@ -49,142 +49,180 @@ func TestTestExecute(t *testing.T) {
cases := [ ] struct {
cases := [ ] struct {
* Check
* Check
str string
str string
strConfig string
} {
} {
{
{
controls . Groups [ 0 ] . Checks [ 0 ] ,
controls . Groups [ 0 ] . Checks [ 0 ] ,
"2:45 ../kubernetes/kube-apiserver --allow-privileged=false --option1=20,30,40" ,
"2:45 ../kubernetes/kube-apiserver --allow-privileged=false --option1=20,30,40" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 1 ] ,
controls . Groups [ 0 ] . Checks [ 1 ] ,
"2:45 ../kubernetes/kube-apiserver --allow-privileged=false" ,
"2:45 ../kubernetes/kube-apiserver --allow-privileged=false" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 2 ] ,
controls . Groups [ 0 ] . Checks [ 2 ] ,
"niinai 13617 2635 99 19:26 pts/20 00:03:08 ./kube-apiserver --insecure-port=0 --anonymous-auth" ,
"niinai 13617 2635 99 19:26 pts/20 00:03:08 ./kube-apiserver --insecure-port=0 --anonymous-auth" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 3 ] ,
controls . Groups [ 0 ] . Checks [ 3 ] ,
"2:45 ../kubernetes/kube-apiserver --secure-port=0 --audit-log-maxage=40 --option" ,
"2:45 ../kubernetes/kube-apiserver --secure-port=0 --audit-log-maxage=40 --option" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 4 ] ,
controls . Groups [ 0 ] . Checks [ 4 ] ,
"2:45 ../kubernetes/kube-apiserver --max-backlog=20 --secure-port=0 --audit-log-maxage=40 --option" ,
"2:45 ../kubernetes/kube-apiserver --max-backlog=20 --secure-port=0 --audit-log-maxage=40 --option" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 5 ] ,
controls . Groups [ 0 ] . Checks [ 5 ] ,
"2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,RBAC ---audit-log-maxage=40" ,
"2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,RBAC ---audit-log-maxage=40" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 6 ] ,
controls . Groups [ 0 ] . Checks [ 6 ] ,
"2:45 .. --kubelet-clientkey=foo --kubelet-client-certificate=bar --admission-control=Webhook,RBAC" ,
"2:45 .. --kubelet-clientkey=foo --kubelet-client-certificate=bar --admission-control=Webhook,RBAC" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 7 ] ,
controls . Groups [ 0 ] . Checks [ 7 ] ,
"2:45 .. --secure-port=0 --kubelet-client-certificate=bar --admission-control=Webhook,RBAC" ,
"2:45 .. --secure-port=0 --kubelet-client-certificate=bar --admission-control=Webhook,RBAC" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 8 ] ,
controls . Groups [ 0 ] . Checks [ 8 ] ,
"644" ,
"644" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 9 ] ,
controls . Groups [ 0 ] . Checks [ 9 ] ,
"640" ,
"640" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 9 ] ,
controls . Groups [ 0 ] . Checks [ 9 ] ,
"600" ,
"600" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 10 ] ,
controls . Groups [ 0 ] . Checks [ 10 ] ,
"2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,RBAC ---audit-log-maxage=40" ,
"2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,RBAC ---audit-log-maxage=40" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 11 ] ,
controls . Groups [ 0 ] . Checks [ 11 ] ,
"2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,RBAC ---audit-log-maxage=40" ,
"2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,RBAC ---audit-log-maxage=40" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 12 ] ,
controls . Groups [ 0 ] . Checks [ 12 ] ,
"2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,Something,RBAC ---audit-log-maxage=40" ,
"2:45 ../kubernetes/kube-apiserver --option --admission-control=WebHook,Something,RBAC ---audit-log-maxage=40" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 13 ] ,
controls . Groups [ 0 ] . Checks [ 13 ] ,
"2:45 ../kubernetes/kube-apiserver --option --admission-control=Something ---audit-log-maxage=40" ,
"2:45 ../kubernetes/kube-apiserver --option --admission-control=Something ---audit-log-maxage=40" ,
"" ,
} ,
} ,
{
{
// check for ':' as argument-value separator, with space between arg and val
// check for ':' as argument-value separator, with space between arg and val
controls . Groups [ 0 ] . Checks [ 14 ] ,
controls . Groups [ 0 ] . Checks [ 14 ] ,
"2:45 kube-apiserver some-arg: some-val --admission-control=Something ---audit-log-maxage=40" ,
