예제 #1
0
def test_ApiServerToken():
    global counter
    counter = 0

    e = ApiServer()
    e.host = "1.2.3.4"
    e.auth_token = "my-secret-token"

    # Test that the pod's token is passed on through the event
    h = AccessApiServerWithToken(e)
    assert h.event.auth_token == "my-secret-token"

    # This test doesn't generate any events
    time.sleep(0.01)
    assert counter == 0
예제 #2
0
def test_AccessApiServer():
    global counter
    counter = 0

    e = ApiServer()
    e.host = "mockKubernetes"
    e.port = 443
    e.protocol = "https"

    with requests_mock.Mocker() as m:
        m.get('https://mockKubernetes:443/api', text='{}')
        m.get('https://mockKubernetes:443/api/v1/namespaces',
              text='{"items":[{"metadata":{"name":"hello"}}]}')
        m.get(
            'https://mockKubernetes:443/api/v1/pods',
            text=
            '{"items":[{"metadata":{"name":"podA", "namespace":"namespaceA"}}, \
                            {"metadata":{"name":"podB", "namespace":"namespaceB"}}]}'
        )
        m.get(
            'https://mockkubernetes:443/apis/rbac.authorization.k8s.io/v1/roles',
            status_code=403)
        m.get(
            'https://mockkubernetes:443/apis/rbac.authorization.k8s.io/v1/clusterroles',
            text='{"items":[]}')
        m.get(
            'https://mockkubernetes:443/version',
            text='{"major": "1","minor": "13+", "gitVersion": "v1.13.6-gke.13", \
                          "gitCommit": "fcbc1d20b6bca1936c0317743055ac75aef608ce", "gitTreeState": "clean", "buildDate": "2019-06-19T20:50:07Z", \
                          "goVersion": "go1.11.5b4", "compiler": "gc", "platform": "linux/amd64"}'
        )

        h = AccessApiServer(e)
        h.execute()

        # We should see events for Server API Access, Namespaces, Pods, and the passive hunter finished
        time.sleep(0.01)
        assert counter == 4

    # Try with an auth token
    counter = 0
    with requests_mock.Mocker() as m:
        # TODO check that these responses reflect what Kubernetes does
        m.get('https://mockKubernetesToken:443/api', text='{}')
        m.get('https://mockKubernetesToken:443/api/v1/namespaces',
              text='{"items":[{"metadata":{"name":"hello"}}]}')
        m.get(
            'https://mockKubernetesToken:443/api/v1/pods',
            text=
            '{"items":[{"metadata":{"name":"podA", "namespace":"namespaceA"}}, \
                            {"metadata":{"name":"podB", "namespace":"namespaceB"}}]}'
        )
        m.get(
            'https://mockkubernetesToken:443/apis/rbac.authorization.k8s.io/v1/roles',
            status_code=403)
        m.get(
            'https://mockkubernetesToken:443/apis/rbac.authorization.k8s.io/v1/clusterroles',
            text='{"items":[{"metadata":{"name":"my-role"}}]}')

        e.auth_token = "so-secret"
        e.host = "mockKubernetesToken"
        h = AccessApiServerWithToken(e)
        h.execute()

        # We should see the same set of events but with the addition of Cluster Roles
        time.sleep(0.01)
        assert counter == 5