Add alert related labels to CiliumNetworkPolicies

The label will contain the project id which will be used to correlate the network policy into its respective project within agenk

Add alert related labels to CiliumNetworkPolicies
The label will contain the project id which will be used to correlate the network policy into its respective project within agenk
5f971862 · Zamir Martins Filho · Savas Vedova · 918d107f · 5f971862 · 5f971862
Commit 5f971862 authored Feb 09, 2021 by Zamir Martins Filho Committed by Savas Vedova Feb 09, 2021
12 changed files
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/constants.js
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/constants.js
@@ -33,3 +33,5 @@ export const PortMatchModePortProtocol = 'port/protocol';
 export const DisabledByLabel = 'network-policy.gitlab.com/disabled_by';

 export const CiliumNetworkPolicyKind = 'CiliumNetworkPolicy';
+
+export const ProjectIdLabel = 'app.gitlab.com/proj';
--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/lib/from_yaml.js
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/lib/from_yaml.js
@@ -113,7 +113,7 @@ function parseRule(item, direction) {
 */
 export default function fromYaml(manifest) {
  const { description, metadata, spec } = safeLoad(manifest, { json: true });
-  const { name, resourceVersion, annotations } = metadata;
+  const { name, resourceVersion, annotations, labels } = metadata;
  const { endpointSelector = {}, ingress = [], egress = [] } = spec;
  const matchLabels = endpointSelector.matchLabels || {};

@@ -135,6 +135,7 @@ export default function fromYaml(manifest) {
    resourceVersion,
    description,
    annotations,
+    labels,
    isEnabled: !Object.keys(matchLabels).includes(DisabledByLabel),
    endpointMatchMode: endpointLabels.length > 0 ? EndpointMatchModeLabel : EndpointMatchModeAny,
    endpointLabels: endpointLabels.join(' '),

--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/lib/to_yaml.js
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/lib/to_yaml.js
@@ -33,11 +33,14 @@ function spec({ rules, isEnabled, endpointMatchMode, endpointLabels }) {
 Return yaml representation of a policy.
 */
 export default function toYaml(policy) {
-  const { annotations, name, resourceVersion, description } = policy;
+  const { annotations, name, resourceVersion, description, labels } = policy;
  const metadata = { name };
  if (annotations) {
    metadata.annotations = annotations;
  }
+  if (labels) {
+    metadata.labels = labels;
+  }
  if (resourceVersion) {
    metadata.resourceVersion = resourceVersion;
  }

--- a/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/policy_editor.vue
+++ b/ee/app/assets/javascripts/threat_monitoring/components/policy_editor/policy_editor.vue
@@ -27,6 +27,7 @@ import {
  EditorModeYAML,
  EndpointMatchModeAny,
  RuleTypeEndpoint,
+  ProjectIdLabel,
 } from './constants';
 import toYaml from './lib/to_yaml';
 import fromYaml from './lib/from_yaml';
@@ -64,6 +65,10 @@ export default {
      required: false,
      default: null,
    },
+    projectId: {
+      type: String,
+      required: true,
+    },
  },
  data() {
    const policy = this.existingPolicy
@@ -76,8 +81,9 @@ export default {
          endpointLabels: '',
          rules: [],
          annotations: '',
+          labels: '',
        };
-
+    policy.labels = { [ProjectIdLabel]: this.projectId };
    return {
      editorMode: EditorModeRule,
      yamlEditorValue: '',

--- a/ee/app/assets/javascripts/threat_monitoring/policy_editor.js
+++ b/ee/app/assets/javascripts/threat_monitoring/policy_editor.js
@@ -20,6 +20,7 @@ export default () => {
    threatMonitoringPath,
    policy,
    projectPath,
+    projectId,
    environmentId,
  } = el.dataset;

@@ -35,7 +36,7 @@ export default () => {
    store.dispatch('threatMonitoring/setCurrentEnvironmentId', parseInt(environmentId, 10));
  }

-  const props = { threatMonitoringPath };
+  const props = { threatMonitoringPath, projectId };
  if (policy) {
    props.existingPolicy = JSON.parse(policy);
  }

