forgetest5
/
kubeeye
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #8 from kubesphere/dev-ll 

add pod testCode
This commit is contained in:
Forest 2020-12-23 11:35:59 +08:00 committed by GitHub
parent 3c7d3f1e81 96e1a88d84
commit 668d831d04
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 105 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
go.mod
View File

@ -10,7 +10,6 @@ require (
github.com/spf13/cobra v1.0.0 github.com/spf13/cobra v1.0.0
github.com/spf13/pflag v1.0.5 github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.5.1 github.com/stretchr/testify v1.5.1
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776
k8s.io/api v0.18.6 k8s.io/api v0.18.6
k8s.io/apimachinery v0.18.6 k8s.io/apimachinery v0.18.6
k8s.io/client-go v0.18.6 k8s.io/client-go v0.18.6

2
go.sum
View File

@ -496,8 +496,6 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

1
pkg/validator/container.go
View File

@ -51,6 +51,7 @@ func ValidateAllContainers(ctx context.Context, conf *config.Configuration, cont
return nil, err return nil, err
} }
// delete success results
for key, deleteTrue := range result.Results { for key, deleteTrue := range result.Results {
if true == deleteTrue.Success { if true == deleteTrue.Success {
delete(result.Results, key) delete(result.Results, key)

1
pkg/validator/output.go
View File

@ -70,6 +70,7 @@ type PodResult struct {
Message []string `yaml:"message" json:"message,omitempty"` Message []string `yaml:"message" json:"message,omitempty"`
ContainerResults []ContainerResult `yaml:"containerResults" json:"containerResults,omitempty"` ContainerResults []ContainerResult `yaml:"containerResults" json:"containerResults,omitempty"`
Severity config.Severity `yaml:"severity" json:"severity,omitempty"` Severity config.Severity `yaml:"severity" json:"severity,omitempty"`
Results ResultSet
} }
type ContainerResult struct { type ContainerResult struct {

12
pkg/validator/pod.go
View File

@ -38,9 +38,15 @@ func ValidatePods(ctx context.Context, conf *config.Configuration, kubeResource
if len(result.ContainerResults[0].Results) == 0 || result.ContainerResults == nil { if len(result.ContainerResults[0].Results) == 0 || result.ContainerResults == nil {
continue continue
} }
for key, _ := range result.ContainerResults[0].Results { for key, _ := range result.ContainerResults[0].Results {
messages = append(messages, key) messages = append(messages, key)
} }
for key1, value1 := range result.Results {
if value1.Success == false {
messages = append(messages, key1)
}
}
result.Message = messages result.Message = messages
result.Severity = "Warning" result.Severity = "Warning"
results = append(results, result) results = append(results, result)
@ -49,12 +55,13 @@ func ValidatePods(ctx context.Context, conf *config.Configuration, kubeResource
} }
func ValidatePod(ctx context.Context, c *config.Configuration, pod kube.GenericWorkload) (PodResult, error) { func ValidatePod(ctx context.Context, c *config.Configuration, pod kube.GenericWorkload) (PodResult, error) {
_, err := applyPodSchemaChecks(c, pod) podResults, err := applyPodSchemaChecks(c, pod)
if err != nil { if err != nil {
return PodResult{}, err return PodResult{}, err
} }
pRes := PodResult{ pRes := PodResult{
//Results: podResults, Results: podResults,
ContainerResults: []ContainerResult{}, ContainerResults: []ContainerResult{},
} }
@ -69,6 +76,7 @@ func ValidatePod(ctx context.Context, c *config.Configuration, pod kube.GenericW
Name: pod.ObjectMeta.GetName(), Name: pod.ObjectMeta.GetName(),
Namespace: pod.ObjectMeta.GetNamespace(), Namespace: pod.ObjectMeta.GetNamespace(),
ContainerResults: pRes.ContainerResults, ContainerResults: pRes.ContainerResults,
Results: podResults,
Severity: "Warning", Severity: "Warning",
} }
return result, nil return result, nil

93
pkg/validator/pod_test.go
View File

@ -1 +1,94 @@
package validator package validator
import (
"context"
"github.com/stretchr/testify/assert"
conf "kubeye/pkg/config"
"kubeye/pkg/kube"
"kubeye/test"
"testing"
)
func TestInvalidIPCPod(t *testing.T) {
c := conf.Configuration{
Checks: map[string]conf.Severity{
"hostIPCSet": conf.SeverityWarning,
},
}
k8s, _ := test.SetupTestAPI()
k8s = test.SetupAddControllers(context.Background(), k8s, "test")
p := test.MockPod()
p.Spec.HostIPC = true
workload, err := kube.NewGenericWorkloadFromPod(p, nil)
assert.NoError(t, err)
expectedResults := ResultSet{
"hostIPCSet": {ID: "hostIPCSet", Message: "Host IPC should not be configured", Success: false, Severity: "warning", Category: "Security"},
}
actualPodResult, err := ValidatePod(context.Background(), &c, workload)
if err != nil {
panic(err)
}
assert.Equal(t, 1, len(actualPodResult.ContainerResults), "should be equal")
assert.EqualValues(t, 1, len(actualPodResult.Results.GetWarnings()))
assert.EqualValues(t, expectedResults, actualPodResult.Results)
}
func TestInvalidNeworkPod(t *testing.T) {
c := conf.Configuration{
Checks: map[string]conf.Severity{
"hostNetworkSet": conf.SeverityWarning,
},
}
k8s, _ := test.SetupTestAPI()
k8s = test.SetupAddControllers(context.Background(), k8s, "test")
p := test.MockPod()
p.Spec.HostNetwork = true
workload, err := kube.NewGenericWorkloadFromPod(p, nil)
assert.NoError(t, err)
expectedResults := ResultSet{
"hostNetworkSet": {ID: "hostNetworkSet", Message: "Host network should not be configured", Success: false, Severity: "warning", Category: "Networking"},
}
actualPodResult, err := ValidatePod(context.Background(), &c, workload)
if err != nil {
panic(err)
}
assert.Equal(t, 1, len(actualPodResult.ContainerResults), "should be equal")
assert.EqualValues(t, 1, len(actualPodResult.Results.GetWarnings()))
assert.EqualValues(t, expectedResults, actualPodResult.Results)
}
func TestInvalidPIDPod(t *testing.T) {
c := conf.Configuration{
Checks: map[string]conf.Severity{
"hostPIDSet": conf.SeverityWarning,
},
}
k8s, _ := test.SetupTestAPI()
k8s = test.SetupAddControllers(context.Background(), k8s, "test")
p := test.MockPod()
p.Spec.HostPID = true
workload, err := kube.NewGenericWorkloadFromPod(p, nil)
assert.NoError(t, err)
expectedResults := ResultSet{
"hostPIDSet": {ID: "hostPIDSet", Message: "Host PID should not be configured", Success: false, Severity: "warning", Category: "Security"},
}
actualPodResult, err := ValidatePod(context.Background(), &c, workload)
if err != nil {
panic(err)
}
assert.Equal(t, 1, len(actualPodResult.ContainerResults), "should be equal")
assert.EqualValues(t, 1, len(actualPodResult.Results.GetWarnings()))
assert.EqualValues(t, expectedResults, actualPodResult.Results)
}