arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-02-25 05:52:01 +00:00
Code Issues Releases Wiki Activity

Allow for skip to be defined on a group-level skipping all checks inside (#736)

Browse Source 
* Allow for skip to be defined on a group-level skipping all checks inside

* Refactor skip code to not run skipped checks
This commit is contained in:
Wicked 2020-10-19 08:51:33 +01:00 committed by GitHub
parent 724cea4980
commit 9474472194
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 41 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
check/check.go
View File

@ -39,6 +39,9 @@ const (
// INFO informational message // INFO informational message
INFO State = "INFO" INFO State = "INFO"
// SKIP for when a check should be skipped.
SKIP = "skip"
// MASTER a master node // MASTER a master node
MASTER NodeType = "master" MASTER NodeType = "master"
// NODE a node // NODE a node
@ -111,7 +114,7 @@ func (c *Check) run() State {
} }
// If check type is skip, force result to INFO // If check type is skip, force result to INFO
if c.Type == "skip" { if c.Type == SKIP {
c.Reason = "Test marked as skip" c.Reason = "Test marked as skip"
c.State = INFO c.State = INFO
return c.State return c.State

8
check/controls.go
View File

@ -38,6 +38,7 @@ type Controls struct {
// Group is a collection of similar checks. // Group is a collection of similar checks.
type Group struct { type Group struct {
ID string `yaml:"id" json:"section"` ID string `yaml:"id" json:"section"`
Skip bool `yaml:"skip" json:"skip"`
Pass int `json:"pass"` Pass int `json:"pass"`
Fail int `json:"fail"` Fail int `json:"fail"`
Warn int `json:"warn"` Warn int `json:"warn"`
@ -86,7 +87,13 @@ func (controls *Controls) RunChecks(runner Runner, filter Predicate) Summary {
continue continue
} }
// propagate skip type to check if set at the group level.
if group.Skip {
check.Type = SKIP
}
state := runner.Run(check) state := runner.Run(check)
check.TestInfo = append(check.TestInfo, check.Remediation) check.TestInfo = append(check.TestInfo, check.Remediation)
// Check if we have already added this checks group. // Check if we have already added this checks group.
@ -95,6 +102,7 @@ func (controls *Controls) RunChecks(runner Runner, filter Predicate) Summary {
w := &Group{ w := &Group{
ID: group.ID, ID: group.ID,
Text: group.Text, Text: group.Text,
Skip: group.Skip,
Checks: []*Check{}, Checks: []*Check{},
} }

30
check/controls_test.go
View File

@ -95,8 +95,36 @@ groups:
} }
func TestControls_RunChecks(t *testing.T) {
func TestControls_RunChecks_Skipped(t *testing.T) {
t.Run("Should run checks matching the filter and update summaries", func(t *testing.T) {
// given
normalRunner := &defaultRunner{}
// and
in := []byte(`
---
type: "master"
groups:
- id: G1
skip: true
checks:
- id: G1/C1
`)
controls, err := NewControls(MASTER, in)
assert.NoError(t, err)
var allChecks Predicate = func(group *Group, c *Check) bool {
return true
}
controls.RunChecks(normalRunner, allChecks)
G1 := controls.Groups[0]
assertEqualGroupSummary(t, 0, 0, 1, 0, G1)
})
}
func TestControls_RunChecks(t *testing.T) {
t.Run("Should run checks matching the filter and update summaries", func(t *testing.T) { t.Run("Should run checks matching the filter and update summaries", func(t *testing.T) {
// given // given
runner := new(mockRunner) runner := new(mockRunner)