arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-06-07 08:38:50 +00:00
Code Issues Releases Wiki Activity

chore: improve test clarity (#675)

Browse Source 
* read-only-port defaults are correct

* Tests that should catch good read-only-port

* Rework checks & tests

* Linting on issue template YAML

* More explicit test for 4.2.4

* Remove verbosity for ease of reading results

* Use subtests

* Tidy more test cases
This commit is contained in:
Liz Rice 2020-08-13 09:01:30 +01:00 committed by GitHub
parent 2d548597ae
commit 01c77b2315
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 132 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
check/check_test.go
View File

@ -1,4 +1,4 @@
// Copyright © 2017-2019 Aqua Security Software Ltd. <info@aquasec.com> // Copyright © 2017-2020 Aqua Security Software Ltd. <info@aquasec.com>
// //
// Licensed under the Apache License, Version 2.0 (the "License"); // Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License. // you may not use this file except in compliance with the License.
@ -53,8 +53,8 @@ func TestCheck_Run(t *testing.T) {
Tests: &tests{TestItems: []*testItem{{ Tests: &tests{TestItems: []*testItem{{
Flag: "hello", Flag: "hello",
Set: false, Set: false,
}}, }}},
}}, },
Expected: FAIL, Expected: FAIL,
}, },
{ {
@ -70,97 +70,58 @@ func TestCheck_Run(t *testing.T) {
Expected: PASS, Expected: PASS,
}, },
} }
for _, testCase := range testCases { for _, testCase := range testCases {
t.Run(testCase.name, func(t *testing.T) {
testCase.check.run() testCase.check.run()
if testCase.check.State != testCase.Expected { if testCase.check.State != testCase.Expected {
t.Errorf("%s: expected %s, actual %s\n", testCase.name, testCase.Expected, testCase.check.State) t.Errorf("expected %s, actual %s", testCase.Expected, testCase.check.State)
} }
})
} }
} }
func TestCheckAuditConfig(t *testing.T) { func TestCheckAuditConfig(t *testing.T) {
cases := []struct { passingCases := []*Check{
*Check
expected State
}{
{
controls.Groups[1].Checks[0], controls.Groups[1].Checks[0],
"PASS",
},
{
controls.Groups[1].Checks[1],
"FAIL",
},
{
controls.Groups[1].Checks[2],
"FAIL",
},
{
controls.Groups[1].Checks[3], controls.Groups[1].Checks[3],
"PASS",
},
{
controls.Groups[1].Checks[4],
"FAIL",
},
{
controls.Groups[1].Checks[5], controls.Groups[1].Checks[5],
"PASS",
},
{
controls.Groups[1].Checks[6],
"FAIL",
},
{
controls.Groups[1].Checks[7], controls.Groups[1].Checks[7],
"PASS",
},
{
controls.Groups[1].Checks[8],
"FAIL",
},
{
controls.Groups[1].Checks[9], controls.Groups[1].Checks[9],
"PASS",
},
{
controls.Groups[1].Checks[10],
"FAIL",
},
{
controls.Groups[1].Checks[11],
"FAIL",
},
{
controls.Groups[1].Checks[12],
"FAIL",
},
{
controls.Groups[1].Checks[13],
"FAIL",
},
{
controls.Groups[1].Checks[14],
"FAIL",
},
{
controls.Groups[1].Checks[15], controls.Groups[1].Checks[15],
"PASS",
},
{
controls.Groups[1].Checks[16],
"FAIL",
},
} }
for _, c := range cases { failingCases := []*Check{
c.run() controls.Groups[1].Checks[1],
if c.State != c.expected { controls.Groups[1].Checks[2],
t.Errorf("%s, expected:%v, got:%v\n", c.Text, c.expected, c.State) controls.Groups[1].Checks[4],
controls.Groups[1].Checks[6],
controls.Groups[1].Checks[8],
controls.Groups[1].Checks[10],
controls.Groups[1].Checks[11],
controls.Groups[1].Checks[12],
controls.Groups[1].Checks[13],
controls.Groups[1].Checks[14],
controls.Groups[1].Checks[16],
} }
for _, c := range passingCases {
t.Run(c.Text, func(t *testing.T) {
c.run()
if c.State != "PASS" {
t.Errorf("Should PASS, got: %v", c.State)
}
})
}
for _, c := range failingCases {
t.Run(c.Text, func(t *testing.T) {
c.run()
if c.State != "FAIL" {
t.Errorf("Should FAIL, got: %v", c.State)
}
})
} }
} }

