2020-08-13 08:01:30 +00:00
// Copyright © 2017-2020 Aqua Security Software Ltd. <info@aquasec.com>
2017-05-26 09:25:29 +00:00
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package check
import (
2020-08-13 08:01:30 +00:00
"fmt"
2017-05-26 09:25:29 +00:00
"io/ioutil"
2017-08-12 18:54:33 +00:00
"os"
"strings"
2017-05-26 09:25:29 +00:00
"testing"
)
var (
in [ ] byte
controls * Controls
)
func init ( ) {
var err error
in , err = ioutil . ReadFile ( "data" )
if err != nil {
panic ( "Failed reading test data: " + err . Error ( ) )
}
2017-08-12 18:54:33 +00:00
// substitute variables in data file
user := os . Getenv ( "USER" )
s := strings . Replace ( string ( in ) , "$user" , user , - 1 )
2021-05-09 11:48:34 +00:00
controls , err = NewControls ( MASTER , [ ] byte ( s ) , "" )
2017-08-12 18:54:33 +00:00
// controls, err = NewControls(MASTER, in)
2017-06-23 11:04:46 +00:00
if err != nil {
panic ( "Failed creating test controls: " + err . Error ( ) )
}
2017-05-26 09:25:29 +00:00
}
func TestTestExecute ( t * testing . T ) {
2017-08-12 18:54:33 +00:00
2017-05-26 09:25:29 +00:00
cases := [ ] struct {
2020-12-24 14:38:22 +00:00
check * Check
str string
strConfig string
expectedTestResult string
strEnv string
2017-05-26 09:25:29 +00:00
} {
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 0 ] ,
str : "2:45 ../kubernetes/kube-apiserver --allow-privileged=false --option1=20,30,40" ,
strConfig : "" ,
expectedTestResult : "'--allow-privileged' is present" ,
2017-05-26 09:25:29 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 1 ] ,
str : "2:45 ../kubernetes/kube-apiserver --allow-privileged=false" ,
strConfig : "" ,
expectedTestResult : "'--basic-auth' is not present" ,
2017-05-26 09:25:29 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 2 ] ,
str : "niinai 13617 2635 99 19:26 pts/20 00:03:08 ./kube-apiserver --insecure-port=0 --anonymous-auth" ,
strConfig : "" ,
expectedTestResult : "'--insecure-port' is equal to '0'" ,
2017-05-26 09:25:29 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 3 ] ,
str : "2:45 ../kubernetes/kube-apiserver --secure-port=0 --audit-log-maxage=40 --option" ,
strConfig : "" ,
expectedTestResult : "'--audit-log-maxage' is greater or equal to 30" ,
2017-05-26 09:25:29 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 4 ] ,
str : "2:45 ../kubernetes/kube-apiserver --max-backlog=20 --secure-port=0 --audit-log-maxage=40 --option" ,
strConfig : "" ,
expectedTestResult : "'--max-backlog' is lower than 30" ,
2017-05-26 09:25:29 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 5 ] ,
str : "2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,RBAC ---audit-log-maxage=40" ,
strConfig : "" ,
expectedTestResult : "'--admission-control' does not have 'AlwaysAdmit'" ,
2017-05-26 09:25:29 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 6 ] ,
str : "2:45 .. --kubelet-clientkey=foo --kubelet-client-certificate=bar --admission-control=Webhook,RBAC" ,
strConfig : "" ,
expectedTestResult : "'--kubelet-client-certificate' is present AND '--kubelet-clientkey' is present" ,
2017-05-26 09:25:29 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 7 ] ,
str : "2:45 .. --secure-port=0 --kubelet-client-certificate=bar --admission-control=Webhook,RBAC" ,
strConfig : "" ,
expectedTestResult : "'--secure-port' is equal to '0' OR '--secure-port' is not present" ,
2017-05-26 09:25:29 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 8 ] ,
str : "permissions=SomeValue" ,
strConfig : "" ,
expectedTestResult : "'permissions' is equal to 'SomeValue'" ,
2017-05-26 09:25:29 +00:00
} ,
2017-08-15 17:34:07 +00:00
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 9 ] ,
str : "permissions=640" ,
strConfig : "" ,
expectedTestResult : "permissions has permissions 640, expected 644 or more restrictive" ,
2017-08-15 17:34:07 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 9 ] ,
str : "permissions=600" ,
strConfig : "" ,
expectedTestResult : "permissions has permissions 600, expected 644 or more restrictive" ,
2017-08-15 17:34:07 +00:00
} ,
2017-09-13 14:32:33 +00:00
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 10 ] ,
str : "2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,RBAC ---audit-log-maxage=40" ,
strConfig : "" ,
expectedTestResult : "'--admission-control' has 'RBAC'" ,
2017-09-13 14:32:33 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 11 ] ,
str : "2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,RBAC ---audit-log-maxage=40" ,
strConfig : "" ,
expectedTestResult : "'--admission-control' has 'WebHook'" ,
2017-09-13 14:32:33 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 12 ] ,
str : "2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,Something,RBAC ---audit-log-maxage=40" ,
strConfig : "" ,
expectedTestResult : "'--admission-control' has 'Something'" ,
2017-09-13 14:32:33 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 13 ] ,
str : "2:45 ../kubernetes/kube-apiserver --option --admission-control=Something ---audit-log-maxage=40" ,
strConfig : "" ,
expectedTestResult : "'--admission-control' has 'Something'" ,
2017-09-13 14:32:33 +00:00
} ,
2019-03-11 18:05:33 +00:00
{
2019-04-10 22:47:26 +00:00
// check for ':' as argument-value separator, with space between arg and val
