diff --git a/__tests__/helper/ChangeRequest.ts b/__tests__/helper/ChangeRequest.ts index 2fce189..7f0ea53 100644 --- a/__tests__/helper/ChangeRequest.ts +++ b/__tests__/helper/ChangeRequest.ts @@ -1,31 +1,49 @@ import { getBreachedValues } from "../../src/helper/ChangeRequest"; +import _ from "lodash"; describe("Change request test", () => { - const limitObject = { - deployment: { - securityGroup: { - rules: { - ingressCidr: { approvalFrom: ["Security"], values: ["0.0.0.0/0"] } - } - } - } - }; - - it("blocking 0.0.0.0/0", () => { - const manifestObject = { + describe("Create CR", () => { + const limitObject = { deployment: { - id: 5, - loadBalancers: [], - cluster: "nonprod.np.navi-tech.in", - securityGroup: [ - { - ids: [], - name: "sgname", - rules: [ - { description: "", fromPort: 443, ingressCidr: ["1.1.1.1/1", "0.0.0.0/0"] } + loadBalancers: { + approvalFrom: [], + forEach: { + object: [ + '{"accessPolicies": ["officeIp"]}', + '{"accessPolicies": ["internetFacing"]}' ] } - ] + }, + securityGroup: { + rules: { + ingressCidr: { approvalFrom: ["Security"], values: ["0.0.0.0/0"] } + } + }, + elasticSearch: { + approvalFrom: [], + environments: ["qa", "dev"], + instance: { + cpu: { + approvalFrom: [], + upperBound: 2 + }, + memory: { + approvalFrom: [], + upperBound: 4096 + }, + diskSpace: { + approvalFrom: [], + upperBound: 30000 + } + } + } + } + }; + + const sampleManifestObject = { + deployment: { + id: 5, + cluster: "nonprod.np.navi-tech.in" } }; @@ -33,27 +51,196 @@ describe("Change request test", () => { deployment: { id: 5, loadBalancers: [], - cluster: "nonprod.np.navi-tech.in", - securityGroup: [{ ids: [], name: "sgname", rules: [ - { description: "", fromPort: 443, ingressCidr: ["1.1.1.1/1"] } - ] }] + cluster: "nonprod.np.navi-tech.in" } }; - const values = getBreachedValues( - limitObject, - manifestObject, - preManifestObject, - true - ); + it("when 0.0.0.0/0 is whitelisted in ingress", () => { + const manifestObject = _.cloneDeep(sampleManifestObject); + manifestObject.deployment["securityGroup"] = [ + { + ids: [], + name: "sgname", + rules: [ + { + description: "", + fromPort: 443, + ingressCidr: ["1.1.1.1/1", "0.0.0.0/0"] + } + ] + } + ]; - const expected = [{ - op: "replace", - path: "/deployment/securityGroup/0/rules/0/ingressCidr", - limitPath: "/deployment/securityGroup/rules/ingressCidr", - value: ["1.1.1.1/1", "0.0.0.0/0"] - }]; + preManifestObject.deployment["securityGroup"] = [ + { + ids: [], + name: "sgname", + rules: [ + { description: "", fromPort: 443, ingressCidr: ["1.1.1.1/1"] } + ] + } + ]; - expect(values).toStrictEqual(expected); + const values = getBreachedValues( + limitObject, + manifestObject, + preManifestObject, + true + ); + + const expected = [ + { + op: "replace", + path: "/deployment/securityGroup/0/rules/0/ingressCidr", + limitPath: "/deployment/securityGroup/rules/ingressCidr", + value: ["1.1.1.1/1", "0.0.0.0/0"] + } + ]; + + expect(values).toStrictEqual(expected); + expect( + manifestObject.deployment["securityGroup"][0]["rules"][0]["ingressCidr"] + ).toStrictEqual( + preManifestObject.deployment["securityGroup"][0]["rules"][0][ + "ingressCidr" + ] + ); + }); + + it("when internet policy is officeIp", () => { + const manifestObject = _.cloneDeep(sampleManifestObject); + const lb = { + id: 8, + endpoint: "testonethree.np.navi-tech.in", + extraSecurityGroups: [], + accessPolicies: ["officeIp"], + stickiness: false, + isDeployed: false, + idleTimeout: 60, + name: "alb3", + type: "alb" + }; + manifestObject.deployment["loadBalancers"] = [lb]; + + const