arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-23 08:38:06 +00:00
Code Issues Releases Wiki Activity

chore(lint): setup golangci-lint (#1144)

Browse Source 
* chore(lint): setup golangci-lint

* linters: gofmt, goimports and misspell

* Update build.yml

Co-authored-by: Matthieu MOREL <mmorel-35@users.noreply.github.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
This commit is contained in:
Huang Huang 2022-04-05 21:25:45 +08:00 committed by GitHub
parent 10ab72abfb
commit e0fe5698a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 386 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/build.yml vendored
View File

@ -31,6 +31,11 @@ jobs:
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: yaml-lint - name: yaml-lint
uses: ibiqlik/action-yamllint@v3 uses: ibiqlik/action-yamllint@v3
- name: Setup golangci-lint
uses: golangci/golangci-lint-action@v2
with:
version: latest
args: --verbose
unit: unit:
name: Unit tests name: Unit tests
runs-on: ubuntu-18.04 runs-on: ubuntu-18.04

12
.golangci.yaml Normal file
View File

@ -0,0 +1,12 @@
---
linters:
disable-all: true
enable:
- deadcode
- gocyclo
- gofmt
- goimports
- govet
- misspell
- typecheck
- varcheck

2
check/check.go
View File

@ -229,7 +229,7 @@ func (c *Check) execute() (finalOutput *testOutput, err error) {
// Check for AuditConfigOutput only if AuditConfig is set // Check for AuditConfigOutput only if AuditConfig is set
if !result.flagFound && c.AuditConfig != "" { if !result.flagFound && c.AuditConfig != "" {
//t.isConfigSetting = true // t.isConfigSetting = true
t.auditUsed = AuditConfig t.auditUsed = AuditConfig
result = *(t.execute(c.AuditConfigOutput)) result = *(t.execute(c.AuditConfigOutput))
if !result.flagFound && t.Env != "" { if !result.flagFound && t.Env != "" {

1
check/check_test.go
View File

@ -115,7 +115,6 @@ func TestCheckAuditEnv(t *testing.T) {
} }
func TestCheckAuditConfig(t *testing.T) { func TestCheckAuditConfig(t *testing.T) {
passingCases := []*Check{ passingCases := []*Check{
controls.Groups[1].Checks[0], controls.Groups[1].Checks[0],
controls.Groups[1].Checks[3], controls.Groups[1].Checks[3],

2
check/controls.go
View File

@ -285,6 +285,7 @@ func (controls *Controls) ASFF() ([]*securityhub.AwsSecurityFinding, error) {
} }
return fs, nil return fs, nil
} }
func getConfig(name string) (string, error) { func getConfig(name string) (string, error) {
r := viper.GetString(name) r := viper.GetString(name)
if len(r) == 0 { if len(r) == 0 {
@ -292,6 +293,7 @@ func getConfig(name string) (string, error) {
} }
return r, nil return r, nil
} }
func summarize(controls *Controls, state State) { func summarize(controls *Controls, state State) {
switch state { switch state {
case PASS: case PASS:

11
check/test.go
View File

@ -68,9 +68,11 @@ type testItem struct {
auditUsed AuditUsed auditUsed AuditUsed
} }
type envTestItem testItem type (
type pathTestItem testItem envTestItem testItem
type flagTestItem testItem pathTestItem testItem
flagTestItem testItem
)
type compare struct { type compare struct {
Op string Op string
@ -236,7 +238,7 @@ func (t testItem) evaluate(s string) *testOutput {
} }
result.flagFound = match result.flagFound = match
var isExist = "exists" isExist := "exists"
if !result.flagFound { if !result.flagFound {
isExist = "does not exist" isExist = "does not exist"
} }
@ -255,7 +257,6 @@ func (t testItem) evaluate(s string) *testOutput {
} }
func compareOp(tCompareOp string, flagVal string, tCompareValue string, flagName string) (string, bool) { func compareOp(tCompareOp string, flagVal string, tCompareValue string, flagName string) (string, bool) {
expectedResultPattern := "" expectedResultPattern := ""
testResult := false testResult := false