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 14 ] ,
str : "2:45 kube-apiserver some-arg: some-val --admission-control=Something ---audit-log-maxage=40" ,
strConfig : "" ,
expectedTestResult : "'some-arg' is equal to 'some-val'" ,
2019-03-11 18:05:33 +00:00
} ,
{
2019-04-10 22:47:26 +00:00
// check for ':' as argument-value separator, with no space between arg and val
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 14 ] ,
str : "2:45 kube-apiserver some-arg:some-val --admission-control=Something ---audit-log-maxage=40" ,
strConfig : "" ,
expectedTestResult : "'some-arg' is equal to 'some-val'" ,
2019-04-11 09:21:19 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 15 ] ,
str : "" ,
strConfig : "{\"readOnlyPort\": 15000}" ,
expectedTestResult : "'{.readOnlyPort}' is equal to '15000' OR '{.readOnlyPort}' is greater or equal to 15000 OR '{.readOnlyPort}' is lower or equal to 15000" ,
2019-03-11 18:05:33 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 16 ] ,
str : "" ,
strConfig : "{\"stringValue\": \"WebHook,Something,RBAC\"}" ,
expectedTestResult : "'{.stringValue}' is not equal to 'None' AND '{.stringValue}' is not equal to 'webhook,Something,RBAC' AND '{.stringValue}' is equal to 'WebHook,Something,RBAC'" ,
2019-03-11 18:05:33 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 17 ] ,
str : "" ,
strConfig : "{\"trueValue\": true}" ,
expectedTestResult : "'{.trueValue}' is not equal to 'somethingElse' AND '{.trueValue}' is not equal to 'false' AND '{.trueValue}' is equal to 'true'" ,
2019-03-11 18:05:33 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 18 ] ,
str : "" ,
strConfig : "{\"readOnlyPort\": 15000}" ,
expectedTestResult : "'{.notARealField}' is not present" ,
2019-03-11 18:05:33 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 19 ] ,
str : "" ,
strConfig : "{\"authentication\": { \"anonymous\": {\"enabled\": false}}}" ,
expectedTestResult : "'{.authentication.anonymous.enabled}' is equal to 'false'" ,
2019-03-11 18:05:33 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 20 ] ,
str : "" ,
strConfig : "readOnlyPort: 15000" ,
expectedTestResult : "'{.readOnlyPort}' is greater than 14999" ,
2019-03-11 18:05:33 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 21 ] ,
str : "" ,
strConfig : "readOnlyPort: 15000" ,
expectedTestResult : "'{.fieldThatIsUnset}' is not present" ,
2019-04-11 09:03:07 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 22 ] ,
str : "" ,
strConfig : "authentication:\n anonymous:\n enabled: false" ,
expectedTestResult : "'{.authentication.anonymous.enabled}' is equal to 'false'" ,
2019-03-11 18:05:33 +00:00
} ,
2019-06-05 11:23:59 +00:00
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 26 ] ,
str : "" ,
strConfig : "currentMasterVersion: 1.12.7" ,
expectedTestResult : "'{.currentMasterVersion}' matched by regex expression '^1\\.12.*$'" ,
2019-06-05 11:23:59 +00:00
} ,
2020-03-03 16:54:38 +00:00
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 27 ] ,
str : "--peer-client-cert-auth" ,
strConfig : "" ,
expectedTestResult : "'--peer-client-cert-auth' is equal to 'true'" ,
2020-03-03 16:54:38 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 27 ] ,
str : "--abc=true --peer-client-cert-auth --efg=false" ,
strConfig : "" ,
expectedTestResult : "'--peer-client-cert-auth' is equal to 'true'" ,
2020-03-03 16:54:38 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 27 ] ,
str : "--abc --peer-client-cert-auth --efg" ,
strConfig : "" ,
expectedTestResult : "'--peer-client-cert-auth' is equal to 'true'" ,
2020-03-03 16:54:38 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 27 ] ,
str : "--peer-client-cert-auth=true" ,
strConfig : "" ,
expectedTestResult : "'--peer-client-cert-auth' is equal to 'true'" ,
2020-03-03 16:54:38 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 27 ] ,
str : "--abc --peer-client-cert-auth=true --efg" ,
strConfig : "" ,
expectedTestResult : "'--peer-client-cert-auth' is equal to 'true'" ,
2020-03-03 16:54:38 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 28 ] ,
str : "--abc --peer-client-cert-auth=false --efg" ,
strConfig : "" ,
expectedTestResult : "'--peer-client-cert-auth' is equal to 'false'" ,
2020-12-21 11:18:54 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 29 ] ,
str : "2:45 ../kubernetes/kube-apiserver --option1=20,30,40" ,
strConfig : "" ,
expectedTestResult : "'ALLOW_PRIVILEGED' is present" ,
strEnv : "SOME_OTHER_ENV=true\nALLOW_PRIVILEGED=false" ,
2020-12-21 11:18:54 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 30 ] ,
str : "2:45 ../kubernetes/kube-apiserver --option1=20,30,40" ,
strConfig : "" ,
expectedTestResult : "'BASIC_AUTH' is not present" ,
strEnv : "" ,
2020-12-21 11:18:54 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 31 ] ,
str : "2:45 ../kubernetes/kube-apiserver --option1=20,30,40" ,
strConfig : "" ,
expectedTestResult : "'INSECURE_PORT' is equal to '0'" ,
strEnv : "INSECURE_PORT=0" ,
2020-12-21 11:18:54 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 32 ] ,
str : "2:45 ../kubernetes/kube-apiserver --option1=20,30,40" ,
strConfig : "" ,
expectedTestResult : "'AUDIT_LOG_MAXAGE' is greater or equal to 30" ,
strEnv : "AUDIT_LOG_MAXAGE=40" ,
2020-12-21 11:18:54 +00:00
} ,
{
