Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
⭐️ add integration tests to cnspec
Browse files Browse the repository at this point in the history
chris-rock committed Oct 22, 2023
1 parent 5b0a05b commit cefe25d
Showing 9 changed files with 11,453 additions and 3 deletions.
7 changes: 4 additions & 3 deletions Makefile
Original file line number Diff line number Diff line change
@@ -115,11 +115,12 @@ test: test/go test/lint
test/go: cnspec/generate test/go/plain

test/go/plain:
# TODO /motor/docker/docker_engine cannot be executed inside of docker
go test -cover $(shell go list ./... | grep -v '/motor/discovery/docker_engine')
go test -cover $(shell go list ./...)
cd test && go test -cover $(shell go list test/...)

test/go/plain-ci: prep/tools
gotestsum --junitfile report.xml --format pkgname -- -cover $(shell go list ./... | grep -v '/vendor/' | grep -v '/motor/discovery/docker_engine')
gotestsum --junitfile report.xml --format pkgname -- -cover $(shell go list ./... | grep -v '/vendor/')
cd test && gotestsum --junitfile report.xml --format pkgname -- -cover $(shell go list ./... | grep -v '/vendor/')

.PHONY: test/lint/staticcheck
test/lint/staticcheck:
58 changes: 58 additions & 0 deletions test/bundles.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
// Copyright (c) Mondoo, Inc.
// SPDX-License-Identifier: BUSL-1.1

package test

import (
"context"
"go.mondoo.com/cnquery/v9/logger"
"go.mondoo.com/cnquery/v9/providers"
"go.mondoo.com/cnquery/v9/providers-sdk/v1/inventory"
"go.mondoo.com/cnspec/v9/policy"
"go.mondoo.com/cnspec/v9/policy/scan"
)

func init() {
logger.Set("info")
}

func runBundle(policyBundlePath string, policyMrn string, asset *inventory.Asset) (*policy.Report, error) {
ctx := context.Background()
policyBundle, err := policy.BundleFromPaths(policyBundlePath)
if err != nil {
return nil, err
}

policyBundle.OwnerMrn = "//policy.api.mondoo.app"
var results *policy.Report

policyFilters := []string{}
if policyMrn != "" {
policyFilters = append(policyFilters, policyMrn)
}

scanner := scan.NewLocalScanner(scan.WithRecording(providers.NullRecording{})) // TODO: fix recording
result, err := scanner.RunIncognito(ctx, &scan.Job{
Inventory: &inventory.Inventory{
Spec: &inventory.InventorySpec{
Assets: []*inventory.Asset{asset},
},
},
Bundle: policyBundle,
PolicyFilters: policyFilters,
ReportType: scan.ReportType_FULL,
})
if err != nil {
return nil, err
}

reports := result.GetFull().Reports
if len(reports) > 0 {
for _, report := range reports {
results = report
break
}
}

return results, err
}
397 changes: 397 additions & 0 deletions test/go.mod

Large diffs are not rendered by default.

1,539 changes: 1,539 additions & 0 deletions test/go.sum

Large diffs are not rendered by default.

61 changes: 61 additions & 0 deletions test/k8s_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
// Copyright (c) Mondoo, Inc.
// SPDX-License-Identifier: BUSL-1.1

package test

import (
"testing"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.mondoo.com/cnquery/v9/providers"
"go.mondoo.com/cnquery/v9/providers-sdk/v1/inventory"
"go.mondoo.com/cnquery/v9/providers/k8s/connection/shared"
)

func TestKubernetesBundles(t *testing.T) {
providers.EnsureProvider(providers.ProviderLookup{ID: "go.mondoo.com/cnquery/v9/providers/k8s"}, true, nil)

type TestCase struct {
bundleFile string
testDir string
policyMrn string
score uint32
}

tests := []TestCase{
{
bundleFile: "./testdata/mondoo-kubernetes-security.mql.yaml",
testDir: "./testdata/k8s/pass/pod.yaml",
policyMrn: "//policy.api.mondoo.app/policies/mondoo-kubernetes-security",
score: 100,
},
{
bundleFile: "./testdata/mondoo-kubernetes-security.mql.yaml",
testDir: "./testdata/k8s/fail/pod-nonroot.yaml",
policyMrn: "//policy.api.mondoo.app/policies/mondoo-kubernetes-security",
score: 0x0,
},
}

