From f76a3f5e0a6f62ad409cca7ef703b7bdeec94da6 Mon Sep 17 00:00:00 2001
From: sg774j <sg774j@att.com>
Date: Mon, 30 Sep 2019 09:21:01 -0500
Subject: [PATCH] Heat: Add ingress network policy overrides

This patch set adds in default heat ingress overrides.

Change-Id: I4e1f2b6687a05f2bf3ca91c941c2cf11abe68f07
---
 heat/values_overrides/netpol.yaml             | 39 +++++++++----------
 tools/deployment/common/test-networkpolicy.sh |  9 +++++
 2 files changed, 27 insertions(+), 21 deletions(-)

diff --git a/heat/values_overrides/netpol.yaml b/heat/values_overrides/netpol.yaml
index d6675c881d..08cb1bcbbe 100644
--- a/heat/values_overrides/netpol.yaml
+++ b/heat/values_overrides/netpol.yaml
@@ -1,28 +1,25 @@
 manifests:
   network_policy: true
-#NOTE(gagehugo): Test these once the netpol gate works
 network_policy:
   heat:
-#    ingress:
-#      - from:
-#        - podSelector:
-#            matchLabels:
-#              application: heat
-#        - podSelector:
-#            matchLabels:
-#              application: ingress
-#        - podSelector:
-#            matchLabels:
-#              application: horizon
-#        ports:
-#        - protocol: TCP
-#          port: 80
-#        - protocol: TCP
-#          port: 8000
-#        - protocol: TCP
-#          port: 8003
-#        - protocol: TCP
-#          port: 8004
+    ingress:
+      - from:
+        - podSelector:
+            matchLabels:
+              application: heat
+        - podSelector:
+            matchLabels:
+              application: ingress
+        - podSelector:
+            matchLabels:
+              application: horizon
+        ports:
+        - protocol: TCP
+          port: 8000
+        - protocol: TCP
+          port: 8003
+        - protocol: TCP
+          port: 8004
     egress:
       - to:
         - podSelector:
diff --git a/tools/deployment/common/test-networkpolicy.sh b/tools/deployment/common/test-networkpolicy.sh
index 15a3b9f537..1d0eafe077 100755
--- a/tools/deployment/common/test-networkpolicy.sh
+++ b/tools/deployment/common/test-networkpolicy.sh
@@ -93,6 +93,12 @@ else
   test_netpol openstack rabbitmq server memcached.openstack.svc.cluster.local:11211 fail
   test_netpol openstack openvswitch openvswitch-vswitchd memcached.openstack.svc.cluster.local:11211 fail
   test_netpol openstack libvirt libvirt memcached.openstack.svc.cluster.local:11211 fail
+  # Heat Negative Tests
+  test_netpol openstack keystone api heat-api.openstack.svc.cluster.local:8004 fail
+  test_netpol openstack nova os-api heat-api.openstack.svc.cluster.local:8004 fail
+  test_netpol openstack neutron server heat-api.openstack.svc.cluster.local:8004 fail
+  test_netpol openstack glance api heat-api.openstack.svc.cluster.local:8004 fail
+
 # Positive Compute-Kit Tests
 
   # Positive Mariadb tests
@@ -112,6 +118,9 @@ else
   test_netpol openstack nova compute glance-api.openstack.svc.cluster.local:9292 success
   test_netpol openstack heat api glance-api.openstack.svc.cluster.local:9292 success
   test_netpol openstack horizon server glance-api.openstack.svc.cluster.local:9292 success
+  test_netpol openstack horizon server heat-api.openstack.svc.cluster.local:8004 success
+  test_netpol openstack horizon server heat-cfn.openstack.svc.cluster.local:8000 success
+  test_netpol openstack heat api heat-api.openstack.svc.cluster.local:8004 success
 fi
 
 echo Test Success