arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-06-07 00:28:49 +00:00
Code Issues Releases Wiki Activity

chore: improve test clarity (#675)

Browse Source 
* read-only-port defaults are correct

* Tests that should catch good read-only-port

* Rework checks & tests

* Linting on issue template YAML

* More explicit test for 4.2.4

* Remove verbosity for ease of reading results

* Use subtests

* Tidy more test cases
This commit is contained in:
Liz Rice 2020-08-13 09:01:30 +01:00 committed by GitHub
parent 2d548597ae
commit 01c77b2315
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 132 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
check/check_test.go
View File

@ -1,4 +1,4 @@
// Copyright © 2017-2019 Aqua Security Software Ltd. <info@aquasec.com> // Copyright © 2017-2020 Aqua Security Software Ltd. <info@aquasec.com>
// //
// Licensed under the Apache License, Version 2.0 (the "License"); // Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License. // you may not use this file except in compliance with the License.
@ -53,8 +53,8 @@ func TestCheck_Run(t *testing.T) {
Tests: &tests{TestItems: []*testItem{{ Tests: &tests{TestItems: []*testItem{{
Flag: "hello", Flag: "hello",
Set: false, Set: false,
}}, }}},
}}, },
Expected: FAIL, Expected: FAIL,
}, },
{ {
@ -70,97 +70,58 @@ func TestCheck_Run(t *testing.T) {
Expected: PASS, Expected: PASS,
}, },
} }
for _, testCase := range testCases { for _, testCase := range testCases {
t.Run(testCase.name, func(t *testing.T) {
testCase.check.run() testCase.check.run()
if testCase.check.State != testCase.Expected {
if testCase.check.State != testCase.Expected { t.Errorf("expected %s, actual %s", testCase.Expected, testCase.check.State)
t.Errorf("%s: expected %s, actual %s\n", testCase.name, testCase.Expected, testCase.check.State) }
} })
} }
} }
func TestCheckAuditConfig(t *testing.T) { func TestCheckAuditConfig(t *testing.T) {
cases := []struct { passingCases := []*Check{
*Check controls.Groups[1].Checks[0],
expected State controls.Groups[1].Checks[3],
}{ controls.Groups[1].Checks[5],
{ controls.Groups[1].Checks[7],
controls.Groups[1].Checks[0], controls.Groups[1].Checks[9],
"PASS", controls.Groups[1].Checks[15],
},
{
controls.Groups[1].Checks[1],
"FAIL",
},
{
controls.Groups[1].Checks[2],
"FAIL",
},
{
controls.Groups[1].Checks[3],
"PASS",
},
{
controls.Groups[1].Checks[4],
"FAIL",
},
{
controls.Groups[1].Checks[5],
"PASS",
},
{
controls.Groups[1].Checks[6],
"FAIL",
},
{
controls.Groups[1].Checks[7],
"PASS",
},
{
controls.Groups[1].Checks[8],
"FAIL",
},
{
controls.Groups[1].Checks[9],
"PASS",
},
{
controls.Groups[1].Checks[10],
"FAIL",
},
{
controls.Groups[1].Checks[11],
"FAIL",
},
{
controls.Groups[1].Checks[12],
"FAIL",
},
{
controls.Groups[1].Checks[13],
"FAIL",
},
{
controls.Groups[1].Checks[14],
"FAIL",
},
{
controls.Groups[1].Checks[15],
"PASS",
},
{
controls.Groups[1].Checks[16],
"FAIL",
},
} }
for _, c := range cases { failingCases := []*Check{
c.run() controls.Groups[1].Checks[1],
if c.State != c.expected { controls.Groups[1].Checks[2],
t.Errorf("%s, expected:%v, got:%v\n", c.Text, c.expected, c.State) controls.Groups[1].Checks[4],
} controls.Groups[1].Checks[6],
controls.Groups[1].Checks[8],
controls.Groups[1].Checks[10],
controls.Groups[1].Checks[11],
controls.Groups[1].Checks[12],
controls.Groups[1].Checks[13],
controls.Groups[1].Checks[14],
controls.Groups[1].Checks[16],
}
for _, c := range passingCases {
t.Run(c.Text, func(t *testing.T) {
c.run()
if c.State != "PASS" {
t.Errorf("Should PASS, got: %v", c.State)
}
})
}
for _, c := range failingCases {
t.Run(c.Text, func(t *testing.T) {
c.run()
if c.State != "FAIL" {
t.Errorf("Should FAIL, got: %v", c.State)
}
})
} }
} }

