From e4f0f470eeeefdda0848602bca90f6bc5f4786ca Mon Sep 17 00:00:00 2001 From: wwwil Date: Tue, 4 Jun 2019 11:38:17 +0100 Subject: [PATCH 1/4] Add regex op to test --- check/test.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/check/test.go b/check/test.go index d27750a..b15cb8b 100644 --- a/check/test.go +++ b/check/test.go @@ -185,6 +185,11 @@ func (t *testItem) execute(s string) *testOutput { case "nothave": expectedResultPattern = " '%s' not have '%s'" result.testResult = !strings.Contains(flagVal, t.Compare.Value) + + case "regex": + expectedResultPattern = " '%s' matched by '%s'" + opRe := regexp.MustCompile(t.Compare.Value) + result.testResult = opRe.MatchString(flagVal) } result.ExpectedResult = fmt.Sprintf(expectedResultPattern, t.Flag, t.Compare.Value) From 83c7536c8ad1e30f2a6a182049003d3c0f036cfe Mon Sep 17 00:00:00 2001 From: wwwil Date: Wed, 5 Jun 2019 12:23:59 +0100 Subject: [PATCH 2/4] Add tests for regex test op --- check/data | 10 ++++++++++ check/test_test.go | 12 ++++++++++++ 2 files changed, 22 insertions(+) diff --git a/check/data b/check/data index 116a5f9..7e41a9f 100644 --- a/check/data +++ b/check/data @@ -297,3 +297,13 @@ groups: op: eq value: "false" set: true + + - id: 26 + text: "check regex op matches" + tests: + test_items: + - path: "{.currentMasterVersion}" + compare: + op: regex + value: '^1\.12.*$' + set: true diff --git a/check/test_test.go b/check/test_test.go index 308dcad..a74679c 100644 --- a/check/test_test.go +++ b/check/test_test.go @@ -152,6 +152,10 @@ func TestTestExecute(t *testing.T) { controls.Groups[0].Checks[22], "authentication:\n anonymous:\n enabled: false", }, + { + controls.Groups[0].Checks[26], + "currentMasterVersion: 1.12.7", + }, } for _, c := range cases { @@ -180,6 +184,14 @@ func TestTestExecuteExceptions(t *testing.T) { controls.Groups[0].Checks[25], "broken } yaml\nenabled: true", }, + { + controls.Groups[0].Checks[26], + "currentMasterVersion: 1.11", + }, + { + controls.Groups[0].Checks[26], + "currentMasterVersion: ", + }, } for _, c := range cases { From 7efa7b2c358d86f6e43a7ba2c66e1c7fecccb784 Mon Sep 17 00:00:00 2001 From: wwwil Date: Wed, 5 Jun 2019 15:29:40 +0100 Subject: [PATCH 3/4] Add regex to list of compare ops --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 8eb2b98..b6eec47 100644 --- a/README.md +++ b/README.md @@ -228,6 +228,9 @@ These operations are: - `lte`: tests if the flag value is less than or equal to the compared value. - `has`: tests if the flag value contains the compared value. - `nothave`: tests if the flag value does not contain the compared value. +- `regex`: tests if the flag value matches the compared value regular expression. + +When defining regular expressions in YAML it is generally easier to wrap them in single quotes, for example `'^[abc]$`, to avoid issues with string escaping. # Roadmap Going forward we plan to release updates to kube-bench to add support for new releases of the Benchmark, which in turn we can anticipate being made for each new Kubernetes release. From c76369fe2caa668c5975177a28e402a68949ca98 Mon Sep 17 00:00:00 2001 From: Liz Rice Date: Mon, 10 Jun 2019 20:29:58 -0700 Subject: [PATCH 4/4] Add missing quote --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f7631e6..2fdb6af 100644 --- a/README.md +++ b/README.md @@ -234,7 +234,7 @@ These operations are: - `nothave`: tests if the flag value does not contain the compared value. - `regex`: tests if the flag value matches the compared value regular expression. -When defining regular expressions in YAML it is generally easier to wrap them in single quotes, for example `'^[abc]$`, to avoid issues with string escaping. +When defining regular expressions in YAML it is generally easier to wrap them in single quotes, for example `'^[abc]$'`, to avoid issues with string escaping. # Roadmap Going forward we plan to release updates to kube-bench to add support for new releases of the Benchmark, which in turn we can anticipate being made for each new Kubernetes release.