498
check/test_test.go
View File

@ -46,7 +46,6 @@ func init() {
} }
func TestTestExecute(t *testing.T) { func TestTestExecute(t *testing.T) {
cases := []struct { cases := []struct {
check *Check check *Check
str string str string
@ -305,7 +304,6 @@ func TestTestExecute(t *testing.T) {
} }
func TestTestExecuteExceptions(t *testing.T) { func TestTestExecuteExceptions(t *testing.T) {
cases := []struct { cases := []struct {
*Check *Check
str string str string
@ -366,7 +364,8 @@ func TestTestUnmarshal(t *testing.T) {
`, `,
kubeletConfig{}, kubeletConfig{},
false, false,
}, { },
{
` `
kind: KubeletConfiguration kind: KubeletConfiguration
address: 0.0.0.0 address: 0.0.0.0
@ -490,34 +489,42 @@ func TestAllElementsValid(t *testing.T) {
}, },
{ {
source: []string{}, source: []string{},
target: []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", target: []string{
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256"}, "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256",
},
valid: false, valid: false,
}, },
{ {
source: []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}, source: []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
target: []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", target: []string{
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256"}, "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256",
},
valid: true, valid: true,
}, },
{ {
source: []string{"blah"}, source: []string{"blah"},
target: []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", target: []string{
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256"}, "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256",
},
valid: false, valid: false,
}, },
{ {
source: []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "blah"}, source: []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "blah"},
target: []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", target: []string{
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256"}, "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256",
},
valid: false, valid: false,
}, },
} }
@ -594,494 +601,628 @@ func TestCompareOp(t *testing.T) {
// Test Op "eq" // Test Op "eq"
{label: "op=eq, both empty", op: "eq", flagVal: "", compareValue: "", expectedResultPattern: "'' is equal to ''", testResult: true, flagName: ""}, {label: "op=eq, both empty", op: "eq", flagVal: "", compareValue: "", expectedResultPattern: "'' is equal to ''", testResult: true, flagName: ""},
{label: "op=eq, true==true", op: "eq", flagVal: "true", {
label: "op=eq, true==true", op: "eq", flagVal: "true",
compareValue: "true", compareValue: "true",
expectedResultPattern: "'parameterTrue' is equal to 'true'", expectedResultPattern: "'parameterTrue' is equal to 'true'",
testResult: true, testResult: true,
flagName: "parameterTrue"}, flagName: "parameterTrue",
},
{label: "op=eq, false==false", op: "eq", flagVal: "false", {
label: "op=eq, false==false", op: "eq", flagVal: "false",
compareValue: "false", compareValue: "false",
expectedResultPattern: "'parameterFalse' is equal to 'false'", expectedResultPattern: "'parameterFalse' is equal to 'false'",
testResult: true, testResult: true,
flagName: "parameterFalse"}, flagName: "parameterFalse",
},
{label: "op=eq, false==true", op: "eq", flagVal: "false", {
label: "op=eq, false==true", op: "eq", flagVal: "false",
compareValue: "true", compareValue: "true",
expectedResultPattern: "'parameterFalse' is equal to 'true'", expectedResultPattern: "'parameterFalse' is equal to 'true'",
testResult: false, testResult: false,
flagName: "parameterFalse"}, flagName: "parameterFalse",
},
{label: "op=eq, strings match", op: "eq", flagVal: "KubeletConfiguration", {
label: "op=eq, strings match", op: "eq", flagVal: "KubeletConfiguration",
compareValue: "KubeletConfiguration", compareValue: "KubeletConfiguration",
expectedResultPattern: "'--FlagNameKubeletConf' is equal to 'KubeletConfiguration'", expectedResultPattern: "'--FlagNameKubeletConf' is equal to 'KubeletConfiguration'",
testResult: true, testResult: true,
flagName: "--FlagNameKubeletConf"}, flagName: "--FlagNameKubeletConf",
},
{label: "op=eq, flagVal=empty", op: "eq", flagVal: "", {
label: "op=eq, flagVal=empty", op: "eq", flagVal: "",
compareValue: "KubeletConfiguration", compareValue: "KubeletConfiguration",
expectedResultPattern: "'--FlagNameKubeletConf' is equal to 'KubeletConfiguration'", expectedResultPattern: "'--FlagNameKubeletConf' is equal to 'KubeletConfiguration'",
testResult: false, testResult: false,
flagName: "--FlagNameKubeletConf"}, flagName: "--FlagNameKubeletConf",
},
{label: "op=eq, compareValue=empty", {
label: "op=eq, compareValue=empty",
op: "eq", op: "eq",
flagVal: "KubeletConfiguration", flagVal: "KubeletConfiguration",
compareValue: "", compareValue: "",
expectedResultPattern: "'--FlagNameKubeletConf' is equal to ''", expectedResultPattern: "'--FlagNameKubeletConf' is equal to ''",
testResult: false, testResult: false,
flagName: "--FlagNameKubeletConf"}, flagName: "--FlagNameKubeletConf",
},
// Test Op "noteq" // Test Op "noteq"
{label: "op=noteq, both empty", {
label: "op=noteq, both empty",
op: "noteq", op: "noteq",
flagVal: "", flagVal: "",
compareValue: "", compareValue: "",
expectedResultPattern: "'parameter' is not equal to ''", expectedResultPattern: "'parameter' is not equal to ''",
testResult: false, testResult: false,
flagName: "parameter"}, flagName: "parameter",
},
{label: "op=noteq, true!=true", {
label: "op=noteq, true!=true",
op: "noteq", op: "noteq",
flagVal: "true", flagVal: "true",
compareValue: "true", compareValue: "true",
expectedResultPattern: "'parameterTrue' is not equal to 'true'", expectedResultPattern: "'parameterTrue' is not equal to 'true'",
testResult: false, testResult: false,
flagName: "parameterTrue"}, flagName: "parameterTrue",
},
{label: "op=noteq, false!=false", {
label: "op=noteq, false!=false",
op: "noteq", op: "noteq",
flagVal: "false", flagVal: "false",
compareValue: "false", compareValue: "false",
expectedResultPattern: "'parameterFalse' is not equal to 'false'", expectedResultPattern: "'parameterFalse' is not equal to 'false'",
testResult: false, testResult: false,
flagName: "parameterFalse"}, flagName: "parameterFalse",
},
{label: "op=noteq, false!=true", {
label: "op=noteq, false!=true",
op: "noteq", op: "noteq",
flagVal: "false", flagVal: "false",
compareValue: "true", compareValue: "true",
expectedResultPattern: "'parameterFalse' is not equal to 'true'", expectedResultPattern: "'parameterFalse' is not equal to 'true'",
testResult: true, testResult: true,
flagName: "parameterFalse"}, flagName: "parameterFalse",
},
{label: "op=noteq, strings match", {
label: "op=noteq, strings match",
op: "noteq", op: "noteq",
flagVal: "KubeletConfiguration", flagVal: "KubeletConfiguration",
compareValue: "KubeletConfiguration", compareValue: "KubeletConfiguration",
expectedResultPattern: "'--FlagNameKubeletConf' is not equal to 'KubeletConfiguration'", expectedResultPattern: "'--FlagNameKubeletConf' is not equal to 'KubeletConfiguration'",
testResult: false, testResult: false,
flagName: "--FlagNameKubeletConf"}, flagName: "--FlagNameKubeletConf",
},
{label: "op=noteq, flagVal=empty", {
label: "op=noteq, flagVal=empty",
op: "noteq", op: "noteq",
flagVal: "", flagVal: "",
compareValue: "KubeletConfiguration", compareValue: "KubeletConfiguration",
expectedResultPattern: "'--FlagNameKubeletConf' is not equal to 'KubeletConfiguration'", expectedResultPattern: "'--FlagNameKubeletConf' is not equal to 'KubeletConfiguration'",
testResult: true, testResult: true,
flagName: "--FlagNameKubeletConf"}, flagName: "--FlagNameKubeletConf",
},
{label: "op=noteq, compareValue=empty", {
label: "op=noteq, compareValue=empty",
op: "noteq", op: "noteq",
flagVal: "KubeletConfiguration", flagVal: "KubeletConfiguration",
compareValue: "", compareValue: "",
expectedResultPattern: "'--FlagNameKubeletConf' is not equal to ''", expectedResultPattern: "'--FlagNameKubeletConf' is not equal to ''",
testResult: true, testResult: true,
flagName: "--FlagNameKubeletConf"}, flagName: "--FlagNameKubeletConf",
},
// Test Op "gt" // Test Op "gt"
{label: "op=gt, both empty", {
label: "op=gt, both empty",
op: "gt", op: "gt",
flagVal: "", flagVal: "",
compareValue: "", compareValue: "",
expectedResultPattern: "Invalid Number(s) used for comparison: '' ''", expectedResultPattern: "Invalid Number(s) used for comparison: '' ''",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=gt, 0 > 0", },
{
label: "op=gt, 0 > 0",
op: "gt", op: "gt",
flagVal: "0", flagVal: "0",
compareValue: "0", expectedResultPattern: "'flagName' is greater than 0", compareValue: "0", expectedResultPattern: "'flagName' is greater than 0",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=gt, 4 > 5", },
{
label: "op=gt, 4 > 5",
op: "gt", op: "gt",
