}
+	n.log.Info(out)
+	return nil
+}

tests/serverless/internal/resources/git/gitserver.go

@@ -3,6 +3,7 @@ package git
 import (
 	"context"
 	"fmt"
+
 	"github.com/kyma-project/serverless/tests/serverless/internal/resources"
 	"github.com/kyma-project/serverless/tests/serverless/internal/resources/app"
 	"github.com/kyma-project/serverless/tests/serverless/internal/utils"
@@ -16,34 +17,37 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	appsclient "k8s.io/client-go/kubernetes/typed/apps/v1"
 	coreclient "k8s.io/client-go/kubernetes/typed/core/v1"
+	networkingclient "k8s.io/client-go/kubernetes/typed/networking/v1"
 )
 
 type GitServer struct {
-	deployment   app.Deployment
-	services     app.Service
-	resCli       *resources.Resource
-	istioEnabled bool
-	name         string
-	namespace    string
-	image        string
-	port         int32
-	log          *logrus.Entry
+	deployment    app.Deployment
+	services      app.Service
+	networkPolicy app.NetworkPolicy
+	resCli        *resources.Resource
+	istioEnabled  bool
+	name          string
+	namespace     string
+	image         string
+	port          int32
+	log           *logrus.Entry
 }
 
-func New(c utils.Container, name string, image string, port int32, deployments appsclient.DeploymentInterface, services coreclient.ServiceInterface, istioEnabled bool) *GitServer {
+func New(c utils.Container, name string, image string, port int32, deployments appsclient.DeploymentInterface, services coreclient.ServiceInterface, networkPolicies networkingclient.NetworkPolicyInterface, istioEnabled bool) *GitServer {
 	return &GitServer{
 		deployment: app.NewDeployment(name, c.Namespace, image, port, deployments, c.Log),
 		services:   app.NewService(name, c.Namespace, port, services, c.Log),
 		resCli: resources.New(c.DynamicCli, schema.GroupVersionResource{
 			Group:    "networking.istio.io",
 			Version:  "v1alpha3",
 			Resource: "destinationrules"}, c.Namespace, c.Log, c.Verbose),
-		name:         name,
-		image:        image,
-		port:         port,
-		namespace:    c.Namespace,
-		log:          c.Log,
-		istioEnabled: istioEnabled,
+		networkPolicy: app.NewNetworkPolicy(name, c.Namespace, networkPolicies, c.Log),
+		name:          name,
+		image:         image,
+		port:          port,
+		namespace:     c.Namespace,
+		log:           c.Log,
+		istioEnabled:  istioEnabled,
 	}
 }
 

tests/serverless/internal/resources/git/step.go

@@ -8,6 +8,7 @@ import (
 	"github.com/sirupsen/logrus"
 	appsCli "k8s.io/client-go/kubernetes/typed/apps/v1"
 	coreclient "k8s.io/client-go/kubernetes/typed/core/v1"
+	networkingclient "k8s.io/client-go/kubernetes/typed/networking/v1"
 )
 
 type newGitServer struct {
@@ -19,14 +20,14 @@ type newGitServer struct {
 
 var _ executor.Step = newGitServer{}
 
-func NewGitServer(cfg GitopsConfig, stepName string, deployments appsCli.DeploymentInterface, services coreclient.ServiceInterface, useProxy, istioEnabled bool) executor.Step {
+func NewGitServer(cfg GitopsConfig, stepName string, deployments appsCli.DeploymentInterface, services coreclient.ServiceInterface, networkPolicies networkingclient.NetworkPolicyInterface, useProxy, istioEnabled bool) executor.Step {
 	repoURL, err := utils.GetGitURL(cfg.GitServerServiceName, cfg.Toolbox.Namespace, cfg.GitServerRepoName, useProxy)
 	if err != nil {
 		panic(err)
 	}
 	return newGitServer{
 		name:      stepName,
-		gs:        New(cfg.Toolbox, cfg.GitServerServiceName, cfg.GitServerImage, cfg.GitServerServicePort, deployments, services, istioEnabled),
+		gs:        New(cfg.Toolbox, cfg.GitServerServiceName, cfg.GitServerImage, cfg.GitServerServicePort, deployments, services, networkPolicies, istioEnabled),
 		gitClient: NewGitClient(repoURL.String()),
 		log:       cfg.Toolbox.Log.WithField(executor.LogStepKey, stepName),
 	}

tests/serverless/internal/testsuite/gitops.go

@@ -20,6 +20,7 @@ import (
 	"k8s.io/client-go/dynamic"
 	typedappsv1 "k8s.io/client-go/kubernetes/typed/apps/v1"
 	typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	typednetworkingv1 "k8s.io/client-go/kubernetes/typed/networking/v1"
 	"k8s.io/client-go/rest"
 )
 
@@ -39,6 +40,10 @@ func GitopsSteps(restConfig *rest.Config, cfg internal.Config, logf *logrus.Entr
 	if err != nil {
 		return nil, errors.Wrapf(err, "while creating k8s apps client")
 	}
+	networkingCli, err := typednetworkingv1.NewForConfig(restConfig)
+	if err != nil {
+		return nil, errors.Wrapf(err, "while creating k8s networking client")
+	}
 
 	genericContainer := utils.Container{
 		DynamicCli:  dynamicCli,
@@ -65,7 +70,7 @@ func GitopsSteps(restConfig *rest.Config, cfg internal.Config, logf *logrus.Entr
 	}
 	return executor.NewSerialTestRunner(logf, "Create git func",
 		namespace.NewNamespaceStep(logf, fmt.Sprintf("Create %s namespace", genericContainer.Namespace), genericContainer.Namespace, coreCli),
-		git.NewGitServer(gitCfg, "Start in-cluster Git Server", appsCli.Deployments(genericContainer.Namespace), coreCli.Services(genericContainer.Namespace), cfg.KubectlProxyEnabled, cfg.IstioEnabled),
+		git.NewGitServer(gitCfg, "Start in-cluster Git Server", appsCli.Deployments(genericContainer.Namespace), coreCli.Services(genericContainer.Namespace), networkingCli.NetworkPolicies(genericContainer.Namespace), cfg.KubectlProxyEnabled, cfg.IstioEnabled),
 		function.CreateFunction(logf, gitFn, "Create Git Function", runtimes.GitopsFunction(gitCfg.GetGitServerInClusterURL(), "/", "master", serverlessv1alpha2.NodeJs22, nil)),
 		assertion.NewHTTPCheck(logf, "Git Function pre update simple check through service", gitFn.FunctionURL, poll, "GITOPS 1"),
 		git.NewCommitChanges(logf, "Commit changes to Git Function", gitCfg.GetGitServerURL(cfg.KubectlProxyEnabled)),