2020-12-24 14:38:22 +00:00
check : controls . Groups [ 0 ] . Checks [ 33 ] ,
str : "2:45 ../kubernetes/kube-apiserver --option1=20,30,40" ,
strConfig : "" ,
expectedTestResult : "'MAX_BACKLOG' is lower than 30" ,
strEnv : "MAX_BACKLOG=20" ,
2020-03-03 16:54:38 +00:00
} ,
2017-05-26 09:25:29 +00:00
}
for _ , c := range cases {
2020-12-24 14:38:22 +00:00
t . Run ( c . check . Text , func ( t * testing . T ) {
c . check . AuditOutput = c . str
c . check . AuditConfigOutput = c . strConfig
c . check . AuditEnvOutput = c . strEnv
res , err := c . check . execute ( )
2020-08-13 08:01:30 +00:00
if err != nil {
t . Errorf ( err . Error ( ) )
}
if ! res . testResult {
2020-12-24 14:38:22 +00:00
t . Errorf ( "Test ID %v - expected:%v, got:%v" , c . check . ID , true , res )
}
if res . ExpectedResult != c . expectedTestResult {
t . Errorf ( "Test ID %v - \nexpected:%v, \ngot: %v" , c . check . ID , c . expectedTestResult , res . ExpectedResult )
2020-08-13 08:01:30 +00:00
}
} )
2017-05-26 09:25:29 +00:00
}
}
2019-03-11 18:05:33 +00:00
func TestTestExecuteExceptions ( t * testing . T ) {
cases := [ ] struct {
* Check
str string
} {
{
2019-04-11 09:21:19 +00:00
controls . Groups [ 0 ] . Checks [ 23 ] ,
2019-03-11 18:05:33 +00:00
"this is not valid json {} at all" ,
} ,
{
2019-04-11 09:21:19 +00:00
controls . Groups [ 0 ] . Checks [ 24 ] ,
2019-03-11 18:05:33 +00:00
"{\"key\": \"value\"}" ,
} ,
{
2019-04-11 09:21:19 +00:00
controls . Groups [ 0 ] . Checks [ 25 ] ,
2019-03-11 18:05:33 +00:00
"broken } yaml\nenabled: true" ,
} ,
2019-06-05 11:23:59 +00:00
{
controls . Groups [ 0 ] . Checks [ 26 ] ,
"currentMasterVersion: 1.11" ,
} ,
{
controls . Groups [ 0 ] . Checks [ 26 ] ,
"currentMasterVersion: " ,
} ,
2019-03-11 18:05:33 +00:00
}
for _ , c := range cases {
2020-08-13 08:01:30 +00:00
t . Run ( c . Text , func ( t * testing . T ) {
c . Check . AuditConfigOutput = c . str
res , err := c . Check . execute ( )
if err != nil {
t . Errorf ( err . Error ( ) )
}
if res . testResult {
t . Errorf ( "expected:%v, got:%v" , false , res )
}
} )
2019-03-11 18:05:33 +00:00
}
}
2019-07-12 06:09:27 +00:00
func TestTestUnmarshal ( t * testing . T ) {
type kubeletConfig struct {
Kind string
ApiVersion string
Address string
}
cases := [ ] struct {
content string
jsonInterface interface { }
expectedToFail bool
} {
{
` {
"kind" : "KubeletConfiguration" ,
"apiVersion" : "kubelet.config.k8s.io/v1beta1" ,
"address" : "0.0.0.0"
}
` ,
kubeletConfig { } ,
false ,
} , {
`
kind : KubeletConfiguration
address : 0.0 .0 .0
apiVersion : kubelet . config . k8s . io / v1beta1
authentication :
anonymous :
enabled : false
webhook :
cacheTTL : 2 m0s
enabled : true
x509 :
clientCAFile : / etc / kubernetes / pki / ca . crt
tlsCipherSuites :
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
` ,
kubeletConfig { } ,
false ,
} ,
{
`
kind : ddress : 0.0 .0 .0
apiVersion : kubelet . config . k8s . io / v1beta
` ,
kubeletConfig { } ,
true ,
} ,
}
2020-08-13 08:01:30 +00:00
for id , c := range cases {
t . Run ( fmt . Sprintf ( "%d" , id ) , func ( t * testing . T ) {
err := unmarshal ( c . content , & c . jsonInterface )
if err != nil {
if ! c . expectedToFail {
t . Errorf ( "should pass, got error:%v" , err )
}
} else {
if c . expectedToFail {
t . Errorf ( "should fail, but passed" )
}
2019-07-12 06:09:27 +00:00
}
2020-08-13 08:01:30 +00:00
} )
2019-07-12 06:09:27 +00:00
}
}
func TestExecuteJSONPath ( t * testing . T ) {
type kubeletConfig struct {
Kind string
ApiVersion string
Address string
}
cases := [ ] struct {
2020-08-13 08:01:30 +00:00
name string
2019-07-12 06:09:27 +00:00
jsonPath string
jsonInterface kubeletConfig
expectedResult string
expectedToFail bool
} {
{
2020-08-13 08:01:30 +00:00
"JSONPath parse works, results don't match" ,
2021-10-27 09:56:00 +00:00
"{.resourcesproviders.aescbc}" ,
2019-07-12 06:09:27 +00:00
kubeletConfig {
Kind : "KubeletConfiguration" ,
ApiVersion : "kubelet.config.k8s.io/v1beta1" ,
Address : "127.0.0.0" ,
} ,
"blah" ,
true ,
} ,
{
2020-08-13 08:01:30 +00:00
"JSONPath parse works, results match" ,
2019-07-12 06:09:27 +00:00
"{.Kind}" ,
kubeletConfig {
Kind : "KubeletConfiguration" ,
ApiVersion : "kubelet.config.k8s.io/v1beta1" ,
Address : "127.0.0.0" ,
} ,
"KubeletConfiguration" ,
false ,
} ,
{
2020-08-13 08:01:30 +00:00
"JSONPath parse fails" ,
2019-07-12 06:09:27 +00:00
"{.ApiVersion" ,
kubeletConfig {
Kind : "KubeletConfiguration" ,
ApiVersion : "kubelet.config.k8s.io/v1beta1" ,
Address : "127.0.0.0" ,
} ,
"" ,
true ,
} ,
}
for _ , c := range cases {
2020-08-13 08:01:30 +00:00
t . Run ( c . name , func ( t * testing . T ) {
result , err := executeJSONPath ( c . jsonPath , c . jsonInterface )
if err != nil && ! c . expectedToFail {
t . Fatalf ( "jsonPath:%q, expectedResult:%q got:%v" , c . jsonPath , c . expectedResult , err )
}
if c . expectedResult != result && ! c . expectedToFail {
t . Errorf ( "jsonPath:%q, expectedResult:%q got:%q" , c . jsonPath , c . expectedResult , result )
}
} )
2019-07-12 06:09:27 +00:00
}
}
2019-07-17 14:08:11 +00:00
2019-07-26 18:11:59 +00:00
func TestAllElementsValid ( t * testing . T ) {
cases := [ ] struct {
source [ ] string
target [ ] string
valid bool
} {
{
source : [ ] string { } ,
target : [ ] string { } ,
valid : true ,
