From f983b70c1d9285f62412a9b3c949209d9e405e19 Mon Sep 17 00:00:00 2001
From: Branden Cobb <cobb_branden@bah.com>
Date: Thu, 3 Jun 2021 18:51:32 +0000
Subject: [PATCH] Further restrict network policy

---
 CHANGELOG.md                                      |  4 ++++
 chart/Chart.yaml                                  |  2 +-
 .../networkpolicies/helm-test-network-policy.yaml | 15 ++++-----------
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3f42276..aea70d8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+## [9.2.6-bb.12] - 2021-06-02
+### Modified
+- Modified helm-test network policy to be more restrictive.
+
 ## [9.2.6-bb.11] - 2021-05-27
 ### Modified
 - Modified the bigbang monitoring network policy to be more restrictive.
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 457eb03..162b121 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: 8.7.1-community
 name: sonarqube
 description: SonarQube is an open sourced code quality scanning tool
-version: 9.2.6-bb.11
+version: 9.2.6-bb.12
 keywords:
   - coverage
   - security
diff --git a/chart/templates/bigbang/networkpolicies/helm-test-network-policy.yaml b/chart/templates/bigbang/networkpolicies/helm-test-network-policy.yaml
index fd3d356..319b034 100644
--- a/chart/templates/bigbang/networkpolicies/helm-test-network-policy.yaml
+++ b/chart/templates/bigbang/networkpolicies/helm-test-network-policy.yaml
@@ -1,9 +1,7 @@
 {{- $bbtests := .Values.bbtests | default dict -}}
-{{- $cypress := $bbtests.cypress | default dict -}}
 {{- $enabled := (hasKey $bbtests "enabled") -}}
-{{- $artifacts := (hasKey $cypress "artifacts") -}}
-{{- if and $enabled $artifacts }}
-{{- if and .Values.networkPolicies.enabled .Values.bbtests.enabled .Values.bbtests.cypress.artifacts }}
+{{- if $enabled }}
+{{- if and .Values.networkPolicies.enabled .Values.bbtests.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
@@ -16,11 +14,6 @@ spec:
   policyTypes:
   - Egress
   egress:
-  - to:
-    - ipBlock:
-        cidr: 0.0.0.0/0
-        # ONLY Block requests to AWS metadata IP
-        except:
-          - 169.254.169.254/32
+  - {}
+{{- end }}
 {{- end }}
-{{- end }}
\ No newline at end of file
-- 
GitLab