mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-05-07 01:36:41 +00:00
4d96993a18
* added fix command implementation * use node api * fix tests * added hostport mutate rule * update mutating server * fix array reference and add back leading slash * added test and refactor findNodes * more tests * added more test and fix issue with arrays * rename findNode function and ensure we capture exceptions * rename findNode function * append array value at the end and for single item remove brackets * append array value at the end and for single item remove brackets * create array if it does not exists * fix tests * handle some exceptions * fix tests * fix string format * guard for PodResult * fix flag name * fix privilegeEscalation check * fix up mutations for local files * fix pod parsing * fix object values * remove logspam * fix import * update some comments for health probes * add an option to not apply any mutations\, and just adjust yaml formatting * add preliminary support for helm * logspam * change up comment strategy * fix object comments * format * fix tests * add comments * fix key updates * fix mutation tests * tidy * refactor test * add test * add test * add test for object comments Co-authored-by: Robert Brennan <accounts@rbren.io> Co-authored-by: Robert Brennan <contact@rbren.io>
65 lines
2.1 KiB
Go
65 lines
2.1 KiB
Go
package test
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/fairwindsops/polaris/pkg/config"
|
|
"github.com/fairwindsops/polaris/pkg/mutation"
|
|
"github.com/fairwindsops/polaris/pkg/validator"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
var configYaml = `
|
|
checks:
|
|
pullPolicyNotAlways: warning
|
|
hostIPCSet: danger
|
|
hostPIDSet: danger
|
|
hostNetworkSet: danger
|
|
hostPortSet: warning
|
|
deploymentMissingReplicas: warning
|
|
priorityClassNotSet: ignore
|
|
runAsRootAllowed: danger
|
|
cpuRequestsMissing: warning
|
|
cpuLimitsMissing: warning
|
|
memoryRequestsMissing: warning
|
|
memoryLimitsMissing: warning
|
|
readinessProbeMissing: warning
|
|
livenessProbeMissing: warning
|
|
`
|
|
|
|
func TestMutations(t *testing.T) {
|
|
c, err := config.Parse([]byte(configYaml))
|
|
assert.NoError(t, err)
|
|
assert.Len(t, c.Mutations, 0)
|
|
for mutationStr := range mutationTestCasesMap {
|
|
if len(mutationTestCasesMap[mutationStr]) == 0 {
|
|
panic("No test cases found for " + mutationStr)
|
|
}
|
|
for _, tc := range mutationTestCasesMap[mutationStr] {
|
|
newConfig := c
|
|
key := fmt.Sprintf("%s/%s", tc.check, strings.ReplaceAll(tc.filename, "failure", "mutated"))
|
|
mutatedYamlContent, ok := mutatedYamlContentMap[key]
|
|
assert.True(t, ok)
|
|
assert.Len(t, tc.resources.Resources, 1)
|
|
newConfig.Checks = map[string]config.Severity{}
|
|
newConfig.Checks[mutationStr] = config.SeverityDanger
|
|
newConfig.Mutations = []string{mutationStr}
|
|
results, err := validator.ApplyAllSchemaChecksToResourceProvider(&newConfig, tc.resources)
|
|
assert.NoError(t, err)
|
|
assert.Len(t, results, 1)
|
|
allMutations := mutation.GetMutationsFromResults(results)
|
|
assert.Len(t, allMutations, 1)
|
|
for _, resources := range tc.resources.Resources {
|
|
assert.Len(t, resources, 1)
|
|
key := fmt.Sprintf("%s/%s/%s", resources[0].Kind, resources[0].Resource.GetName(), resources[0].Resource.GetNamespace())
|
|
mutations := allMutations[key]
|
|
yamlContent, err := mutation.ApplyAllMutations(tc.manifest, mutations)
|
|
assert.NoError(t, err)
|
|
assert.EqualValues(t, mutatedYamlContent, yamlContent, "Mutation test case for "+tc.check+"/"+tc.filename+" failed")
|
|
}
|
|
}
|
|
}
|
|
}
|