} ,
{
source : [ ] string { "blah" } ,
target : [ ] string { } ,
valid : false ,
} ,
{
source : [ ] string { } ,
target : [ ] string { "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" , "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" ,
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" , "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ,
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" , "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" ,
"TLS_RSA_WITH_AES_256_GCM_SHA384" , "TLS_RSA_WITH_AES_128_GCM_SHA256" } ,
valid : false ,
} ,
{
source : [ ] string { "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" , "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" } ,
target : [ ] string { "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" , "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" ,
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" , "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ,
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" , "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" ,
"TLS_RSA_WITH_AES_256_GCM_SHA384" , "TLS_RSA_WITH_AES_128_GCM_SHA256" } ,
valid : true ,
} ,
{
source : [ ] string { "blah" } ,
target : [ ] string { "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" , "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" ,
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" , "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ,
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" , "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" ,
"TLS_RSA_WITH_AES_256_GCM_SHA384" , "TLS_RSA_WITH_AES_128_GCM_SHA256" } ,
valid : false ,
} ,
{
source : [ ] string { "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" , "blah" } ,
target : [ ] string { "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" , "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" ,
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" , "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" ,
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" , "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" ,
"TLS_RSA_WITH_AES_256_GCM_SHA384" , "TLS_RSA_WITH_AES_128_GCM_SHA256" } ,
valid : false ,
} ,
}
2020-08-13 08:01:30 +00:00
for id , c := range cases {
t . Run ( fmt . Sprintf ( "%d" , id ) , func ( t * testing . T ) {
if ! allElementsValid ( c . source , c . target ) && c . valid {
t . Errorf ( "Not All Elements in %q are found in %q" , c . source , c . target )
}
} )
2019-07-26 18:11:59 +00:00
}
}
func TestSplitAndRemoveLastSeparator ( t * testing . T ) {
cases := [ ] struct {
source string
valid bool
elementCnt int
} {
{
source : "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ,
valid : true ,
elementCnt : 8 ,
} ,
{
source : "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," ,
valid : true ,
elementCnt : 2 ,
} ,
{
source : "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," ,
valid : true ,
elementCnt : 2 ,
} ,
{
source : "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, " ,
valid : true ,
elementCnt : 2 ,
} ,
{
source : " TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," ,
valid : true ,
elementCnt : 2 ,
} ,
}
2020-08-13 08:01:30 +00:00
for id , c := range cases {
t . Run ( fmt . Sprintf ( "%d" , id ) , func ( t * testing . T ) {
as := splitAndRemoveLastSeparator ( c . source , defaultArraySeparator )
if len ( as ) == 0 && c . valid {
t . Errorf ( "Split did not work with %q" , c . source )
}
2019-07-26 18:11:59 +00:00
2020-08-13 08:01:30 +00:00
if c . elementCnt != len ( as ) {
t . Errorf ( "Split did not work with %q expected: %d got: %d" , c . source , c . elementCnt , len ( as ) )
}
} )
2019-07-26 18:11:59 +00:00
}
}
2019-07-17 14:08:11 +00:00
func TestCompareOp ( t * testing . T ) {
cases := [ ] struct {
label string
op string
2020-12-24 14:38:22 +00:00
flagVal string // Test output.
compareValue string // Flag value to compare with.
2019-07-17 14:08:11 +00:00
expectedResultPattern string
2020-12-24 14:38:22 +00:00
flagName string // Compared flag name.
2019-07-17 14:08:11 +00:00
testResult bool
} {
// Test Op not matching
2020-12-24 14:38:22 +00:00
{ label : "empty - op" , op : "" , flagVal : "" , compareValue : "" , expectedResultPattern : "" , testResult : false , flagName : "" } ,
{ label : "op=blah" , op : "blah" , flagVal : "foo" , compareValue : "bar" , expectedResultPattern : "" , testResult : false , flagName : "" } ,
2019-07-17 14:08:11 +00:00
// Test Op "eq"
2020-12-24 14:38:22 +00:00
{ label : "op=eq, both empty" , op : "eq" , flagVal : "" , compareValue : "" , expectedResultPattern : "'' is equal to ''" , testResult : true , flagName : "" } ,
2019-07-17 14:08:11 +00:00
{ label : "op=eq, true==true" , op : "eq" , flagVal : "true" ,
compareValue : "true" ,
2020-12-24 14:38:22 +00:00
expectedResultPattern : "'parameterTrue' is equal to 'true'" ,
testResult : true ,
flagName : "parameterTrue" } ,
2019-07-17 14:08:11 +00:00
{ label : "op=eq, false==false" , op : "eq" , flagVal : "false" ,
compareValue : "false" ,
2020-12-24 14:38:22 +00:00
expectedResultPattern : "'parameterFalse' is equal to 'false'" ,
testResult : true ,
flagName : "parameterFalse" } ,
2019-07-17 14:08:11 +00:00
