def test_ApiServerToken(): global counter counter = 0 e = ApiServer() e.host = "1.2.3.4" e.auth_token = "my-secret-token" # Test that the pod's token is passed on through the event h = AccessApiServerWithToken(e) assert h.event.auth_token == "my-secret-token" # This test doesn't generate any events time.sleep(0.01) assert counter == 0
def test_AccessApiServer(): global counter counter = 0 e = ApiServer() e.host = "mockKubernetes" e.port = 443 e.protocol = "https" with requests_mock.Mocker() as m: m.get('https://mockKubernetes:443/api', text='{}') m.get('https://mockKubernetes:443/api/v1/namespaces', text='{"items":[{"metadata":{"name":"hello"}}]}') m.get( 'https://mockKubernetes:443/api/v1/pods', text= '{"items":[{"metadata":{"name":"podA", "namespace":"namespaceA"}}, \ {"metadata":{"name":"podB", "namespace":"namespaceB"}}]}' ) m.get( 'https://mockkubernetes:443/apis/rbac.authorization.k8s.io/v1/roles', status_code=403) m.get( 'https://mockkubernetes:443/apis/rbac.authorization.k8s.io/v1/clusterroles', text='{"items":[]}') m.get( 'https://mockkubernetes:443/version', text='{"major": "1","minor": "13+", "gitVersion": "v1.13.6-gke.13", \ "gitCommit": "fcbc1d20b6bca1936c0317743055ac75aef608ce", "gitTreeState": "clean", "buildDate": "2019-06-19T20:50:07Z", \ "goVersion": "go1.11.5b4", "compiler": "gc", "platform": "linux/amd64"}' ) h = AccessApiServer(e) h.execute() # We should see events for Server API Access, Namespaces, Pods, and the passive hunter finished time.sleep(0.01) assert counter == 4 # Try with an auth token counter = 0 with requests_mock.Mocker() as m: # TODO check that these responses reflect what Kubernetes does m.get('https://mockKubernetesToken:443/api', text='{}') m.get('https://mockKubernetesToken:443/api/v1/namespaces', text='{"items":[{"metadata":{"name":"hello"}}]}') m.get( 'https://mockKubernetesToken:443/api/v1/pods', text= '{"items":[{"metadata":{"name":"podA", "namespace":"namespaceA"}}, \ {"metadata":{"name":"podB", "namespace":"namespaceB"}}]}' ) m.get( 'https://mockkubernetesToken:443/apis/rbac.authorization.k8s.io/v1/roles', status_code=403) m.get( 'https://mockkubernetesToken:443/apis/rbac.authorization.k8s.io/v1/clusterroles', text='{"items":[{"metadata":{"name":"my-role"}}]}') e.auth_token = "so-secret" e.host = "mockKubernetesToken" h = AccessApiServerWithToken(e) h.execute() # We should see the same set of events but with the addition of Cluster Roles time.sleep(0.01) assert counter == 5