def test_summary(self): # given test_files_dir = Path(__file__).parent / "example_ApiServerAuthorizationModeNotAlwaysAllow" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "Pod.kube-system.kube-apiserver-no-mode", "Pod.kube-system.kube-apiserver-no-allow", } failing_resources = { "Pod.kube-system.kube-apiserver-allow", "Pod.kube-system.kube-apiserver-extra-allow", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): # given test_files_dir = Path(__file__).parent / "example_Seccomp" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passed_resources = [check.resource for check in report.passed_checks] failed_resources = [check.resource for check in report.failed_checks] self.assertEqual(summary["passed"], 7) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) expected_passed_resources = [ "CronJob.cronjob-passed.default", "Deployment.seccomp-passed-deployment.default", "Deployment.seccomp-passed-metadata-annotations.default", "Pod.seccomp-passed-metadata-annotations-docker.default", "Pod.seccomp-passed-metadata-annotations-runtime.default", "Pod.seccomp-passed-security-context.default", "StatefulSet.RELEASE-NAME.default", ] expected_failed_resources = [ "Deployment.app-cert-manager.infra", "Pod.seccomp-failed.default", ] self.assertCountEqual(expected_passed_resources, passed_resources) self.assertCountEqual(expected_failed_resources, failed_resources)
def test_summary(self): # given test_files_dir = Path(__file__).parent / "example_ApiServerAuditLog" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "Pod.kube-system.kube-apiserver-pass", } failing_resources = { "Pod.kube-system.kube-apiserver-fail", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): # given test_files_dir = Path(__file__).parent / "example_EtcdAutoTls" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "Pod.kube-system.etcd-default", "Pod.kube-system.etcd-disabled", } failing_resources = { "Pod.kube-system.etcd-enabled", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): # given test_files_dir = Path(__file__).parent / "example_RotateKubeletServerCertificate" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "Pod.kube-system.kube-controller-manager-enabled", "Pod.kube-system.kubelet-enabled", } failing_resources = { "Pod.kube-system.kube-controller-manager-disabled", "Pod.kube-system.kubelet-disabled", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): # given test_files_dir = Path( __file__ ).parent / "example_KubeControllerManagerServiceAccountPrivateKeyFile" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "Pod.kube-system.kube-controller-manager-pem", "Pod.kube-system.kube-controller-manager-none", } failing_resources = { "Pod.kube-system.kube-controller-manager-no-pem", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): # given test_files_dir = Path( __file__).parent / "example_KubeControllerManagerBlockProfiles" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "Pod.kube-system.kube-controller-manager-disabled", } failing_resources = { "Pod.kube-system.kube-controller-manager-default", "Pod.kube-system.kube-controller-manager-enabled", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(1, summary["passed"]) self.assertEqual(2, summary["failed"]) self.assertEqual(0, summary["skipped"]) self.assertEqual(0, summary["parsing_errors"]) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): # given test_files_dir = Path(__file__).parent / "example_AllowedCapabilities" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "CronJob.default.hello", "Deployment.default.my-nginx", } failing_resources = { "StatefulSet.default.cassandra", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 2) self.assertEqual(summary["failed"], 1) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_summary(self): # given test_files_dir = Path(__file__).parent / "example_ApiServerKubeletClientCertAndKey" # when report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) # then summary = report.get_summary() passing_resources = { "Pod.kube-system.kube-apiserver-key-and-cert", } failing_resources = { "Pod.kube-system.kube-apiserver-no-key", "Pod.kube-system.kube-apiserver-both-missing", } passed_check_resources = {c.resource for c in report.passed_checks} failed_check_resources = {c.resource for c in report.failed_checks} self.assertEqual(summary["passed"], 1) self.assertEqual(summary["failed"], 2) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0) self.assertEqual(passing_resources, passed_check_resources) self.assertEqual(failing_resources, failed_check_resources)
def test_runner(self): root_dir = os.path.realpath(os.path.join(TEST_DIRNAME, "../runner/resources")) report = Runner().run(root_dir) assert any( check.check_id == "CKV2_K8S_21" for check in itertools.chain(report.failed_checks, report.passed_checks)) summary = report.get_summary() self.assertEqual(summary["passed"], 0) self.assertEqual(summary["failed"], 5) self.assertEqual(summary["skipped"], 0) self.assertEqual(summary["parsing_errors"], 0)