2020-08-06 02:09:38 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module Gitlab
|
|
|
|
module Kubernetes
|
|
|
|
module NetworkPolicyCommon
|
|
|
|
DISABLED_BY_LABEL = :'network-policy.gitlab.com/disabled_by'
|
|
|
|
|
2020-09-13 20:09:36 -04:00
|
|
|
def generate
|
|
|
|
::Kubeclient::Resource.new(resource)
|
|
|
|
end
|
|
|
|
|
2020-08-06 02:09:38 -04:00
|
|
|
def as_json(opts = nil)
|
|
|
|
{
|
|
|
|
name: name,
|
|
|
|
namespace: namespace,
|
|
|
|
creation_timestamp: creation_timestamp,
|
|
|
|
manifest: manifest,
|
|
|
|
is_autodevops: autodevops?,
|
2021-07-06 20:07:23 -04:00
|
|
|
is_enabled: enabled?,
|
|
|
|
environment_ids: environment_ids
|
2020-08-06 02:09:38 -04:00
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def autodevops?
|
|
|
|
return false unless labels
|
|
|
|
|
|
|
|
!labels[:chart].nil? && labels[:chart].start_with?('auto-deploy-app-')
|
|
|
|
end
|
|
|
|
|
|
|
|
# selector selects pods that should be targeted by this
|
|
|
|
# policy. It can represent podSelector, nodeSelector or
|
|
|
|
# endpointSelector We can narrow selection by requiring
|
|
|
|
# this policy to match our custom labels. Since DISABLED_BY
|
|
|
|
# label will not be on any pod a policy will be effectively disabled.
|
|
|
|
def enabled?
|
|
|
|
return true unless selector&.key?(:matchLabels)
|
|
|
|
|
|
|
|
!selector[:matchLabels]&.key?(DISABLED_BY_LABEL)
|
|
|
|
end
|
|
|
|
|
|
|
|
def enable
|
|
|
|
return if enabled?
|
|
|
|
|
|
|
|
selector[:matchLabels].delete(DISABLED_BY_LABEL)
|
|
|
|
end
|
|
|
|
|
|
|
|
def disable
|
|
|
|
selector[:matchLabels] ||= {}
|
|
|
|
selector[:matchLabels].merge!(DISABLED_BY_LABEL => 'gitlab')
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2020-09-13 20:09:36 -04:00
|
|
|
def resource
|
2020-08-27 23:10:27 -04:00
|
|
|
raise NotImplementedError
|
|
|
|
end
|
|
|
|
|
2020-08-06 02:09:38 -04:00
|
|
|
def manifest
|
2020-09-13 20:09:36 -04:00
|
|
|
YAML.dump(resource.deep_stringify_keys)
|
2020-08-06 02:09:38 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|