62
check/test_test.go
View File

@ -1,4 +1,4 @@
// Copyright © 2017 Aqua Security Software Ltd. <info@aquasec.com> // Copyright © 2017-2020 Aqua Security Software Ltd. <info@aquasec.com>
// //
// Licensed under the Apache License, Version 2.0 (the "License"); // Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License. // you may not use this file except in compliance with the License.
@ -15,6 +15,7 @@
package check package check
import ( import (
"fmt"
"io/ioutil" "io/ioutil"
"os" "os"
"strings" "strings"
@ -216,6 +217,7 @@ func TestTestExecute(t *testing.T) {
} }
for _, c := range cases { for _, c := range cases {
t.Run(c.Text, func(t *testing.T) {
c.Check.AuditOutput = c.str c.Check.AuditOutput = c.str
c.Check.AuditConfigOutput = c.strConfig c.Check.AuditConfigOutput = c.strConfig
res, err := c.Check.execute() res, err := c.Check.execute()
@ -223,8 +225,9 @@ func TestTestExecute(t *testing.T) {
t.Errorf(err.Error()) t.Errorf(err.Error())
} }
if !res.testResult { if !res.testResult {
t.Errorf("%s, expected:%v, got:%v\n", c.Text, true, res) t.Errorf("expected:%v, got:%v", true, res)
} }
})
} }
} }
@ -257,14 +260,16 @@ func TestTestExecuteExceptions(t *testing.T) {
} }
for _, c := range cases { for _, c := range cases {
t.Run(c.Text, func(t *testing.T) {
c.Check.AuditConfigOutput = c.str c.Check.AuditConfigOutput = c.str
res, err := c.Check.execute() res, err := c.Check.execute()
if err != nil { if err != nil {
t.Errorf(err.Error()) t.Errorf(err.Error())
} }
if res.testResult { if res.testResult {
t.Errorf("%s, expected:%v, got:%v\n", c.Text, false, res) t.Errorf("expected:%v, got:%v", false, res)
} }
})
} }
} }
@ -318,17 +323,19 @@ apiVersion: kubelet.config.k8s.io/v1beta
}, },
} }
for _, c := range cases { for id, c := range cases {
t.Run(fmt.Sprintf("%d", id), func(t *testing.T) {
err := unmarshal(c.content, &c.jsonInterface) err := unmarshal(c.content, &c.jsonInterface)
if err != nil { if err != nil {
if !c.expectedToFail { if !c.expectedToFail {
t.Errorf("%s, expectedToFail:%v, got:%v\n", c.content, c.expectedToFail, err) t.Errorf("should pass, got error:%v", err)
} }
} else { } else {
if c.expectedToFail { if c.expectedToFail {
t.Errorf("%s, expectedToFail:%v, got:Did not fail\n", c.content, c.expectedToFail) t.Errorf("should fail, but passed")
} }
} }
})
} }
} }
@ -339,13 +346,14 @@ func TestExecuteJSONPath(t *testing.T) {
Address string Address string
} }
cases := []struct { cases := []struct {
name string
jsonPath string jsonPath string
jsonInterface kubeletConfig jsonInterface kubeletConfig
expectedResult string expectedResult string
expectedToFail bool expectedToFail bool
}{ }{
{ {
// JSONPath parse works, results don't match "JSONPath parse works, results don't match",
"{.Kind}", "{.Kind}",
kubeletConfig{ kubeletConfig{
Kind: "KubeletConfiguration", Kind: "KubeletConfiguration",
@ -356,7 +364,7 @@ func TestExecuteJSONPath(t *testing.T) {
true, true,
}, },
{ {
// JSONPath parse works, results match "JSONPath parse works, results match",
"{.Kind}", "{.Kind}",
kubeletConfig{ kubeletConfig{
Kind: "KubeletConfiguration", Kind: "KubeletConfiguration",
@ -367,7 +375,7 @@ func TestExecuteJSONPath(t *testing.T) {
false, false,
}, },
{ {
// JSONPath parse fails "JSONPath parse fails",
"{.ApiVersion", "{.ApiVersion",
kubeletConfig{ kubeletConfig{
Kind: "KubeletConfiguration", Kind: "KubeletConfiguration",
@ -379,13 +387,15 @@ func TestExecuteJSONPath(t *testing.T) {
}, },
} }
for _, c := range cases { for _, c := range cases {
t.Run(c.name, func(t *testing.T) {
result, err := executeJSONPath(c.jsonPath, c.jsonInterface) result, err := executeJSONPath(c.jsonPath, c.jsonInterface)
if err != nil && !c.expectedToFail { if err != nil && !c.expectedToFail {
t.Fatalf("jsonPath:%q, expectedResult:%q got:%v\n", c.jsonPath, c.expectedResult, err) t.Fatalf("jsonPath:%q, expectedResult:%q got:%v", c.jsonPath, c.expectedResult, err)
} }
