As a Korifi operator I want to be able to bind a security group to certain spacesย #4106
Description
Acceptance
GIVEN I have deployed Korifi with experimental.securityGroups.enabled=true value
GIVEN I have created a security group
WHEN I bind the security group to a space with running lifecycle via
POST /v3/security_groups/31626d4d-86e3-4379-9fd7-80c71691ab24/relationships/running_spaces HTTP/1.1
User-Agent: cf/8.7.11+b1b4068.2024-07-09 (go1.22.5; amd64 linux)
{
"data": [
{
"guid": "9db0716a-eb17-431f-a006-aa61b26e465d"
}
]
}
THEN the workload pod should be able to access the IP allowed by the security group
WHEN I bind the security group to a space with staging lifecycle via
POST /v3/security_groups/31626d4d-86e3-4379-9fd7-80c71691ab24/relationships/running_spaces HTTP/1.1
User-Agent: cf/8.7.11+b1b4068.2024-07-09 (go1.22.5; amd64 linux)
{
"data": [
{
"guid": "9db0716a-eb17-431f-a006-aa61b26e465d"
}
]
}
THEN the workload pod should be able to access the IP allowed by the security group
Dev notes
- Check the CF API docs for the format of the response
- When the
--lifecycleargument of thebind-security-groupis omitted, the cli defaults torunning - When the
spaceargument is omitted, the cli sends all current spaces of the given org. If new spaces are created in the future, they won't be bound to the security group. - When the story dones, the
bind-security-groupcommand should work, so a smoke test should be added to the suite