arno
/
kube-bench
mirror of https://github.com/aquasecurity/kube-bench.git
1
0
Fork 0
Code Issues Releases Wiki Activity

ocp-3.10: Fix malformed yaml and improve TestControls_RunChecks

Browse Source 
This improves the TestControls_RunChecks() test by making
more comprehensive assertions on a more fully fledged input yaml

Fixes: https://github.com/aquasecurity/kube-bench/issues/304

Signed-off-by: Simarpreet Singh <simar@linux.com>
pull/309/head
Simarpreet Singh 5 years ago
parent 46baf8f8b5
commit 5df39eed02
No known key found for this signature in database
GPG Key ID: 029C2FCCD346A8AC
2 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File

2
cfg/ocp-3.10/node.yaml
Unescape View File

@ -196,7 +196,7 @@ groups:
- id: 7.15 - id: 7.15
text: "Verify that the RotateKubeletServerCertificate argument is set to true" text: "Verify that the RotateKubeletServerCertificate argument is set to true"
audit: "grep -B1 RotateKubeletServerCertificate=true /etc/origin/node/node-config.yaml" audit: "grep -B1 RotateKubeletServerCertificate=true /etc/origin/node/node-config.yaml"
test: tests:
test_items: test_items:
- flag: "RotateKubeletServerCertificate=true" - flag: "RotateKubeletServerCertificate=true"
compare: compare:

26
check/controls_test.go
Unescape View File

@ -103,13 +103,26 @@ type: "master"
groups: groups:
- id: G1 - id: G1
checks: checks:
- id: G1/C1 - id: G1/C1
- id: G2 - id: G2
checks: checks:
- id: G2/C1 - id: G2/C1
text: "Verify that the SomeSampleFlag argument is set to true"
audit: "grep -B1 SomeSampleFlag=true /this/is/a/file/path"
tests:
test_items:
- flag: "SomeSampleFlag=true"
compare:
op: has
value: "true"
set: true
remediation: |
Edit the config file /this/is/a/file/path and set SomeSampleFlag to true.
scored: true
`) `)
// and // and
controls, _ := NewControls(MASTER, in) controls, err := NewControls(MASTER, in)
assert.NoError(t, err)
// and // and
runner.On("Run", controls.Groups[0].Checks[0]).Return(PASS) runner.On("Run", controls.Groups[0].Checks[0]).Return(PASS)
runner.On("Run", controls.Groups[1].Checks[0]).Return(FAIL) runner.On("Run", controls.Groups[1].Checks[0]).Return(FAIL)
@ -130,6 +143,12 @@ groups:
G2 := controls.Groups[1] G2 := controls.Groups[1]
assert.Equal(t, "G2", G2.ID) assert.Equal(t, "G2", G2.ID)
assert.Equal(t, "G2/C1", G2.Checks[0].ID) assert.Equal(t, "G2/C1", G2.Checks[0].ID)
assert.Equal(t, "has", G2.Checks[0].Tests.TestItems[0].Compare.Op)
assert.Equal(t, "true", G2.Checks[0].Tests.TestItems[0].Compare.Value)
assert.Equal(t, true, G2.Checks[0].Tests.TestItems[0].Set)
assert.Equal(t, "SomeSampleFlag=true", G2.Checks[0].Tests.TestItems[0].Flag)
assert.Equal(t, "Edit the config file /this/is/a/file/path and set SomeSampleFlag to true.\n", G2.Checks[0].Remediation)
assert.Equal(t, true, G2.Checks[0].Scored)
assertEqualGroupSummary(t, 0, 1, 0, 0, G2) assertEqualGroupSummary(t, 0, 1, 0, 0, G2)
// and // and
assert.Equal(t, 1, controls.Summary.Pass) assert.Equal(t, 1, controls.Summary.Pass)
@ -139,7 +158,6 @@ groups:
// and // and
runner.AssertExpectations(t) runner.AssertExpectations(t)
}) })
} }
func assertEqualGroupSummary(t *testing.T, pass, fail, info, warn int, actual *Group) { func assertEqualGroupSummary(t *testing.T, pass, fail, info, warn int, actual *Group) {

Write Preview
Loading…
Cancel
Save