{ label : "op=eq, false==true" , op : "eq" , flagVal : "false" ,
compareValue : "true" ,
2020-12-24 14:38:22 +00:00
expectedResultPattern : "'parameterFalse' is equal to 'true'" ,
testResult : false ,
flagName : "parameterFalse" } ,
2019-07-17 14:08:11 +00:00
{ label : "op=eq, strings match" , op : "eq" , flagVal : "KubeletConfiguration" ,
compareValue : "KubeletConfiguration" ,
2020-12-24 14:38:22 +00:00
expectedResultPattern : "'--FlagNameKubeletConf' is equal to 'KubeletConfiguration'" ,
testResult : true ,
flagName : "--FlagNameKubeletConf" } ,
2019-07-17 14:08:11 +00:00
{ label : "op=eq, flagVal=empty" , op : "eq" , flagVal : "" ,
compareValue : "KubeletConfiguration" ,
2020-12-24 14:38:22 +00:00
expectedResultPattern : "'--FlagNameKubeletConf' is equal to 'KubeletConfiguration'" ,
testResult : false ,
flagName : "--FlagNameKubeletConf" } ,
2019-07-17 14:08:11 +00:00
2020-12-24 14:38:22 +00:00
{ label : "op=eq, compareValue=empty" ,
op : "eq" ,
flagVal : "KubeletConfiguration" ,
2019-07-17 14:08:11 +00:00
compareValue : "" ,
2020-12-24 14:38:22 +00:00
expectedResultPattern : "'--FlagNameKubeletConf' is equal to ''" ,
testResult : false ,
flagName : "--FlagNameKubeletConf" } ,
2019-07-17 14:08:11 +00:00
// Test Op "noteq"
2020-12-24 14:38:22 +00:00
{ label : "op=noteq, both empty" ,
op : "noteq" ,
flagVal : "" ,
compareValue : "" ,
expectedResultPattern : "'parameter' is not equal to ''" ,
testResult : false ,
flagName : "parameter" } ,
2019-07-17 14:08:11 +00:00
2020-12-24 14:38:22 +00:00
{ label : "op=noteq, true!=true" ,
op : "noteq" ,
flagVal : "true" ,
2019-07-17 14:08:11 +00:00
compareValue : "true" ,
2020-12-24 14:38:22 +00:00
expectedResultPattern : "'parameterTrue' is not equal to 'true'" ,
testResult : false ,
flagName : "parameterTrue" } ,
2019-07-17 14:08:11 +00:00
2020-12-24 14:38:22 +00:00
{ label : "op=noteq, false!=false" ,
op : "noteq" ,
flagVal : "false" ,
2019-07-17 14:08:11 +00:00
compareValue : "false" ,
2020-12-24 14:38:22 +00:00
expectedResultPattern : "'parameterFalse' is not equal to 'false'" ,
testResult : false ,
flagName : "parameterFalse" } ,
2019-07-17 14:08:11 +00:00
2020-12-24 14:38:22 +00:00
{ label : "op=noteq, false!=true" ,
op : "noteq" ,
flagVal : "false" ,
2019-07-17 14:08:11 +00:00
compareValue : "true" ,
2020-12-24 14:38:22 +00:00
expectedResultPattern : "'parameterFalse' is not equal to 'true'" ,
testResult : true ,
flagName : "parameterFalse" } ,
2019-07-17 14:08:11 +00:00
2020-12-24 14:38:22 +00:00
{ label : "op=noteq, strings match" ,
op : "noteq" ,
flagVal : "KubeletConfiguration" ,
2019-07-17 14:08:11 +00:00
compareValue : "KubeletConfiguration" ,
2020-12-24 14:38:22 +00:00
expectedResultPattern : "'--FlagNameKubeletConf' is not equal to 'KubeletConfiguration'" ,
testResult : false ,
flagName : "--FlagNameKubeletConf" } ,
2019-07-17 14:08:11 +00:00
2020-12-24 14:38:22 +00:00
{ label : "op=noteq, flagVal=empty" ,
op : "noteq" ,
flagVal : "" ,
2019-07-17 14:08:11 +00:00
compareValue : "KubeletConfiguration" ,
2020-12-24 14:38:22 +00:00
expectedResultPattern : "'--FlagNameKubeletConf' is not equal to 'KubeletConfiguration'" ,
testResult : true ,
flagName : "--FlagNameKubeletConf" } ,
2019-07-17 14:08:11 +00:00
2020-12-24 14:38:22 +00:00
{ label : "op=noteq, compareValue=empty" ,
op : "noteq" ,
flagVal : "KubeletConfiguration" ,
2019-07-17 14:08:11 +00:00
compareValue : "" ,
2020-12-24 14:38:22 +00:00
expectedResultPattern : "'--FlagNameKubeletConf' is not equal to ''" ,
testResult : true ,
flagName : "--FlagNameKubeletConf" } ,
2019-07-17 14:08:11 +00:00
// Test Op "gt"
2020-12-24 14:38:22 +00:00
{ label : "op=gt, both empty" ,
op : "gt" ,
flagVal : "" ,
compareValue : "" ,
expectedResultPattern : "Invalid Number(s) used for comparison: '' ''" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=gt, 0 > 0" ,
op : "gt" ,
flagVal : "0" ,
compareValue : "0" , expectedResultPattern : "'flagName' is greater than 0" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=gt, 4 > 5" ,
op : "gt" ,
flagVal : "4" ,
compareValue : "5" ,
expectedResultPattern : "'flagName' is greater than 5" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=gt, 5 > 4" ,
op : "gt" ,
flagVal : "5" ,
compareValue : "4" ,
expectedResultPattern : "'flagName' is greater than 4" ,
testResult : true ,
flagName : "flagName" } ,
{ label : "op=gt, 5 > 5" ,
op : "gt" ,
flagVal : "5" ,
compareValue : "5" ,
expectedResultPattern : "'flagName' is greater than 5" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=gt, Pikachu > 5" ,
op : "gt" ,
flagVal : "Pikachu" ,
compareValue : "5" ,
expectedResultPattern : "Invalid Number(s) used for comparison: 'Pikachu' '5'" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=gt, 5 > Bulbasaur" ,
op : "gt" ,
flagVal : "5" ,
compareValue : "Bulbasaur" ,
expectedResultPattern : "Invalid Number(s) used for comparison: '5' 'Bulbasaur'" ,
testResult : false ,
flagName : "flagName" } ,
2019-07-17 14:08:11 +00:00
// Test Op "lt"
2020-12-24 14:38:22 +00:00
{ label : "op=lt, both empty" ,
op : "lt" ,
flagVal : "" ,
compareValue : "" ,
expectedResultPattern : "Invalid Number(s) used for comparison: '' ''" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=lt, 0 < 0" ,
op : "lt" ,
flagVal : "0" ,
compareValue : "0" ,