flagVal: "4", flagVal: "4",
compareValue: "5", compareValue: "5",
expectedResultPattern: "'flagName' is greater than 5", expectedResultPattern: "'flagName' is greater than 5",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=gt, 5 > 4", },
{
label: "op=gt, 5 > 4",
op: "gt", op: "gt",
flagVal: "5", flagVal: "5",
compareValue: "4", compareValue: "4",
expectedResultPattern: "'flagName' is greater than 4", expectedResultPattern: "'flagName' is greater than 4",
testResult: true, testResult: true,
flagName: "flagName"}, flagName: "flagName",
{label: "op=gt, 5 > 5", },
{
label: "op=gt, 5 > 5",
op: "gt", op: "gt",
flagVal: "5", flagVal: "5",
compareValue: "5", compareValue: "5",
expectedResultPattern: "'flagName' is greater than 5", expectedResultPattern: "'flagName' is greater than 5",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=gt, Pikachu > 5", },
{
label: "op=gt, Pikachu > 5",
op: "gt", op: "gt",
flagVal: "Pikachu", flagVal: "Pikachu",
compareValue: "5", compareValue: "5",
expectedResultPattern: "Invalid Number(s) used for comparison: 'Pikachu' '5'", expectedResultPattern: "Invalid Number(s) used for comparison: 'Pikachu' '5'",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=gt, 5 > Bulbasaur", },
{
label: "op=gt, 5 > Bulbasaur",
op: "gt", op: "gt",
flagVal: "5", flagVal: "5",
compareValue: "Bulbasaur", compareValue: "Bulbasaur",
expectedResultPattern: "Invalid Number(s) used for comparison: '5' 'Bulbasaur'", expectedResultPattern: "Invalid Number(s) used for comparison: '5' 'Bulbasaur'",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
},
// Test Op "lt" // Test Op "lt"
{label: "op=lt, both empty", {
label: "op=lt, both empty",
op: "lt", op: "lt",
flagVal: "", flagVal: "",
compareValue: "", compareValue: "",
expectedResultPattern: "Invalid Number(s) used for comparison: '' ''", expectedResultPattern: "Invalid Number(s) used for comparison: '' ''",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=lt, 0 < 0", },
{
label: "op=lt, 0 < 0",
op: "lt", op: "lt",
flagVal: "0", flagVal: "0",
compareValue: "0", compareValue: "0",
expectedResultPattern: "'flagName' is lower than 0", expectedResultPattern: "'flagName' is lower than 0",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=lt, 4 < 5", },
{
label: "op=lt, 4 < 5",
op: "lt", op: "lt",
flagVal: "4", flagVal: "4",
compareValue: "5", compareValue: "5",
expectedResultPattern: "'flagName' is lower than 5", expectedResultPattern: "'flagName' is lower than 5",
testResult: true, testResult: true,
flagName: "flagName"}, flagName: "flagName",
{label: "op=lt, 5 < 4", },
{
label: "op=lt, 5 < 4",
op: "lt", op: "lt",
flagVal: "5", flagVal: "5",
compareValue: "4", compareValue: "4",
expectedResultPattern: "'flagName' is lower than 4", expectedResultPattern: "'flagName' is lower than 4",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=lt, 5 < 5", },
{
label: "op=lt, 5 < 5",
op: "lt", op: "lt",
flagVal: "5", flagVal: "5",
compareValue: "5", compareValue: "5",
expectedResultPattern: "'flagName' is lower than 5", expectedResultPattern: "'flagName' is lower than 5",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=lt, Charmander < 5", },
{
label: "op=lt, Charmander < 5",
op: "lt", op: "lt",
flagVal: "Charmander", flagVal: "Charmander",
compareValue: "5", compareValue: "5",
expectedResultPattern: "Invalid Number(s) used for comparison: 'Charmander' '5'", expectedResultPattern: "Invalid Number(s) used for comparison: 'Charmander' '5'",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=lt, 5 < Charmeleon", },
{
label: "op=lt, 5 < Charmeleon",
op: "lt", op: "lt",
flagVal: "5", flagVal: "5",
compareValue: "Charmeleon", compareValue: "Charmeleon",
expectedResultPattern: "Invalid Number(s) used for comparison: '5' 'Charmeleon'", expectedResultPattern: "Invalid Number(s) used for comparison: '5' 'Charmeleon'",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
},
// Test Op "gte" // Test Op "gte"
{label: "op=gte, both empty", {
label: "op=gte, both empty",
op: "gte", op: "gte",
flagVal: "", flagVal: "",
compareValue: "", compareValue: "",
expectedResultPattern: "Invalid Number(s) used for comparison: '' ''", expectedResultPattern: "Invalid Number(s) used for comparison: '' ''",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=gte, 0 >= 0", },
{
label: "op=gte, 0 >= 0",
op: "gte", op: "gte",
flagVal: "0", flagVal: "0",
compareValue: "0", compareValue: "0",
expectedResultPattern: "'flagName' is greater or equal to 0", expectedResultPattern: "'flagName' is greater or equal to 0",
testResult: true, testResult: true,
flagName: "flagName"}, flagName: "flagName",
{label: "op=gte, 4 >= 5", },
{
label: "op=gte, 4 >= 5",
op: "gte", op: "gte",
flagVal: "4", flagVal: "4",
compareValue: "5", compareValue: "5",
expectedResultPattern: "'flagName' is greater or equal to 5", expectedResultPattern: "'flagName' is greater or equal to 5",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=gte, 5 >= 4", },
{
label: "op=gte, 5 >= 4",
op: "gte", op: "gte",
flagVal: "5", flagVal: "5",
compareValue: "4", compareValue: "4",
expectedResultPattern: "'flagName' is greater or equal to 4", expectedResultPattern: "'flagName' is greater or equal to 4",
testResult: true, testResult: true,
flagName: "flagName"}, flagName: "flagName",
{label: "op=gte, 5 >= 5", },
{
label: "op=gte, 5 >= 5",
op: "gte", op: "gte",
flagVal: "5", flagVal: "5",
compareValue: "5", compareValue: "5",
expectedResultPattern: "'flagName' is greater or equal to 5", expectedResultPattern: "'flagName' is greater or equal to 5",
testResult: true, testResult: true,
flagName: "flagName"}, flagName: "flagName",
{label: "op=gte, Ekans >= 5", },
{
label: "op=gte, Ekans >= 5",
op: "gte", op: "gte",
flagVal: "Ekans", flagVal: "Ekans",
compareValue: "5", compareValue: "5",
expectedResultPattern: "Invalid Number(s) used for comparison: 'Ekans' '5'", expectedResultPattern: "Invalid Number(s) used for comparison: 'Ekans' '5'",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=gte, 4 >= Zubat", },
{
label: "op=gte, 4 >= Zubat",
op: "gte", op: "gte",
flagVal: "4", flagVal: "4",
compareValue: "Zubat", compareValue: "Zubat",
expectedResultPattern: "Invalid Number(s) used for comparison: '4' 'Zubat'", expectedResultPattern: "Invalid Number(s) used for comparison: '4' 'Zubat'",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
},
// Test Op "lte" // Test Op "lte"
{label: "op=lte, both empty", {
label: "op=lte, both empty",
op: "lte", op: "lte",
flagVal: "", flagVal: "",
compareValue: "", compareValue: "",
expectedResultPattern: "Invalid Number(s) used for comparison: '' ''", expectedResultPattern: "Invalid Number(s) used for comparison: '' ''",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=lte, 0 <= 0", },
{
label: "op=lte, 0 <= 0",
op: "lte", op: "lte",
flagVal: "0", flagVal: "0",
compareValue: "0", compareValue: "0",
expectedResultPattern: "'flagName' is lower or equal to 0", expectedResultPattern: "'flagName' is lower or equal to 0",
testResult: true, testResult: true,
flagName: "flagName"}, flagName: "flagName",
{label: "op=lte, 4 <= 5", },
{
label: "op=lte, 4 <= 5",
op: "lte", op: "lte",
flagVal: "4", flagVal: "4",
compareValue: "5", compareValue: "5",
expectedResultPattern: "'flagName' is lower or equal to 5", expectedResultPattern: "'flagName' is lower or equal to 5",
testResult: true, testResult: true,
flagName: "flagName"}, flagName: "flagName",
{label: "op=lte, 5 <= 4", },
{
label: "op=lte, 5 <= 4",
op: "lte", op: "lte",
flagVal: "5", flagVal: "5",
compareValue: "4", compareValue: "4",
expectedResultPattern: "'flagName' is lower or equal to 4", expectedResultPattern: "'flagName' is lower or equal to 4",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=lte, 5 <= 5", },
{
label: "op=lte, 5 <= 5",
op: "lte", op: "lte",
flagVal: "5", flagVal: "5",
compareValue: "5", compareValue: "5",
expectedResultPattern: "'flagName' is lower or equal to 5", expectedResultPattern: "'flagName' is lower or equal to 5",
testResult: true, testResult: true,
flagName: "flagName"}, flagName: "flagName",
{label: "op=lte, Venomoth <= 4", },
{
label: "op=lte, Venomoth <= 4",
op: "lte", op: "lte",
flagVal: "Venomoth", flagVal: "Venomoth",
compareValue: "4", compareValue: "4",
expectedResultPattern: "Invalid Number(s) used for comparison: 'Venomoth' '4'", expectedResultPattern: "Invalid Number(s) used for comparison: 'Venomoth' '4'",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=lte, 5 <= Meowth", },
{
label: "op=lte, 5 <= Meowth",
op: "lte", op: "lte",
flagVal: "5", flagVal: "5",
compareValue: "Meowth", compareValue: "Meowth",
expectedResultPattern: "Invalid Number(s) used for comparison: '5' 'Meowth'", expectedResultPattern: "Invalid Number(s) used for comparison: '5' 'Meowth'",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
},
// Test Op "has" // Test Op "has"
