Update workspace network policy

What does this MR do and why?

If the workspace agent config has gitlab workspace proxy http and ssh enabled set to false, we don't need to add ingress attributes in the network policy of the workspace which allows incoming traffic from the GitLab Workspaces Proxy in the Kubernetes cluster because the traffic will be routed without it.

All existing workspaces agent config will have these attributes set to nil (since it will be missing in the workspaces_agent_config_versions table). This MR takes care of that.

This MR also adds some missing test coverage as mentioned in !204476 (comment 2748653358) .

References

• Inject agentw in workspace (#569402 - closed)
• !204476 (comment 2748653358)

Screenshots or screen recordings

Before	After

How to set up and validate locally

1. Set agentk config as follows

   remote_development:
     enabled: true
     dns_zone: workspaces.localtest.me
     network_policy:
       enabled: true
       # if your GDK is configured on a public IP, you don't need to set the `egress` key in this section.
       egress:
       - allow: '0.0.0.0/0'
         except:
         - '10.0.0.0/8'
         - '172.16.0.0/12'
         - '192.168.0.0/16'
       # if your GDK is configured on a different private IP, use that in the line below.
       - allow: '172.16.123.1/32'

2. Create workspace (w1).
3. Update agentk config as follows

   remote_development:
     enabled: true
     dns_zone: workspaces.localtest.me
     network_policy:
       enabled: true
       # if your GDK is configured on a public IP, you don't need to set the `egress` key in this section.
       egress:
       - allow: '0.0.0.0/0'
         except:
         - '10.0.0.0/8'
         - '172.16.0.0/12'
         - '192.168.0.0/16'
       # if your GDK is configured on a different private IP, use that in the line below.
       - allow: '172.16.123.1/32'
     gitlab_workspaces_proxy:
       http_enabled: false
       ssh_enabled: false

4. Create workspace (w1).
5. Validate w1's network policy contains the ingress rules.
6. Validate w2's network policy does not contains the ingress rules.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.