Merge branch 'restrict-helm-np' into 'main'

Further restrict network policy

See merge request !31

CHANGELOG.md

@@ -3,6 +3,10 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+## [9.2.6-bb.12] - 2021-06-02
+### Modified
+- Modified helm-test network policy to be more restrictive.
+
 ## [9.2.6-bb.11] - 2021-05-27
 ### Modified
 - Modified the bigbang monitoring network policy to be more restrictive.

chart/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: 8.7.1-community
 name: sonarqube
 description: SonarQube is an open sourced code quality scanning tool
-version: 9.2.6-bb.11
+version: 9.2.6-bb.12
 keywords:
   - coverage
   - security

chart/templates/bigbang/networkpolicies/helm-test-network-policy.yaml

 {{- $bbtests := .Values.bbtests | default dict -}}
-{{- $cypress := $bbtests.cypress | default dict -}}
 {{- $enabled := (hasKey $bbtests "enabled") -}}
-{{- $artifacts := (hasKey $cypress "artifacts") -}}
-{{- if and $enabled $artifacts }}
-{{- if and .Values.networkPolicies.enabled .Values.bbtests.enabled .Values.bbtests.cypress.artifacts }}
+{{- if $enabled }}
+{{- if and .Values.networkPolicies.enabled .Values.bbtests.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
@@ -16,11 +14,6 @@ spec:
   policyTypes:
   - Egress
   egress:
-  - to:
-    - ipBlock:
-        cidr: 0.0.0.0/0
-        # ONLY Block requests to AWS metadata IP
-        except:
-          - 169.254.169.254/32
+  - {}
+{{- end }}
 {{- end }}
-{{- end }}
\ No newline at end of file