expectedResultPattern : "'flagName' is lower than 0" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=lt, 4 < 5" ,
op : "lt" ,
flagVal : "4" ,
compareValue : "5" ,
expectedResultPattern : "'flagName' is lower than 5" ,
testResult : true ,
flagName : "flagName" } ,
{ label : "op=lt, 5 < 4" ,
op : "lt" ,
flagVal : "5" ,
compareValue : "4" ,
expectedResultPattern : "'flagName' is lower than 4" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=lt, 5 < 5" ,
op : "lt" ,
flagVal : "5" ,
compareValue : "5" ,
expectedResultPattern : "'flagName' is lower than 5" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=lt, Charmander < 5" ,
op : "lt" ,
flagVal : "Charmander" ,
compareValue : "5" ,
expectedResultPattern : "Invalid Number(s) used for comparison: 'Charmander' '5'" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=lt, 5 < Charmeleon" ,
op : "lt" ,
flagVal : "5" ,
compareValue : "Charmeleon" ,
expectedResultPattern : "Invalid Number(s) used for comparison: '5' 'Charmeleon'" ,
testResult : false ,
flagName : "flagName" } ,
2019-07-17 14:08:11 +00:00
// Test Op "gte"
2020-12-24 14:38:22 +00:00
{ label : "op=gte, both empty" ,
op : "gte" ,
flagVal : "" ,
compareValue : "" ,
expectedResultPattern : "Invalid Number(s) used for comparison: '' ''" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=gte, 0 >= 0" ,
op : "gte" ,
flagVal : "0" ,
compareValue : "0" ,
expectedResultPattern : "'flagName' is greater or equal to 0" ,
testResult : true ,
flagName : "flagName" } ,
{ label : "op=gte, 4 >= 5" ,
op : "gte" ,
flagVal : "4" ,
compareValue : "5" ,
expectedResultPattern : "'flagName' is greater or equal to 5" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=gte, 5 >= 4" ,
op : "gte" ,
flagVal : "5" ,
compareValue : "4" ,
expectedResultPattern : "'flagName' is greater or equal to 4" ,
testResult : true ,
flagName : "flagName" } ,
{ label : "op=gte, 5 >= 5" ,
op : "gte" ,
flagVal : "5" ,
compareValue : "5" ,
expectedResultPattern : "'flagName' is greater or equal to 5" ,
testResult : true ,
flagName : "flagName" } ,
{ label : "op=gte, Ekans >= 5" ,
op : "gte" ,
flagVal : "Ekans" ,
compareValue : "5" ,
expectedResultPattern : "Invalid Number(s) used for comparison: 'Ekans' '5'" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=gte, 4 >= Zubat" ,
op : "gte" ,
flagVal : "4" ,
compareValue : "Zubat" ,
expectedResultPattern : "Invalid Number(s) used for comparison: '4' 'Zubat'" ,
testResult : false ,
flagName : "flagName" } ,
2019-07-17 14:08:11 +00:00
// Test Op "lte"
2020-12-24 14:38:22 +00:00
{ label : "op=lte, both empty" ,
op : "lte" ,
flagVal : "" ,
compareValue : "" ,
expectedResultPattern : "Invalid Number(s) used for comparison: '' ''" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=lte, 0 <= 0" ,
op : "lte" ,
flagVal : "0" ,
compareValue : "0" ,
expectedResultPattern : "'flagName' is lower or equal to 0" ,
testResult : true ,
flagName : "flagName" } ,
{ label : "op=lte, 4 <= 5" ,
op : "lte" ,
flagVal : "4" ,
compareValue : "5" ,
expectedResultPattern : "'flagName' is lower or equal to 5" ,
testResult : true ,
flagName : "flagName" } ,
{ label : "op=lte, 5 <= 4" ,
op : "lte" ,
flagVal : "5" ,
compareValue : "4" ,
expectedResultPattern : "'flagName' is lower or equal to 4" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=lte, 5 <= 5" ,
op : "lte" ,
flagVal : "5" ,
compareValue : "5" ,
expectedResultPattern : "'flagName' is lower or equal to 5" ,
testResult : true ,
flagName : "flagName" } ,
{ label : "op=lte, Venomoth <= 4" ,
op : "lte" ,
flagVal : "Venomoth" ,
compareValue : "4" ,
expectedResultPattern : "Invalid Number(s) used for comparison: 'Venomoth' '4'" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=lte, 5 <= Meowth" ,
op : "lte" ,
flagVal : "5" ,
compareValue : "Meowth" ,
expectedResultPattern : "Invalid Number(s) used for comparison: '5' 'Meowth'" ,
testResult : false ,
flagName : "flagName" } ,
2019-07-17 14:08:11 +00:00
// Test Op "has"
2020-12-24 14:38:22 +00:00
{ label : "op=has, both empty" ,
op : "has" ,
flagVal : "" ,
compareValue : "" ,
expectedResultPattern : "'flagName' has ''" ,
testResult : true ,
flagName : "flagName" } ,
{ label : "op=has, flagVal=empty" ,
op : "has" ,
flagVal : "" ,
compareValue : "blah" ,
expectedResultPattern : "'flagName' has 'blah'" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=has, compareValue=empty" ,
op : "has" ,
flagVal : "blah" ,
compareValue : "" ,
expectedResultPattern : "'flagName-blah' has ''" ,
testResult : true ,
flagName : "flagName-blah" } ,
{ label : "op=has, 'blah' has 'la'" ,
op : "has" ,
flagVal : "blah" ,
compareValue : "la" ,
expectedResultPattern : "'flagName-blah' has 'la'" ,
testResult : true ,
flagName : "flagName-blah" } ,
{ label : "op=has, 'blah' has 'LA'" ,
op : "has" ,
flagVal : "blah" ,
compareValue : "LA" ,
expectedResultPattern : "'flagName-blah' has 'LA'" ,
testResult : false ,
flagName : "flagName-blah" } ,
{ label : "op=has, 'blah' has 'lo'" ,
op : "has" ,
flagVal : "blah" ,
compareValue : "lo" ,
expectedResultPattern : "'flagName-blah' has 'lo'" ,
testResult : false ,
flagName : "flagName-blah" } ,
2019-07-17 14:08:11 +00:00
// Test Op "nothave"
2020-12-24 14:38:22 +00:00
{ label : "op=nothave, both empty" ,
op : "nothave" ,
flagVal : "" ,