150
check/test_test.go
View File

@ -1,4 +1,4 @@
// Copyright © 2017 Aqua Security Software Ltd. <info@aquasec.com> // Copyright © 2017-2020 Aqua Security Software Ltd. <info@aquasec.com>
// //
// Licensed under the Apache License, Version 2.0 (the "License"); // Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License. // you may not use this file except in compliance with the License.
@ -15,6 +15,7 @@
package check package check
import ( import (
"fmt"
"io/ioutil" "io/ioutil"
"os" "os"
"strings" "strings"
@ -216,15 +217,17 @@ func TestTestExecute(t *testing.T) {
} }
for _, c := range cases { for _, c := range cases {
c.Check.AuditOutput = c.str t.Run(c.Text, func(t *testing.T) {
c.Check.AuditConfigOutput = c.strConfig c.Check.AuditOutput = c.str
res, err := c.Check.execute() c.Check.AuditConfigOutput = c.strConfig
if err != nil { res, err := c.Check.execute()
t.Errorf(err.Error()) if err != nil {
} t.Errorf(err.Error())
if !res.testResult { }
t.Errorf("%s, expected:%v, got:%v\n", c.Text, true, res) if !res.testResult {
} t.Errorf("expected:%v, got:%v", true, res)
}
})
} }
} }
@ -257,14 +260,16 @@ func TestTestExecuteExceptions(t *testing.T) {
} }
for _, c := range cases { for _, c := range cases {
c.Check.AuditConfigOutput = c.str t.Run(c.Text, func(t *testing.T) {
res, err := c.Check.execute() c.Check.AuditConfigOutput = c.str
if err != nil { res, err := c.Check.execute()
t.Errorf(err.Error()) if err != nil {
} t.Errorf(err.Error())
if res.testResult { }
t.Errorf("%s, expected:%v, got:%v\n", c.Text, false, res) if res.testResult {
} t.Errorf("expected:%v, got:%v", false, res)
}
})
} }
} }
@ -318,17 +323,19 @@ apiVersion: kubelet.config.k8s.io/v1beta
}, },
} }
for _, c := range cases { for id, c := range cases {
err := unmarshal(c.content, &c.jsonInterface) t.Run(fmt.Sprintf("%d", id), func(t *testing.T) {
if err != nil { err := unmarshal(c.content, &c.jsonInterface)
if !c.expectedToFail { if err != nil {
t.Errorf("%s, expectedToFail:%v, got:%v\n", c.content, c.expectedToFail, err) if !c.expectedToFail {
t.Errorf("should pass, got error:%v", err)
}
} else {
if c.expectedToFail {
t.Errorf("should fail, but passed")
}
} }
} else { })
if c.expectedToFail {
t.Errorf("%s, expectedToFail:%v, got:Did not fail\n", c.content, c.expectedToFail)
}
}
} }
} }
@ -339,13 +346,14 @@ func TestExecuteJSONPath(t *testing.T) {
Address string Address string
} }
cases := []struct { cases := []struct {
name string
jsonPath string jsonPath string
jsonInterface kubeletConfig jsonInterface kubeletConfig
expectedResult string expectedResult string
expectedToFail bool expectedToFail bool
}{ }{
{ {
// JSONPath parse works, results don't match "JSONPath parse works, results don't match",
"{.Kind}", "{.Kind}",
kubeletConfig{ kubeletConfig{
Kind: "KubeletConfiguration", Kind: "KubeletConfiguration",
@ -356,7 +364,7 @@ func TestExecuteJSONPath(t *testing.T) {
true, true,
}, },
{ {
// JSONPath parse works, results match "JSONPath parse works, results match",
"{.Kind}", "{.Kind}",
kubeletConfig{ kubeletConfig{
Kind: "KubeletConfiguration", Kind: "KubeletConfiguration",
@ -367,7 +375,7 @@ func TestExecuteJSONPath(t *testing.T) {
false, false,
}, },
{ {
// JSONPath parse fails "JSONPath parse fails",
"{.ApiVersion", "{.ApiVersion",
kubeletConfig{ kubeletConfig{
Kind: "KubeletConfiguration", Kind: "KubeletConfiguration",
@ -379,13 +387,15 @@ func TestExecuteJSONPath(t *testing.T) {
}, },
} }
for _, c := range cases { for _, c := range cases {
result, err := executeJSONPath(c.jsonPath, c.jsonInterface) t.Run(c.name, func(t *testing.T) {
if err != nil && !c.expectedToFail { result, err := executeJSONPath(c.jsonPath, c.jsonInterface)
t.Fatalf("jsonPath:%q, expectedResult:%q got:%v\n", c.jsonPath, c.expectedResult, err) if err != nil && !c.expectedToFail {
} t.Fatalf("jsonPath:%q, expectedResult:%q got:%v", c.jsonPath, c.expectedResult, err)
if c.expectedResult != result && !c.expectedToFail { }
