debian-mirror-gitlab/lib/gitlab/kubernetes/cilium_network_policy.rb

142 lines
4.2 KiB
Ruby
Raw Normal View History

2020-10-24 23:57:45 +05:30
# frozen_string_literal: true
module Gitlab
module Kubernetes
class CiliumNetworkPolicy
include NetworkPolicyCommon
extend ::Gitlab::Utils::Override
API_VERSION = "cilium.io/v2"
KIND = 'CiliumNetworkPolicy'
2021-11-11 11:23:49 +05:30
PREDEFINED_POLICIES = {
'allow-inbound-http' => <<~YAML.rstrip,
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-inbound-http
spec:
endpointSelector:
matchLabels:
network-policy.gitlab.com/disabled_by: gitlab
ingress:
- toPorts:
- ports:
- port: '80'
- port: '443'
YAML
'drop-outbound' => <<~YAML.rstrip
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: drop-outbound
spec:
endpointSelector:
matchLabels:
network-policy.gitlab.com/disabled_by: gitlab
egress:
- {}
YAML
}.freeze
2020-11-24 15:15:51 +05:30
# We are modeling existing kubernetes resource and don't have
# control over amount of parameters.
# rubocop:disable Metrics/ParameterLists
2021-09-30 23:02:18 +05:30
def initialize(name:, namespace:, selector:, ingress:, resource_version: nil, description: nil, labels: nil, creation_timestamp: nil, egress: nil, annotations: nil, environment_ids: [])
2020-10-24 23:57:45 +05:30
@name = name
2020-11-24 15:15:51 +05:30
@description = description
2020-10-24 23:57:45 +05:30
@namespace = namespace
@labels = labels
@creation_timestamp = creation_timestamp
@selector = selector
@resource_version = resource_version
@ingress = ingress
@egress = egress
2021-03-08 18:12:59 +05:30
@annotations = annotations
2021-09-30 23:02:18 +05:30
@environment_ids = environment_ids
2020-10-24 23:57:45 +05:30
end
2020-11-24 15:15:51 +05:30
# rubocop:enable Metrics/ParameterLists
2020-10-24 23:57:45 +05:30
def self.from_yaml(manifest)
return unless manifest
policy = YAML.safe_load(manifest, symbolize_names: true)
return if !policy[:metadata] || !policy[:spec]
metadata = policy[:metadata]
spec = policy[:spec]
self.new(
name: metadata[:name],
2020-11-24 15:15:51 +05:30
description: policy[:description],
2020-10-24 23:57:45 +05:30
namespace: metadata[:namespace],
2021-03-08 18:12:59 +05:30
annotations: metadata[:annotations],
2020-10-24 23:57:45 +05:30
resource_version: metadata[:resourceVersion],
labels: metadata[:labels],
selector: spec[:endpointSelector],
ingress: spec[:ingress],
egress: spec[:egress]
)
rescue Psych::SyntaxError, Psych::DisallowedClass
nil
end
2021-09-30 23:02:18 +05:30
def self.from_resource(resource, environment_ids = [])
2020-10-24 23:57:45 +05:30
return unless resource
return if !resource[:metadata] || !resource[:spec]
metadata = resource[:metadata]
spec = resource[:spec].to_h
self.new(
name: metadata[:name],
2020-11-24 15:15:51 +05:30
description: resource[:description],
2020-10-24 23:57:45 +05:30
namespace: metadata[:namespace],
2021-03-08 18:12:59 +05:30
annotations: metadata[:annotations]&.to_h,
2020-10-24 23:57:45 +05:30
resource_version: metadata[:resourceVersion],
labels: metadata[:labels]&.to_h,
creation_timestamp: metadata[:creationTimestamp],
selector: spec[:endpointSelector],
ingress: spec[:ingress],
2021-09-30 23:02:18 +05:30
egress: spec[:egress],
environment_ids: environment_ids
2020-10-24 23:57:45 +05:30
)
end
2020-11-24 15:15:51 +05:30
override :resource
def resource
resource = {
apiVersion: API_VERSION,
kind: KIND,
metadata: metadata,
spec: spec
}
resource[:description] = description if description
resource
end
2020-10-24 23:57:45 +05:30
private
2021-09-30 23:02:18 +05:30
attr_reader :name, :description, :namespace, :labels, :creation_timestamp, :resource_version, :ingress, :egress, :annotations, :environment_ids
2020-10-24 23:57:45 +05:30
def selector
@selector ||= {}
end
2020-11-24 15:15:51 +05:30
def metadata
meta = { name: name, namespace: namespace }
meta[:labels] = labels if labels
meta[:resourceVersion] = resource_version if resource_version
2021-03-08 18:12:59 +05:30
meta[:annotations] = annotations if annotations
2020-11-24 15:15:51 +05:30
meta
end
2020-10-24 23:57:45 +05:30
def spec
{
endpointSelector: selector,
ingress: ingress,
egress: egress
2020-11-24 15:15:51 +05:30
}.compact
2020-10-24 23:57:45 +05:30
end
end
end
end