{label: "op=has, both empty", {
label: "op=has, both empty",
op: "has", op: "has",
flagVal: "", flagVal: "",
compareValue: "", compareValue: "",
expectedResultPattern: "'flagName' has ''", expectedResultPattern: "'flagName' has ''",
testResult: true, testResult: true,
flagName: "flagName"}, flagName: "flagName",
{label: "op=has, flagVal=empty", },
{
label: "op=has, flagVal=empty",
op: "has", op: "has",
flagVal: "", flagVal: "",
compareValue: "blah", compareValue: "blah",
expectedResultPattern: "'flagName' has 'blah'", expectedResultPattern: "'flagName' has 'blah'",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=has, compareValue=empty", },
{
label: "op=has, compareValue=empty",
op: "has", op: "has",
flagVal: "blah", flagVal: "blah",
compareValue: "", compareValue: "",
expectedResultPattern: "'flagName-blah' has ''", expectedResultPattern: "'flagName-blah' has ''",
testResult: true, testResult: true,
flagName: "flagName-blah"}, flagName: "flagName-blah",
{label: "op=has, 'blah' has 'la'", },
{
label: "op=has, 'blah' has 'la'",
op: "has", op: "has",
flagVal: "blah", flagVal: "blah",
compareValue: "la", compareValue: "la",
expectedResultPattern: "'flagName-blah' has 'la'", expectedResultPattern: "'flagName-blah' has 'la'",
testResult: true, testResult: true,
flagName: "flagName-blah"}, flagName: "flagName-blah",
{label: "op=has, 'blah' has 'LA'", },
{
label: "op=has, 'blah' has 'LA'",
op: "has", op: "has",
flagVal: "blah", flagVal: "blah",
compareValue: "LA", compareValue: "LA",
expectedResultPattern: "'flagName-blah' has 'LA'", expectedResultPattern: "'flagName-blah' has 'LA'",
testResult: false, testResult: false,
flagName: "flagName-blah"}, flagName: "flagName-blah",
{label: "op=has, 'blah' has 'lo'", },
{
label: "op=has, 'blah' has 'lo'",
op: "has", op: "has",
flagVal: "blah", flagVal: "blah",
compareValue: "lo", compareValue: "lo",
expectedResultPattern: "'flagName-blah' has 'lo'", expectedResultPattern: "'flagName-blah' has 'lo'",
testResult: false, testResult: false,
flagName: "flagName-blah"}, flagName: "flagName-blah",
},
// Test Op "nothave" // Test Op "nothave"
{label: "op=nothave, both empty", {
label: "op=nothave, both empty",
op: "nothave", op: "nothave",
flagVal: "", flagVal: "",
compareValue: "", compareValue: "",
expectedResultPattern: "'flagName' does not have ''", expectedResultPattern: "'flagName' does not have ''",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
{label: "op=nothave, flagVal=empty", },
{
label: "op=nothave, flagVal=empty",
op: "nothave", op: "nothave",
flagVal: "", flagVal: "",
compareValue: "blah", compareValue: "blah",
expectedResultPattern: "'flagName' does not have 'blah'", expectedResultPattern: "'flagName' does not have 'blah'",
testResult: true, testResult: true,
flagName: "flagName"}, flagName: "flagName",
{label: "op=nothave, compareValue=empty", },
{
label: "op=nothave, compareValue=empty",
op: "nothave", op: "nothave",
flagVal: "blah", flagVal: "blah",
compareValue: "", compareValue: "",
expectedResultPattern: "'flagName-blah' does not have ''", expectedResultPattern: "'flagName-blah' does not have ''",
testResult: false, testResult: false,
flagName: "flagName-blah"}, flagName: "flagName-blah",
{label: "op=nothave, 'blah' not have 'la'", },
{
label: "op=nothave, 'blah' not have 'la'",
op: "nothave", op: "nothave",
flagVal: "blah", flagVal: "blah",
compareValue: "la", compareValue: "la",
expectedResultPattern: "'flagName-blah' does not have 'la'", expectedResultPattern: "'flagName-blah' does not have 'la'",
testResult: false, testResult: false,
flagName: "flagName-blah"}, flagName: "flagName-blah",
{label: "op=nothave, 'blah' not have 'LA'", },
{
label: "op=nothave, 'blah' not have 'LA'",
op: "nothave", op: "nothave",
flagVal: "blah", flagVal: "blah",
compareValue: "LA", compareValue: "LA",
expectedResultPattern: "'flagName-blah' does not have 'LA'", expectedResultPattern: "'flagName-blah' does not have 'LA'",
testResult: true, testResult: true,
flagName: "flagName-blah"}, flagName: "flagName-blah",
{label: "op=nothave, 'blah' not have 'lo'", },
{
label: "op=nothave, 'blah' not have 'lo'",
op: "nothave", op: "nothave",
flagVal: "blah", flagVal: "blah",
compareValue: "lo", compareValue: "lo",
expectedResultPattern: "'flagName-blah' does not have 'lo'", expectedResultPattern: "'flagName-blah' does not have 'lo'",
testResult: true, testResult: true,
flagName: "flagName-blah"}, flagName: "flagName-blah",
},
// Test Op "regex" // Test Op "regex"
{label: "op=regex, both empty", {
label: "op=regex, both empty",
op: "regex", op: "regex",
flagVal: "", flagVal: "",
compareValue: "", compareValue: "",
expectedResultPattern: "'flagName' matched by regex expression ''", expectedResultPattern: "'flagName' matched by regex expression ''",
testResult: true, testResult: true,
flagName: "flagName"}, flagName: "flagName",
{label: "op=regex, flagVal=empty", },
{
label: "op=regex, flagVal=empty",
op: "regex", op: "regex",
flagVal: "", flagVal: "",
compareValue: "blah", compareValue: "blah",
expectedResultPattern: "'flagName' matched by regex expression 'blah'", expectedResultPattern: "'flagName' matched by regex expression 'blah'",
testResult: false, testResult: false,
flagName: "flagName"}, flagName: "flagName",
},
// Test Op "valid_elements" // Test Op "valid_elements"
{label: "op=valid_elements, valid_elements both empty", {
label: "op=valid_elements, valid_elements both empty",
op: "valid_elements", op: "valid_elements",
flagVal: "", flagVal: "",
compareValue: "", compareValue: "",
expectedResultPattern: "'flagWithMultipleElements' contains valid elements from ''", expectedResultPattern: "'flagWithMultipleElements' contains valid elements from ''",
testResult: true, testResult: true,
flagName: "flagWithMultipleElements"}, flagName: "flagWithMultipleElements",
},
{label: "op=valid_elements, valid_elements flagVal empty", {
label: "op=valid_elements, valid_elements flagVal empty",
op: "valid_elements", op: "valid_elements",
flagVal: "", flagVal: "",
compareValue: "a,b", compareValue: "a,b",
expectedResultPattern: "'flagWithMultipleElements' contains valid elements from 'a,b'", expectedResultPattern: "'flagWithMultipleElements' contains valid elements from 'a,b'",
testResult: false, testResult: false,
flagName: "flagWithMultipleElements"}, flagName: "flagWithMultipleElements",
},
{label: "op=valid_elements, valid_elements compareValue empty", {
label: "op=valid_elements, valid_elements compareValue empty",
op: "valid_elements", op: "valid_elements",
flagVal: "a,b", flagVal: "a,b",
compareValue: "", compareValue: "",
expectedResultPattern: "'flagWithMultipleElements' contains valid elements from ''", expectedResultPattern: "'flagWithMultipleElements' contains valid elements from ''",
testResult: false, testResult: false,
flagName: "flagWithMultipleElements"}, flagName: "flagWithMultipleElements",
{label: "op=valid_elements, valid_elements two list equals", },
{
label: "op=valid_elements, valid_elements two list equals",
op: "valid_elements", op: "valid_elements",
flagVal: "a,b,c", flagVal: "a,b,c",
compareValue: "a,b,c", compareValue: "a,b,c",
expectedResultPattern: "'flagWithMultipleElements' contains valid elements from 'a,b,c'", expectedResultPattern: "'flagWithMultipleElements' contains valid elements from 'a,b,c'",
testResult: true, testResult: true,
flagName: "flagWithMultipleElements"}, flagName: "flagWithMultipleElements",
{label: "op=valid_elements, valid_elements partial flagVal valid", },
{
label: "op=valid_elements, valid_elements partial flagVal valid",
op: "valid_elements", op: "valid_elements",
flagVal: "a,c", flagVal: "a,c",
compareValue: "a,b,c", compareValue: "a,b,c",
expectedResultPattern: "'flagWithMultipleElements' contains valid elements from 'a,b,c'", expectedResultPattern: "'flagWithMultipleElements' contains valid elements from 'a,b,c'",
testResult: true, testResult: true,
flagName: "flagWithMultipleElements"}, flagName: "flagWithMultipleElements",
{label: "op=valid_elements, valid_elements partial compareValue valid", },
{
label: "op=valid_elements, valid_elements partial compareValue valid",
op: "valid_elements", op: "valid_elements",
flagVal: "a,b,c", flagVal: "a,b,c",
compareValue: "a,c", compareValue: "a,c",
expectedResultPattern: "'flagWithMultipleElements' contains valid elements from 'a,c'", expectedResultPattern: "'flagWithMultipleElements' contains valid elements from 'a,c'",
testResult: false, testResult: false,
flagName: "flagWithMultipleElements"}, flagName: "flagWithMultipleElements",
},
// Test Op "bitmask" // Test Op "bitmask"
{label: "op=bitmask, 644 AND 640", {
label: "op=bitmask, 644 AND 640",
op: "bitmask", op: "bitmask",
flagVal: "640", flagVal: "640",
compareValue: "644", compareValue: "644",
