Skip to content

Commit

Permalink
* revert original event tests
Browse files Browse the repository at this point in the history 
* add tests for using emit involved namespace flags

Signed-off-by: Craig Trought <[email protected]>
  • Loading branch information
@ctrought
ctrought committed Mar 23, 2023
1 parent 54d2761 commit 5070c36
Showing 1 changed file with 92 additions and 18 deletions.
110 changes: 92 additions & 18 deletions pkg/audit/manager_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,25 +184,73 @@ func Test_nsMapFromObjs(t *testing.T) {

func Test_getViolationRef(t *testing.T) {
type args struct {
enamespace string
rkind string
rname string
rrv string
ruid types.UID
gkNamespace string
rkind string
rname string
rnamespace string
rrv string
ckind string
cname string
cnamespace string
ruid types.UID
einvolved bool
}
tests := []struct {
name string
args args
want *corev1.ObjectReference
}{
{
name: "Test case 1",
name: "Test case 1 - Gatekeeper Namespace",
args: args{
rkind: "Pod",
rname: "my-pod",
enamespace: "default",
rrv: "123456",
ruid: "abcde-123456",
gkNamespace: "default",
rkind: "Pod",
rname: "my-pod",
rnamespace: "default",
ckind: "LimitRange",
cname: "my-limit-range",
cnamespace: "default",
einvolved: false,
},
want: &corev1.ObjectReference{
Kind: "Pod",
Name: "my-pod",
UID: "Pod/default/my-pod/LimitRange/default/my-limit-range",
Namespace: "default",
},
},
{
name: "Test case 2 - GK Namespace",
args: args{
gkNamespace: "kube-system",
rkind: "Service",
rname: "my-service",
rnamespace: "default",
ckind: "PodSecurityPolicy",
cname: "my-pod-security-policy",
cnamespace: "kube-system",
einvolved: false,
},
want: &corev1.ObjectReference{
Kind: "Service",
Name: "my-service",
UID: "Service/default/my-service/PodSecurityPolicy/kube-system/my-pod-security-policy",
Namespace: "kube-system",
},
},
{
name: "Test case 3 - Involved Namespace",
args: args{
gkNamespace: "kube-system",
rkind: "Pod",
rname: "my-pod",
rrv: "123456",
ruid: "abcde-123456",
rnamespace: "default",
ckind: "LimitRange",
cname: "my-limit-range",
cnamespace: "default",
einvolved: true,
},
want: &corev1.ObjectReference{
Kind: "Pod",
Expand All @@ -213,13 +261,17 @@ func Test_getViolationRef(t *testing.T) {
},
},
{
name: "Test case 2",
name: "Test case 4 - Involved Namespace Cluster Scoped",
args: args{
rkind: "Service",
enamespace: "kube-system",
rname: "my-service",
rrv: "123456",
ruid: "abcde-123456",
gkNamespace: "kube-system",
rkind: "Service",
rname: "my-service",
rrv: "123456",
ruid: "abcde-123456",
ckind: "PodSecurityPolicy",
cname: "my-pod-security-policy",
cnamespace: "kube-system",
einvolved: true,
},
want: &corev1.ObjectReference{
Kind: "Service",
Expand All @@ -229,10 +281,32 @@ func Test_getViolationRef(t *testing.T) {
UID: "abcde-123456",
},
},
{
name: "Test case 5 - Involved Namespace RV/UID",
args: args{
gkNamespace: "kube-system",
rkind: "Service",
rname: "my-service",
rrv: "",
ruid: "",
rnamespace: "default",
ckind: "PodSecurityPolicy",
cname: "my-pod-security-policy",
cnamespace: "kube-system",
einvolved: true,
},
want: &corev1.ObjectReference{
Kind: "Service",
Name: "my-service",
Namespace: "default",
ResourceVersion: "",
UID: "",
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := getViolationRef(tt.args.enamespace, tt.args.rkind, tt.args.rname, tt.args.rrv, tt.args.ruid); !reflect.DeepEqual(got, tt.want) {
if got := getViolationRef(tt.args.gkNamespace, tt.args.rkind, tt.args.rname, tt.args.rnamespace, tt.args.rrv, tt.args.ruid, tt.args.ckind, tt.args.cname, tt.args.cnamespace, tt.args.einvolved); !reflect.DeepEqual(got, tt.want) {
t.Errorf("getViolationRef() = %v, want %v", got, tt.want)
}
})
Expand Down

0 comments on commit 5070c36

Please sign in to comment.