actual = getBreachedValues( + limitObject, + manifestObject, + preManifestObject, + true + ); + + const expected = [ + { + op: "replace", + path: "/deployment/loadBalancers/0", + limitPath: "/deployment/loadBalancers", + value: lb + } + ]; + expect(actual).toStrictEqual(expected); + expect(manifestObject.deployment["loadBalancers"]).toStrictEqual(preManifestObject.deployment["loadBalancers"]) + }); + + it("when internet policy is internetFacing", () => { + const manifestObject = _.cloneDeep(sampleManifestObject); + const lb = { + id: 8, + endpoint: "testonethree.np.navi-tech.in", + extraSecurityGroups: [], + accessPolicies: ["internetFacing"], + stickiness: false, + isDeployed: false, + idleTimeout: 60, + name: "alb3", + type: "alb" + }; + manifestObject.deployment["loadBalancers"] = [lb]; + + const actual = getBreachedValues( + limitObject, + manifestObject, + preManifestObject, + false + ); + + const expected = [ + { + op: "replace", + path: "/deployment/loadBalancers/0", + limitPath: "/deployment/loadBalancers", + value: lb + } + ]; + expect(actual).toStrictEqual(expected); + }); + + it("when elasticSearch is created in one of the blacklisted env with over the limit values", () => { + const environment = "qa"; + const manifest = { + environment: environment, + deployment: { + elasticSearch: { + kibana: null, + enabled: true, + instance: { + cpu: "2", + memory: "4Gi", + password: "${elastic}", + diskSpace: "40Gi", + instanceName: "instanename" + } + } + } + }; + + const preManifest = { + environment: environment, + deployment: {} + }; + + const actual = getBreachedValues( + limitObject, + manifest, + preManifest, + false + ); + const expected = [ + { + op: "add", + path: "/deployment/elasticSearch", + limitPath: "/deployment/elasticSearch", + value: { + kibana: null, + enabled: true, + instance: { + cpu: "2", + memory: "4Gi", + password: "${elastic}", + diskSpace: "40Gi", + instanceName: "instanename" + } + } + }, + { + op: "add", + path: "/deployment/elasticSearch/instance/cpu", + limitPath: "/deployment/elasticSearch/instance/cpu", + value: "2" + }, + { + op: "add", + path: "/deployment/elasticSearch/instance/memory", + limitPath: "/deployment/elasticSearch/instance/memory", + value: "4Gi" + }, + { + op: "add", + path: "/deployment/elasticSearch/instance/diskSpace", + limitPath: "/deployment/elasticSearch/instance/diskSpace", + value: "40Gi" + } + ]; + expect(actual).toStrictEqual(expected); + }); }); }); diff --git a/src/helper/ChangeRequest.ts b/src/helper/ChangeRequest.ts index 1244c54..fb9b77d 100644 --- a/src/helper/ChangeRequest.ts +++ b/src/helper/ChangeRequest.ts @@ -72,10 +72,12 @@ const isChangeRequestRequired = (limit, value, previousValue, manifestEnv) => { } } if (limit.hasOwnProperty("object")) { - const json = JSON.parse(limit.object[0]); - const flag = _.some([value], json); - console.log(flag); - return flag; + for (const json of limit.object) { + const jsonObj = JSON.parse(json); + const flag = _.some([value], jsonObj); + if (flag) return true; + } + return false; } if (limit.hasOwnProperty("environments")) { if (previousValue !== undefined) { @@ -117,7 +119,7 @@ const getBreachedLimits = ( const currentPreManifestObj = safeMapAccess(preManifestObject, key); if (isTarget(currentLimitObj)) { - if (currentLimitObj.hasOwnProperty("forEach")) { + if (currentLimitObj.hasOwnProperty("forEach") && currentManifestObj?.length !== undefined) { for (let i = 0; i < currentManifestObj.length; i++) { const obj = currentManifestObj[i]; const isBreach = isChangeRequestRequired(