From 2c5dd7264308e2e94734c6d8aea910bc979bea42 Mon Sep 17 00:00:00 2001
From: Wayne Starr <Racer159@users.noreply.github.com>
Date: Wed, 24 Jul 2024 15:44:03 -0600
Subject: [PATCH] chore!: remove egress anywhere for SSO (#102)

## Description

> [!IMPORTANT]
> :warning: **BREAKING CHANGE** This is a breaking change that requires
`uds-core` `v0.22.0` but locks down GitLab to have no `remoteGenerated:
Anywhere` entries by default.

## Related Issue

Relates to https://github.com/defenseunicorns/uds-core/issues/558

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [X] Other (security config, docs update, etc)

## Checklist before merging

- [X] Test, docs, adr added or updated as needed
- [X] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-package-gitlab/blob/main/CONTRIBUTING.md#developer-workflow)
followed
---
 chart/templates/uds-package.yaml | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
index 695beb67..766addb0 100644
--- a/chart/templates/uds-package.yaml
+++ b/chart/templates/uds-package.yaml
@@ -43,12 +43,6 @@ spec:
         host: sonarqube
         port: 9000
     allow:
-      # Todo: wide open for hitting in-cluster or external postgres
-      - direction: Egress
-        podLabels:
-          app: sonarqube
-        remoteGenerated: Anywhere
-
       - direction: Egress
         remoteNamespace: keycloak
         remoteSelector:
@@ -59,7 +53,9 @@ spec:
         description: "SSO Internal"
 
       - direction: Egress
-        remoteGenerated: Anywhere
+        remoteNamespace: istio-tenant-gateway
+        remoteSelector:
+          app: tenant-ingressgateway
         selector:
           app: sonarqube
         port: 443