if c.expectedResult != result && !c.expectedToFail { if c.expectedResult != result && !c.expectedToFail {
t.Errorf("jsonPath:%q, expectedResult:%q got:%q\n", c.jsonPath, c.expectedResult, result) t.Errorf("jsonPath:%q, expectedResult:%q got:%q", c.jsonPath, c.expectedResult, result)
} }
})
} }
} }
@ -438,10 +448,12 @@ func TestAllElementsValid(t *testing.T) {
valid: false, valid: false,
}, },
} }
for _, c := range cases { for id, c := range cases {
t.Run(fmt.Sprintf("%d", id), func(t *testing.T) {
if !allElementsValid(c.source, c.target) && c.valid { if !allElementsValid(c.source, c.target) && c.valid {
t.Errorf("Not All Elements in %q are found in %q \n", c.source, c.target) t.Errorf("Not All Elements in %q are found in %q", c.source, c.target)
} }
})
} }
} }
@ -478,16 +490,17 @@ func TestSplitAndRemoveLastSeparator(t *testing.T) {
}, },
} }
for _, c := range cases { for id, c := range cases {
t.Run(fmt.Sprintf("%d", id), func(t *testing.T) {
as := splitAndRemoveLastSeparator(c.source, defaultArraySeparator) as := splitAndRemoveLastSeparator(c.source, defaultArraySeparator)
if len(as) == 0 && c.valid { if len(as) == 0 && c.valid {
t.Errorf("Split did not work with %q \n", c.source) t.Errorf("Split did not work with %q", c.source)
} }
if c.elementCnt != len(as) { if c.elementCnt != len(as) {
t.Errorf("Split did not work with %q expected: %d got: %d\n", c.source, c.elementCnt, len(as)) t.Errorf("Split did not work with %q expected: %d got: %d", c.source, c.elementCnt, len(as))
} }
})
} }
} }
@ -743,15 +756,16 @@ func TestCompareOp(t *testing.T) {
} }
for _, c := range cases { for _, c := range cases {
t.Run(c.label, func(t *testing.T) {
expectedResultPattern, testResult := compareOp(c.op, c.flagVal, c.compareValue) expectedResultPattern, testResult := compareOp(c.op, c.flagVal, c.compareValue)
if expectedResultPattern != c.expectedResultPattern { if expectedResultPattern != c.expectedResultPattern {
t.Errorf("'expectedResultPattern' did not match - label: %q op: %q expected 'expectedResultPattern':%q got:%q\n", c.label, c.op, c.expectedResultPattern, expectedResultPattern) t.Errorf("'expectedResultPattern' did not match - op: %q expected:%q got:%q", c.op, c.expectedResultPattern, expectedResultPattern)
} }
if testResult != c.testResult { if testResult != c.testResult {
t.Errorf("'testResult' did not match - label: %q op: %q expected 'testResult':%t got:%t\n", c.label, c.op, c.testResult, testResult) t.Errorf("'testResult' did not match - lop: %q expected:%t got:%t", c.op, c.testResult, testResult)
} }
})
} }
} }
@ -778,14 +792,16 @@ func TestToNumeric(t *testing.T) {
}, },
} }
for _, c := range cases { for id, c := range cases {
t.Run(fmt.Sprintf("%d", id), func(t *testing.T) {
f, s, err := toNumeric(c.firstValue, c.secondValue) f, s, err := toNumeric(c.firstValue, c.secondValue)
if c.expectedToFail && err == nil { if c.expectedToFail && err == nil {
t.Errorf("TestToNumeric - Expected error while converting %s and %s", c.firstValue, c.secondValue) t.Errorf("Expected error while converting %s and %s", c.firstValue, c.secondValue)
} }
if !c.expectedToFail && (f != 5 || s != 6) { if !c.expectedToFail && (f != 5 || s != 6) {
t.Errorf("TestToNumeric - Expected to return %d,%d , but instead got %d,%d", 5, 6, f, s) t.Errorf("Expected to return %d,%d - got %d,%d", 5, 6, f, s)
} }
})
} }
} }

2
makefile
View File

@ -33,7 +33,7 @@ build-docker:
-t $(IMAGE_NAME) . -t $(IMAGE_NAME) .
tests: tests:
GO111MODULE=on go test -v -short -race -timeout 30s -coverprofile=coverage.txt -covermode=atomic ./... GO111MODULE=on go test -short -race -timeout 30s -coverprofile=coverage.txt -covermode=atomic ./...
integration-tests: build-docker integration-tests: build-docker
GO111MODULE=on go test ./integration/... -v -tags integration -timeout 1200s -args -kubebenchImg=$(IMAGE_NAME) GO111MODULE=on go test ./integration/... -v -tags integration -timeout 1200s -args -kubebenchImg=$(IMAGE_NAME)