for i := range tests {
test := tests[i]
t.Run(test.testDir, func(t *testing.T) {
report, err := runBundle(test.bundleFile, test.policyMrn, &inventory.Asset{
Connections: []*inventory.Config{{
Type: "k8s",
Options: map[string]string{
shared.OPTION_MANIFEST: test.testDir,
},
Discover: &inventory.Discovery{
Targets: []string{"pods"}, // ignore the manifest which does not return anything
},
}},
})
require.NoError(t, err)

score := report.Scores[test.policyMrn]
assert.Equal(t, test.score, score.Value)
})
}
}
80 changes: 80 additions & 0 deletions test/terraform_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
// Copyright (c) Mondoo, Inc.
// SPDX-License-Identifier: BUSL-1.1

package test

import (
"testing"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.mondoo.com/cnquery/v9/providers"
"go.mondoo.com/cnquery/v9/providers-sdk/v1/inventory"
)

func TestTerraformBundles(t *testing.T) {
providers.EnsureProvider(providers.ProviderLookup{ID: "go.mondoo.com/cnquery/v9/providers/terraform"}, true, nil)
type TestCase struct {
bundleFile string
testDir string
policyMrn string
score uint32
}

tests := []TestCase{
{
bundleFile: "./testdata/mondoo-terraform-aws-security.mql.yaml",
testDir: "./testdata/terraform/aws-3.xx/pass",
policyMrn: "//policy.api.mondoo.app/policies/mondoo-terraform-aws-security",
score: 100,
}, {
bundleFile: "./testdata/mondoo-terraform-aws-security.mql.yaml",
testDir: "./testdata/terraform/aws-3.xx/fail",
policyMrn: "//policy.api.mondoo.app/policies/mondoo-terraform-aws-security",
// NOTE: terraform-aws-security-s3-bucket-level-public-access-prohibited is not correctly implemented but needs pay the piper.
// 3/28/2022 - Tests are passing now but not for the right reasons. We still need to revisit this query since it involves testing
// whether configuration was applied to a specific bucket.
score: 0,
}, {
bundleFile: "./testdata/mondoo-terraform-aws-security.mql.yaml",
testDir: "./testdata/terraform/aws-4.xx/pass",
policyMrn: "//policy.api.mondoo.app/policies/mondoo-terraform-aws-security",
score: 100,
}, {
bundleFile: "./testdata/mondoo-terraform-aws-security.mql.yaml",
testDir: "./testdata/terraform/aws-4.xx/fail",
policyMrn: "//policy.api.mondoo.app/policies/mondoo-terraform-aws-security",
score: 0,
}, {
bundleFile: "./testdata/mondoo-terraform-gcp-security.mql.yaml",
testDir: "./testdata/terraform/gcp/pass",
policyMrn: "//policy.api.mondoo.app/policies/mondoo-terraform-gcp-security",
score: 100,
}, {
bundleFile: "./testdata/mondoo-terraform-gcp-security.mql.yaml",
testDir: "./testdata/terraform/gcp/fail",
policyMrn: "//policy.api.mondoo.app/policies/mondoo-terraform-gcp-security",
score: 0,
},
}

for i := range tests {
test := tests[i]
t.Run(test.testDir, func(t *testing.T) {
report, err := runBundle(test.bundleFile, test.policyMrn, &inventory.Asset{
Connections: []*inventory.Config{
{
Type: "terraform-hcl",
Options: map[string]string{
"path": test.testDir,
},
},
},
})
require.NoError(t, err)

score := report.Scores[test.policyMrn]
assert.Equal(t, test.score, score.Value)
})
}
}
6,454 changes: 6,454 additions & 0 deletions test/testdata/mondoo-kubernetes-security.mql.yaml

Large diffs are not rendered by default.

563 changes: 563 additions & 0 deletions test/testdata/mondoo-terraform-aws-security.mql.yaml

Large diffs are not rendered by default.

2,297 changes: 2,297 additions & 0 deletions test/testdata/mondoo-terraform-gcp-security.mql.yaml

Large diffs are not rendered by default.

0 comments on commit cefe25d

Please sign in to comment.