"2:45 kube-apiserver some-arg: some-val --admission-control=Something ---audit-log-maxage=40" ,
"" ,
} ,
} ,
{
{
// check for ':' as argument-value separator, with no space between arg and val
// check for ':' as argument-value separator, with no space between arg and val
controls . Groups [ 0 ] . Checks [ 14 ] ,
controls . Groups [ 0 ] . Checks [ 14 ] ,
"2:45 kube-apiserver some-arg:some-val --admission-control=Something ---audit-log-maxage=40" ,
"2:45 kube-apiserver some-arg:some-val --admission-control=Something ---audit-log-maxage=40" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 15 ] ,
controls . Groups [ 0 ] . Checks [ 15 ] ,
"" ,
"{\"readOnlyPort\": 15000}" ,
"{\"readOnlyPort\": 15000}" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 16 ] ,
controls . Groups [ 0 ] . Checks [ 16 ] ,
"" ,
"{\"stringValue\": \"WebHook,Something,RBAC\"}" ,
"{\"stringValue\": \"WebHook,Something,RBAC\"}" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 17 ] ,
controls . Groups [ 0 ] . Checks [ 17 ] ,
"" ,
"{\"trueValue\": true}" ,
"{\"trueValue\": true}" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 18 ] ,
controls . Groups [ 0 ] . Checks [ 18 ] ,
"" ,
"{\"readOnlyPort\": 15000}" ,
"{\"readOnlyPort\": 15000}" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 19 ] ,
controls . Groups [ 0 ] . Checks [ 19 ] ,
"" ,
"{\"authentication\": { \"anonymous\": {\"enabled\": false}}}" ,
"{\"authentication\": { \"anonymous\": {\"enabled\": false}}}" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 20 ] ,
controls . Groups [ 0 ] . Checks [ 20 ] ,
"" ,
"readOnlyPort: 15000" ,
"readOnlyPort: 15000" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 21 ] ,
controls . Groups [ 0 ] . Checks [ 21 ] ,
"" ,
"readOnlyPort: 15000" ,
"readOnlyPort: 15000" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 22 ] ,
controls . Groups [ 0 ] . Checks [ 22 ] ,
"" ,
"authentication:\n anonymous:\n enabled: false" ,
"authentication:\n anonymous:\n enabled: false" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 26 ] ,
controls . Groups [ 0 ] . Checks [ 26 ] ,
"" ,
"currentMasterVersion: 1.12.7" ,
"currentMasterVersion: 1.12.7" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 27 ] ,
controls . Groups [ 0 ] . Checks [ 27 ] ,
"--peer-client-cert-auth" ,
"--peer-client-cert-auth" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 27 ] ,
controls . Groups [ 0 ] . Checks [ 27 ] ,
"--abc=true --peer-client-cert-auth --efg=false" ,
"--abc=true --peer-client-cert-auth --efg=false" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 27 ] ,
controls . Groups [ 0 ] . Checks [ 27 ] ,
"--abc --peer-client-cert-auth --efg" ,
"--abc --peer-client-cert-auth --efg" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 27 ] ,
controls . Groups [ 0 ] . Checks [ 27 ] ,
"--peer-client-cert-auth=true" ,
"--peer-client-cert-auth=true" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 27 ] ,
controls . Groups [ 0 ] . Checks [ 27 ] ,
"--abc --peer-client-cert-auth=true --efg" ,
"--abc --peer-client-cert-auth=true --efg" ,
"" ,
} ,
} ,
{
{
controls . Groups [ 0 ] . Checks [ 28 ] ,
controls . Groups [ 0 ] . Checks [ 28 ] ,
"--abc --peer-client-cert-auth=false --efg" ,
"--abc --peer-client-cert-auth=false --efg" ,
"" ,
} ,
} ,
}
}
for _ , c := range cases {
for _ , c := range cases {
res := c . Tests . execute ( c . str , c . IsMultiple ) . testResult
c . Check . AuditOutput = c . str
if ! res {
c . Check . AuditConfigOutput = c . strConfig
res , err := c . Check . execute ( )
if err != nil {
t . Errorf ( err . Error ( ) )
}
if ! res . testResult {
t . Errorf ( "%s, expected:%v, got:%v\n" , c . Text , true , res )
t . Errorf ( "%s, expected:%v, got:%v\n" , c . Text , true , res )
}
}
}
}
@ -219,8 +257,12 @@ func TestTestExecuteExceptions(t *testing.T) {
}
}
for _ , c := range cases {
for _ , c := range cases {
res := c . Tests . execute ( c . str , c . IsMultiple ) . testResult
c . Check . AuditConfigOutput = c . str
if res {
res , err := c . Check . execute ( )
if err != nil {
t . Errorf ( err . Error ( ) )
}
if res . testResult {
t . Errorf ( "%s, expected:%v, got:%v\n" , c . Text , false , res )
t . Errorf ( "%s, expected:%v, got:%v\n" , c . Text , false , res )
}
}
}
}