1 files changed, 41 insertions, 4 deletions

diff --git a/lib/gitlab/kubernetes/network_policy.rb b/lib/gitlab/kubernetes/network_policy.rb
index ea25d81cbd2..dc13a614551 100644
--- a/lib/gitlab/kubernetes/network_policy.rb
+++ b/lib/gitlab/kubernetes/network_policy.rb
@@ -3,9 +3,12 @@
 module Gitlab
   module Kubernetes
     class NetworkPolicy
-      def initialize(name:, namespace:, pod_selector:, ingress:, creation_timestamp: nil, policy_types: ["Ingress"], egress: nil)
+      DISABLED_BY_LABEL = :'network-policy.gitlab.com/disabled_by'
+
+      def initialize(name:, namespace:, pod_selector:, ingress:, labels: nil, creation_timestamp: nil, policy_types: ["Ingress"], egress: nil)
         @name = name
         @namespace = namespace
+        @labels = labels
         @creation_timestamp = creation_timestamp
         @pod_selector = pod_selector
         @policy_types = policy_types
@@ -24,6 +27,7 @@ module Gitlab
         self.new(
           name: metadata[:name],
           namespace: metadata[:namespace],
+          labels: metadata[:labels],
           pod_selector: spec[:podSelector],
           policy_types: spec[:policyTypes],
           ingress: spec[:ingress],
@@ -42,6 +46,7 @@ module Gitlab
         self.new(
           name: metadata[:name],
           namespace: metadata[:namespace],
+          labels: metadata[:labels]&.to_h,
           creation_timestamp: metadata[:creationTimestamp],
           pod_selector: spec[:podSelector],
           policy_types: spec[:policyTypes],
@@ -62,16 +67,48 @@ module Gitlab
           name: name,
           namespace: namespace,
           creation_timestamp: creation_timestamp,
-          manifest: manifest
+          manifest: manifest,
+          is_autodevops: autodevops?,
+          is_enabled: enabled?
         }
       end
 
+      def autodevops?
+        return false unless labels
+
+        !labels[:chart].nil? && labels[:chart].start_with?('auto-deploy-app-')
+      end
+
+      # podSelector selects pods that should be targeted by this
+      # policy. We can narrow selection by requiring this policy to
+      # match our custom labels. Since DISABLED_BY label will not be
+      # on any pod a policy will be effectively disabled.
+      def enabled?
+        return true unless pod_selector&.key?(:matchLabels)
+
+        !pod_selector[:matchLabels]&.key?(DISABLED_BY_LABEL)
+      end
+
+      def enable
+        return if enabled?
+
+        pod_selector[:matchLabels].delete(DISABLED_BY_LABEL)
+      end
+
+      def disable
+        @pod_selector ||= {}
+        pod_selector[:matchLabels] ||= {}
+        pod_selector[:matchLabels].merge!(DISABLED_BY_LABEL => 'gitlab')
+      end
+
       private
 
-      attr_reader :name, :namespace, :creation_timestamp, :pod_selector, :policy_types, :ingress, :egress
+      attr_reader :name, :namespace, :labels, :creation_timestamp, :pod_selector, :policy_types, :ingress, :egress
 
       def metadata
-        { name: name, namespace: namespace }
+        meta = { name: name, namespace: namespace }
+        meta[:labels] = labels if labels
+        meta
       end
 
       def spec