expectedResultPattern: "etc/fileExamplePermission640 has permissions 640, expected 644 or more restrictive", expectedResultPattern: "etc/fileExamplePermission640 has permissions 640, expected 644 or more restrictive",
testResult: true, testResult: true,
flagName: "etc/fileExamplePermission640"}, flagName: "etc/fileExamplePermission640",
{label: "op=bitmask, 644 AND 777", },
{
label: "op=bitmask, 644 AND 777",
op: "bitmask", op: "bitmask",
flagVal: "777", flagVal: "777",
compareValue: "644", compareValue: "644",
expectedResultPattern: "etc/fileExamplePermission777 has permissions 777, expected 644 or more restrictive", expectedResultPattern: "etc/fileExamplePermission777 has permissions 777, expected 644 or more restrictive",
testResult: false, testResult: false,
flagName: "etc/fileExamplePermission777"}, flagName: "etc/fileExamplePermission777",
{label: "op=bitmask, 644 AND 444", },
{
label: "op=bitmask, 644 AND 444",
op: "bitmask", op: "bitmask",
flagVal: "444", flagVal: "444",
compareValue: "644", compareValue: "644",
expectedResultPattern: "etc/fileExamplePermission444 has permissions 444, expected 644 or more restrictive", expectedResultPattern: "etc/fileExamplePermission444 has permissions 444, expected 644 or more restrictive",
testResult: true, testResult: true,
flagName: "etc/fileExamplePermission444"}, flagName: "etc/fileExamplePermission444",
{label: "op=bitmask, 644 AND 211", },
{
label: "op=bitmask, 644 AND 211",
op: "bitmask", op: "bitmask",
flagVal: "211", flagVal: "211",
compareValue: "644", compareValue: "644",
expectedResultPattern: "etc/fileExamplePermission211 has permissions 211, expected 644 or more restrictive", expectedResultPattern: "etc/fileExamplePermission211 has permissions 211, expected 644 or more restrictive",
testResult: false, testResult: false,
flagName: "etc/fileExamplePermission211"}, flagName: "etc/fileExamplePermission211",
{label: "op=bitmask, Harry AND 211", },
{
label: "op=bitmask, Harry AND 211",
op: "bitmask", op: "bitmask",
flagVal: "Harry", flagVal: "Harry",
compareValue: "644", compareValue: "644",
expectedResultPattern: "Not numeric value - flag: Harry", expectedResultPattern: "Not numeric value - flag: Harry",
testResult: false, testResult: false,
flagName: "etc/fileExample"}, flagName: "etc/fileExample",
{label: "op=bitmask, 644 AND Potter", },
{
label: "op=bitmask, 644 AND Potter",
op: "bitmask", op: "bitmask",
flagVal: "211", flagVal: "211",
compareValue: "Potter", compareValue: "Potter",
expectedResultPattern: "Not numeric value - flag: Potter", expectedResultPattern: "Not numeric value - flag: Potter",
testResult: false, testResult: false,
flagName: "etc/fileExample"}, flagName: "etc/fileExample",
},
} }
for _, c := range cases { for _, c := range cases {
@ -1136,37 +1277,36 @@ func TestToNumeric(t *testing.T) {
} }
func TestExecuteJSONPathOnEncryptionConfig(t *testing.T) { func TestExecuteJSONPathOnEncryptionConfig(t *testing.T) {
type Resources struct { type Resources struct {
Resources []string `json:"resources"` Resources []string `json:"resources"`
Providers []map[string]interface{} `json:"providers"` Providers []map[string]interface{} `json:"providers"`
} }
type EncryptionConfig struct { type EncryptionConfig struct {
Kind string `json:"kind"` Kind string `json:"kind"`
ApiVersion string `json:"apiVersion"` ApiVersion string `json:"apiVersion"`
Resources []Resources `json:"resources"` Resources []Resources `json:"resources"`
} }
type Key struct { type Key struct {
Secret string `json:"secret"` Secret string `json:"secret"`
Name string `json:"name"` Name string `json:"name"`
} }
type Aescbc struct { type Aescbc struct {
Keys []Key `json:"keys"` Keys []Key `json:"keys"`
} }
type SecretBox struct { type SecretBox struct {
Keys []Key `json:"keys"` Keys []Key `json:"keys"`
} }
type Aesgcm struct { type Aesgcm struct {
Keys []Key `json:"keys"` Keys []Key `json:"keys"`
} }
// identity disable encryption when set as the first parameter // identity disable encryption when set as the first parameter
type Identity struct {} type Identity struct{}
cases := []struct { cases := []struct {
name string name string
@ -1179,11 +1319,12 @@ func TestExecuteJSONPathOnEncryptionConfig(t *testing.T) {
"JSONPath parse works, results match", "JSONPath parse works, results match",
"{.resources[*].providers[*].aescbc.keys[*].secret}", "{.resources[*].providers[*].aescbc.keys[*].secret}",
EncryptionConfig{ EncryptionConfig{
Kind: "EncryptionConfig", Kind: "EncryptionConfig",
ApiVersion: "v1", ApiVersion: "v1",
Resources: []Resources{{Resources: []string{"secrets"}, Providers: []map[string]interface{}{ Resources: []Resources{{Resources: []string{"secrets"}, Providers: []map[string]interface{}{
{"aescbc": Aescbc{Keys: []Key{Key{Secret: "secret1", Name: "name1"}}}}, {"aescbc": Aescbc{Keys: []Key{{Secret: "secret1", Name: "name1"}}}},
}}}}, }}},
},
"secret1", "secret1",
false, false,
}, },
@ -1191,11 +1332,12 @@ func TestExecuteJSONPathOnEncryptionConfig(t *testing.T) {
"JSONPath parse works, results match", "JSONPath parse works, results match",
"{.resources[*].providers[*].aescbc.keys[*].name}", "{.resources[*].providers[*].aescbc.keys[*].name}",
EncryptionConfig{ EncryptionConfig{
Kind: "EncryptionConfig", Kind: "EncryptionConfig",
ApiVersion: "v1", ApiVersion: "v1",
Resources: []Resources{{Resources: []string{"secrets"}, Providers: []map[string]interface{}{ Resources: []Resources{{Resources: []string{"secrets"}, Providers: []map[string]interface{}{
{"aescbc": Aescbc{Keys: []Key{Key{Secret: "secret1", Name: "name1"}}}}, {"aescbc": Aescbc{Keys: []Key{{Secret: "secret1", Name: "name1"}}}},
}}}}, }}},
},
"name1", "name1",
false, false,
}, },
@ -1203,11 +1345,12 @@ func TestExecuteJSONPathOnEncryptionConfig(t *testing.T) {
"JSONPath parse works, results don't match", "JSONPath parse works, results don't match",
"{.resources[*].providers[*].aescbc.keys[*].secret}", "{.resources[*].providers[*].aescbc.keys[*].secret}",
EncryptionConfig{ EncryptionConfig{
Kind: "EncryptionConfig", Kind: "EncryptionConfig",
ApiVersion: "v1", ApiVersion: "v1",
Resources: []Resources{{Resources: []string{"secrets"}, Providers: []map[string]interface{}{ Resources: []Resources{{Resources: []string{"secrets"}, Providers: []map[string]interface{}{
{"aesgcm": Aesgcm{Keys: []Key{Key{Secret: "secret1", Name: "name1"}}}}, {"aesgcm": Aesgcm{Keys: []Key{{Secret: "secret1", Name: "name1"}}}},
}}}}, }}},
},
"secret1", "secret1",
true, true,
}, },
@ -1215,11 +1358,12 @@ func TestExecuteJSONPathOnEncryptionConfig(t *testing.T) {
"JSONPath parse works, results match", "JSONPath parse works, results match",
"{.resources[*].providers[*].aesgcm.keys[*].secret}", "{.resources[*].providers[*].aesgcm.keys[*].secret}",
EncryptionConfig{ EncryptionConfig{
Kind: "EncryptionConfig", Kind: "EncryptionConfig",
ApiVersion: "v1", ApiVersion: "v1",
Resources: []Resources{{Resources: []string{"secrets"}, Providers: []map[string]interface{}{ Resources: []Resources{{Resources: []string{"secrets"}, Providers: []map[string]interface{}{
{"aesgcm": Aesgcm{Keys: []Key{Key{Secret: "secret1", Name: "name1"}}}}, {"aesgcm": Aesgcm{Keys: []Key{{Secret: "secret1", Name: "name1"}}}},
}}}}, }}},
},
"secret1", "secret1",
false, false,
}, },
@ -1227,11 +1371,12 @@ func TestExecuteJSONPathOnEncryptionConfig(t *testing.T) {
"JSONPath parse works, results match", "JSONPath parse works, results match",
"{.resources[*].providers[*].secretbox.keys[*].secret}", "{.resources[*].providers[*].secretbox.keys[*].secret}",
EncryptionConfig{ EncryptionConfig{
Kind: "EncryptionConfig", Kind: "EncryptionConfig",
ApiVersion: "v1", ApiVersion: "v1",
Resources: []Resources{{Resources: []string{"secrets"}, Providers: []map[string]interface{}{ Resources: []Resources{{Resources: []string{"secrets"}, Providers: []map[string]interface{}{
{"secretbox": SecretBox{Keys: []Key{Key{Secret: "secret1", Name: "name1"}}}}, {"secretbox": SecretBox{Keys: []Key{{Secret: "secret1", Name: "name1"}}}},
}}}}, }}},
},
"secret1", "secret1",
false, false,
}, },
@ -1239,11 +1384,12 @@ func TestExecuteJSONPathOnEncryptionConfig(t *testing.T) {
"JSONPath parse works, results match", "JSONPath parse works, results match",
"{.resources[*].providers[*].aescbc.keys[*].secret}", "{.resources[*].providers[*].aescbc.keys[*].secret}",
EncryptionConfig{ EncryptionConfig{
Kind: "EncryptionConfig", Kind: "EncryptionConfig",
ApiVersion: "v1", ApiVersion: "v1",
Resources: []Resources{{Resources: []string{"secrets"}, Providers: []map[string]interface{}{ Resources: []Resources{{Resources: []string{"secrets"}, Providers: []map[string]interface{}{
{"aescbc": Aescbc{Keys: []Key{Key{Secret: "secret1", Name: "name1"}, Key{Secret: "secret2", Name: "name2"}}}}, {"aescbc": Aescbc{Keys: []Key{{Secret: "secret1", Name: "name1"}, {Secret: "secret2", Name: "name2"}}}},
}}}}, }}},
},
"secret1 secret2", "secret1 secret2",
false, false,
}, },