compareValue : "" ,
expectedResultPattern : "'flagName' does not have ''" ,
testResult : false ,
flagName : "flagName" } ,
{ label : "op=nothave, flagVal=empty" ,
op : "nothave" ,
flagVal : "" ,
compareValue : "blah" ,
expectedResultPattern : "'flagName' does not have 'blah'" ,
testResult : true ,
flagName : "flagName" } ,
{ label : "op=nothave, compareValue=empty" ,
op : "nothave" ,
flagVal : "blah" ,
compareValue : "" ,
expectedResultPattern : "'flagName-blah' does not have ''" ,
testResult : false ,
flagName : "flagName-blah" } ,
{ label : "op=nothave, 'blah' not have 'la'" ,
op : "nothave" ,
flagVal : "blah" ,
compareValue : "la" ,
expectedResultPattern : "'flagName-blah' does not have 'la'" ,
testResult : false ,
flagName : "flagName-blah" } ,
{ label : "op=nothave, 'blah' not have 'LA'" ,
op : "nothave" ,
flagVal : "blah" ,
compareValue : "LA" ,
expectedResultPattern : "'flagName-blah' does not have 'LA'" ,
testResult : true ,
flagName : "flagName-blah" } ,
{ label : "op=nothave, 'blah' not have 'lo'" ,
op : "nothave" ,
flagVal : "blah" ,
compareValue : "lo" ,
expectedResultPattern : "'flagName-blah' does not have 'lo'" ,
testResult : true ,
flagName : "flagName-blah" } ,
2019-07-17 14:08:11 +00:00
// Test Op "regex"
2020-12-24 14:38:22 +00:00
{ label : "op=regex, both empty" ,
op : "regex" ,
flagVal : "" ,
compareValue : "" ,
expectedResultPattern : "'flagName' matched by regex expression ''" ,
testResult : true ,
flagName : "flagName" } ,
{ label : "op=regex, flagVal=empty" ,
op : "regex" ,
flagVal : "" ,
compareValue : "blah" ,
expectedResultPattern : "'flagName' matched by regex expression 'blah'" ,
testResult : false ,
flagName : "flagName" } ,
2019-07-26 18:11:59 +00:00
// Test Op "valid_elements"
2020-12-24 14:38:22 +00:00
{ label : "op=valid_elements, valid_elements both empty" ,
op : "valid_elements" ,
flagVal : "" ,
compareValue : "" ,
expectedResultPattern : "'flagWithMultipleElements' contains valid elements from ''" ,
testResult : true ,
flagName : "flagWithMultipleElements" } ,
2019-07-26 18:11:59 +00:00
2020-12-24 14:38:22 +00:00
{ label : "op=valid_elements, valid_elements flagVal empty" ,
op : "valid_elements" ,
flagVal : "" ,
compareValue : "a,b" ,
expectedResultPattern : "'flagWithMultipleElements' contains valid elements from 'a,b'" ,
testResult : false ,
flagName : "flagWithMultipleElements" } ,
{ label : "op=valid_elements, valid_elements compareValue empty" ,
op : "valid_elements" ,
flagVal : "a,b" ,
compareValue : "" ,
expectedResultPattern : "'flagWithMultipleElements' contains valid elements from ''" ,
testResult : false ,
flagName : "flagWithMultipleElements" } ,
{ label : "op=valid_elements, valid_elements two list equals" ,
op : "valid_elements" ,
flagVal : "a,b,c" ,
compareValue : "a,b,c" ,
expectedResultPattern : "'flagWithMultipleElements' contains valid elements from 'a,b,c'" ,
testResult : true ,
flagName : "flagWithMultipleElements" } ,
{ label : "op=valid_elements, valid_elements partial flagVal valid" ,
op : "valid_elements" ,
flagVal : "a,c" ,
compareValue : "a,b,c" ,
expectedResultPattern : "'flagWithMultipleElements' contains valid elements from 'a,b,c'" ,
testResult : true ,
flagName : "flagWithMultipleElements" } ,
{ label : "op=valid_elements, valid_elements partial compareValue valid" ,
op : "valid_elements" ,
flagVal : "a,b,c" ,
compareValue : "a,c" ,
expectedResultPattern : "'flagWithMultipleElements' contains valid elements from 'a,c'" ,
testResult : false ,
flagName : "flagWithMultipleElements" } ,
2019-07-26 18:11:59 +00:00
2020-03-16 12:25:46 +00:00
// Test Op "bitmask"
2020-12-24 14:38:22 +00:00
{ label : "op=bitmask, 644 AND 640" ,
op : "bitmask" ,
flagVal : "640" ,
compareValue : "644" ,
expectedResultPattern : "etc/fileExamplePermission640 has permissions 640, expected 644 or more restrictive" ,
testResult : true ,
flagName : "etc/fileExamplePermission640" } ,
{ label : "op=bitmask, 644 AND 777" ,
op : "bitmask" ,
flagVal : "777" ,
compareValue : "644" ,
expectedResultPattern : "etc/fileExamplePermission777 has permissions 777, expected 644 or more restrictive" ,
testResult : false ,
flagName : "etc/fileExamplePermission777" } ,
{ label : "op=bitmask, 644 AND 444" ,
op : "bitmask" ,
flagVal : "444" ,
compareValue : "644" ,
expectedResultPattern : "etc/fileExamplePermission444 has permissions 444, expected 644 or more restrictive" ,
testResult : true ,
flagName : "etc/fileExamplePermission444" } ,
{ label : "op=bitmask, 644 AND 211" ,
op : "bitmask" ,
flagVal : "211" ,
compareValue : "644" ,
expectedResultPattern : "etc/fileExamplePermission211 has permissions 211, expected 644 or more restrictive" ,
testResult : false ,
flagName : "etc/fileExamplePermission211" } ,
{ label : "op=bitmask, Harry AND 211" ,
op : "bitmask" ,
flagVal : "Harry" ,
compareValue : "644" ,
expectedResultPattern : "Not numeric value - flag: Harry" ,
testResult : false ,
flagName : "etc/fileExample" } ,
{ label : "op=bitmask, 644 AND Potter" ,
op : "bitmask" ,
flagVal : "211" ,
compareValue : "Potter" ,
expectedResultPattern : "Not numeric value - flag: Potter" ,
testResult : false ,
flagName : "etc/fileExample" } ,
2019-07-17 14:08:11 +00:00
}
for _ , c := range cases {
2020-08-13 08:01:30 +00:00