--- a/ee/app/helpers/policy_helper.rb
+++ b/ee/app/helpers/policy_helper.rb
@@ -23,6 +23,7 @@ module PolicyHelper
      create_agent_help_path: help_page_url('user/clusters/agent/index.md', anchor: 'create-an-agent-record-in-gitlab'),
      environments_endpoint: project_environments_path(project),
      project_path: project.full_path,
+      project_id: project.id,
      threat_monitoring_path: project_threat_monitoring_path(project)
    }
  end

--- a/ee/changelogs/unreleased/add_project_id_as_cnp_labels.yml
+++ b/ee/changelogs/unreleased/add_project_id_as_cnp_labels.yml
+---
+title: Add alert related labels to CiliumNetworkPolicies. The label will contain the
+  project id and will be applicable to both new and existing policies
+merge_request: 53401
+author:
+type: changed
--- a/ee/spec/frontend/threat_monitoring/components/policy_editor/__snapshots__/policy_editor_spec.js.snap
+++ b/ee/spec/frontend/threat_monitoring/components/policy_editor/__snapshots__/policy_editor_spec.js.snap
@@ -197,6 +197,8 @@ exports[`PolicyEditorApp component renders the policy editor layout 1`] = `
 kind: CiliumNetworkPolicy
 metadata:
  name: ''
+  labels:
+    app.gitlab.com/proj: '21'
 spec:
  endpointSelector:
    matchLabels:

--- a/ee/spec/frontend/threat_monitoring/components/policy_editor/lib/from_yaml_spec.js
+++ b/ee/spec/frontend/threat_monitoring/components/policy_editor/lib/from_yaml_spec.js
@@ -20,13 +20,14 @@ describe('fromYaml', () => {

  const cidrExample = '20.1.1.1/32 20.1.1.2/32';
  const portExample = '80 81/udp 82/tcp';
-
+  const labels = { 'app.gitlab.com/proj': '21' };
  beforeEach(() => {
    policy = {
      name: 'test-policy',
      endpointLabels: '',
      rules: [],
      isEnabled: true,
+      labels,
    };
  });

@@ -37,6 +38,7 @@ describe('fromYaml', () => {
      endpointMatchMode: EndpointMatchModeAny,
      endpointLabels: '',
      rules: [],
+      labels,
    });
  });


--- a/ee/spec/frontend/threat_monitoring/components/policy_editor/lib/to_yaml_spec.js
+++ b/ee/spec/frontend/threat_monitoring/components/policy_editor/lib/to_yaml_spec.js
@@ -139,6 +139,26 @@ spec:
  - fromEndpoints:
    - matchLabels:
        foo: bar
+`);
+    });
+  });
+
+  describe('when labels are not empty', () => {
+    beforeEach(() => {
+      policy.labels = { 'app.gitlab.com/proj': '21' };
+    });
+
+    it('returns yaml representation', () => {
+      expect(toYaml(policy)).toEqual(`apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: test-policy
+  labels:
+    app.gitlab.com/proj: '21'
+spec:
+  endpointSelector:
+    matchLabels:
+      network-policy.gitlab.com/disabled_by: gitlab
 `);
    });
  });

--- a/ee/spec/frontend/threat_monitoring/components/policy_editor/policy_editor_spec.js
+++ b/ee/spec/frontend/threat_monitoring/components/policy_editor/policy_editor_spec.js
@@ -38,6 +38,7 @@ describe('PolicyEditorApp component', () => {
    wrapper = shallowMount(PolicyEditorApp, {
      propsData: {
        threatMonitoringPath: '/threat-monitoring',
+        projectId: '21',
        ...propsData,
      },
      provide: {
@@ -124,6 +125,8 @@ kind: CiliumNetworkPolicy
 description: test description
 metadata:
  name: test-policy
+  labels:
+    app.gitlab.com/proj: '21'
 spec:
  endpointSelector:
    matchLabels:
@@ -147,6 +150,7 @@ spec:
            matchLabels: 'foo:bar',
          },
        ],
+        labels: { 'app.gitlab.com/proj': '21' },
      });
    });
  });

--- a/ee/spec/helpers/policy_helper_spec.rb
+++ b/ee/spec/helpers/policy_helper_spec.rb
@@ -22,6 +22,7 @@ RSpec.describe PolicyHelper do
      create_agent_help_path: kind_of(String),
      environments_endpoint: kind_of(String),
      project_path: project.full_path,
+      project_id: project.id,
      threat_monitoring_path: kind_of(String)
    }
  end