arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-18 20:58:10 +00:00
Code Issues Releases Wiki Activity

Merge pull request #309 from simar7/fix-ocp-3.10-yaml

Browse Source 
ocp-3.10: Fix malformed yaml and improve TestControls_RunChecks
This commit is contained in:
Liz Rice 2019-06-11 04:27:25 +01:00 committed by GitHub
commit 1d7449db34
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cfg/ocp-3.10/node.yaml
View File

@ -196,7 +196,7 @@ groups:
- id: 7.15 - id: 7.15
text: "Verify that the RotateKubeletServerCertificate argument is set to true" text: "Verify that the RotateKubeletServerCertificate argument is set to true"
audit: "grep -B1 RotateKubeletServerCertificate=true /etc/origin/node/node-config.yaml" audit: "grep -B1 RotateKubeletServerCertificate=true /etc/origin/node/node-config.yaml"
test: tests:
test_items: test_items:
- flag: "RotateKubeletServerCertificate=true" - flag: "RotateKubeletServerCertificate=true"
compare: compare:

22
check/controls_test.go
View File

@ -107,9 +107,22 @@ groups:
- id: G2 - id: G2
checks: checks:
- id: G2/C1 - id: G2/C1
text: "Verify that the SomeSampleFlag argument is set to true"
audit: "grep -B1 SomeSampleFlag=true /this/is/a/file/path"
tests:
test_items:
- flag: "SomeSampleFlag=true"
compare:
op: has
value: "true"
set: true
remediation: |
Edit the config file /this/is/a/file/path and set SomeSampleFlag to true.
scored: true
`) `)
// and // and
controls, _ := NewControls(MASTER, in) controls, err := NewControls(MASTER, in)
assert.NoError(t, err)
// and // and
runner.On("Run", controls.Groups[0].Checks[0]).Return(PASS) runner.On("Run", controls.Groups[0].Checks[0]).Return(PASS)
runner.On("Run", controls.Groups[1].Checks[0]).Return(FAIL) runner.On("Run", controls.Groups[1].Checks[0]).Return(FAIL)
@ -130,6 +143,12 @@ groups:
G2 := controls.Groups[1] G2 := controls.Groups[1]
assert.Equal(t, "G2", G2.ID) assert.Equal(t, "G2", G2.ID)
assert.Equal(t, "G2/C1", G2.Checks[0].ID) assert.Equal(t, "G2/C1", G2.Checks[0].ID)
assert.Equal(t, "has", G2.Checks[0].Tests.TestItems[0].Compare.Op)
assert.Equal(t, "true", G2.Checks[0].Tests.TestItems[0].Compare.Value)
assert.Equal(t, true, G2.Checks[0].Tests.TestItems[0].Set)
assert.Equal(t, "SomeSampleFlag=true", G2.Checks[0].Tests.TestItems[0].Flag)
assert.Equal(t, "Edit the config file /this/is/a/file/path and set SomeSampleFlag to true.\n", G2.Checks[0].Remediation)
assert.Equal(t, true, G2.Checks[0].Scored)
assertEqualGroupSummary(t, 0, 1, 0, 0, G2) assertEqualGroupSummary(t, 0, 1, 0, 0, G2)
// and // and
assert.Equal(t, 1, controls.Summary.Pass) assert.Equal(t, 1, controls.Summary.Pass)
@ -139,7 +158,6 @@ groups:
// and // and
runner.AssertExpectations(t) runner.AssertExpectations(t)
}) })
} }
func assertEqualGroupSummary(t *testing.T, pass, fail, info, warn int, actual *Group) { func assertEqualGroupSummary(t *testing.T, pass, fail, info, warn int, actual *Group) {