5
cmd/common.go
View File

@ -47,7 +47,7 @@ func NewRunFilter(opts FilterOpts) (check.Predicate, error) {
} }
return func(g *check.Group, c *check.Check) bool { return func(g *check.Group, c *check.Check) bool {
var test = true test := true
if len(groupIDs) > 0 { if len(groupIDs) > 0 {
_, ok := groupIDs[g.ID] _, ok := groupIDs[g.ID]
test = test && ok test = test && ok
@ -87,7 +87,6 @@ func runChecks(nodetype check.NodeType, testYamlFile, detectedVersion string) {
// Get the set of executables we need for this section of the tests // Get the set of executables we need for this section of the tests
binmap, err := getBinaries(typeConf, nodetype) binmap, err := getBinaries(typeConf, nodetype)
// Checks that the executables we need for the section are running. // Checks that the executables we need for the section are running.
if err != nil { if err != nil {
glog.V(1).Info(fmt.Sprintf("failed to get a set of executables needed for tests: %v", err)) glog.V(1).Info(fmt.Sprintf("failed to get a set of executables needed for tests: %v", err))
@ -148,7 +147,7 @@ func generateDefaultEnvAudit(controls *check.Controls, binSubs []string) {
} }
func parseSkipIds(skipIds string) map[string]bool { func parseSkipIds(skipIds string) map[string]bool {
var skipIdMap = make(map[string]bool, 0) skipIdMap := make(map[string]bool, 0)
if skipIds != "" { if skipIds != "" {
for _, id := range strings.Split(skipIds, ",") { for _, id := range strings.Split(skipIds, ",") {
skipIdMap[strings.Trim(id, " ")] = true skipIdMap[strings.Trim(id, " ")] = true