t . Run ( c . label , func ( t * testing . T ) {
2020-12-24 14:38:22 +00:00
expectedResultPattern , testResult := compareOp ( c . op , c . flagVal , c . compareValue , c . flagName )
2020-08-13 08:01:30 +00:00
if expectedResultPattern != c . expectedResultPattern {
t . Errorf ( "'expectedResultPattern' did not match - op: %q expected:%q got:%q" , c . op , c . expectedResultPattern , expectedResultPattern )
}
2019-07-17 14:08:11 +00:00
2020-08-13 08:01:30 +00:00
if testResult != c . testResult {
t . Errorf ( "'testResult' did not match - lop: %q expected:%t got:%t" , c . op , c . testResult , testResult )
}
} )
2019-07-17 14:08:11 +00:00
}
}
2019-10-12 22:46:19 +00:00
func TestToNumeric ( t * testing . T ) {
cases := [ ] struct {
firstValue string
secondValue string
expectedToFail bool
} {
{
firstValue : "a" ,
secondValue : "b" ,
expectedToFail : true ,
} ,
{
firstValue : "5" ,
secondValue : "b" ,
expectedToFail : true ,
} ,
{
firstValue : "5" ,
secondValue : "6" ,
expectedToFail : false ,
} ,
}
2020-08-13 08:01:30 +00:00
for id , c := range cases {
t . Run ( fmt . Sprintf ( "%d" , id ) , func ( t * testing . T ) {
f , s , err := toNumeric ( c . firstValue , c . secondValue )
if c . expectedToFail && err == nil {
t . Errorf ( "Expected error while converting %s and %s" , c . firstValue , c . secondValue )
}
if ! c . expectedToFail && ( f != 5 || s != 6 ) {
t . Errorf ( "Expected to return %d,%d - got %d,%d" , 5 , 6 , f , s )
}
} )
2019-10-12 22:46:19 +00:00
}
}
2021-10-27 09:56:00 +00:00
func TestExecuteJSONPathOnEncryptionConfig ( t * testing . T ) {
type Resources struct {
Resources [ ] string ` json:"resources" `
Providers [ ] map [ string ] interface { } ` json:"providers" `
}
type EncryptionConfig struct {
Kind string ` json:"kind" `
ApiVersion string ` json:"apiVersion" `
Resources [ ] Resources ` json:"resources" `
}
type Key struct {
Secret string ` json:"secret" `
Name string ` json:"name" `
}
type Aescbc struct {
Keys [ ] Key ` json:"keys" `
}
type SecretBox struct {
Keys [ ] Key ` json:"keys" `
}
type Aesgcm struct {
Keys [ ] Key ` json:"keys" `
}
// identity disable encryption when set as the first parameter
type Identity struct { }
cases := [ ] struct {
name string
jsonPath string
jsonInterface EncryptionConfig
expectedResult string
expectedToFail bool
} {
{
"JSONPath parse works, results match" ,
"{.resources[*].providers[*].aescbc.keys[*].secret}" ,
EncryptionConfig {
Kind : "EncryptionConfig" ,
ApiVersion : "v1" ,
Resources : [ ] Resources { { Resources : [ ] string { "secrets" } , Providers : [ ] map [ string ] interface { } {
{ "aescbc" : Aescbc { Keys : [ ] Key { Key { Secret : "secret1" , Name : "name1" } } } } ,
} } } } ,
"secret1" ,
false ,
} ,
{
"JSONPath parse works, results match" ,
"{.resources[*].providers[*].aescbc.keys[*].name}" ,
EncryptionConfig {
Kind : "EncryptionConfig" ,
ApiVersion : "v1" ,
Resources : [ ] Resources { { Resources : [ ] string { "secrets" } , Providers : [ ] map [ string ] interface { } {
{ "aescbc" : Aescbc { Keys : [ ] Key { Key { Secret : "secret1" , Name : "name1" } } } } ,
} } } } ,
"name1" ,
false ,
} ,
{
"JSONPath parse works, results don't match" ,
"{.resources[*].providers[*].aescbc.keys[*].secret}" ,
EncryptionConfig {
Kind : "EncryptionConfig" ,
ApiVersion : "v1" ,
Resources : [ ] Resources { { Resources : [ ] string { "secrets" } , Providers : [ ] map [ string ] interface { } {
{ "aesgcm" : Aesgcm { Keys : [ ] Key { Key { Secret : "secret1" , Name : "name1" } } } } ,
} } } } ,
"secret1" ,
true ,
} ,
{
"JSONPath parse works, results match" ,
"{.resources[*].providers[*].aesgcm.keys[*].secret}" ,
EncryptionConfig {
Kind : "EncryptionConfig" ,
ApiVersion : "v1" ,
Resources : [ ] Resources { { Resources : [ ] string { "secrets" } , Providers : [ ] map [ string ] interface { } {
{ "aesgcm" : Aesgcm { Keys : [ ] Key { Key { Secret : "secret1" , Name : "name1" } } } } ,
} } } } ,
"secret1" ,
false ,
} ,
{
"JSONPath parse works, results match" ,
"{.resources[*].providers[*].secretbox.keys[*].secret}" ,
EncryptionConfig {
Kind : "EncryptionConfig" ,
ApiVersion : "v1" ,
Resources : [ ] Resources { { Resources : [ ] string { "secrets" } , Providers : [ ] map [ string ] interface { } {
{ "secretbox" : SecretBox { Keys : [ ] Key { Key { Secret : "secret1" , Name : "name1" } } } } ,
} } } } ,
"secret1" ,
false ,
} ,
{
"JSONPath parse works, results match" ,
"{.resources[*].providers[*].aescbc.keys[*].secret}" ,
EncryptionConfig {
Kind : "EncryptionConfig" ,
ApiVersion : "v1" ,
Resources : [ ] Resources { { Resources : [ ] string { "secrets" } , Providers : [ ] map [ string ] interface { } {
{ "aescbc" : Aescbc { Keys : [ ] Key { Key { Secret : "secret1" , Name : "name1" } , Key { Secret : "secret2" , Name : "name2" } } } } ,
} } } } ,
"secret1 secret2" ,
false ,
} ,
}
for _ , c := range cases {
t . Run ( c . name , func ( t * testing . T ) {
result , err := executeJSONPath ( c . jsonPath , c . jsonInterface )
if err != nil && ! c . expectedToFail {
t . Fatalf ( "jsonPath:%q, expectedResult:%q got:%v" , c . jsonPath , c . expectedResult , err )
}
if c . expectedResult != result && ! c . expectedToFail {
t . Errorf ( "jsonPath:%q, expectedResult:%q got:%q" , c . jsonPath , c . expectedResult , result )
}
} )
}
}