t.Errorf("jsonPath:%q, expectedResult:%q got:%q\n", c.jsonPath, c.expectedResult, result) if c.expectedResult != result && !c.expectedToFail {
} t.Errorf("jsonPath:%q, expectedResult:%q got:%q", c.jsonPath, c.expectedResult, result)
}
})
} }
} }
@ -438,10 +448,12 @@ func TestAllElementsValid(t *testing.T) {
valid: false, valid: false,
}, },
} }
for _, c := range cases { for id, c := range cases {
if !allElementsValid(c.source, c.target) && c.valid { t.Run(fmt.Sprintf("%d", id), func(t *testing.T) {
t.Errorf("Not All Elements in %q are found in %q \n", c.source, c.target) if !allElementsValid(c.source, c.target) && c.valid {
} t.Errorf("Not All Elements in %q are found in %q", c.source, c.target)
}
})
} }
} }
@ -478,16 +490,17 @@ func TestSplitAndRemoveLastSeparator(t *testing.T) {
}, },
} }
for _, c := range cases { for id, c := range cases {
as := splitAndRemoveLastSeparator(c.source, defaultArraySeparator) t.Run(fmt.Sprintf("%d", id), func(t *testing.T) {
if len(as) == 0 && c.valid { as := splitAndRemoveLastSeparator(c.source, defaultArraySeparator)
t.Errorf("Split did not work with %q \n", c.source) if len(as) == 0 && c.valid {
} t.Errorf("Split did not work with %q", c.source)
}
if c.elementCnt != len(as) {
t.Errorf("Split did not work with %q expected: %d got: %d\n", c.source, c.elementCnt, len(as))
}
if c.elementCnt != len(as) {
t.Errorf("Split did not work with %q expected: %d got: %d", c.source, c.elementCnt, len(as))
}
})
} }
} }
@ -743,15 +756,16 @@ func TestCompareOp(t *testing.T) {
} }
for _, c := range cases { for _, c := range cases {
expectedResultPattern, testResult := compareOp(c.op, c.flagVal, c.compareValue) t.Run(c.label, func(t *testing.T) {
expectedResultPattern, testResult := compareOp(c.op, c.flagVal, c.compareValue)
if expectedResultPattern != c.expectedResultPattern {
t.Errorf("'expectedResultPattern' did not match - op: %q expected:%q got:%q", c.op, c.expectedResultPattern, expectedResultPattern)
}
if expectedResultPattern != c.expectedResultPattern { if testResult != c.testResult {
t.Errorf("'expectedResultPattern' did not match - label: %q op: %q expected 'expectedResultPattern':%q got:%q\n", c.label, c.op, c.expectedResultPattern, expectedResultPattern) t.Errorf("'testResult' did not match - lop: %q expected:%t got:%t", c.op, c.testResult, testResult)
} }
})
if testResult != c.testResult {
t.Errorf("'testResult' did not match - label: %q op: %q expected 'testResult':%t got:%t\n", c.label, c.op, c.testResult, testResult)
}
} }
} }
@ -778,14 +792,16 @@ func TestToNumeric(t *testing.T) {
}, },
} }
for _, c := range cases { for id, c := range cases {
f, s, err := toNumeric(c.firstValue, c.secondValue) t.Run(fmt.Sprintf("%d", id), func(t *testing.T) {
if c.expectedToFail && err == nil { f, s, err := toNumeric(c.firstValue, c.secondValue)
t.Errorf("TestToNumeric - Expected error while converting %s and %s", c.firstValue, c.secondValue) if c.expectedToFail && err == nil {
} t.Errorf("Expected error while converting %s and %s", c.firstValue, c.secondValue)
}
if !c.expectedToFail && (f != 5 || s != 6) { if !c.expectedToFail && (f != 5 || s != 6) {
t.Errorf("TestToNumeric - Expected to return %d,%d , but instead got %d,%d", 5, 6, f, s) t.Errorf("Expected to return %d,%d - got %d,%d", 5, 6, f, s)
} }
})
} }
} }

2
makefile
View File

@ -33,7 +33,7 @@ build-docker:
-t $(IMAGE_NAME) . -t $(IMAGE_NAME) .
tests: tests:
GO111MODULE=on go test -v -short -race -timeout 30s -coverprofile=coverage.txt -covermode=atomic ./... GO111MODULE=on go test -short -race -timeout 30s -coverprofile=coverage.txt -covermode=atomic ./...
integration-tests: build-docker integration-tests: build-docker
GO111MODULE=on go test ./integration/... -v -tags integration -timeout 1200s -args -kubebenchImg=$(IMAGE_NAME) GO111MODULE=on go test ./integration/... -v -tags integration -timeout 1200s -args -kubebenchImg=$(IMAGE_NAME)