3
cmd/common_test.go
View File

@ -52,7 +52,6 @@ func TestParseSkipIds(t *testing.T) {
} }
func TestNewRunFilter(t *testing.T) { func TestNewRunFilter(t *testing.T) {
type TestCase struct { type TestCase struct {
Name string Name string
FilterOpts FilterOpts FilterOpts FilterOpts
@ -139,7 +138,6 @@ func TestNewRunFilter(t *testing.T) {
// then // then
assert.EqualError(t, err, "group option and check option can't be used together") assert.EqualError(t, err, "group option and check option can't be used together")
}) })
} }
func TestIsMaster(t *testing.T) { func TestIsMaster(t *testing.T) {
@ -212,7 +210,6 @@ func TestIsMaster(t *testing.T) {
} }
func TestMapToCISVersion(t *testing.T) { func TestMapToCISVersion(t *testing.T) {
viperWithData, err := loadConfigForTest() viperWithData, err := loadConfigForTest()
if err != nil { if err != nil {
t.Fatalf("Unable to load config file %v", err) t.Fatalf("Unable to load config file %v", err)

7
cmd/kubernetes_version_test.go
View File

@ -72,7 +72,6 @@ FAjB57z2NcIgJuVpQnGRYtr/JcH2Qdsq8bLtXaojUIWOOqoTDRLYozdMOOQ=
t.Errorf("Expected error") t.Errorf("Expected error")
} }
} }
}) })
} }
} }
@ -124,8 +123,8 @@ func TestGetWebData(t *testing.T) {
} }
}) })
} }
} }
func TestGetWebDataWithRetry(t *testing.T) { func TestGetWebDataWithRetry(t *testing.T) {
okfn := func(w http.ResponseWriter, r *http.Request) { okfn := func(w http.ResponseWriter, r *http.Request) {
_, _ = fmt.Fprintln(w, `{ _, _ = fmt.Fprintln(w, `{
@ -173,8 +172,8 @@ func TestGetWebDataWithRetry(t *testing.T) {
} }
}) })
} }
} }
func TestExtractVersion(t *testing.T) { func TestExtractVersion(t *testing.T) {
okJSON := []byte(`{ okJSON := []byte(`{
"major": "1", "major": "1",
@ -231,7 +230,6 @@ func TestExtractVersion(t *testing.T) {
} }
func TestGetKubernetesURL(t *testing.T) { func TestGetKubernetesURL(t *testing.T) {
resetEnvs := func() { resetEnvs := func() {
os.Unsetenv("KUBE_BENCH_K8S_ENV") os.Unsetenv("KUBE_BENCH_K8S_ENV")
os.Unsetenv("KUBERNETES_SERVICE_HOST") os.Unsetenv("KUBERNETES_SERVICE_HOST")
@ -277,5 +275,4 @@ func TestGetKubernetesURL(t *testing.T) {
} }
}) })
} }
} }

1
cmd/root.go
View File

@ -200,7 +200,6 @@ func init() {
goflag.CommandLine.VisitAll(func(goflag *goflag.Flag) { goflag.CommandLine.VisitAll(func(goflag *goflag.Flag) {
RootCmd.PersistentFlags().AddGoFlag(goflag) RootCmd.PersistentFlags().AddGoFlag(goflag)
}) })
} }
// initConfig reads in config file and ENV variables if set. // initConfig reads in config file and ENV variables if set.

5
cmd/securityHub.go
View File

@ -11,7 +11,7 @@ import (
"github.com/spf13/viper" "github.com/spf13/viper"
) )
//REGION ... // REGION ...
const REGION = "AWS_REGION" const REGION = "AWS_REGION"
func writeFinding(in []*securityhub.AwsSecurityFinding) error { func writeFinding(in []*securityhub.AwsSecurityFinding) error {
@ -20,7 +20,8 @@ func writeFinding(in []*securityhub.AwsSecurityFinding) error {
return fmt.Errorf("%s not set", REGION) return fmt.Errorf("%s not set", REGION)
} }
sess, err := session.NewSession(&aws.Config{ sess, err := session.NewSession(&aws.Config{
Region: aws.String(r)}, Region: aws.String(r),
},
) )
if err != nil { if err != nil {
return err return err

38
cmd/util.go
View File

@ -16,26 +16,26 @@ import (
"github.com/spf13/viper" "github.com/spf13/viper"
) )
// Print colors
var colors = map[check.State]*color.Color{
check.PASS: color.New(color.FgGreen),
check.FAIL: color.New(color.FgRed),
check.WARN: color.New(color.FgYellow),
check.INFO: color.New(color.FgBlue),
}
var ( var (
// Print colors psFunc func(string) string
colors = map[check.State]*color.Color{ statFunc func(string) (os.FileInfo, error)
check.PASS: color.New(color.FgGreen), getBinariesFunc func(*viper.Viper, check.NodeType) (map[string]string, error)
check.FAIL: color.New(color.FgRed), TypeMap = map[string][]string{
check.WARN: color.New(color.FgYellow), "ca": {"cafile", "defaultcafile"},
check.INFO: color.New(color.FgBlue), "kubeconfig": {"kubeconfig", "defaultkubeconfig"},
"service": {"svc", "defaultsvc"},
"config": {"confs", "defaultconf"},
} }
) )
var psFunc func(string) string
var statFunc func(string) (os.FileInfo, error)
var getBinariesFunc func(*viper.Viper, check.NodeType) (map[string]string, error)
var TypeMap = map[string][]string{
"ca": {"cafile", "defaultcafile"},
"kubeconfig": {"kubeconfig", "defaultkubeconfig"},
"service": {"svc", "defaultsvc"},
"config": {"confs", "defaultconf"},
}
func init() { func init() {
psFunc = ps psFunc = ps
statFunc = os.Stat statFunc = os.Stat
@ -208,7 +208,6 @@ func getFiles(v *viper.Viper, fileType string) map[string]string {
// verifyBin checks that the binary specified is running // verifyBin checks that the binary specified is running
func verifyBin(bin string) bool { func verifyBin(bin string) bool {
// Strip any quotes // Strip any quotes
bin = strings.Trim(bin, "'\"") bin = strings.Trim(bin, "'\"")
@ -290,7 +289,6 @@ Alternatively, you can specify the version with --version
` `
func getKubeVersion() (*KubeVersion, error) { func getKubeVersion() (*KubeVersion, error) {
if k8sVer, err := getKubeVersionFromRESTAPI(); err == nil { if k8sVer, err := getKubeVersionFromRESTAPI(); err == nil {
glog.V(2).Info(fmt.Sprintf("Kubernetes REST API Reported version: %s", k8sVer)) glog.V(2).Info(fmt.Sprintf("Kubernetes REST API Reported version: %s", k8sVer))
return k8sVer, nil return k8sVer, nil
@ -298,7 +296,6 @@ func getKubeVersion() (*KubeVersion, error) {
// These executables might not be on the user's path. // These executables might not be on the user's path.
_, err := exec.LookPath("kubectl") _, err := exec.LookPath("kubectl")
if err != nil { if err != nil {
glog.V(3).Infof("Error locating kubectl: %s", err) glog.V(3).Infof("Error locating kubectl: %s", err)
_, err = exec.LookPath("kubelet") _, err = exec.LookPath("kubelet")
@ -337,7 +334,6 @@ func getKubeVersionFromKubectl() *KubeVersion {
func getKubeVersionFromKubelet() *KubeVersion { func getKubeVersionFromKubelet() *KubeVersion {
cmd := exec.Command("kubelet", "--version") cmd := exec.Command("kubelet", "--version")
out, err := cmd.CombinedOutput() out, err := cmd.CombinedOutput()
if err != nil { if err != nil {
glog.V(2).Infof("Failed to query kubelet: %s", err) glog.V(2).Infof("Failed to query kubelet: %s", err)
glog.V(2).Info(err) glog.V(2).Info(err)
@ -401,11 +397,9 @@ func makeSubstitutions(s string, ext string, m map[string]string) (string, []str
func isEmpty(str string) bool { func isEmpty(str string) bool {
return strings.TrimSpace(str) == "" return strings.TrimSpace(str) == ""
} }
func buildComponentMissingErrorMessage(nodetype check.NodeType, component string, bins []string) string { func buildComponentMissingErrorMessage(nodetype check.NodeType, component string, bins []string) string {
errMessageTemplate := ` errMessageTemplate := `
Unable to detect running programs for component %q Unable to detect running programs for component %q
The following %q programs have been searched, but none of them have been found: The following %q programs have been searched, but none of them have been found:

24
cmd/util_test.go
View File

@ -29,9 +29,11 @@ import (
"github.com/spf13/viper" "github.com/spf13/viper"
) )
var g string var (
var e []error g string
var eIndex int e []error
eIndex int
)
func fakeps(proc string) string { func fakeps(proc string) string {
return g return g
@ -132,7 +134,7 @@ func TestGetBinaries(t *testing.T) {
expectErr: false, expectErr: false,
}, },
{ {
// "anotherthing" in list of components but doesn't have a defintion // "anotherthing" in list of components but doesn't have a definition
config: map[string]interface{}{"components": []string{"apiserver", "anotherthing"}, "apiserver": map[string]interface{}{"bins": []string{"apiserver", "kube-apiserver"}}, "thing": map[string]interface{}{"bins": []string{"something else", "thing"}}}, config: map[string]interface{}{"components": []string{"apiserver", "anotherthing"}, "apiserver": map[string]interface{}{"bins": []string{"apiserver", "kube-apiserver"}}, "thing": map[string]interface{}{"bins": []string{"something else", "thing"}}},
psOut: "kube-apiserver thing", psOut: "kube-apiserver thing",
exp: map[string]string{"apiserver": "kube-apiserver"}, exp: map[string]string{"apiserver": "kube-apiserver"},
@ -262,7 +264,8 @@ func TestGetConfigFiles(t *testing.T) {
config: map[string]interface{}{ config: map[string]interface{}{
"components": []string{"apiserver"}, "components": []string{"apiserver"},
"apiserver": map[string]interface{}{"confs": []string{"apiserver", "kube-apiserver"}}, "apiserver": map[string]interface{}{"confs": []string{"apiserver", "kube-apiserver"}},
"thing": map[string]interface{}{"confs": []string{"/my/file/thing"}}}, "thing": map[string]interface{}{"confs": []string{"/my/file/thing"}},
},
statResults: []error{os.ErrNotExist, nil}, statResults: []error{os.ErrNotExist, nil},
exp: map[string]string{"apiserver": "kube-apiserver"}, exp: map[string]string{"apiserver": "kube-apiserver"},
}, },
@ -271,7 +274,8 @@ func TestGetConfigFiles(t *testing.T) {
config: map[string]interface{}{ config: map[string]interface{}{
"components": []string{"apiserver", "thing"}, "components": []string{"apiserver", "thing"},
"apiserver": map[string]interface{}{"confs": []string{"apiserver", "kube-apiserver"}}, "apiserver": map[string]interface{}{"confs": []string{"apiserver", "kube-apiserver"}},
"thing": map[string]interface{}{"confs": []string{"/my/file/thing"}}}, "thing": map[string]interface{}{"confs": []string{"/my/file/thing"}},
},
statResults: []error{os.ErrNotExist, nil, nil}, statResults: []error{os.ErrNotExist, nil, nil},
exp: map[string]string{"apiserver": "kube-apiserver", "thing": "/my/file/thing"}, exp: map[string]string{"apiserver": "kube-apiserver", "thing": "/my/file/thing"},
}, },
@ -280,7 +284,8 @@ func TestGetConfigFiles(t *testing.T) {
config: map[string]interface{}{ config: map[string]interface{}{
"components": []string{"apiserver", "thing"}, "components": []string{"apiserver", "thing"},
"apiserver": map[string]interface{}{"confs": []string{"apiserver", "kube-apiserver"}}, "apiserver": map[string]interface{}{"confs": []string{"apiserver", "kube-apiserver"}},
"thing": map[string]interface{}{"confs": []string{"/my/file/thing"}, "defaultconf": "another/thing"}}, "thing": map[string]interface{}{"confs": []string{"/my/file/thing"}, "defaultconf": "another/thing"},
},
statResults: []error{os.ErrNotExist, nil, os.ErrNotExist}, statResults: []error{os.ErrNotExist, nil, os.ErrNotExist},
exp: map[string]string{"apiserver": "kube-apiserver", "thing": "another/thing"}, exp: map[string]string{"apiserver": "kube-apiserver", "thing": "another/thing"},
}, },
@ -289,7 +294,8 @@ func TestGetConfigFiles(t *testing.T) {
config: map[string]interface{}{ config: map[string]interface{}{
"components": []string{"apiserver", "thing"}, "components": []string{"apiserver", "thing"},
"apiserver": map[string]interface{}{"confs": []string{"apiserver", "kube-apiserver"}}, "apiserver": map[string]interface{}{"confs": []string{"apiserver", "kube-apiserver"}},
"thing": map[string]interface{}{"confs": []string{"/my/file/thing"}}}, "thing": map[string]interface{}{"confs": []string{"/my/file/thing"}},
},
statResults: []error{os.ErrNotExist, nil, os.ErrNotExist}, statResults: []error{os.ErrNotExist, nil, os.ErrNotExist},
exp: map[string]string{"apiserver": "kube-apiserver", "thing": "thing"}, exp: map[string]string{"apiserver": "kube-apiserver", "thing": "thing"},
}, },
@ -459,7 +465,6 @@ func TestGetConfigFilePath(t *testing.T) {
} }
func TestDecrementVersion(t *testing.T) { func TestDecrementVersion(t *testing.T) {
cases := []struct { cases := []struct {
kubeVersion string kubeVersion string
succeed bool succeed bool
@ -646,7 +651,6 @@ func Test_getPlatformBenchmarkVersion(t *testing.T) {
} }
func Test_getOcpValidVersion(t *testing.T) { func Test_getOcpValidVersion(t *testing.T) {
cases := []struct { cases := []struct {
openShiftVersion string openShiftVersion string
succeed bool succeed bool

1
cmd/version.go
View File

@ -2,6 +2,7 @@ package cmd
import ( import (
"fmt" "fmt"
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )