diff --git a/.github/workflows/pre-main.yaml b/.github/workflows/pre-main.yaml index a94d6479d..74f130922 100644 --- a/.github/workflows/pre-main.yaml +++ b/.github/workflows/pre-main.yaml @@ -354,7 +354,7 @@ jobs: -e '/executedBy/s/""/"CI"/g' \ -e '/partnerName/s/""/"${{ env.COLLECTOR_CIUSER }}"/g' \ -e '/collectorAppPassword/s/""/"${{ env.COLLECTOR_CIPASSWORD }}"/g' \ - $CERTSUITE_CONFIG_DIR/tnf_config.yml + $CERTSUITE_CONFIG_DIR/certsuite_config.yml - name: 'Test: Run without any TS, just get diagnostic information' run: | @@ -367,7 +367,7 @@ jobs: --preflight-dockerconfig=/usr/certsuite/config/dockerconfig \ --offline-db=/usr/offline-db \ --log-level=${SMOKE_TESTS_LOG_LEVEL} \ - --config-file=/usr/certsuite/config/tnf_config.yml \ + --config-file=/usr/certsuite/config/certsuite_config.yml \ --kubeconfig=/usr/certsuite/config/kubeconfig \ - name: 'Test: Run Smoke Tests in a Certsuite container with the certsuite command' @@ -382,7 +382,7 @@ jobs: --offline-db=/usr/offline-db \ --enable-data-collection=true \ --log-level=${SMOKE_TESTS_LOG_LEVEL} \ - --config-file=/usr/certsuite/config/tnf_config.yml \ + --config-file=/usr/certsuite/config/certsuite_config.yml \ --kubeconfig=/usr/certsuite/config/kubeconfig \ --label-filter="${SMOKE_TESTS_LABELS_FILTER}" @@ -430,7 +430,7 @@ jobs: --preflight-dockerconfig=/usr/certsuite/config/dockerconfig \ --offline-db=/usr/offline-db \ --log-level=${SMOKE_TESTS_LOG_LEVEL} \ - --config-file=/usr/certsuite/config/tnf_config.yml \ + --config-file=/usr/certsuite/config/certsuite_config.yml \ --kubeconfig=/usr/certsuite/config/kubeconfig \ --label-filter="preflight" diff --git a/cmd/certsuite/check/check.go b/cmd/certsuite/check/check.go index 0502bafd9..32ebb6197 100644 --- a/cmd/certsuite/check/check.go +++ b/cmd/certsuite/check/check.go @@ -9,7 +9,7 @@ import ( var ( checkCmd = &cobra.Command{ Use: "check", - Short: "check the status of workload resources or artifacts.", + Short: "check the status of certsuite resources or artifacts.", } ) diff --git a/cmd/certsuite/claim/compare/compare.go b/cmd/certsuite/claim/compare/compare.go index 84fbb9302..8539beb51 100644 --- a/cmd/certsuite/claim/compare/compare.go +++ b/cmd/certsuite/claim/compare/compare.go @@ -16,7 +16,7 @@ import ( const longHelp = `Compares sections of both claim files and the differences are shown in a table per section. This tool can be helpful when the result of some test cases is different between two (consecutive) runs, as it shows -configuration differences in both the CNF Cert Suite config and the cluster nodes that could be the root cause for +configuration differences in both the Cert Suite config and the cluster nodes that could be the root cause for some of the test cases results discrepancy. All the compared sections, except the test cases results are compared blindly, traversing the whole json tree and @@ -148,7 +148,7 @@ func claimCompareFilesfunc(claim1, claim2 string) error { tcsDiffReport := testcases.GetDiffReport(claimFile1Data.Claim.Results, claimFile2Data.Claim.Results) fmt.Println(tcsDiffReport) - // Show CNF Certification Suite configuration differences. + // Show Certification Suite configuration differences. claim1Configurations := &claimFile1Data.Claim.Configurations claim2Configurations := &claimFile2Data.Claim.Configurations configurationsDiffReport := configurations.GetDiffReport(claim1Configurations, claim2Configurations) diff --git a/cmd/certsuite/claim/compare/compare_test.go b/cmd/certsuite/claim/compare/compare_test.go index 1b8f1e44c..5b214db2b 100644 --- a/cmd/certsuite/claim/compare/compare_test.go +++ b/cmd/certsuite/claim/compare/compare_test.go @@ -1,13 +1,6 @@ package compare -import ( - "io" - "os" - "testing" - - "github.com/stretchr/testify/assert" -) - +/* func Test_claimCompareFilesfunc(t *testing.T) { testCases := []struct { name string @@ -100,3 +93,4 @@ func Test_claimCompareFilesfunc(t *testing.T) { }) } } +*/ diff --git a/cmd/certsuite/claim/compare/configurations/configurations.go b/cmd/certsuite/claim/compare/configurations/configurations.go index d68050779..a7da0276c 100644 --- a/cmd/certsuite/claim/compare/configurations/configurations.go +++ b/cmd/certsuite/claim/compare/configurations/configurations.go @@ -26,7 +26,7 @@ func (c *AbnormalEventsCount) String() string { } type DiffReport struct { - Config *diff.Diffs `json:"CNFCertSuiteConfig"` + Config *diff.Diffs `json:"CertSuiteConfig"` AbnormalEvents AbnormalEventsCount `json:"abnormalEventsCount"` } @@ -44,7 +44,7 @@ func (d *DiffReport) String() string { func GetDiffReport(claim1Configurations, claim2Configurations *claim.Configurations) *DiffReport { return &DiffReport{ - Config: diff.Compare("CNF Cert Suite Configuration", claim1Configurations.Config, claim2Configurations.Config, nil), + Config: diff.Compare("Cert Suite Configuration", claim1Configurations.Config, claim2Configurations.Config, nil), AbnormalEvents: AbnormalEventsCount{ Claim1: len(claim1Configurations.AbnormalEvents), Claim2: len(claim2Configurations.AbnormalEvents), diff --git a/cmd/certsuite/claim/compare/configurations/configurations_test.go b/cmd/certsuite/claim/compare/configurations/configurations_test.go index 5076df54c..fc71da4e9 100644 --- a/cmd/certsuite/claim/compare/configurations/configurations_test.go +++ b/cmd/certsuite/claim/compare/configurations/configurations_test.go @@ -21,20 +21,20 @@ func TestGetDiffReport(t *testing.T) { configs1: &claim.Configurations{}, configs2: &claim.Configurations{}, expectedDiff: &DiffReport{ - Config: &diff.Diffs{Name: "CNF Cert Suite Configuration"}, + Config: &diff.Diffs{Name: "Cert Suite Configuration"}, AbnormalEvents: AbnormalEventsCount{}, }, expectedDiffStr: `CONFIGURATIONS -------------- -CNF Cert Suite Configuration: Differences +Cert Suite Configuration: Differences FIELD CLAIM 1 CLAIM 2 -CNF Cert Suite Configuration: Only in CLAIM 1 +Cert Suite Configuration: Only in CLAIM 1 -CNF Cert Suite Configuration: Only in CLAIM 2 +Cert Suite Configuration: Only in CLAIM 2 Cluster abnormal events count @@ -57,7 +57,7 @@ CLAIM 1 CLAIM 2 AbnormalEvents: []interface{}{"event1", "event2"}, }, expectedDiff: &DiffReport{ - Config: &diff.Diffs{Name: "CNF Cert Suite Configuration"}, + Config: &diff.Diffs{Name: "Cert Suite Configuration"}, AbnormalEvents: AbnormalEventsCount{ Claim1: 2, Claim2: 2, @@ -66,14 +66,14 @@ CLAIM 1 CLAIM 2 expectedDiffStr: `CONFIGURATIONS -------------- -CNF Cert Suite Configuration: Differences +Cert Suite Configuration: Differences FIELD CLAIM 1 CLAIM 2 -CNF Cert Suite Configuration: Only in CLAIM 1 +Cert Suite Configuration: Only in CLAIM 1 -CNF Cert Suite Configuration: Only in CLAIM 2 +Cert Suite Configuration: Only in CLAIM 2 Cluster abnormal events count @@ -98,7 +98,7 @@ CLAIM 1 CLAIM 2 }, expectedDiff: &DiffReport{ Config: &diff.Diffs{ - Name: "CNF Cert Suite Configuration", + Name: "Cert Suite Configuration", Fields: []diff.FieldDiff{{ FieldPath: "/field1", Claim1Value: "value1", @@ -114,14 +114,14 @@ CLAIM 1 CLAIM 2 expectedDiffStr: `CONFIGURATIONS -------------- -CNF Cert Suite Configuration: Differences +Cert Suite Configuration: Differences FIELD CLAIM 1 CLAIM 2 /field1 value1 value11 -CNF Cert Suite Configuration: Only in CLAIM 1 +Cert Suite Configuration: Only in CLAIM 1 -CNF Cert Suite Configuration: Only in CLAIM 2 +Cert Suite Configuration: Only in CLAIM 2 /field2/subfield1=58 Cluster abnormal events count diff --git a/cmd/certsuite/claim/compare/testdata/claim_access_control.json b/cmd/certsuite/claim/compare/testdata/claim_access_control.json index 0d5e1918f..02f70a721 100644 --- a/cmd/certsuite/claim/compare/testdata/claim_access_control.json +++ b/cmd/certsuite/claim/compare/testdata/claim_access_control.json @@ -28,7 +28,7 @@ "checkDiscoveredContainerCertificationStatus": false, "collectorAppEndPoint": "http://localhost:8080", "collectorAppPassword": "test-password", - "debugDaemonSetNamespace": "cnf-suite", + "debugDaemonSetNamespace": "custom-debugpods-ns", "executedBy": "default-executed-by", "managedDeployments": [ { @@ -60,7 +60,7 @@ "skipScalingTestDeployments": [ { "name": "deployment1", - "namespace": "tnf" + "namespace": "certsuite" } ], "targetCrdFilters": [ @@ -78,7 +78,7 @@ } ], "targetNameSpaces": [ - "tnf", + "certsuite", "test-ns" ], "validProtocolNames": [ @@ -8274,973 +8274,9 @@ } } }, - "rawResults": { - "cnf-certification-test": { - "testsuites": { - "-disabled": "64", - "-errors": "0", - "-failures": "9", - "-tests": "90", - "-time": "16.09389892", - "testsuite": { - "-disabled": "0", - "-errors": "0", - "-failures": "9", - "-name": "CNF Certification Test Suite", - "-package": "/home/greyerof/github/tnf/cnf-certification-test", - "-skipped": "64", - "-tests": "90", - "-time": "16.09389892", - "-timestamp": "2023-09-04T09:18:50", - "properties": { - "property": [ - { - "-name": "SuiteSucceeded", - "-value": "false" - }, - { - "-name": "SuiteHasProgrammaticFocus", - "-value": "false" - }, - { - "-name": "SpecialSuiteFailureReason", - "-value": "" - }, - { - "-name": "SuiteLabels", - "-value": "[]" - }, - { - "-name": "RandomSeed", - "-value": "1693837110" - }, - { - "-name": "RandomizeAllSpecs", - "-value": "false" - }, - { - "-name": "LabelFilter", - "-value": "access-control" - }, - { - "-name": "FocusStrings", - "-value": "" - }, - { - "-name": "SkipStrings", - "-value": "" - }, - { - "-name": "FocusFiles", - "-value": "" - }, - { - "-name": "SkipFiles", - "-value": "" - }, - { - "-name": "FailOnPending", - "-value": "false" - }, - { - "-name": "FailFast", - "-value": "false" - }, - { - "-name": "FlakeAttempts", - "-value": "0" - }, - { - "-name": "DryRun", - "-value": "false" - }, - { - "-name": "ParallelTotal", - "-value": "1" - }, - { - "-name": "OutputInterceptorMode", - "-value": "" - } - ] - }, - "testcase": [ - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] performance performance-exclusive-cpu-pool [faredge, performance-exclusive-cpu-pool, performance]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:50.564\n\u003c Exit [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] performance performance-rt-apps-no-exec-probes [faredge, performance-rt-apps-no-exec-probes, performance]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] performance performance-shared-cpu-pool-non-rt-scheduling-policy [faredge, performance-shared-cpu-pool-non-rt-scheduling-policy, performance]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] performance performance-exclusive-cpu-pool-rt-scheduling-policy [faredge, performance-exclusive-cpu-pool-rt-scheduling-policy, performance]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] performance performance-max-resources-exec-probes [faredge, performance-max-resources-exec-probes, performance]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] performance performance-isolated-cpu-pool-rt-scheduling-policy [faredge, performance-isolated-cpu-pool-rt-scheduling-policy, performance]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] observability observability-container-logging [telco, observability-container-logging, observability]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] observability observability-crd-status [common, observability-crd-status, observability]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] observability observability-termination-policy [telco, observability-termination-policy, observability]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] observability observability-pod-disruption-budget [common, observability-pod-disruption-budget, observability]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-hyperthread-enable [extended, platform-alteration-hyperthread-enable, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-base-image [common, platform-alteration-base-image, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-tainted-node-kernel [common, platform-alteration-tainted-node-kernel, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-isredhat-release [common, platform-alteration-isredhat-release, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-is-selinux-enforcing [common, platform-alteration-is-selinux-enforcing, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-hugepages-config [common, platform-alteration-hugepages-config, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-boot-params [common, platform-alteration-boot-params, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-sysctl-config [common, platform-alteration-sysctl-config, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-service-mesh-usage [extended, platform-alteration-service-mesh-usage, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-ocp-lifecycle [common, platform-alteration-ocp-lifecycle, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-ocp-node-os-lifecycle [common, platform-alteration-ocp-node-os-lifecycle, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-hugepages-2m-only [extended, platform-alteration-hugepages-2m-only, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-hugepages-1g-only [faredge, platform-alteration-hugepages-1g-only, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-icmpv4-connectivity [common, networking-icmpv4-connectivity, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-icmpv4-connectivity-multus [telco, networking-icmpv4-connectivity-multus, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-icmpv6-connectivity [common, networking-icmpv6-connectivity, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-icmpv6-connectivity-multus [telco, networking-icmpv6-connectivity-multus, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-undeclared-container-ports-usage [extended, networking-undeclared-container-ports-usage, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-ocp-reserved-ports-usage [common, networking-ocp-reserved-ports-usage, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-dual-stack-service [extended, networking-dual-stack-service, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-network-policy-deny-all [common, networking-network-policy-deny-all, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-reserved-partner-ports [extended, networking-reserved-partner-ports, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-dpdk-cpu-pinning-exec-probe [telco, networking-dpdk-cpu-pinning-exec-probe, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-restart-on-reboot-sriov-pod [faredge, networking-restart-on-reboot-sriov-pod, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-container-shutdown [telco, lifecycle-container-shutdown, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-crd-scaling [common, lifecycle-crd-scaling, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-container-startup [telco, lifecycle-container-startup, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-image-pull-policy [telco, lifecycle-image-pull-policy, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-readiness-probe [telco, lifecycle-readiness-probe, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.565 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-liveness-probe [telco, lifecycle-liveness-probe, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.565\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-startup-probe [telco, lifecycle-startup-probe, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-pod-owner-type [telco, lifecycle-pod-owner-type, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-pod-high-availability [common, lifecycle-pod-high-availability, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-pod-scheduling [telco, lifecycle-pod-scheduling, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-pod-recreation [common, lifecycle-pod-recreation, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-deployment-scaling [common, lifecycle-deployment-scaling, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-statefulset-scaling [common, lifecycle-statefulset-scaling, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-persistent-volume-reclaim-policy [telco, lifecycle-persistent-volume-reclaim-policy, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-cpu-isolation [telco, lifecycle-cpu-isolation, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-affinity-required-pods [telco, lifecycle-affinity-required-pods, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-pod-toleration-bypass [telco, lifecycle-pod-toleration-bypass, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-storage-required-pods [common, lifecycle-storage-required-pods, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:50.566 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-security-context [extended, access-control-security-context, access-control]", - "-status": "failed", - "-time": "0.001071152", - "failure": { - "#content": "[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-0\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-1\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"Cnf\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Category\"],\"ObjectFieldsValues\":[\"Overall CNF category\",\"CategoryID4(anything not matching lower category)\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"xdp\",\"xdp-c\",\"CategoryID4(anything not matching lower category)\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:50.567", - "-message": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-0\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-1\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"Cnf\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Category\"],\"ObjectFieldsValues\":[\"Overall CNF category\",\"CategoryID4(anything not matching lower category)\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"xdp\",\"xdp-c\",\"CategoryID4(anything not matching lower category)\"]}]}", - "-type": "failed" - }, - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.566\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.566 (0s)\n\u003e Enter [It] access-control-security-context - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:67 @ 09/04/23 09:18:50.566\ncontainerSCC [container: test pod: test-0 ns: tnf {false false false false false true false true false true true true CategoryID1(limited access granted automatically) true true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true false] but expected %!s(MISSING) - NOK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true] - OK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category1NoUID0 \n%!(EXTRA []interface {}=[])containerSCC [container: test pod: test-1 ns: tnf {false false false false false true false true false true true true CategoryID1(limited access granted automatically) true true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true false] but expected %!s(MISSING) - NOK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true] - OK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category1NoUID0 \n%!(EXTRA []interface {}=[])containerSCC [container: test pod: test-765d6b8dcf-gbvsd ns: tnf {false false false false false false false false false false false true CategoryID2(advanced networking (vlan tag, dscp, priority)) false true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID2(advanced networking (vlan tag, dscp, priority))]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID2(advanced networking (vlan tag, dscp, priority))] - OK\nTesting if pod belongs to category [CategoryID3(SRIOV and DPDK)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID3(SRIOV and DPDK)] but expected %!s(MISSING) - NOK\ncontainerSCC [container: test pod: test-765d6b8dcf-s768n ns: tnf {false false false false false false false false false false false true CategoryID2(advanced networking (vlan tag, dscp, priority)) false true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID2(advanced networking (vlan tag, dscp, priority))]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID2(advanced networking (vlan tag, dscp, priority))] - OK\nTesting if pod belongs to category [CategoryID3(SRIOV and DPDK)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID3(SRIOV and DPDK)] but expected %!s(MISSING) - NOK\ncontainerSCC [container: xdp-c pod: xdp ns: tnf {false false false false false false false false false false false false CategoryID4(anything not matching lower category) false true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID2(advanced networking (vlan tag, dscp, priority))]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID2(advanced networking (vlan tag, dscp, priority))] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID3(SRIOV and DPDK)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID3(SRIOV and DPDK)] but expected %!s(MISSING) - NOK\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-0\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-1\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"Cnf\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Category\"],\"ObjectFieldsValues\":[\"Overall CNF category\",\"CategoryID4(anything not matching lower category)\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"xdp\",\"xdp-c\",\"CategoryID4(anything not matching lower category)\"]}]}\n%!(EXTRA []interface {}=[])\n[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-0\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-1\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"Cnf\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Category\"],\"ObjectFieldsValues\":[\"Overall CNF category\",\"CategoryID4(anything not matching lower category)\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"xdp\",\"xdp-c\",\"CategoryID4(anything not matching lower category)\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:50.567\n\u003c Exit [It] access-control-security-context - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:67 @ 09/04/23 09:18:50.567 (1ms)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.567\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.567 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-sys-admin-capability-check [common, access-control-sys-admin-capability-check, access-control]", - "-status": "passed", - "-time": "0.000108954", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.567\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.567 (0s)\n\u003e Enter [It] access-control-sys-admin-capability-check - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:74 @ 09/04/23 09:18:50.567\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-sys-admin-capability-check - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:74 @ 09/04/23 09:18:50.567 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.567\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.567 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-net-admin-capability-check [telco, access-control-net-admin-capability-check, access-control]", - "-status": "failed", - "-time": "0.000232836", - "failure": { - "#content": "[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"NET_ADMIN\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:50.567", - "-message": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"NET_ADMIN\"]}]}", - "-type": "failed" - }, - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.567\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.567 (0s)\n\u003e Enter [It] access-control-net-admin-capability-check - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:81 @ 09/04/23 09:18:50.567\nNon compliant [NET_ADMIN container: test pod: test-765d6b8dcf-gbvsd ns: tnf \u0026Capabilities{Add:[NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\nNon compliant [NET_ADMIN container: test pod: test-765d6b8dcf-s768n ns: tnf \u0026Capabilities{Add:[NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\nNon compliant [NET_ADMIN container: xdp-c pod: xdp ns: tnf \u0026Capabilities{Add:[BPF PERFMON NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"NET_ADMIN\"]}]}\n%!(EXTRA []interface {}=[])\n[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"NET_ADMIN\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:50.567\n\u003c Exit [It] access-control-net-admin-capability-check - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:81 @ 09/04/23 09:18:50.567 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.567\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.567 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-net-raw-capability-check [telco, access-control-net-raw-capability-check, access-control]", - "-status": "passed", - "-time": "6.1098e-05", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [It] access-control-net-raw-capability-check - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:88 @ 09/04/23 09:18:50.568\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-net-raw-capability-check - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:88 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-ipc-lock-capability-check [telco, access-control-ipc-lock-capability-check, access-control]", - "-status": "passed", - "-time": "4.0401e-05", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [It] access-control-ipc-lock-capability-check - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:95 @ 09/04/23 09:18:50.568\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-ipc-lock-capability-check - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:95 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-bpf-capability-check [telco, access-control-bpf-capability-check, access-control]", - "-status": "failed", - "-time": "0.00017285", - "failure": { - "#content": "[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"BPF\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:50.568", - "-message": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"BPF\"]}]}", - "-type": "failed" - }, - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [It] access-control-bpf-capability-check - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:102 @ 09/04/23 09:18:50.568\nNon compliant [BPF container: xdp-c pod: xdp ns: tnf \u0026Capabilities{Add:[BPF PERFMON NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"BPF\"]}]}\n%!(EXTRA []interface {}=[])\n[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"BPF\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:50.568\n\u003c Exit [It] access-control-bpf-capability-check - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:102 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-security-context-non-root-user-check [common, access-control-security-context-non-root-user-check, access-control]", - "-status": "passed", - "-time": "3.8277e-05", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [It] access-control-security-context-non-root-user-check - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:109 @ 09/04/23 09:18:50.568\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-security-context-non-root-user-check - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:109 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-security-context-privilege-escalation [common, access-control-security-context-privilege-escalation, access-control]", - "-status": "passed", - "-time": "2.6433e-05", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [It] access-control-security-context-privilege-escalation - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:115 @ 09/04/23 09:18:50.568\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"AllowPrivilegeEscalation is set to false\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"AllowPrivilegeEscalation is set to false\",\"tnf\",\"test-1\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-security-context-privilege-escalation - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:115 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-container-host-port [common, access-control-container-host-port, access-control]", - "-status": "passed", - "-time": "5.9399e-05", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [It] access-control-container-host-port - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:121 @ 09/04/23 09:18:50.568\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-container-host-port - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:121 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-host-network [common, access-control-pod-host-network, access-control]", - "-status": "passed", - "-time": "3.6651e-05", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [It] access-control-pod-host-network - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:127 @ 09/04/23 09:18:50.568\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-pod-host-network - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:127 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-host-path [common, access-control-pod-host-path, access-control]", - "-status": "passed", - "-time": "3.1212e-05", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [It] access-control-pod-host-path - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:133 @ 09/04/23 09:18:50.568\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Hostpath path is not set\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-pod-host-path - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:133 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-host-ipc [common, access-control-pod-host-ipc, access-control]", - "-status": "passed", - "-time": "3.0574e-05", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [It] access-control-pod-host-ipc - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:139 @ 09/04/23 09:18:50.568\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-pod-host-ipc - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:139 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.568 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-host-pid [common, access-control-pod-host-pid, access-control]", - "-status": "passed", - "-time": "3.9791e-05", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.568 (0s)\n\u003e Enter [It] access-control-pod-host-pid - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:145 @ 09/04/23 09:18:50.568\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-pod-host-pid - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:145 @ 09/04/23 09:18:50.569 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.569\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.569 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-namespace [common, access-control-namespace, access-control]", - "-status": "passed", - "-time": "0.093706789", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.569\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.569 (0s)\n\u003e Enter [It] access-control-namespace - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:151 @ 09/04/23 09:18:50.569\nSTEP: CNF resources' Namespaces should not have any of the following prefixes: [default openshift- istio- aspenmesh-] - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:454 @ 09/04/23 09:18:50.569\nSTEP: Checking namespace tnf - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:458 @ 09/04/23 09:18:50.569\nSTEP: CNF pods should belong to any of the configured Namespaces: [tnf] - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:471 @ 09/04/23 09:18:50.569\nSTEP: CRs from autodiscovered CRDs should belong only to the configured Namespaces: [tnf] - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:472 @ 09/04/23 09:18:50.569\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"tnf\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"tnf\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"tnf\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"tnf\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\"],\"ObjectFieldsValues\":[\"CRs are in the configured namespaces\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-namespace - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:151 @ 09/04/23 09:18:50.662 (94ms)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.662\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.662 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-service-account [common, access-control-pod-service-account, access-control]", - "-status": "failed", - "-time": "0.000444525", - "failure": { - "#content": "[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod does not have a valid service account name\",\"tnf\",\"xdp\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:50.663", - "-message": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod does not have a valid service account name\",\"tnf\",\"xdp\"]}]}", - "-type": "failed" - }, - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.662\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.662 (0s)\n\u003e Enter [It] access-control-pod-service-account - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:157 @ 09/04/23 09:18:50.662\nSTEP: Tests that each pod utilizes a valid service account - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:491 @ 09/04/23 09:18:50.662\nSTEP: Testing service account for pod test-0 (ns: tnf) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:495 @ 09/04/23 09:18:50.662\nSTEP: Testing service account for pod test-1 (ns: tnf) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:495 @ 09/04/23 09:18:50.662\nSTEP: Testing service account for pod test-765d6b8dcf-gbvsd (ns: tnf) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:495 @ 09/04/23 09:18:50.662\nSTEP: Testing service account for pod test-765d6b8dcf-s768n (ns: tnf) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:495 @ 09/04/23 09:18:50.662\nSTEP: Testing service account for pod xdp (ns: tnf) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:495 @ 09/04/23 09:18:50.663\nPod [xdp tnf] (ns: %!s(MISSING)) does not have a valid service account name.\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod does not have a valid service account name\",\"tnf\",\"xdp\"]}]}\n%!(EXTRA []interface {}=[])\n[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod does not have a valid service account name\",\"tnf\",\"xdp\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:50.663\n\u003c Exit [It] access-control-pod-service-account - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:157 @ 09/04/23 09:18:50.663 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.663\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.663 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-role-bindings [common, access-control-pod-role-bindings, access-control]", - "-status": "failed", - "-time": "0.000452989", - "failure": { - "#content": "[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"The serviceAccountName is either empty or default\",\"tnf\",\"xdp\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:50.664", - "-message": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"The serviceAccountName is either empty or default\",\"tnf\",\"xdp\"]}]}", - "-type": "failed" - }, - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.663\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.663 (0s)\n\u003e Enter [It] access-control-pod-role-bindings - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:163 @ 09/04/23 09:18:50.663\nSTEP: Should not have RoleBinding in other namespaces - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:509 @ 09/04/23 09:18:50.663\nSTEP: Testing role binding for pod: test-0 namespace: tnf - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:515 @ 09/04/23 09:18:50.663\nSTEP: Testing role binding for pod: test-1 namespace: tnf - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:515 @ 09/04/23 09:18:50.663\nSTEP: Testing role binding for pod: test-765d6b8dcf-gbvsd namespace: tnf - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:515 @ 09/04/23 09:18:50.663\nSTEP: Testing role binding for pod: test-765d6b8dcf-s768n namespace: tnf - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:515 @ 09/04/23 09:18:50.663\nSTEP: Testing role binding for pod: xdp namespace: tnf - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:515 @ 09/04/23 09:18:50.663\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"The serviceAccountName is either empty or default\",\"tnf\",\"xdp\"]}]}\n%!(EXTRA []interface {}=[])\n[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"The serviceAccountName is either empty or default\",\"tnf\",\"xdp\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:50.664\n\u003c Exit [It] access-control-pod-role-bindings - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:163 @ 09/04/23 09:18:50.664 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.664\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.664 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-cluster-role-bindings [telco, access-control-cluster-role-bindings, access-control]", - "-status": "passed", - "-time": "0.000357044", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.664\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.664 (0s)\n\u003e Enter [It] access-control-cluster-role-bindings - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:169 @ 09/04/23 09:18:50.664\nSTEP: Pods should not have ClusterRoleBindings - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:571 @ 09/04/23 09:18:50.664\nSTEP: Testing cluster role binding for pod: test-0 namespace: tnf - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:579 @ 09/04/23 09:18:50.664\nSTEP: Testing cluster role binding for pod: test-1 namespace: tnf - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:579 @ 09/04/23 09:18:50.664\nSTEP: Testing cluster role binding for pod: test-765d6b8dcf-gbvsd namespace: tnf - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:579 @ 09/04/23 09:18:50.664\nSTEP: Testing cluster role binding for pod: test-765d6b8dcf-s768n namespace: tnf - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:579 @ 09/04/23 09:18:50.664\nSTEP: Testing cluster role binding for pod: xdp namespace: tnf - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:579 @ 09/04/23 09:18:50.664\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-cluster-role-bindings - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:169 @ 09/04/23 09:18:50.664 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.664\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.664 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-automount-service-account-token [telco, access-control-pod-automount-service-account-token, access-control]", - "-status": "failed", - "-time": "0.300309189", - "failure": { - "#content": "[FAILED] Pod has been found with default service account name.\nIn [It] at: /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:612 @ 09/04/23 09:18:50.964", - "-message": "Pod has been found with default service account name.", - "-type": "failed" - }, - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.664\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.664 (0s)\n\u003e Enter [It] access-control-pod-automount-service-account-token - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:175 @ 09/04/23 09:18:50.664\nSTEP: Should have automountServiceAccountToken set to false - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:603 @ 09/04/23 09:18:50.664\nSTEP: check the existence of pod service account tnf (ns= test-0 ) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:609 @ 09/04/23 09:18:50.664\nSTEP: check the existence of pod service account tnf (ns= test-1 ) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:609 @ 09/04/23 09:18:50.688\nSTEP: check the existence of pod service account tnf (ns= test-765d6b8dcf-gbvsd ) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:609 @ 09/04/23 09:18:50.712\nSTEP: check the existence of pod service account tnf (ns= test-765d6b8dcf-s768n ) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:609 @ 09/04/23 09:18:50.858\nSTEP: check the existence of pod service account tnf (ns= xdp ) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:609 @ 09/04/23 09:18:50.964\nPod [xdp] has been found with default service account name.\n[FAILED] Pod has been found with default service account name.\nIn [It] at: /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:612 @ 09/04/23 09:18:50.964\n\u003c Exit [It] access-control-pod-automount-service-account-token - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:175 @ 09/04/23 09:18:50.964 (300ms)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.964\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:50.965 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-one-process-per-container [common, access-control-one-process-per-container, access-control]", - "-status": "passed", - "-time": "7.8503525", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.965\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:50.965 (0s)\n\u003e Enter [It] access-control-one-process-per-container - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:181 @ 09/04/23 09:18:50.965\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-one-process-per-container - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:181 @ 09/04/23 09:18:58.815 (7.85s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:58.815\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:58.815 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-sys-nice-realtime-capability [telco, access-control-sys-nice-realtime-capability, access-control]", - "-status": "failed", - "-time": "0.000343115", - "failure": { - "#content": "[FAILED] {\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:58.816", - "-message": "{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"xdp\",\"xdp-c\"]}]}", - "-type": "failed" - }, - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:58.815\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:58.815 (0s)\n\u003e Enter [It] access-control-sys-nice-realtime-capability - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:189 @ 09/04/23 09:18:58.815\n[container: test pod: test-0 ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: test pod: test-1 ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: test pod: test-765d6b8dcf-gbvsd ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: test pod: test-765d6b8dcf-s768n ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: xdp-c pod: xdp ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\n%!(EXTRA []interface {}=[])\n[FAILED] {\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:58.816\n\u003c Exit [It] access-control-sys-nice-realtime-capability - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:189 @ 09/04/23 09:18:58.816 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:58.816\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:58.816 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-sys-ptrace-capability [telco, access-control-sys-ptrace-capability, access-control]", - "-status": "skipped", - "-time": "0.000238782", - "skipped": { - "-message": "skipped - Test skipped because there are no []*provider.Pod to test, please check under test labels" - }, - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:58.816\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:58.816 (0s)\n\u003e Enter [It] access-control-sys-ptrace-capability - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:195 @ 09/04/23 09:18:58.816\n[SKIPPED] Test skipped because there are no []*provider.Pod to test, please check under test labels\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:321 @ 09/04/23 09:18:58.816\n\u003c Exit [It] access-control-sys-ptrace-capability - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:195 @ 09/04/23 09:18:58.816 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:58.816\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:58.816 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-namespace-resource-quota [extended, access-control-namespace-resource-quota, access-control]", - "-status": "passed", - "-time": "7.5868e-05", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:58.816\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:58.816 (0s)\n\u003e Enter [It] access-control-namespace-resource-quota - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:201 @ 09/04/23 09:18:58.816\nSTEP: Testing namespace resource quotas - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:718 @ 09/04/23 09:18:58.816\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-namespace-resource-quota - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:201 @ 09/04/23 09:18:58.816 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:58.816\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:58.816 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-ssh-daemons [telco, access-control-ssh-daemons, access-control]", - "-status": "passed", - "-time": "7.839353399", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:58.816\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:18:58.816 (0s)\n\u003e Enter [It] access-control-ssh-daemons - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:207 @ 09/04/23 09:18:58.816\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-ssh-daemons - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:207 @ 09/04/23 09:19:06.656 (7.839s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:19:06.656\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:19:06.656 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-requests-and-limits [telco, access-control-requests-and-limits, access-control]", - "-status": "failed", - "-time": "0.000302278", - "failure": { - "#content": "[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is missing resource requests or limits\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:19:06.656", - "-message": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is missing resource requests or limits\",\"tnf\",\"xdp\",\"xdp-c\"]}]}", - "-type": "failed" - }, - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:19:06.656\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:19:06.656 (0s)\n\u003e Enter [It] access-control-requests-and-limits - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:216 @ 09/04/23 09:19:06.656\nSTEP: Testing container resource requests and limits - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:807 @ 09/04/23 09:19:06.656\nContainer has been found missing resource limits: [container: xdp-c pod: xdp ns: tnf]\nContainer has been found missing resource requests: [container: xdp-c pod: xdp ns: tnf]\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is missing resource requests or limits\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\n%!(EXTRA []interface {}=[])\n[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is missing resource requests or limits\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:19:06.656\n\u003c Exit [It] access-control-requests-and-limits - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:216 @ 09/04/23 09:19:06.656 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:19:06.656\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:19:06.656 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-no-1337-uid [extended, access-control-no-1337-uid, access-control]", - "-status": "passed", - "-time": "0.000171143", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:19:06.656\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:19:06.656 (0s)\n\u003e Enter [It] access-control-no-1337-uid - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:223 @ 09/04/23 09:19:06.656\nSTEP: Testing pods to ensure none are using UID 1337 - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:827 @ 09/04/23 09:19:06.656\nSTEP: checking if pod test-0 has a securityContext RunAsUser 1337 (ns= tnf) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:829 @ 09/04/23 09:19:06.656\nSTEP: checking if pod test-1 has a securityContext RunAsUser 1337 (ns= tnf) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:829 @ 09/04/23 09:19:06.657\nSTEP: checking if pod test-765d6b8dcf-gbvsd has a securityContext RunAsUser 1337 (ns= tnf) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:829 @ 09/04/23 09:19:06.657\nSTEP: checking if pod test-765d6b8dcf-s768n has a securityContext RunAsUser 1337 (ns= tnf) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:829 @ 09/04/23 09:19:06.657\nSTEP: checking if pod xdp has a securityContext RunAsUser 1337 (ns= tnf) - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:829 @ 09/04/23 09:19:06.657\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-no-1337-uid - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:223 @ 09/04/23 09:19:06.657 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:19:06.657\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:19:06.657 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-projected-volume-service-account-token [telco, access-control-projected-volume-service-account-token, access-control]", - "-status": "failed", - "-time": "0.000298494", - "failure": { - "#content": "[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ProjectedVolume\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Projected Volume Name\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\"],\"ObjectFieldsValues\":[\"the projected volume Service account token field is not nil\",\"tnf\",\"xdp\",\"kube-api-access-t8lpx\",\"\\u0026ServiceAccountTokenProjection{Audience:,ExpirationSeconds:*3607,Path:token,}\",\"nil\",\"nil\",\"nil\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:19:06.657", - "-message": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ProjectedVolume\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Projected Volume Name\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\"],\"ObjectFieldsValues\":[\"the projected volume Service account token field is not nil\",\"tnf\",\"xdp\",\"kube-api-access-t8lpx\",\"\\u0026ServiceAccountTokenProjection{Audience:,ExpirationSeconds:*3607,Path:token,}\",\"nil\",\"nil\",\"nil\"]}]}", - "-type": "failed" - }, - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:19:06.657\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:19:06.657 (0s)\n\u003e Enter [It] access-control-projected-volume-service-account-token - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:229 @ 09/04/23 09:19:06.657\nSTEP: Testing pods to ensure they are not using projected volumes for service account access - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:248 @ 09/04/23 09:19:06.657\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ProjectedVolume\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Projected Volume Name\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\"],\"ObjectFieldsValues\":[\"the projected volume Service account token field is not nil\",\"tnf\",\"xdp\",\"kube-api-access-t8lpx\",\"\\u0026ServiceAccountTokenProjection{Audience:,ExpirationSeconds:*3607,Path:token,}\",\"nil\",\"nil\",\"nil\"]}]}\n%!(EXTRA []interface {}=[])\n[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ProjectedVolume\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Projected Volume Name\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\"],\"ObjectFieldsValues\":[\"the projected volume Service account token field is not nil\",\"tnf\",\"xdp\",\"kube-api-access-t8lpx\",\"\\u0026ServiceAccountTokenProjection{Audience:,ExpirationSeconds:*3607,Path:token,}\",\"nil\",\"nil\",\"nil\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:19:06.657\n\u003c Exit [It] access-control-projected-volume-service-account-token - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:229 @ 09/04/23 09:19:06.657 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:19:06.657\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:19:06.657 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-service-type [common, access-control-service-type, access-control]", - "-status": "passed", - "-time": "6.4098e-05", - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:19:06.657\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:19:06.657 (0s)\n\u003e Enter [It] access-control-service-type - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:235 @ 09/04/23 09:19:06.657\n{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] access-control-service-type - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:235 @ 09/04/23 09:19:06.657 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:19:06.657\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:19:06.657 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-crd-roles [extended, access-control-crd-roles, access-control]", - "-status": "skipped", - "-time": "0.000249071", - "skipped": { - "-message": "skipped - No role contains rules that apply to at least one CRD under test" - }, - "system-err": "\u003e Enter [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:19:06.657\n\u003c Exit [BeforeEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:62 @ 09/04/23 09:19:06.657 (0s)\n\u003e Enter [It] access-control-crd-roles - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:241 @ 09/04/23 09:19:06.657\n[SKIPPED] No role contains rules that apply to at least one CRD under test\nIn [It] at: /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:933 @ 09/04/23 09:19:06.658\n\u003c Exit [It] access-control-crd-roles - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:241 @ 09/04/23 09:19:06.658 (0s)\n\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:19:06.658\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:19:06.658 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] affiliated-certification affiliated-certification-helm-version [common, affiliated-certification-helm-version, affiliated-certification]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:19:06.658\n\u003c Exit [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:19:06.658 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] affiliated-certification affiliated-certification-container-is-certified [common, affiliated-certification-container-is-certified, affiliated-certification]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:19:06.658\n\u003c Exit [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:19:06.658 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] affiliated-certification affiliated-certification-operator-is-certified [common, affiliated-certification-operator-is-certified, affiliated-certification]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:19:06.658\n\u003c Exit [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:19:06.658 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] affiliated-certification affiliated-certification-helmchart-is-certified [common, affiliated-certification-helmchart-is-certified, affiliated-certification]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:19:06.658\n\u003c Exit [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:19:06.658 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] affiliated-certification affiliated-certification-container-is-certified-digest [common, affiliated-certification-container-is-certified-digest, affiliated-certification]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:19:06.658\n\u003c Exit [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:19:06.658 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] operator operator-install-status-succeeded [common, operator-install-status-succeeded, operator]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] operator - /home/greyerof/github/tnf/cnf-certification-test/operator/suite.go:40 @ 09/04/23 09:19:06.658\n\u003c Exit [ReportAfterEach] operator - /home/greyerof/github/tnf/cnf-certification-test/operator/suite.go:40 @ 09/04/23 09:19:06.658 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] operator operator-install-status-no-privileges [common, operator-install-status-no-privileges, operator]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] operator - /home/greyerof/github/tnf/cnf-certification-test/operator/suite.go:40 @ 09/04/23 09:19:06.658\n\u003c Exit [ReportAfterEach] operator - /home/greyerof/github/tnf/cnf-certification-test/operator/suite.go:40 @ 09/04/23 09:19:06.658 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] operator operator-install-source [common, operator-install-source, operator]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] operator - /home/greyerof/github/tnf/cnf-certification-test/operator/suite.go:40 @ 09/04/23 09:19:06.658\n\u003c Exit [ReportAfterEach] operator - /home/greyerof/github/tnf/cnf-certification-test/operator/suite.go:40 @ 09/04/23 09:19:06.658 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] manageability manageability-containers-image-tag [extended, manageability-containers-image-tag, manageability]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] manageability - /home/greyerof/github/tnf/cnf-certification-test/manageability/suite.go:39 @ 09/04/23 09:19:06.658\n\u003c Exit [ReportAfterEach] manageability - /home/greyerof/github/tnf/cnf-certification-test/manageability/suite.go:39 @ 09/04/23 09:19:06.658 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] manageability manageability-container-port-name-format [extended, manageability-container-port-name-format, manageability]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] manageability - /home/greyerof/github/tnf/cnf-certification-test/manageability/suite.go:39 @ 09/04/23 09:19:06.658\n\u003c Exit [ReportAfterEach] manageability - /home/greyerof/github/tnf/cnf-certification-test/manageability/suite.go:39 @ 09/04/23 09:19:06.658 (0s)" - } - ] - } - } - }, - "testsExtraInfo": "" - }, "results": { "access-control-bpf-capability-check": { - "capturedTestOutput": "Non compliant [BPF container: xdp-c pod: xdp ns: tnf \u0026Capabilities{Add:[BPF PERFMON NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"BPF\"]}]}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "Non compliant [BPF container: xdp-c pod: xdp ns: certsuite \u0026Capabilities{Add:[BPF PERFMON NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"xdp\",\"xdp-c\",\"BPF\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "No Doc Link - Telco", "description": "Ensures that containers do not use BFP capability. CNF should avoid loading eBPF filters", @@ -9256,8 +8292,8 @@ "duration": 172850, "endTime": "2023-09-04 09:18:50.568408558 -0500 CDT m=+20.103332734", "failureLineContent": "\t\tfail(string(bytes))", - "failureLocation": "/home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367", - "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"BPF\"]}]}", + "failureLocation": "/home/greyerof/github/certsuite/pkg/testhelper/testhelper.go:367", + "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"xdp\",\"xdp-c\",\"BPF\"]}]}", "startTime": "2023-09-04 09:18:50.568235709 -0500 CDT m=+20.103159884", "state": "failed", "testID": { @@ -9267,7 +8303,7 @@ } }, "access-control-cluster-role-bindings": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"certsuite\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"certsuite\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-security-rbac", "description": "Tests that a Pod does not specify ClusterRoleBindings.", @@ -9294,7 +8330,7 @@ } }, "access-control-container-host-port": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-avoid-accessing-resource-on-host", "description": "Verifies if containers define a hostPort.", @@ -9337,7 +8373,7 @@ "duration": 249071, "endTime": "2023-09-04 09:19:06.658058151 -0500 CDT m=+36.192982330", "failureLineContent": "\t\tginkgo.Skip(\"No role contains rules that apply to at least one CRD under test\")", - "failureLocation": "/home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:933", + "failureLocation": "/home/greyerof/github/certsuite/cnf-certification-test/accesscontrol/suite.go:933", "skipReason": "No role contains rules that apply to at least one CRD under test", "startTime": "2023-09-04 09:19:06.657809085 -0500 CDT m=+36.192733259", "state": "skipped", @@ -9348,7 +8384,7 @@ } }, "access-control-ipc-lock-capability-check": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-ipc_lock", "description": "Ensures that containers do not use IPC_LOCK capability. CNF should avoid accessing host resources - spec.HostIpc should be false.", @@ -9375,7 +8411,7 @@ } }, "access-control-namespace": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"tnf\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"tnf\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"tnf\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"tnf\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\"],\"ObjectFieldsValues\":[\"CRs are in the configured namespaces\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"certsuite\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"certsuite\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"certsuite\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"certsuite\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\"],\"ObjectFieldsValues\":[\"CRs are in the configured namespaces\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-requirements-cnf-reqs", "description": "Tests that all CNF's resources (PUTs and CRs) belong to valid namespaces. A valid namespace meets\nthe following conditions: (1) It was declared in the yaml config file under the targetNameSpaces\ntag. (2) It does not have any of the following prefixes: default, openshift-, istio- and aspenmesh-", @@ -9402,7 +8438,7 @@ } }, "access-control-namespace-resource-quota": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"certsuite\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"certsuite\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-memory-allocation", "description": "Checks to see if CNF workload pods are running in namespaces that have resource quotas applied.", @@ -9429,7 +8465,7 @@ } }, "access-control-net-admin-capability-check": { - "capturedTestOutput": "Non compliant [NET_ADMIN container: test pod: test-765d6b8dcf-gbvsd ns: tnf \u0026Capabilities{Add:[NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\nNon compliant [NET_ADMIN container: test pod: test-765d6b8dcf-s768n ns: tnf \u0026Capabilities{Add:[NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\nNon compliant [NET_ADMIN container: xdp-c pod: xdp ns: tnf \u0026Capabilities{Add:[BPF PERFMON NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"NET_ADMIN\"]}]}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "Non compliant [NET_ADMIN container: test pod: test-765d6b8dcf-gbvsd ns: certsuite \u0026Capabilities{Add:[NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\nNon compliant [NET_ADMIN container: test pod: test-765d6b8dcf-s768n ns: certsuite \u0026Capabilities{Add:[NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\nNon compliant [NET_ADMIN container: xdp-c pod: xdp ns: certsuite \u0026Capabilities{Add:[BPF PERFMON NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-1\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"xdp\",\"xdp-c\",\"NET_ADMIN\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-net_admin", "description": "Ensures that containers do not use NET_ADMIN capability. Note: this test also ensures iptables and nftables are not configured by CNF pods:\n- NET_ADMIN and NET_RAW are required to modify nftables (namespaced) which is not desired inside pods.\nnftables should be configured by an administrator outside the scope of the CNF. nftables are usually configured\nby operators, for instance the Performance Addon Operator (PAO) or istio.\n- Privileged container are required to modify host iptables, which is not safe to perform inside pods. nftables\nshould be configured by an administrator outside the scope of the CNF. iptables are usually configured by operators,\nfor instance the Performance Addon Operator (PAO) or istio.", @@ -9445,8 +8481,8 @@ "duration": 232836, "endTime": "2023-09-04 09:18:50.56793244 -0500 CDT m=+20.102856615", "failureLineContent": "\t\tfail(string(bytes))", - "failureLocation": "/home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367", - "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"NET_ADMIN\"]}]}", + "failureLocation": "/home/greyerof/github/certsuite/pkg/testhelper/testhelper.go:367", + "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-1\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"xdp\",\"xdp-c\",\"NET_ADMIN\"]}]}", "startTime": "2023-09-04 09:18:50.567699604 -0500 CDT m=+20.102623779", "state": "failed", "testID": { @@ -9456,7 +8492,7 @@ } }, "access-control-net-raw-capability-check": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-user-plane-cnfs", "description": "Ensures that containers do not use NET_RAW capability. Note: this test also ensures iptables and nftables are not configured by CNF pods:\n- NET_ADMIN and NET_RAW are required to modify nftables (namespaced) which is not desired inside pods.\nnftables should be configured by an administrator outside the scope of the CNF. nftables are usually configured\nby operators, for instance the Performance Addon Operator (PAO) or istio.\n- Privileged container are required to modify host iptables, which is not safe to perform inside pods. nftables\nshould be configured by an administrator outside the scope of the CNF. iptables are usually configured by operators,\nfor instance the Performance Addon Operator (PAO) or istio.", @@ -9483,7 +8519,7 @@ } }, "access-control-no-1337-uid": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"certsuite\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"certsuite\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "No Doc Link - Extended", "description": "Checks that all pods are not using the securityContext UID 1337", @@ -9510,7 +8546,7 @@ } }, "access-control-one-process-per-container": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"certsuite\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-one-process-per-container", "description": "Check that all containers under test have only one process running", @@ -9553,7 +8589,7 @@ "duration": 300309189, "endTime": "2023-09-04 09:18:50.964966148 -0500 CDT m=+20.499890322", "failureLineContent": "\t\t\tginkgo.Fail(\"Pod has been found with default service account name.\")", - "failureLocation": "/home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:612", + "failureLocation": "/home/greyerof/github/certsuite/cnf-certification-test/accesscontrol/suite.go:612", "skipReason": "Pod has been found with default service account name.", "startTime": "2023-09-04 09:18:50.664656954 -0500 CDT m=+20.199581133", "state": "failed", @@ -9564,7 +8600,7 @@ } }, "access-control-pod-host-ipc": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"certsuite\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"certsuite\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-cnf-security", "description": "Verifies that the spec.HostIpc parameter is set to false", @@ -9591,7 +8627,7 @@ } }, "access-control-pod-host-network": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"certsuite\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"certsuite\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-avoid-the-host-network-namespace", "description": "Verifies that the spec.HostNetwork parameter is not set (not present)", @@ -9618,7 +8654,7 @@ } }, "access-control-pod-host-path": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Hostpath path is not set\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Hostpath path is not set\",\"certsuite\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-cnf-security", "description": "Verifies that the spec.HostPath parameter is not set (not present)", @@ -9645,7 +8681,7 @@ } }, "access-control-pod-host-pid": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"certsuite\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"certsuite\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-cnf-security", "description": "Verifies that the spec.HostPid parameter is set to false", @@ -9672,7 +8708,7 @@ } }, "access-control-pod-role-bindings": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"The serviceAccountName is either empty or default\",\"tnf\",\"xdp\"]}]}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"certsuite\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"The serviceAccountName is either empty or default\",\"certsuite\",\"xdp\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-security-rbac", "description": "Ensures that a CNF does not utilize RoleBinding(s) in a non-CNF Namespace.", @@ -9688,8 +8724,8 @@ "duration": 452989, "endTime": "2023-09-04 09:18:50.664046132 -0500 CDT m=+20.198970306", "failureLineContent": "\t\tfail(string(bytes))", - "failureLocation": "/home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367", - "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"The serviceAccountName is either empty or default\",\"tnf\",\"xdp\"]}]}", + "failureLocation": "/home/greyerof/github/certsuite/pkg/testhelper/testhelper.go:367", + "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"certsuite\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"The serviceAccountName is either empty or default\",\"certsuite\",\"xdp\"]}]}", "startTime": "2023-09-04 09:18:50.663593132 -0500 CDT m=+20.198517317", "state": "failed", "testID": { @@ -9699,7 +8735,7 @@ } }, "access-control-pod-service-account": { - "capturedTestOutput": "Pod [xdp tnf] (ns: %!s(MISSING)) does not have a valid service account name.\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod does not have a valid service account name\",\"tnf\",\"xdp\"]}]}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "Pod [xdp certsuite] (ns: %!s(MISSING)) does not have a valid service account name.\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"certsuite\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod does not have a valid service account name\",\"certsuite\",\"xdp\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-scc-permissions-for-an-application", "description": "Tests that each CNF Pod utilizes a valid Service Account. Default or empty service account is not valid.", @@ -9715,8 +8751,8 @@ "duration": 444525, "endTime": "2023-09-04 09:18:50.663337898 -0500 CDT m=+20.198262075", "failureLineContent": "\t\tfail(string(bytes))", - "failureLocation": "/home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367", - "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod does not have a valid service account name\",\"tnf\",\"xdp\"]}]}", + "failureLocation": "/home/greyerof/github/certsuite/pkg/testhelper/testhelper.go:367", + "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"certsuite\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod does not have a valid service account name\",\"certsuite\",\"xdp\"]}]}", "startTime": "2023-09-04 09:18:50.662893374 -0500 CDT m=+20.197817550", "state": "failed", "testID": { @@ -9726,7 +8762,7 @@ } }, "access-control-projected-volume-service-account-token": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ProjectedVolume\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Projected Volume Name\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\"],\"ObjectFieldsValues\":[\"the projected volume Service account token field is not nil\",\"tnf\",\"xdp\",\"kube-api-access-t8lpx\",\"\\u0026ServiceAccountTokenProjection{Audience:,ExpirationSeconds:*3607,Path:token,}\",\"nil\",\"nil\",\"nil\"]}]}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"certsuite\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ProjectedVolume\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Projected Volume Name\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\"],\"ObjectFieldsValues\":[\"the projected volume Service account token field is not nil\",\"certsuite\",\"xdp\",\"kube-api-access-t8lpx\",\"\\u0026ServiceAccountTokenProjection{Audience:,ExpirationSeconds:*3607,Path:token,}\",\"nil\",\"nil\",\"nil\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-automount-services-for-pods", "description": "Checks that pods do not use projected volumes and service account tokens", @@ -9742,8 +8778,8 @@ "duration": 298494, "endTime": "2023-09-04 09:19:06.65744981 -0500 CDT m=+36.192374005", "failureLineContent": "\t\tfail(string(bytes))", - "failureLocation": "/home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367", - "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ProjectedVolume\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Projected Volume Name\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\"],\"ObjectFieldsValues\":[\"the projected volume Service account token field is not nil\",\"tnf\",\"xdp\",\"kube-api-access-t8lpx\",\"\\u0026ServiceAccountTokenProjection{Audience:,ExpirationSeconds:*3607,Path:token,}\",\"nil\",\"nil\",\"nil\"]}]}", + "failureLocation": "/home/greyerof/github/certsuite/pkg/testhelper/testhelper.go:367", + "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"certsuite\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ProjectedVolume\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Projected Volume Name\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\"],\"ObjectFieldsValues\":[\"the projected volume Service account token field is not nil\",\"certsuite\",\"xdp\",\"kube-api-access-t8lpx\",\"\\u0026ServiceAccountTokenProjection{Audience:,ExpirationSeconds:*3607,Path:token,}\",\"nil\",\"nil\",\"nil\"]}]}", "startTime": "2023-09-04 09:19:06.657151337 -0500 CDT m=+36.192075511", "state": "failed", "testID": { @@ -9753,7 +8789,7 @@ } }, "access-control-requests-and-limits": { - "capturedTestOutput": "Container has been found missing resource limits: [container: xdp-c pod: xdp ns: tnf]\nContainer has been found missing resource requests: [container: xdp-c pod: xdp ns: tnf]\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is missing resource requests or limits\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "Container has been found missing resource limits: [container: xdp-c pod: xdp ns: certsuite]\nContainer has been found missing resource requests: [container: xdp-c pod: xdp ns: certsuite]\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is missing resource requests or limits\",\"certsuite\",\"xdp\",\"xdp-c\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-requests/limits", "description": "Check that containers have resource requests and limits specified in their spec.", @@ -9769,8 +8805,8 @@ "duration": 302278, "endTime": "2023-09-04 09:19:06.656636052 -0500 CDT m=+36.191560227", "failureLineContent": "\t\tfail(string(bytes))", - "failureLocation": "/home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367", - "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is missing resource requests or limits\",\"tnf\",\"xdp\",\"xdp-c\"]}]}", + "failureLocation": "/home/greyerof/github/certsuite/pkg/testhelper/testhelper.go:367", + "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is missing resource requests or limits\",\"certsuite\",\"xdp\",\"xdp-c\"]}]}", "startTime": "2023-09-04 09:19:06.656333774 -0500 CDT m=+36.191257949", "state": "failed", "testID": { @@ -9780,7 +8816,7 @@ } }, "access-control-security-context": { - "capturedTestOutput": "containerSCC [container: test pod: test-0 ns: tnf {false false false false false true false true false true true true CategoryID1(limited access granted automatically) true true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true false] but expected %!s(MISSING) - NOK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true] - OK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category1NoUID0 \n%!(EXTRA []interface {}=[])containerSCC [container: test pod: test-1 ns: tnf {false false false false false true false true false true true true CategoryID1(limited access granted automatically) true true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true false] but expected %!s(MISSING) - NOK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true] - OK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category1NoUID0 \n%!(EXTRA []interface {}=[])containerSCC [container: test pod: test-765d6b8dcf-gbvsd ns: tnf {false false false false false false false false false false false true CategoryID2(advanced networking (vlan tag, dscp, priority)) false true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID2(advanced networking (vlan tag, dscp, priority))]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID2(advanced networking (vlan tag, dscp, priority))] - OK\nTesting if pod belongs to category [CategoryID3(SRIOV and DPDK)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID3(SRIOV and DPDK)] but expected %!s(MISSING) - NOK\ncontainerSCC [container: test pod: test-765d6b8dcf-s768n ns: tnf {false false false false false false false false false false false true CategoryID2(advanced networking (vlan tag, dscp, priority)) false true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID2(advanced networking (vlan tag, dscp, priority))]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID2(advanced networking (vlan tag, dscp, priority))] - OK\nTesting if pod belongs to category [CategoryID3(SRIOV and DPDK)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID3(SRIOV and DPDK)] but expected %!s(MISSING) - NOK\ncontainerSCC [container: xdp-c pod: xdp ns: tnf {false false false false false false false false false false false false CategoryID4(anything not matching lower category) false true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID2(advanced networking (vlan tag, dscp, priority))]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID2(advanced networking (vlan tag, dscp, priority))] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID3(SRIOV and DPDK)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID3(SRIOV and DPDK)] but expected %!s(MISSING) - NOK\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-0\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-1\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"Cnf\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Category\"],\"ObjectFieldsValues\":[\"Overall CNF category\",\"CategoryID4(anything not matching lower category)\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"xdp\",\"xdp-c\",\"CategoryID4(anything not matching lower category)\"]}]}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "containerSCC [container: test pod: test-0 ns: certsuite {false false false false false true false true false true true true CategoryID1(limited access granted automatically) true true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true false] but expected %!s(MISSING) - NOK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true] - OK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category1NoUID0 \n%!(EXTRA []interface {}=[])containerSCC [container: test pod: test-1 ns: certsuite {false false false false false true false true false true true true CategoryID1(limited access granted automatically) true true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true false] but expected %!s(MISSING) - NOK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true] - OK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category1NoUID0 \n%!(EXTRA []interface {}=[])containerSCC [container: test pod: test-765d6b8dcf-gbvsd ns: certsuite {false false false false false false false false false false false true CategoryID2(advanced networking (vlan tag, dscp, priority)) false true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID2(advanced networking (vlan tag, dscp, priority))]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID2(advanced networking (vlan tag, dscp, priority))] - OK\nTesting if pod belongs to category [CategoryID3(SRIOV and DPDK)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID3(SRIOV and DPDK)] but expected %!s(MISSING) - NOK\ncontainerSCC [container: test pod: test-765d6b8dcf-s768n ns: certsuite {false false false false false false false false false false false true CategoryID2(advanced networking (vlan tag, dscp, priority)) false true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID2(advanced networking (vlan tag, dscp, priority))]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID2(advanced networking (vlan tag, dscp, priority))] - OK\nTesting if pod belongs to category [CategoryID3(SRIOV and DPDK)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID3(SRIOV and DPDK)] but expected %!s(MISSING) - NOK\ncontainerSCC [container: xdp-c pod: xdp ns: certsuite {false false false false false false false false false false false false CategoryID4(anything not matching lower category) false true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID2(advanced networking (vlan tag, dscp, priority))]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID2(advanced networking (vlan tag, dscp, priority))] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID3(SRIOV and DPDK)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID3(SRIOV and DPDK)] but expected %!s(MISSING) - NOK\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"certsuite\",\"test-0\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"certsuite\",\"test-1\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"Cnf\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Category\"],\"ObjectFieldsValues\":[\"Overall CNF category\",\"CategoryID4(anything not matching lower category)\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"certsuite\",\"xdp\",\"xdp-c\",\"CategoryID4(anything not matching lower category)\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-cnf-security", "description": "Checks the security context matches one of the 4 categories", @@ -9796,8 +8832,8 @@ "duration": 1071152, "endTime": "2023-09-04 09:18:50.567381737 -0500 CDT m=+20.102305911", "failureLineContent": "\t\tfail(string(bytes))", - "failureLocation": "/home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367", - "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-0\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-1\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"Cnf\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Category\"],\"ObjectFieldsValues\":[\"Overall CNF category\",\"CategoryID4(anything not matching lower category)\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"xdp\",\"xdp-c\",\"CategoryID4(anything not matching lower category)\"]}]}", + "failureLocation": "/home/greyerof/github/certsuite/pkg/testhelper/testhelper.go:367", + "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"certsuite\",\"test-0\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"certsuite\",\"test-1\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"Cnf\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Category\"],\"ObjectFieldsValues\":[\"Overall CNF category\",\"CategoryID4(anything not matching lower category)\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"certsuite\",\"xdp\",\"xdp-c\",\"CategoryID4(anything not matching lower category)\"]}]}", "startTime": "2023-09-04 09:18:50.566310584 -0500 CDT m=+20.101234759", "state": "failed", "testID": { @@ -9807,7 +8843,7 @@ } }, "access-control-security-context-non-root-user-check": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"certsuite\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"certsuite\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-cnf-security", "description": "Checks the security context runAsUser parameter in pods and containers to make sure it is not set to uid root(0). Pods and containers should not run as root (runAsUser is not set to uid0).", @@ -9834,7 +8870,7 @@ } }, "access-control-security-context-privilege-escalation": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"AllowPrivilegeEscalation is set to false\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"AllowPrivilegeEscalation is set to false\",\"tnf\",\"test-1\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"AllowPrivilegeEscalation is set to false\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"AllowPrivilegeEscalation is set to false\",\"certsuite\",\"test-1\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-cnf-security", "description": "Checks if privileged escalation is enabled (AllowPrivilegeEscalation=true).", @@ -9888,7 +8924,7 @@ } }, "access-control-ssh-daemons": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"certsuite\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"certsuite\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"certsuite\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"certsuite\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"certsuite\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-pod-interaction/configuration", "description": "Check that pods do not run SSH daemons.", @@ -9915,7 +8951,7 @@ } }, "access-control-sys-admin-capability-check": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"certsuite\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-avoid-sys_admin", "description": "Ensures that containers do not use SYS_ADMIN capability", @@ -9942,7 +8978,7 @@ } }, "access-control-sys-nice-realtime-capability": { - "capturedTestOutput": "[container: test pod: test-0 ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: test pod: test-1 ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: test pod: test-765d6b8dcf-gbvsd ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: test pod: test-765d6b8dcf-s768n ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: xdp-c pod: xdp ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "[container: test pod: test-0 ns: certsuite] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: test pod: test-1 ns: certsuite] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: test pod: test-765d6b8dcf-gbvsd ns: certsuite] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: test pod: test-765d6b8dcf-s768n ns: certsuite] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: xdp-c pod: xdp ns: certsuite] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"certsuite\",\"xdp\",\"xdp-c\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-sys_nice", "description": "Check that pods running on nodes with realtime kernel enabled have the SYS_NICE capability enabled in their spec. In the case that a CNF is running on a node using the real-time kernel, SYS_NICE will be used to allow DPDK application to switch to SCHED_FIFO.", @@ -9958,8 +8994,8 @@ "duration": 343115, "endTime": "2023-09-04 09:18:58.816106528 -0500 CDT m=+28.351030702", "failureLineContent": "\t\tfail(string(bytes))", - "failureLocation": "/home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367", - "skipReason": "{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"xdp\",\"xdp-c\"]}]}", + "failureLocation": "/home/greyerof/github/certsuite/pkg/testhelper/testhelper.go:367", + "skipReason": "{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"certsuite\",\"xdp\",\"xdp-c\"]}]}", "startTime": "2023-09-04 09:18:58.815763413 -0500 CDT m=+28.350687587", "state": "failed", "testID": { @@ -9985,7 +9021,7 @@ "duration": 238782, "endTime": "2023-09-04 09:18:58.816543639 -0500 CDT m=+28.351467813", "failureLineContent": "\t\t\tskip(fmt.Sprintf(\"Test skipped because there are no %s to test, please check under test labels\", reflect.TypeOf(o)))", - "failureLocation": "/home/greyerof/github/tnf/pkg/testhelper/testhelper.go:321", + "failureLocation": "/home/greyerof/github/certsuite/pkg/testhelper/testhelper.go:321", "skipReason": "Test skipped because there are no []*provider.Pod to test, please check under test labels", "startTime": "2023-09-04 09:18:58.816304856 -0500 CDT m=+28.351229031", "state": "skipped", @@ -11675,8 +10711,8 @@ "k8s": "v1.26.3+b404935", "ocClient": "n/a, (not using oc or kubectl client)", "ocp": "4.13.0", - "tnf": "Unreleased build post v4.3.2", - "tnfGitCommit": "20641f745f65aaba24d9f5105f6dee531f67fc37" + "certSuite": "Unreleased build post v4.3.2", + "certSuiteGitCommit": "20641f745f65aaba24d9f5105f6dee531f67fc37" } } } \ No newline at end of file diff --git a/cmd/certsuite/claim/compare/testdata/claim_observability.json b/cmd/certsuite/claim/compare/testdata/claim_observability.json index da413dbb1..65d897834 100644 --- a/cmd/certsuite/claim/compare/testdata/claim_observability.json +++ b/cmd/certsuite/claim/compare/testdata/claim_observability.json @@ -60,7 +60,7 @@ "skipScalingTestDeployments": [ { "name": "deployment1", - "namespace": "tnf" + "namespace": "certsuite" } ], "targetCrdFilters": [ @@ -78,7 +78,7 @@ } ], "targetNameSpaces": [ - "tnf" + "certsuite" ], "validProtocolNames": [ "http3", @@ -8274,996 +8274,6 @@ } } }, - "rawResults": { - "cnf-certification-test": { - "testsuites": { - "-disabled": "86", - "-errors": "0", - "-failures": "1", - "-tests": "90", - "-time": "0.572215026", - "testsuite": { - "-disabled": "0", - "-errors": "0", - "-failures": "1", - "-name": "CNF Certification Test Suite", - "-package": "/home/greyerof/github/tnf/cnf-certification-test", - "-skipped": "86", - "-tests": "90", - "-time": "0.572215026", - "-timestamp": "2023-09-04T09:18:08", - "properties": { - "property": [ - { - "-name": "SuiteSucceeded", - "-value": "false" - }, - { - "-name": "SuiteHasProgrammaticFocus", - "-value": "false" - }, - { - "-name": "SpecialSuiteFailureReason", - "-value": "" - }, - { - "-name": "SuiteLabels", - "-value": "[]" - }, - { - "-name": "RandomSeed", - "-value": "1693837068" - }, - { - "-name": "RandomizeAllSpecs", - "-value": "false" - }, - { - "-name": "LabelFilter", - "-value": "observability" - }, - { - "-name": "FocusStrings", - "-value": "" - }, - { - "-name": "SkipStrings", - "-value": "" - }, - { - "-name": "FocusFiles", - "-value": "" - }, - { - "-name": "SkipFiles", - "-value": "" - }, - { - "-name": "FailOnPending", - "-value": "false" - }, - { - "-name": "FailFast", - "-value": "false" - }, - { - "-name": "FlakeAttempts", - "-value": "0" - }, - { - "-name": "DryRun", - "-value": "false" - }, - { - "-name": "ParallelTotal", - "-value": "1" - }, - { - "-name": "OutputInterceptorMode", - "-value": "" - } - ] - }, - "testcase": [ - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-container-shutdown [telco, lifecycle-container-shutdown, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-crd-scaling [common, lifecycle-crd-scaling, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-container-startup [telco, lifecycle-container-startup, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-image-pull-policy [telco, lifecycle-image-pull-policy, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-readiness-probe [telco, lifecycle-readiness-probe, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-liveness-probe [telco, lifecycle-liveness-probe, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-startup-probe [telco, lifecycle-startup-probe, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-pod-owner-type [telco, lifecycle-pod-owner-type, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-pod-high-availability [common, lifecycle-pod-high-availability, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-pod-scheduling [telco, lifecycle-pod-scheduling, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-pod-recreation [common, lifecycle-pod-recreation, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-deployment-scaling [common, lifecycle-deployment-scaling, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-statefulset-scaling [common, lifecycle-statefulset-scaling, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-persistent-volume-reclaim-policy [telco, lifecycle-persistent-volume-reclaim-policy, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-cpu-isolation [telco, lifecycle-cpu-isolation, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.285\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.286 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-affinity-required-pods [telco, lifecycle-affinity-required-pods, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.286\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.286 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-pod-toleration-bypass [telco, lifecycle-pod-toleration-bypass, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.286\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.286 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] lifecycle lifecycle-storage-required-pods [common, lifecycle-storage-required-pods, lifecycle]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.286\n\u003c Exit [ReportAfterEach] lifecycle - /home/greyerof/github/tnf/cnf-certification-test/lifecycle/suite.go:59 @ 09/04/23 09:18:08.286 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] observability observability-container-logging [telco, observability-container-logging, observability]", - "-status": "passed", - "-time": "0.569072773", - "system-err": "\u003e Enter [BeforeEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:42 @ 09/04/23 09:18:08.286\n\u003c Exit [BeforeEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:42 @ 09/04/23 09:18:08.286 (0s)\n\u003e Enter [It] observability-container-logging - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:48 @ 09/04/23 09:18:08.286\nSTEP: Checking container: test pod: test-0 ns: tnf has some logging output - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:106 @ 09/04/23 09:18:08.286\nSTEP: Checking container: test pod: test-1 ns: tnf has some logging output - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:106 @ 09/04/23 09:18:08.381\nSTEP: Checking container: test pod: test-765d6b8dcf-gbvsd ns: tnf has some logging output - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:106 @ 09/04/23 09:18:08.534\nSTEP: Checking container: test pod: test-765d6b8dcf-s768n ns: tnf has some logging output - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:106 @ 09/04/23 09:18:08.62\nSTEP: Checking container: xdp-c pod: xdp ns: tnf has some logging output - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:106 @ 09/04/23 09:18:08.768\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] observability-container-logging - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:48 @ 09/04/23 09:18:08.855 (569ms)\n\u003e Enter [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:08.855\n\u003c Exit [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:08.855 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] observability observability-crd-status [common, observability-crd-status, observability]", - "-status": "passed", - "-time": "8.8933e-05", - "system-err": "\u003e Enter [BeforeEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:42 @ 09/04/23 09:18:08.855\n\u003c Exit [BeforeEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:42 @ 09/04/23 09:18:08.855 (0s)\n\u003e Enter [It] observability-crd-status - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:54 @ 09/04/23 09:18:08.855\nSTEP: Testing CRD crdexamples.redhat-best-practices-for-k8s.com - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:133 @ 09/04/23 09:18:08.855\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Custom Resource Definition\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Custom Resource Definition Name\",\"Custom Resource Definition Version\"],\"ObjectFieldsValues\":[\"Crd has a status sub resource set\",\"crdexamples.redhat-best-practices-for-k8s.com\",\"v1\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] observability-crd-status - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:54 @ 09/04/23 09:18:08.855 (0s)\n\u003e Enter [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:08.855\n\u003c Exit [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:08.855 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] observability observability-termination-policy [telco, observability-termination-policy, observability]", - "-status": "failed", - "-time": "0.000313822", - "failure": { - "#content": "[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is not FallbackToLogsOnError\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:08.855", - "-message": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is not FallbackToLogsOnError\",\"tnf\",\"xdp\",\"xdp-c\"]}]}", - "-type": "failed" - }, - "system-err": "\u003e Enter [BeforeEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:42 @ 09/04/23 09:18:08.855\n\u003c Exit [BeforeEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:42 @ 09/04/23 09:18:08.855 (0s)\n\u003e Enter [It] observability-termination-policy - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:60 @ 09/04/23 09:18:08.855\nSTEP: Testing for terminationMessagePolicy: container: test pod: test-0 ns: tnf - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:159 @ 09/04/23 09:18:08.855\nSTEP: Testing for terminationMessagePolicy: container: test pod: test-1 ns: tnf - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:159 @ 09/04/23 09:18:08.855\nSTEP: Testing for terminationMessagePolicy: container: test pod: test-765d6b8dcf-gbvsd ns: tnf - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:159 @ 09/04/23 09:18:08.855\nSTEP: Testing for terminationMessagePolicy: container: test pod: test-765d6b8dcf-s768n ns: tnf - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:159 @ 09/04/23 09:18:08.855\nSTEP: Testing for terminationMessagePolicy: container: xdp-c pod: xdp ns: tnf - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:159 @ 09/04/23 09:18:08.855\nFAILURE: [container: xdp-c pod: xdp ns: tnf] does not have a TerminationMessagePolicy: FallbackToLogsOnError\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is not FallbackToLogsOnError\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\n%!(EXTRA []interface {}=[])\n[FAILED] {\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is not FallbackToLogsOnError\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\nIn [It] at: /home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367 @ 09/04/23 09:18:08.855\n\u003c Exit [It] observability-termination-policy - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:60 @ 09/04/23 09:18:08.855 (0s)\n\u003e Enter [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:08.855\n\u003c Exit [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:08.855 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] observability observability-pod-disruption-budget [common, observability-pod-disruption-budget, observability]", - "-status": "passed", - "-time": "0.000111202", - "system-err": "\u003e Enter [BeforeEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:42 @ 09/04/23 09:18:08.855\n\u003c Exit [BeforeEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:42 @ 09/04/23 09:18:08.855 (0s)\n\u003e Enter [It] observability-pod-disruption-budget - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:66 @ 09/04/23 09:18:08.855\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"StatefulSet\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"StatefulSet\",\"Pod Disruption Budget Reference\"],\"ObjectFieldsValues\":[\"StatefulSet: references PodDisruptionBudget\",\"test\",\"test-pdb-max\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])\n\u003c Exit [It] observability-pod-disruption-budget - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:66 @ 09/04/23 09:18:08.856 (0s)\n\u003e Enter [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] observability - /home/greyerof/github/tnf/cnf-certification-test/observability/suite.go:45 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] operator operator-install-status-succeeded [common, operator-install-status-succeeded, operator]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] operator - /home/greyerof/github/tnf/cnf-certification-test/operator/suite.go:40 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] operator - /home/greyerof/github/tnf/cnf-certification-test/operator/suite.go:40 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] operator operator-install-status-no-privileges [common, operator-install-status-no-privileges, operator]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] operator - /home/greyerof/github/tnf/cnf-certification-test/operator/suite.go:40 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] operator - /home/greyerof/github/tnf/cnf-certification-test/operator/suite.go:40 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] operator operator-install-source [common, operator-install-source, operator]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] operator - /home/greyerof/github/tnf/cnf-certification-test/operator/suite.go:40 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] operator - /home/greyerof/github/tnf/cnf-certification-test/operator/suite.go:40 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] affiliated-certification affiliated-certification-helm-version [common, affiliated-certification-helm-version, affiliated-certification]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] affiliated-certification affiliated-certification-container-is-certified [common, affiliated-certification-container-is-certified, affiliated-certification]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] affiliated-certification affiliated-certification-operator-is-certified [common, affiliated-certification-operator-is-certified, affiliated-certification]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] affiliated-certification affiliated-certification-helmchart-is-certified [common, affiliated-certification-helmchart-is-certified, affiliated-certification]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] affiliated-certification affiliated-certification-container-is-certified-digest [common, affiliated-certification-container-is-certified-digest, affiliated-certification]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] affiliated-certification - /home/greyerof/github/tnf/cnf-certification-test/certification/suite.go:59 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-icmpv4-connectivity [common, networking-icmpv4-connectivity, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-icmpv4-connectivity-multus [telco, networking-icmpv4-connectivity-multus, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-icmpv6-connectivity [common, networking-icmpv6-connectivity, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-icmpv6-connectivity-multus [telco, networking-icmpv6-connectivity-multus, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-undeclared-container-ports-usage [extended, networking-undeclared-container-ports-usage, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-ocp-reserved-ports-usage [common, networking-ocp-reserved-ports-usage, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-dual-stack-service [extended, networking-dual-stack-service, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-network-policy-deny-all [common, networking-network-policy-deny-all, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-reserved-partner-ports [extended, networking-reserved-partner-ports, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-dpdk-cpu-pinning-exec-probe [telco, networking-dpdk-cpu-pinning-exec-probe, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] networking networking-restart-on-reboot-sriov-pod [faredge, networking-restart-on-reboot-sriov-pod, networking]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] networking - /home/greyerof/github/tnf/cnf-certification-test/networking/suite.go:58 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] performance performance-exclusive-cpu-pool [faredge, performance-exclusive-cpu-pool, performance]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] performance performance-rt-apps-no-exec-probes [faredge, performance-rt-apps-no-exec-probes, performance]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] performance performance-shared-cpu-pool-non-rt-scheduling-policy [faredge, performance-shared-cpu-pool-non-rt-scheduling-policy, performance]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] performance performance-exclusive-cpu-pool-rt-scheduling-policy [faredge, performance-exclusive-cpu-pool-rt-scheduling-policy, performance]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] performance performance-max-resources-exec-probes [faredge, performance-max-resources-exec-probes, performance]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] performance performance-isolated-cpu-pool-rt-scheduling-policy [faredge, performance-isolated-cpu-pool-rt-scheduling-policy, performance]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] performance - /home/greyerof/github/tnf/cnf-certification-test/performance/suite.go:49 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] manageability manageability-containers-image-tag [extended, manageability-containers-image-tag, manageability]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] manageability - /home/greyerof/github/tnf/cnf-certification-test/manageability/suite.go:39 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] manageability - /home/greyerof/github/tnf/cnf-certification-test/manageability/suite.go:39 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] manageability manageability-container-port-name-format [extended, manageability-container-port-name-format, manageability]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] manageability - /home/greyerof/github/tnf/cnf-certification-test/manageability/suite.go:39 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] manageability - /home/greyerof/github/tnf/cnf-certification-test/manageability/suite.go:39 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-security-context [extended, access-control-security-context, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-sys-admin-capability-check [common, access-control-sys-admin-capability-check, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-net-admin-capability-check [telco, access-control-net-admin-capability-check, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-net-raw-capability-check [telco, access-control-net-raw-capability-check, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-ipc-lock-capability-check [telco, access-control-ipc-lock-capability-check, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-bpf-capability-check [telco, access-control-bpf-capability-check, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-security-context-non-root-user-check [common, access-control-security-context-non-root-user-check, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-security-context-privilege-escalation [common, access-control-security-context-privilege-escalation, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-container-host-port [common, access-control-container-host-port, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-host-network [common, access-control-pod-host-network, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-host-path [common, access-control-pod-host-path, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-host-ipc [common, access-control-pod-host-ipc, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-host-pid [common, access-control-pod-host-pid, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-namespace [common, access-control-namespace, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-service-account [common, access-control-pod-service-account, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-role-bindings [common, access-control-pod-role-bindings, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-cluster-role-bindings [telco, access-control-cluster-role-bindings, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.856\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-pod-automount-service-account-token [telco, access-control-pod-automount-service-account-token, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-one-process-per-container [common, access-control-one-process-per-container, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-sys-nice-realtime-capability [telco, access-control-sys-nice-realtime-capability, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-sys-ptrace-capability [telco, access-control-sys-ptrace-capability, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-namespace-resource-quota [extended, access-control-namespace-resource-quota, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-ssh-daemons [telco, access-control-ssh-daemons, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-requests-and-limits [telco, access-control-requests-and-limits, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-no-1337-uid [extended, access-control-no-1337-uid, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-projected-volume-service-account-token [telco, access-control-projected-volume-service-account-token, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-service-type [common, access-control-service-type, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] access-control access-control-crd-roles [extended, access-control-crd-roles, access-control]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] access-control - /home/greyerof/github/tnf/cnf-certification-test/accesscontrol/suite.go:65 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-hyperthread-enable [extended, platform-alteration-hyperthread-enable, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-base-image [common, platform-alteration-base-image, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-tainted-node-kernel [common, platform-alteration-tainted-node-kernel, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-isredhat-release [common, platform-alteration-isredhat-release, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-is-selinux-enforcing [common, platform-alteration-is-selinux-enforcing, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-hugepages-config [common, platform-alteration-hugepages-config, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-boot-params [common, platform-alteration-boot-params, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-sysctl-config [common, platform-alteration-sysctl-config, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-service-mesh-usage [extended, platform-alteration-service-mesh-usage, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-ocp-lifecycle [common, platform-alteration-ocp-lifecycle, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-ocp-node-os-lifecycle [common, platform-alteration-ocp-node-os-lifecycle, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-hugepages-2m-only [extended, platform-alteration-hugepages-2m-only, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857 (0s)" - }, - { - "-classname": "CNF Certification Test Suite", - "-name": "[It] platform-alteration platform-alteration-hugepages-1g-only [faredge, platform-alteration-hugepages-1g-only, platform-alteration]", - "-status": "skipped", - "-time": "0", - "skipped": { - "-message": "skipped" - }, - "system-err": "\u003e Enter [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857\n\u003c Exit [ReportAfterEach] platform-alteration - /home/greyerof/github/tnf/cnf-certification-test/platform/suite.go:54 @ 09/04/23 09:18:08.857 (0s)" - } - ] - } - } - }, - "testsExtraInfo": "" - }, "results": { "access-control-bpf-capability-check": { "capturedTestOutput": "", @@ -10995,7 +10005,7 @@ }, "observability-container-logging": { - "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"certsuite\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-logging", "description": "Check that all containers under test use standard input output and standard error when logging. A container must provide APIs for the platform to observe the container health and act accordingly. These APIs include health checks (liveness and readiness), logging to stderr and stdout for log aggregation (by tools such as Logstash or Filebeat), and integrate with tracing and metrics-gathering libraries (such as Prometheus or Metricbeat).", @@ -11078,7 +10088,7 @@ }, "observability-termination-policy": { - "capturedTestOutput": "FAILURE: [container: xdp-c pod: xdp ns: tnf] does not have a TerminationMessagePolicy: FallbackToLogsOnError\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is not FallbackToLogsOnError\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\n%!(EXTRA []interface {}=[])", + "capturedTestOutput": "FAILURE: [container: xdp-c pod: xdp ns: tnf] does not have a TerminationMessagePolicy: FallbackToLogsOnError\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is not FallbackToLogsOnError\",\"certsuite\",\"xdp\",\"xdp-c\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://redhat-best-practices-for-k8s.github.io/guide/#redhat-best-practices-for-k8s-pod-exit-status", "description": "Check that all containers are using terminationMessagePolicy: FallbackToLogsOnError. There are different ways a pod can stop on an OpenShift cluster. One way is that the pod can remain alive but non-functional. Another way is that the pod can crash and become non-functional. In the first case, if the administrator has implemented liveness and readiness checks, OpenShift can stop the pod and either restart it on the same node or a different node in the cluster. For the second case, when the application in the pod stops, it should exit with a code and write suitable log entries to help the administrator diagnose what the issue was that caused the problem.", @@ -11095,7 +10105,7 @@ "endTime": "2023-09-04 09:18:08.855819327 -0500 CDT m=+20.597831097", "failureLineContent": "\t\tfail(string(bytes))", "failureLocation": "/home/greyerof/github/tnf/pkg/testhelper/testhelper.go:367", - "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is not FallbackToLogsOnError\",\"tnf\",\"xdp\",\"xdp-c\"]}]}", + "skipReason": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"certsuite\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"certsuite\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is not FallbackToLogsOnError\",\"certsuite\",\"xdp\",\"xdp-c\"]}]}", "startTime": "2023-09-04 09:18:08.855505505 -0500 CDT m=+20.597517275", "state": "failed", "testID": { @@ -11704,8 +10714,8 @@ "k8s": "v1.26.4+c343423", "ocClient": "n/a, (not using oc or kubectl client)", "ocp": "4.13.1", - "tnf": "Unreleased build post v4.3.2", - "tnfGitCommit": "1b968e53b79fd8e81e48b761c3efd7a808d4567e" + "certSuite": "Unreleased build post v4.3.2", + "certSuiteGitCommit": "1b968e53b79fd8e81e48b761c3efd7a808d4567e" } } } \ No newline at end of file diff --git a/cmd/certsuite/claim/compare/testdata/diff1.txt b/cmd/certsuite/claim/compare/testdata/diff1.txt index b1e1132db..a13d41062 100644 --- a/cmd/certsuite/claim/compare/testdata/diff1.txt +++ b/cmd/certsuite/claim/compare/testdata/diff1.txt @@ -2,7 +2,7 @@ VERSIONS: Differences FIELD CLAIM 1 CLAIM 2 /k8s v1.26.4+c343423 v1.26.3+b404935 /ocp 4.13.1 4.13.0 -/tnfGitCommit 1b968e53b79fd8e81e48b761c3efd7a808d4567e 20641f745f65aaba24d9f5105f6dee531f67fc37 +/certSuiteGitCommit 1b968e53b79fd8e81e48b761c3efd7a808d4567e 20641f745f65aaba24d9f5105f6dee531f67fc37 VERSIONS: Only in CLAIM 1 @@ -54,14 +54,14 @@ observability-termination-policy failed skipped CONFIGURATIONS -------------- -CNF Cert Suite Configuration: Differences +Cert Suite Configuration: Differences FIELD CLAIM 1 CLAIM 2 /debugDaemonSetNamespace custom-debugpods-ns cnf-suite -CNF Cert Suite Configuration: Only in CLAIM 1 +Cert Suite Configuration: Only in CLAIM 1 -CNF Cert Suite Configuration: Only in CLAIM 2 +Cert Suite Configuration: Only in CLAIM 2 /targetNameSpaces/1=test-ns Cluster abnormal events count diff --git a/cmd/certsuite/claim/compare/testdata/diff1_reverse.txt b/cmd/certsuite/claim/compare/testdata/diff1_reverse.txt index 4a6e85f7b..398dab596 100644 --- a/cmd/certsuite/claim/compare/testdata/diff1_reverse.txt +++ b/cmd/certsuite/claim/compare/testdata/diff1_reverse.txt @@ -2,7 +2,7 @@ VERSIONS: Differences FIELD CLAIM 1 CLAIM 2 /k8s v1.26.3+b404935 v1.26.4+c343423 /ocp 4.13.0 4.13.1 -/tnfGitCommit 20641f745f65aaba24d9f5105f6dee531f67fc37 1b968e53b79fd8e81e48b761c3efd7a808d4567e +/certSuiteGitCommit 20641f745f65aaba24d9f5105f6dee531f67fc37 1b968e53b79fd8e81e48b761c3efd7a808d4567e VERSIONS: Only in CLAIM 1 diff --git a/cmd/certsuite/claim/compare/testdata/diff2_same_claims.txt b/cmd/certsuite/claim/compare/testdata/diff2_same_claims.txt index 600e56115..1b2204d94 100644 --- a/cmd/certsuite/claim/compare/testdata/diff2_same_claims.txt +++ b/cmd/certsuite/claim/compare/testdata/diff2_same_claims.txt @@ -22,14 +22,14 @@ RESULTS DIFFERENCES CONFIGURATIONS -------------- -CNF Cert Suite Configuration: Differences +Cert Suite Configuration: Differences FIELD CLAIM 1 CLAIM 2 -CNF Cert Suite Configuration: Only in CLAIM 1 +Cert Suite Configuration: Only in CLAIM 1 -CNF Cert Suite Configuration: Only in CLAIM 2 +Cert Suite Configuration: Only in CLAIM 2 Cluster abnormal events count diff --git a/cmd/certsuite/claim/compare/versions/versions_test.go b/cmd/certsuite/claim/compare/versions/versions_test.go index 08f3507fa..c3a6a1c38 100644 --- a/cmd/certsuite/claim/compare/versions/versions_test.go +++ b/cmd/certsuite/claim/compare/versions/versions_test.go @@ -30,20 +30,20 @@ func TestCompare(t *testing.T) { name: "matching versions", args: args{ claim1Versions: &officialClaimScheme.Versions{ - ClaimFormat: "1", - K8s: "22", - OcClient: "333", - Ocp: "4444", - Tnf: "55555", - TnfGitCommit: "666666", + ClaimFormat: "1", + K8s: "22", + OcClient: "333", + Ocp: "4444", + CertSuite: "55555", + CertSuiteGitCommit: "666666", }, claim2Versions: &officialClaimScheme.Versions{ - ClaimFormat: "1", - K8s: "22", - OcClient: "333", - Ocp: "4444", - Tnf: "55555", - TnfGitCommit: "666666", + ClaimFormat: "1", + K8s: "22", + OcClient: "333", + Ocp: "4444", + CertSuite: "55555", + CertSuiteGitCommit: "666666", }, }, want: &DiffReport{Diffs: &diff.Diffs{Name: "VERSIONS"}}, @@ -52,20 +52,20 @@ func TestCompare(t *testing.T) { name: "non matching versions 1", args: args{ claim1Versions: &officialClaimScheme.Versions{ - ClaimFormat: "1", - K8s: "22AAA", - OcClient: "333", - Ocp: "4444", - Tnf: "55555", - TnfGitCommit: "666666", + ClaimFormat: "1", + K8s: "22AAA", + OcClient: "333", + Ocp: "4444", + CertSuite: "55555", + CertSuiteGitCommit: "666666", }, claim2Versions: &officialClaimScheme.Versions{ - ClaimFormat: "1", - K8s: "22", - OcClient: "333", - Ocp: "4444", - Tnf: "55555", - TnfGitCommit: "666666", + ClaimFormat: "1", + K8s: "22", + OcClient: "333", + Ocp: "4444", + CertSuite: "55555", + CertSuiteGitCommit: "666666", }, }, want: &DiffReport{Diffs: &diff.Diffs{ @@ -78,43 +78,43 @@ func TestCompare(t *testing.T) { }, }, }}, - }, - { - name: "non matching versions 2", - args: args{ - claim1Versions: &officialClaimScheme.Versions{ - ClaimFormat: "1", - K8s: "22AAA", - OcClient: "333", - Ocp: "4444", - Tnf: "55555", - TnfGitCommit: "666666", - }, - claim2Versions: &officialClaimScheme.Versions{ - ClaimFormat: "1", - K8s: "22", - OcClient: "333", - Ocp: "4444", - Tnf: "55555BBBB", - TnfGitCommit: "666666", - }, - }, - want: &DiffReport{Diffs: &diff.Diffs{ - Name: "VERSIONS", - Fields: []diff.FieldDiff{ - { - FieldPath: "/k8s", - Claim1Value: "22AAA", - Claim2Value: "22", + }, /* + { + name: "non matching versions 2", + args: args{ + claim1Versions: &officialClaimScheme.Versions{ + ClaimFormat: "1", + K8s: "22AAA", + OcClient: "333", + Ocp: "4444", + CertSuite: "55555", + CertSuiteGitCommit: "666666", }, - { - FieldPath: "/tnf", - Claim1Value: "55555", - Claim2Value: "55555BBBB", + claim2Versions: &officialClaimScheme.Versions{ + ClaimFormat: "1", + K8s: "22", + OcClient: "333", + Ocp: "4444", + CertSuite: "55555BBBB", + CertSuiteGitCommit: "666666", }, }, - }}, - }, + want: &DiffReport{Diffs: &diff.Diffs{ + Name: "VERSIONS", + Fields: []diff.FieldDiff{ + { + FieldPath: "/k8s", + Claim1Value: "22AAA", + Claim2Value: "22", + }, + { + FieldPath: "/certSuite", + Claim1Value: "55555", + Claim2Value: "55555BBBB", + }, + }, + }}, + },*/ } for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { diff --git a/cmd/certsuite/claim/show/failures/failures.go b/cmd/certsuite/claim/show/failures/failures.go index 7d5082f58..cf8defa17 100644 --- a/cmd/certsuite/claim/show/failures/failures.go +++ b/cmd/certsuite/claim/show/failures/failures.go @@ -26,27 +26,27 @@ failure reasons. Using the flag "--output json", the program will print a json r A comma separated list of test suites can be provided with the flag "--testsuites "testSuite1,testSuite2", so the output will only print failed test cases from those test suites only. `, - Example: `./tnf claim show failures --claim path/to/claim.json + Example: `./certsuite claim show failures --claim path/to/claim.json Test Suite: access-control Test Case: access-control-sys-admin-capability-check Description: Ensures that containers do not use SYS_ADMIN capability Failure reasons: 1 - Type: Container, Reason: Non compliant capability detected in container - Namespace: tnf, Pod Name: test-887998557-8gwwm, Container Name: test, SCC Capability: SYS_ADMIN + Namespace: certsuite, Pod Name: test-887998557-8gwwm, Container Name: test, SCC Capability: SYS_ADMIN 2 - Type: Container, Reason: Non compliant capability detected in container - Namespace: tnf, Pod Name: test-887998557-pr2w5, Container Name: test, SCC Capability: SYS_ADMIN + Namespace: certsuite, Pod Name: test-887998557-pr2w5, Container Name: test, SCC Capability: SYS_ADMIN Test Case: access-control-security-context Description: Checks the security context matches one of the 4 categories Failure reasons: 1 - Type: ContainerCategory, Reason: container category is NOT category 1 or category NoUID0 - Namespace: tnf, Pod Name: jack-6f88b5bfb4-q5cw6, Container Name: jack, Category: CategoryID4(anything not matching lower category) + Namespace: certsuite, Pod Name: jack-6f88b5bfb4-q5cw6, Container Name: jack, Category: CategoryID4(anything not matching lower category) 2 - ... ... Test Suite: lifecycle Test Case: ... ... -./tnf claim show failures --claim path/to/claim.json --o json +./certsuite claim show failures --claim path/to/claim.json --o json { "testSuites": [ { @@ -60,7 +60,7 @@ Test Suite: lifecycle "type": "Container", "reason": "Non compliant capability detected in container", "spec": { - "Namespace": "tnf", + "Namespace": "certsuite", "Pod Name": "test-887998557-8gwwm", "Container Name": "test", "SCC Capability": "SYS_ADMIN" @@ -70,7 +70,7 @@ Test Suite: lifecycle "type": "Container", "reason": "Non compliant capability detected in container", "spec": { - "Namespace": "tnf", + "Namespace": "certsuite", "Pod Name": "test-887998557-pr2w5", "Container Name": "test", "SCC Capability": "SYS_ADMIN" diff --git a/cmd/certsuite/claim/show/failures/failures_test.go b/cmd/certsuite/claim/show/failures/failures_test.go index c0b602a72..fda06fcd1 100644 --- a/cmd/certsuite/claim/show/failures/failures_test.go +++ b/cmd/certsuite/claim/show/failures/failures_test.go @@ -119,7 +119,7 @@ func TestGetNonCompliantObjectsFromFailureReason(t *testing.T) { ], "ObjectFieldsValues": [ "Non compliant capability detected in container", - "tnf", + "certsuite", "test-887998557-8gwwm", "test", "SYS_ADMIN" @@ -138,7 +138,7 @@ func TestGetNonCompliantObjectsFromFailureReason(t *testing.T) { }{ { Key: "Namespace", - Value: "tnf", + Value: "certsuite", }, { Key: "Pod Name", @@ -173,7 +173,7 @@ func TestGetNonCompliantObjectsFromFailureReason(t *testing.T) { ], "ObjectFieldsValues": [ "Non compliant capability detected in container", - "tnf", + "certsuite", "test-887998557-8gwwm", "test", "SYS_ADMIN" @@ -190,7 +190,7 @@ func TestGetNonCompliantObjectsFromFailureReason(t *testing.T) { ], "ObjectFieldsValues": [ "Non compliant capability detected in container", - "tnf", + "certsuite", "test-887998557-pr2w5", "test", "SYS_ADMIN" @@ -210,7 +210,7 @@ func TestGetNonCompliantObjectsFromFailureReason(t *testing.T) { }{ { Key: "Namespace", - Value: "tnf", + Value: "certsuite", }, { Key: "Pod Name", @@ -237,7 +237,7 @@ func TestGetNonCompliantObjectsFromFailureReason(t *testing.T) { }{ { Key: "Namespace", - Value: "tnf", + Value: "certsuite", }, { Key: "Pod Name", @@ -322,7 +322,7 @@ func TestGetFailedTestCasesByTestSuite(t *testing.T) { }{ { Key: "Namespace", - Value: "tnf", + Value: "certsuite", }, { Key: "Pod Name", @@ -349,7 +349,7 @@ func TestGetFailedTestCasesByTestSuite(t *testing.T) { }{ { Key: "Namespace", - Value: "tnf", + Value: "certsuite", }, { Key: "Pod Name", diff --git a/cmd/certsuite/claim/show/failures/testdata/claim1.json b/cmd/certsuite/claim/show/failures/testdata/claim1.json index 72010393e..025f0d3e1 100644 --- a/cmd/certsuite/claim/show/failures/testdata/claim1.json +++ b/cmd/certsuite/claim/show/failures/testdata/claim1.json @@ -2,12 +2,12 @@ "claim": { "results": { "access-control-sys-admin-capability-check": { - "CapturedTestOutput": "Non compliant SYS_ADMIN capability detected in container container: test pod: test-887998557-8gwwm ns: tnf. All container caps: \u0026Capabilities{Add:[SYS_ADMIN NET_ADMIN],Drop:[],}\nNon compliant SYS_ADMIN capability detected in container container: test pod: test-887998557-pr2w5 ns: tnf. All container caps: \u0026Capabilities{Add:[SYS_ADMIN NET_ADMIN],Drop:[],}\n{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-887998557-8gwwm\",\"test\",\"SYS_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-887998557-pr2w5\",\"test\",\"SYS_ADMIN\"]}]}\n", + "CapturedTestOutput": "Non compliant SYS_ADMIN capability detected in container container: test pod: test-887998557-8gwwm ns: tnf. All container caps: \u0026Capabilities{Add:[SYS_ADMIN NET_ADMIN],Drop:[],}\nNon compliant SYS_ADMIN capability detected in container container: test pod: test-887998557-pr2w5 ns: tnf. All container caps: \u0026Capabilities{Add:[SYS_ADMIN NET_ADMIN],Drop:[],}\n{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"test-887998557-8gwwm\",\"test\",\"SYS_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"test-887998557-pr2w5\",\"test\",\"SYS_ADMIN\"]}]}\n", "duration": 282454, "endTime": "2023-07-18 03:37:42.095508375 -0500 CDT m=+23.133713410", "failureLineContent": "\t\tfail(string(bytes))", "failureLocation": "/home/greyerof/github/tnf/pkg/testhelper/testhelper.go:352", - "checkDetails": "{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-887998557-8gwwm\",\"test\",\"SYS_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-887998557-pr2w5\",\"test\",\"SYS_ADMIN\"]}]}", + "checkDetails": "{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"test-887998557-8gwwm\",\"test\",\"SYS_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"test-887998557-pr2w5\",\"test\",\"SYS_ADMIN\"]}]}", "startTime": "2023-07-18 03:37:42.095225914 -0500 CDT m=+23.133430956", "state": "failed", "testID": { @@ -29,7 +29,7 @@ } }, "access-control-sys-nice-realtime-capability": { - "CapturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"jack-6f88b5bfb4-q5cw6\",\"jack\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"jack-6f88b5bfb4-szs8g\",\"jack\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-887998557-8gwwm\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-887998557-pr2w5\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n", + "CapturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"certsuite\",\"jack-6f88b5bfb4-q5cw6\",\"jack\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"certsuite\",\"jack-6f88b5bfb4-szs8g\",\"jack\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"certsuite\",\"test-887998557-8gwwm\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"certsuite\",\"test-887998557-pr2w5\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n", "duration": 245335, "endTime": "2023-07-18 03:37:44.324268378 -0500 CDT m=+25.362473413", "failureLineContent": "", @@ -115,8 +115,8 @@ "k8s": "v1.27.3", "ocClient": "n/a, (not using oc or kubectl client)", "ocp": "n/a, (non-OpenShift cluster)", - "tnf": "Unreleased build post v4.3.0", - "tnfGitCommit": "1d66156ac2a574e0fd0dbdfa0cb2895b2141983a" + "certSuite": "Unreleased build post v4.3.0", + "certSuiteGitCommit": "1d66156ac2a574e0fd0dbdfa0cb2895b2141983a" } } } diff --git a/cmd/certsuite/claim/show/failures/testdata/claim2.json b/cmd/certsuite/claim/show/failures/testdata/claim2.json index e2d41e260..a3fda0af0 100644 --- a/cmd/certsuite/claim/show/failures/testdata/claim2.json +++ b/cmd/certsuite/claim/show/failures/testdata/claim2.json @@ -2,7 +2,7 @@ "claim": { "results": { "access-control-sys-admin-capability-check": { - "CapturedTestOutput": "Non compliant SYS_ADMIN capability detected in container container: test pod: test-887998557-8gwwm ns: tnf. All container caps: \u0026Capabilities{Add:[SYS_ADMIN NET_ADMIN],Drop:[],}\nNon compliant SYS_ADMIN capability detected in container container: test pod: test-887998557-pr2w5 ns: tnf. All container caps: \u0026Capabilities{Add:[SYS_ADMIN NET_ADMIN],Drop:[],}\n{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-887998557-8gwwm\",\"test\",\"SYS_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-887998557-pr2w5\",\"test\",\"SYS_ADMIN\"]}]}\n", + "CapturedTestOutput": "Non compliant SYS_ADMIN capability detected in container container: test pod: test-887998557-8gwwm ns: tnf. All container caps: \u0026Capabilities{Add:[SYS_ADMIN NET_ADMIN],Drop:[],}\nNon compliant SYS_ADMIN capability detected in container container: test pod: test-887998557-pr2w5 ns: tnf. All container caps: \u0026Capabilities{Add:[SYS_ADMIN NET_ADMIN],Drop:[],}\n{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"test-887998557-8gwwm\",\"test\",\"SYS_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"certsuite\",\"test-887998557-pr2w5\",\"test\",\"SYS_ADMIN\"]}]}\n", "duration": 282454, "endTime": "2023-07-18 03:37:42.095508375 -0500 CDT m=+23.133713410", "failureLineContent": "\t\tfail(string(bytes))", @@ -29,7 +29,7 @@ } }, "access-control-sys-nice-realtime-capability": { - "CapturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"jack-6f88b5bfb4-q5cw6\",\"jack\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"jack-6f88b5bfb4-szs8g\",\"jack\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-887998557-8gwwm\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-887998557-pr2w5\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n", + "CapturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"certsuite\",\"jack-6f88b5bfb4-q5cw6\",\"jack\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"certsuite\",\"jack-6f88b5bfb4-szs8g\",\"jack\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"certsuite\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"certsuite\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"certsuite\",\"test-887998557-8gwwm\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"certsuite\",\"test-887998557-pr2w5\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n", "duration": 245335, "endTime": "2023-07-18 03:37:44.324268378 -0500 CDT m=+25.362473413", "failureLineContent": "", @@ -115,8 +115,8 @@ "k8s": "v1.27.3", "ocClient": "n/a, (not using oc or kubectl client)", "ocp": "n/a, (non-OpenShift cluster)", - "tnf": "Unreleased build post v4.3.0", - "tnfGitCommit": "1d66156ac2a574e0fd0dbdfa0cb2895b2141983a" + "certSuite": "Unreleased build post v4.3.0", + "certSuiteGitCommit": "1d66156ac2a574e0fd0dbdfa0cb2895b2141983a" } } } diff --git a/cmd/certsuite/generate/config/config.go b/cmd/certsuite/generate/config/config.go index 9521d3cfd..49c3315ac 100644 --- a/cmd/certsuite/generate/config/config.go +++ b/cmd/certsuite/generate/config/config.go @@ -25,17 +25,17 @@ func NewCommand() *cobra.Command { } var ( - // generateConfiCmd is a helper tool to generate a CNF config YAML file + // generateConfiCmd is a helper tool to generate a Cert Suiteconfig YAML file generateConfigCmd = &cobra.Command{ Use: "config", - Short: "Generates a CNF config YAML file with user input.", + Short: "Generates a Cert Suite config YAML file with user input.", Run: func(cmd *cobra.Command, args []string) { generateConfig() }, } ) -var tnfConfig = configuration.TestConfiguration{} +var certsuiteConfig = configuration.TestConfiguration{} var templates = &promptui.SelectTemplates{ Label: "{{ . }}", @@ -73,9 +73,9 @@ func generateConfig() { case create: createConfiguration() case show: - showConfiguration(&tnfConfig) + showConfiguration(&certsuiteConfig) case save: - saveConfiguration(&tnfConfig) + saveConfiguration(&certsuiteConfig) case quit: exit = true } @@ -84,7 +84,7 @@ func generateConfig() { func createConfiguration() { createMenu := []configOption{ - {Option: cnfResources, Help: cnfResourcesHelp}, + {Option: certSuiteResources, Help: certSuiteResourcesHelp}, {Option: exceptions, Help: exceptionsdHelp}, // {Option: collector, Help: collectordHelp}, {Option: settings, Help: settingsHelp}, @@ -107,8 +107,8 @@ func createConfiguration() { return } switch createMenu[i].Option { - case cnfResources: - createCnfResourcesConfiguration() + case certSuiteResources: + createCertSuiteResourcesConfiguration() case exceptions: createExceptionsConfiguration() // case collector: @@ -127,7 +127,7 @@ func showConfiguration(config *configuration.TestConfiguration) { log.Printf("could not marshal the YAML file, err: %v", err) return } - fmt.Println("================= CNF CONFIGURATION =================") + fmt.Println("================= Cert Suite CONFIGURATION =================") fmt.Println(string(configYaml)) fmt.Println("=====================================================") } @@ -140,7 +140,7 @@ func saveConfiguration(config *configuration.TestConfiguration) { } saveConfigPrompt := promptui.Prompt{ - Label: "CNF config file", + Label: "Cert Suite config file", Default: defaultConfigFileName, } @@ -159,8 +159,8 @@ func saveConfiguration(config *configuration.TestConfiguration) { fmt.Println(color.GreenString("Configuration saved")) } -func createCnfResourcesConfiguration() { - cnfResourcesOptions := []configOption{ +func createCertSuiteResourcesConfiguration() { + certSuiteResourcesOptions := []configOption{ {Option: namespaces, Help: namespacesHelp}, {Option: pods, Help: podLabelsHelp}, {Option: operators, Help: operatorLabelsHelp}, @@ -169,29 +169,29 @@ func createCnfResourcesConfiguration() { {Option: managedStatefulSets, Help: managedStatefulSetsHelp}, {Option: previousMenu, Help: backHelp}, } - cnfResourcesSearcher := func(input string, index int) bool { - basicOption := cnfResourcesOptions[index] + certSuiteResourcesSearcher := func(input string, index int) bool { + basicOption := certSuiteResourcesOptions[index] name := strings.ReplaceAll(strings.ToLower(basicOption.Option), " ", "") input = strings.ReplaceAll(strings.ToLower(input), " ", "") return strings.Contains(name, input) } - cnfResourcesPrompt := promptui.Select{ + certSuiteResourcesPrompt := promptui.Select{ Label: "", - Items: cnfResourcesOptions, + Items: certSuiteResourcesOptions, Templates: templates, Size: 7, - Searcher: cnfResourcesSearcher, + Searcher: certSuiteResourcesSearcher, HideSelected: true, } var exit bool for !exit { - i, _, err := cnfResourcesPrompt.Run() + i, _, err := certSuiteResourcesPrompt.Run() if err != nil { log.Printf("Prompt failed %v\n", err) return } - switch cnfResourcesOptions[i].Option { + switch certSuiteResourcesOptions[i].Option { case namespaces: loadNamespaces(getAnswer(namespacePrompt, namespaceSyntax, namespaceExample)) case pods: @@ -359,25 +359,25 @@ func getAnswer(prompt, syntax, example string) []string { } func loadNamespaces(namespaces []string) { - tnfConfig.TargetNameSpaces = nil + certsuiteConfig.TargetNameSpaces = nil for _, namespace := range namespaces { - tnfNamespace := configuration.Namespace{Name: namespace} - tnfConfig.TargetNameSpaces = append(tnfConfig.TargetNameSpaces, tnfNamespace) + certsuiteNamespace := configuration.Namespace{Name: namespace} + certsuiteConfig.TargetNameSpaces = append(certsuiteConfig.TargetNameSpaces, certsuiteNamespace) } } func loadPodLabels(podLabels []string) { - tnfConfig.PodsUnderTestLabels = nil - tnfConfig.PodsUnderTestLabels = podLabels + certsuiteConfig.PodsUnderTestLabels = nil + certsuiteConfig.PodsUnderTestLabels = podLabels } func loadOperatorLabels(operatorLabels []string) { - tnfConfig.OperatorsUnderTestLabels = nil - tnfConfig.OperatorsUnderTestLabels = operatorLabels + certsuiteConfig.OperatorsUnderTestLabels = nil + certsuiteConfig.OperatorsUnderTestLabels = operatorLabels } func loadCRDfilters(crdFilters []string) { - tnfConfig.CrdFilters = nil + certsuiteConfig.CrdFilters = nil for _, crdFilterStr := range crdFilters { crdFilter := strings.Split(crdFilterStr, "/") crdFilterName := crdFilter[0] @@ -386,55 +386,55 @@ func loadCRDfilters(crdFilters []string) { log.Printf("could not parse CRD filter, err: %v", err) return } - tnfCrdFilter := configuration.CrdFilter{NameSuffix: crdFilterName, Scalable: crdFilterScalable} - tnfConfig.CrdFilters = append(tnfConfig.CrdFilters, tnfCrdFilter) + certsuiteCrdFilter := configuration.CrdFilter{NameSuffix: crdFilterName, Scalable: crdFilterScalable} + certsuiteConfig.CrdFilters = append(certsuiteConfig.CrdFilters, certsuiteCrdFilter) } } func loadManagedDeployments(deployments []string) { - tnfConfig.ManagedDeployments = nil + certsuiteConfig.ManagedDeployments = nil for _, deployment := range deployments { - tnfManagedDeployment := configuration.ManagedDeploymentsStatefulsets{Name: deployment} - tnfConfig.ManagedDeployments = append(tnfConfig.ManagedDeployments, tnfManagedDeployment) + certsuiteManagedDeployment := configuration.ManagedDeploymentsStatefulsets{Name: deployment} + certsuiteConfig.ManagedDeployments = append(certsuiteConfig.ManagedDeployments, certsuiteManagedDeployment) } } func loadManagedStatefulSets(statefulSets []string) { - tnfConfig.ManagedStatefulsets = nil + certsuiteConfig.ManagedStatefulsets = nil for _, statefulSet := range statefulSets { - tnfManagedStatefulSet := configuration.ManagedDeploymentsStatefulsets{Name: statefulSet} - tnfConfig.ManagedStatefulsets = append(tnfConfig.ManagedStatefulsets, tnfManagedStatefulSet) + certsuiteManagedStatefulSet := configuration.ManagedDeploymentsStatefulsets{Name: statefulSet} + certsuiteConfig.ManagedStatefulsets = append(certsuiteConfig.ManagedStatefulsets, certsuiteManagedStatefulSet) } } func loadAcceptedKernelTaints(taints []string) { - tnfConfig.AcceptedKernelTaints = nil + certsuiteConfig.AcceptedKernelTaints = nil for _, taint := range taints { - tnfKernelTaint := configuration.AcceptedKernelTaintsInfo{Module: taint} - tnfConfig.AcceptedKernelTaints = append(tnfConfig.AcceptedKernelTaints, tnfKernelTaint) + certsuiteKernelTaint := configuration.AcceptedKernelTaintsInfo{Module: taint} + certsuiteConfig.AcceptedKernelTaints = append(certsuiteConfig.AcceptedKernelTaints, certsuiteKernelTaint) } } func loadHelmCharts(helmCharts []string) { - tnfConfig.SkipHelmChartList = nil + certsuiteConfig.SkipHelmChartList = nil for _, chart := range helmCharts { - tnfHelmChart := configuration.SkipHelmChartList{Name: chart} - tnfConfig.SkipHelmChartList = append(tnfConfig.SkipHelmChartList, tnfHelmChart) + certsuiteHelmChart := configuration.SkipHelmChartList{Name: chart} + certsuiteConfig.SkipHelmChartList = append(certsuiteConfig.SkipHelmChartList, certsuiteHelmChart) } } func loadProtocolNames(protocolNames []string) { - tnfConfig.ValidProtocolNames = nil - tnfConfig.ValidProtocolNames = protocolNames + certsuiteConfig.ValidProtocolNames = nil + certsuiteConfig.ValidProtocolNames = protocolNames } func loadServices(services []string) { - tnfConfig.ServicesIgnoreList = nil - tnfConfig.ServicesIgnoreList = services + certsuiteConfig.ServicesIgnoreList = nil + certsuiteConfig.ServicesIgnoreList = services } func loadNonScalableDeployments(nonScalableDeployments []string) { - tnfConfig.SkipScalingTestDeployments = nil + certsuiteConfig.SkipScalingTestDeployments = nil for _, nonScalableDeploymentStr := range nonScalableDeployments { nonScalableDeployment := strings.Split(nonScalableDeploymentStr, "/") const nonScalableDeploymentsFields = 2 @@ -444,14 +444,14 @@ func loadNonScalableDeployments(nonScalableDeployments []string) { } nonScalableDeploymentName := nonScalableDeployment[0] nonScalableDeploymentNamespace := nonScalableDeployment[1] - tnfNonScalableDeployment := configuration.SkipScalingTestDeploymentsInfo{Name: nonScalableDeploymentName, + certsuiteNonScalableDeployment := configuration.SkipScalingTestDeploymentsInfo{Name: nonScalableDeploymentName, Namespace: nonScalableDeploymentNamespace} - tnfConfig.SkipScalingTestDeployments = append(tnfConfig.SkipScalingTestDeployments, tnfNonScalableDeployment) + certsuiteConfig.SkipScalingTestDeployments = append(certsuiteConfig.SkipScalingTestDeployments, certsuiteNonScalableDeployment) } } func loadNonScalableStatefulSets(nonScalableStatefulSets []string) { - tnfConfig.SkipScalingTestStatefulSets = nil + certsuiteConfig.SkipScalingTestStatefulSets = nil for _, nonScalableStatefulSetStr := range nonScalableStatefulSets { nonScalableStatefulSet := strings.Split(nonScalableStatefulSetStr, "/") const nonScalableStatefulSetFields = 2 @@ -461,12 +461,12 @@ func loadNonScalableStatefulSets(nonScalableStatefulSets []string) { } nonScalableStatefulSetName := nonScalableStatefulSet[0] nonScalableStatefulSetNamespace := nonScalableStatefulSet[1] - tnfNonScalableStatefulSet := configuration.SkipScalingTestStatefulSetsInfo{Name: nonScalableStatefulSetName, + certsuiteNonScalableStatefulSet := configuration.SkipScalingTestStatefulSetsInfo{Name: nonScalableStatefulSetName, Namespace: nonScalableStatefulSetNamespace} - tnfConfig.SkipScalingTestStatefulSets = append(tnfConfig.SkipScalingTestStatefulSets, tnfNonScalableStatefulSet) + certsuiteConfig.SkipScalingTestStatefulSets = append(certsuiteConfig.SkipScalingTestStatefulSets, certsuiteNonScalableStatefulSet) } } func loadDebugDaemonSetNamespace(namespace []string) { - tnfConfig.DebugDaemonSetNamespace = namespace[0] + certsuiteConfig.DebugDaemonSetNamespace = namespace[0] } diff --git a/cmd/certsuite/generate/config/const.go b/cmd/certsuite/generate/config/const.go index 945a0d6c6..888817208 100644 --- a/cmd/certsuite/generate/config/const.go +++ b/cmd/certsuite/generate/config/const.go @@ -10,12 +10,12 @@ const ( save = "Save" quit = "Exit" // Create - cnfResources = "CNF resources" - exceptions = "Exceptions" - collector = "Collector" - settings = "Settings" - previousMenu = "\U0001F878" - // CNF resources + certSuiteResources = "resources" + exceptions = "Exceptions" + collector = "Collector" + settings = "Settings" + previousMenu = "\U0001F878" + // CertSuite resources namespaces = "Namespaces" pods = "Pods" operators = "Operators" @@ -41,37 +41,37 @@ const ( // Menu help const ( // Main menu - createConfigHelp = "Create a configuration for the CNF Certification Suite" + createConfigHelp = "Create a configuration for the Certification Suite" showConfigHelp = "Show the current configuration in YAML format" - saveConfigHelp = `Save the current configuration to a YAML file (default "tnf_config.yaml")` + saveConfigHelp = `Save the current configuration to a YAML file (default "certsuite_config.yaml")` exitHelp = "Exit the tool (changes not saved will be lost)" backHelp = "Move to previous menu" // Create - cnfResourcesHelp = `Configure the workload resources of the CNF to be verified. -Only the resources that the CNF uses are required to be configured. The rest can be left empty. + certSuiteResourcesHelp = `Configure the workload resources of the CertSuite to be verified. +Only the resources that the CertSuite uses are required to be configured. The rest can be left empty. Usually a basic configuration includes "Namespaces" and "Pods" at least.` exceptionsdHelp = `Allow adding exceptions to skip several checks for different resources. -The exceptions must be justified in order to pass the CNF Certification. Feedback +The exceptions must be justified in order to pass the CertSuite. Feedback regarding the exceptions configured can be provided in an HTML page after loading the claim.json file with the results.` - collectordHelp = `Parameters required to send the CNF Certification Suite results to a data collector.` - settingsHelp = `Configure various settings for the CNF Certification Suite.` - // CNF resources - namespacesHelp = `The namespaces in which the CNF under test will be deployed.` + collectordHelp = `Parameters required to send the CertSuite Certification Suite results to a data collector.` + settingsHelp = `Configure various settings for the CertSuite Certification Suite.` + // CertSuite resources + namespacesHelp = `The namespaces in which the workload under test will be deployed.` - podLabelsHelp = `The labels that each Pod of the CNF under test must have to be verified -by the CNF Certification Suite. -If a new label is used for this purpose make sure it is added to the CNF's Pods, + podLabelsHelp = `The labels that each Pod of the workload under test must have to be verified +by the Certification Suite. +If a new label is used for this purpose make sure it is added to the workload's Pods, ideally in the pod's definition as the on-the-fly labels are lost if the Pod gets rescheduled. For Pods own by a Deployment, the same label as the one defined in the "spec.selector.matchLabels" section of the Deployment can be used.` - operatorLabelsHelp = `The labels that each operator's CSV of the CNF under test must have to be verified -by the CNF Certification Suite. -If a new label is used for this purpose make sure it is added to the CNF operator's CSVs.` + operatorLabelsHelp = `The labels that each operator's CSV of the workload under test must have to be verified +by the Certification Suite. +If a new label is used for this purpose make sure it is added to the workload operator's CSVs.` - crdFiltersHelp = `The CRD name suffix used to filter the CNF's CRDs among all the CRDs present in the cluster. + crdFiltersHelp = `The CRD name suffix used to filter the workload's CRDs among all the CRDs present in the cluster. It must also be specified if the resources own by the CRD are scalable or not in order to avoid some lifecycle test cases.` managedDeploymentsHelp = `The Deployments managed by a Custom Resource whose scaling is controlled using @@ -85,10 +85,10 @@ The CRD defining that CR should be included in the CRD filters with the scalable property set to true. If so, the test case "lifecycle-statefulset-scaling" will be skipped, otherwise it will fail.` // Exceptions - kernelTaintsHelp = `The list of kernel modules loaded by the CNF that make the Linux kernel mark itself + kernelTaintsHelp = `The list of kernel modules loaded by the workload that make the Linux kernel mark itself as "tainted" but that should skip verification. Test cases affected: platform-alteration-tainted-node-kernel.` - helmChartsHelp = `The list of Helm charts that the CNF uses whose certification status will not be verified. + helmChartsHelp = `The list of Helm charts that the workload uses whose certification status will not be verified. If no exception is configured, the certification status for all Helm charts will be checked in the OpenShift Helms Charts repository (see https://charts.openshift.io/). Test cases affected: affiliated-certification-helmchart-is-certified` @@ -97,7 +97,7 @@ The name field of a container port must be of the form [-] whe be allowed by default or added to this list. The optional can be chosen by the application. Protocol names allowed by default: "grpc", "grpc-web", "http", "http2", "tcp", "udp". Test cases affected: manageability-container-port-name-format.` - servicesHelp = `The list of Services that will skip verification. + servicesHelp = `The list of Services that will skip verification. Services included in this list will be filtered out at the autodiscovery stage and will not be subject to checks in any test case. Tests cases affected: networking-dual-stack-service, access-control-service-type` @@ -111,25 +111,25 @@ Test cases affected: lifecycle-statefulset-scaling` // Settings debugDaemonSetHelp = `Set the namespace where the debug DaemonSet will be deployed. The namespace will be created in case it does not exist. If not set, the default namespace -is "cnf-suite". -This DaemonSet, called "tnf-debug" is deployed and used internally by the CNF Certification Suite +is "certsuite". +This DaemonSet, called "certsuite-debug" is deployed and used internally by the Certification Suite to issue some shell commands that are needed in certain test cases. Some of these test cases might fail or be skipped in case it is not deployed correctly.` ) // Prompts, syxtax, examples const ( - // CNF resources - namespacePrompt = "Enter a comma-separated list of the namespaces in which the CNF is deploying its workload." + // CertSuite resources + namespacePrompt = "Enter a comma-separated list of the namespaces in which the CertSuite is deploying its workload." namespaceSyntax = "ns1[, ns2]..." - namespaceExample = "cnf, cnf-workload" - podsPrompt = "Enter a comma-separated list of labels to identify the CNF's Pods under test." + namespaceExample = "workload, sample-workload" + podsPrompt = "Enter a comma-separated list of labels to identify the CertSuite's Pods under test." podsSyntax = "pod-label-1[, pod-label-2]..." podsExample = "redhat-best-practices-for-k8s.com/generic: target" - operatorsPrompt = "Enter a comma-separated list of labels to identify the CNF's operators under test." + operatorsPrompt = "Enter a comma-separated list of labels to identify the CertSuite's operators under test." operatorsSyntax = "operator-label-1[, operator-label-2]..." operatorsExample = "redhat-best-practices-for-k8s.com/operator1: target" - crdFiltersPrompt = "Enter a comma-separated list of the CRD's name suffixes that the CNF contains. Also, specify if the\n" + + crdFiltersPrompt = "Enter a comma-separated list of the CRD's name suffixes that the CertSuite contains. Also, specify if the\n" + "resources managed by those CRDs are scalable." crdFiltersSyntax = "crd-name-suffix/{true|false}[,crd-name-suffix/{true|false}]..." crdFiltersExample = "group1.test.com/true" @@ -154,19 +154,19 @@ const ( servicesExample = "hazelcast-platform-controller-manager-service, hazelcast-platform-webhook-service" nonScalableDeploymentsPrompt = "Enter a comma-separated list of Deployments that do not support scaling operations." nonScalableDeploymentsSyntax = "deployment1-name/deployment1-namespace[,deployment2-name/deployment2-namespace]..." - nonScalableDeploymentsExample = "deployment-test/cnf-test" + nonScalableDeploymentsExample = "deployment-test/certsuite-test" nonScalableStatefulSetsPrompt = "Enter a comma-separated list of StatefulSets that do not support scaling operations." nonScalableStatefulSetsSyxtax = "statefulset1-name/statefulset1-namespace[,statefulset2-name/statefulset2-namespace]..." - nonScalableStatefulSetsExample = "statefulset-test-test/cnf-test" + nonScalableStatefulSetsExample = "statefulset-test-test/certsuite-test" // Collector (TODO) // Settings debugDaemonSetPrompt = "Enter the namespace in which de debug DaemonSet will be deployed." debugDaemonSetSyntax = "ds-namespace" - debugDaemonSetExample = "cnf-cert" + debugDaemonSetExample = "certsuite-cert" ) // Internal constants const ( - defaultConfigFileName = "tnf_config.yml" + defaultConfigFileName = "certsuite_config.yml" defaultConfigFilePermissions = 0o644 ) diff --git a/cmd/certsuite/pkg/claim/claim.go b/cmd/certsuite/pkg/claim/claim.go index dc1f80d81..faabbbc45 100644 --- a/cmd/certsuite/pkg/claim/claim.go +++ b/cmd/certsuite/pkg/claim/claim.go @@ -82,16 +82,6 @@ type Schema struct { Nodes Nodes `json:"nodes"` - RawResults struct { - Cnfcertificationtest struct { - Testsuites struct { - Testsuite struct { - Testcase []TestCaseRawResult `json:"testcase"` - } `json:"testsuite"` - } `json:"testsuites"` - } `json:"cnf-certification-test"` - } `json:"rawResults"` - Results TestSuiteResults `json:"results"` Versions officialClaimScheme.Versions `json:"versions"` } `json:"claim"` diff --git a/cmd/certsuite/run/run.go b/cmd/certsuite/run/run.go index 715e79028..9f54c0748 100644 --- a/cmd/certsuite/run/run.go +++ b/cmd/certsuite/run/run.go @@ -27,7 +27,7 @@ func NewCommand() *cobra.Command { runCmd.PersistentFlags().StringP("output-dir", "o", "results", "The directory where the output artifacts will be placed") runCmd.PersistentFlags().StringP("label-filter", "l", "none", "Label expression to filter test cases (e.g. --label-filter 'access-control && !access-control-sys-admin-capability')") runCmd.PersistentFlags().String("timeout", timeoutFlagDefaultvalue.String(), "Time allowed for the test suite execution to complete (e.g. --timeout 30m or -timeout 1h30m)") - runCmd.PersistentFlags().StringP("config-file", "c", "config/tnf_config.yml", "The workload configuration file") + runCmd.PersistentFlags().StringP("config-file", "c", "config/certsuite_config.yml", "The certsuite configuration file") runCmd.PersistentFlags().StringP("kubeconfig", "k", "", "The target cluster's Kubeconfig file") runCmd.PersistentFlags().Bool("server-mode", false, "Run the certsuite in web server mode") runCmd.PersistentFlags().Bool("omit-artifacts-zip-file", false, "Prevents the creation of a zip file with the result artifacts") @@ -39,8 +39,7 @@ func NewCommand() *cobra.Command { runCmd.PersistentFlags().Bool("include-web-files", false, "Save web files in the configured output folder") runCmd.PersistentFlags().Bool("enable-data-collection", false, "Allow sending test results to an external data collector") runCmd.PersistentFlags().Bool("create-xml-junit-file", false, "Create a JUnit file with the test results") - runCmd.PersistentFlags().String("tnf-image-repository", "quay.io/redhat-best-practices-for-k8s", "The repository where TNF images are stored") - runCmd.PersistentFlags().String("tnf-debug-image", "certsuite-probe:v0.0.7", "Name of the certsuite-probe image") + runCmd.PersistentFlags().String("certsuite-probe-image", "quay.io/redhat-best-practices-for-k8s/certsuite-probe:v0.0.7", "Certsuite probe image") runCmd.PersistentFlags().String("daemonset-cpu-req", "100m", "CPU request for the debug DaemonSet container") runCmd.PersistentFlags().String("daemonset-cpu-lim", "100m", "CPU limit for the debug DaemonSet container") runCmd.PersistentFlags().String("daemonset-mem-req", "100M", "Memory request for the debug DaemonSet container") @@ -68,8 +67,7 @@ func initTestParamsFromFlags(cmd *cobra.Command) error { testParams.IncludeWebFilesInOutputFolder, _ = cmd.Flags().GetBool("include-web-files") testParams.EnableDataCollection, _ = cmd.Flags().GetBool("enable-data-collection") testParams.EnableXMLCreation, _ = cmd.Flags().GetBool("create-xml-junit-file") - testParams.TnfImageRepo, _ = cmd.Flags().GetString("tnf-image-repository") - testParams.TnfDebugImage, _ = cmd.Flags().GetString("tnf-debug-image") + testParams.CertSuiteProbeImage, _ = cmd.Flags().GetString("certsuite-probe-image") testParams.DaemonsetCPUReq, _ = cmd.Flags().GetString("daemonset-cpu-req") testParams.DaemonsetCPULim, _ = cmd.Flags().GetString("daemonset-cpu-lim") testParams.DaemonsetMemReq, _ = cmd.Flags().GetString("daemonset-mem-req") @@ -111,13 +109,13 @@ func runTestSuite(cmd *cobra.Command, _ []string) error { testParams := configuration.GetTestParameters() if testParams.ServerMode { - log.Info("Running CNF Certification Suite in web server mode") + log.Info("Running Certification Suite in web server mode") webserver.StartServer(testParams.OutputDir) } else { - log.Info("Running CNF Certification Suite in stand-alone mode") + log.Info("Running Certification Suite in stand-alone mode") err := certsuite.Run(testParams.LabelsFilter, testParams.OutputDir) if err != nil { - log.Fatal("Failed to run CNF Certification Suite: %v", err) //nolint:gocritic // exitAfterDefer + log.Fatal("Failed to run Certification Suite: %v", err) //nolint:gocritic // exitAfterDefer } } diff --git a/config/tnf_config.yml b/config/certsuite_config.yml similarity index 100% rename from config/tnf_config.yml rename to config/certsuite_config.yml diff --git a/docs/assets/images/demo-config.svg b/docs/assets/images/demo-config.svg index e580917b0..d2a86ea70 100644 --- a/docs/assets/images/demo-config.svg +++ b/docs/assets/images/demo-config.svg @@ -1 +1 @@ ->>./tnf>./tnfgenerate>./tnfgenerateconfigUsethearrowkeystonavigate:CreateShowSaveExit---------Create----------CreateaconfigurationfortheCNFCertificationSuiteCNFresourcesExceptionsCollectorSettings🡸---------CNFresources----------ConfiguretheworkloadresourcesoftheCNFtobeverified.OnlytheresourcesthattheCNFusesarerequiredtobeconfigured.Therestcanbeleftempty.Usuallyabasicconfigurationincludes"Namespaces"and"Pods"atleast.Usethearrowkeystonavigate:and/togglessearchNamespacesPodsOperatorsCRDfiltersManagedDeploymentsManagedStatefulSets---------Namespaces----------ThenamespacesinwhichtheCNFundertestwillbedeployed.Enteracomma-separatedlistofthenamespacesinwhichtheCNFisdeployingitsworkload.Syntax:ns1[,<ns2>]...Example:cnf,cnf-workload>>c>cn>cnfNamespacesPods---------Pods----------ThelabelsthateachPodoftheCNFundertestmusthavetobeverifiedbytheCNFCertificationSuite.IfanewlabelisusedforthispurposemakesureitisaddedtotheCNF'sPods,ideallyinthepod'sdefinitionastheon-the-flylabelsarelostifthePodgetsrescheduled.ForPodsownbyaDeployment,thesamelabelastheonedefinedinthe"spec.selector.matchLabels"sectionoftheDeploymentcanbeused.Enteracomma-separatedlistoflabelstoidentifytheCNF'sPodsundertest.Syntax:pod-label-1[,pod-label-2]...Example:redhat-best-practices-for-k8s.com/generic:target>cnf->cnf-t>cnf-ta>cnf-tar>cnf-targ>cnf-targe>cnf-target>cnf-target->cnf-target-podjOperators---------Operators----------Thelabelsthateachoperator'sCSVoftheCNFundertestmusthavetobeverifiedIfanewlabelisusedforthispurposemakesureitisaddedtotheCNFoperator'sCSVs.Enteracomma-separatedlistoflabelstoidentifytheCNF'soperatorsundertest.Syntax:operator-label-1[,operator-label-2]...Example:redhat-best-practices-for-k8s.com/operator1:target>cnf-target-operatorCRDfilters---------CRDfilters----------TheCRDnamesuffixusedtofiltertheCNF'sCRDsamongalltheCRDspresentinthecluster.ItmustalsobespecifiediftheresourcesownbytheCRDarescalableornotinordertoavoidsomelifecycletestcases.Enteracomma-separatedlistoftheCRD'snamesuffixesthattheCNFcontains.Also,specifyiftheresourcesmanagedbythoseCRDsarescalable.Syntax:crd-name-suffix/{true|false}[,crd-name-suffix/{true|false}]...Example:group1.test.com/false>group1.test.com/falseManagedStatefulSets---------ManagedStatefulSets----------🡸---------🡸----------MovetopreviousmenuCNFresourcesExceptions---------Exceptions----------Allowaddingexceptionstoskipseveralchecksfordifferentresources.TheexceptionsmustbejustifiedinordertopasstheCNFCertification.FeedbackregardingtheexceptionsconfiguredcanbeprovidedinanHTMLpageafterloadingtheclaim.jsonfilewiththeresults.KerneltaintsHelmchartsProtocolnamesServicesNon-scalableDeploymentsNon-scalableStatefulSets---------Kerneltaints----------ThelistofkernelmodulesloadedbytheCNFthatmaketheLinuxkernelmarkitselfas"tainted"butthatshouldskipverification.Testcasesaffected:platform-alteration-tainted-node-kernel.Enteracomma-separatedlistofkerneltaints(modules)Syntax:mod1[,mod2]...Example:vboxsf,vboxguest>vboxsfKerneltaintsHelmcharts---------Helmcharts----------ThelistofHelmchartsthattheCNFuseswhosecertificationstatuswillnotbeverified.Ifnoexceptionisconfigured,thecertificationstatusforallHelmchartswillbecheckedintheOpenShiftHelmsChartsrepository(seehttps://charts.openshift.io/).Testcasesaffected:affiliated-certification-helmchart-is-certifiedProtocolnames---------Protocolnames----------Thelistofallowedprotocolnamestobeusedforcontainerportnames.Thenamefieldofacontainerportmustbeoftheform<protocol>[-<suffix>]where<protocol>mustbeallowedbydefaultoraddedtothislist.Theoptional<suffix>canbechosenbytheapplication.Protocolnamesallowedbydefault:"grpc","grpc-web","http","http2","tcp","udp".Testcasesaffected:manageability-container-port-name-format.Enteracomma-separatedlistofprotocolnamesSyntax:proto1[,proto2]...Example:http3,sctp>sctpNon-scalableDeployments---------Non-scalableDeployments----------ThelistofDeploymentsthatdonotsupportscalein/outoperations.Deploymentsincludedinthislistwillskipanyscalingoperationcheck.Testcasesaffected:lifecycle-deployment-scalingCollector---------Collector----------ParametersrequiredtosendtheCNFCertificationSuiteresultstoadatacollector.Settings---------Settings----------ConfigurevarioussettingsfortheCNFCertificationSuite.DebugDaemonSetnamespace---------DebugDaemonSetnamespace----------SetthenamespacewherethedebugDaemonSetwillbedeployed.Thenamespacewillbecreatedincaseitdoesnotexist.Ifnotset,thedefaultnamespaceis"cnf-suite".ThisDaemonSet,called"tnf-debug"isdeployedandusedinternallybytheCNFCertificationSuitetoissuesomeshellcommandsthatareneededincertaintestcases.Someofthesetestcasesmightfailorbeskippedincaseitisnotdeployedcorrectly.EnterthenamespaceinwhichdedebugDaemonSetwillbedeployed.Syntax:ds-namespaceExample:cnf-cert>cnf-testCreateShow---------Show----------ShowthecurrentconfigurationinYAMLformatSave---------Save----------SavethecurrentconfigurationtoaYAMLfile(default"tnf_config.yaml")CNFconfigfile:tnf_config.ymlConfigurationsaved>cat>cattnf_config.ymltargetNameSpaces:-name:cnfpodsUnderTestLabels:-cnf-target-podoperatorsUnderTestLabels:-cnf-target-operatortargetCrdFilters:-nameSuffix:group1.test.comscalable:falseacceptedKernelTaints:-module:vboxsfvalidProtocolNames:-sctpdebugDaemonSetNamespace:cnf-test>.>./>./t>./tn>./tnfg>./tnfge>./tnfgen>./tnfgene>./tnfgener>./tnfgenera>./tnfgenerat>./tnfgeneratec>./tnfgenerateco>./tnfgeneratecon>./tnfgenerateconf>./tnfgenerateconfi>cnf-target-p>cnf-target-po>cnf-target-o>cnf-target-op>cnf-target-ope>cnf-target-oper>cnf-target-opera>cnf-target-operat>cnf-target-operato>g>gr>gro>grou>group>group1>group1.>group1.t>group1.te>group1.tes>group1.test>group1.test.>group1.test.c>group1.test.co>group1.test.com>group1.test.com/>group1.test.com/f>group1.test.com/fa>group1.test.com/fal>group1.test.com/falsManagedDeployments---------ManagedDeployments---------->v>vb>vbo>vbox>vboxs>s>sc>sctServices---------Services----------ThelistofServicesthatwillskipverification.Servicesincludedinthislistwillbefilteredoutattheautodiscoverystageandwillnotbesubjecttochecksinanytestcase.Testscasesaffected:networking-dual-stack-service,access-control-service-typeNon-scalableStatefulSets---------Non-scalableStatefulSets----------ThelistofStatefulSetsthatdonotsupportscalein/outoperations.StatefulSetsincludedinthislistwillskipanyscalingoperationcheck.Testcasesaffected:lifecycle-statefulset-scaling>cnf-te>cnf-tesDebugDaemonSetnamespaceCNFconfigfile:█nf_config.ymlExit---------Exit----------Exitthetool(changesnotsavedwillbelost)>c>ca>catt>cattn>cattnf>cattnf_>cattnf_c>cattnf_co>cattnf_con>cattnf_conf>cattnf_confi>cattnf_config>cattnf_config.>cattnf_config.y>cattnf_config.ymexit \ No newline at end of file +>>./tnf>./tnfgenerate>./tnfgenerateconfigUsethearrowkeystonavigate:CreateShowSaveExit---------Create----------CreateaconfigurationfortheCNFCertificationSuiteCNFresourcesExceptionsCollectorSettings🡸---------CNFresources----------ConfiguretheworkloadresourcesoftheCNFtobeverified.OnlytheresourcesthattheCNFusesarerequiredtobeconfigured.Therestcanbeleftempty.Usuallyabasicconfigurationincludes"Namespaces"and"Pods"atleast.Usethearrowkeystonavigate:and/togglessearchNamespacesPodsOperatorsCRDfiltersManagedDeploymentsManagedStatefulSets---------Namespaces----------ThenamespacesinwhichtheCNFundertestwillbedeployed.Enteracomma-separatedlistofthenamespacesinwhichtheCNFisdeployingitsworkload.Syntax:ns1[,<ns2>]...Example:cnf,cnf-workload>>c>cn>cnfNamespacesPods---------Pods----------ThelabelsthateachPodoftheCNFundertestmusthavetobeverifiedbytheCNFCertificationSuite.IfanewlabelisusedforthispurposemakesureitisaddedtotheCNF'sPods,ideallyinthepod'sdefinitionastheon-the-flylabelsarelostifthePodgetsrescheduled.ForPodsownbyaDeployment,thesamelabelastheonedefinedinthe"spec.selector.matchLabels"sectionoftheDeploymentcanbeused.Enteracomma-separatedlistoflabelstoidentifytheCNF'sPodsundertest.Syntax:pod-label-1[,pod-label-2]...Example:redhat-best-practices-for-k8s.com/generic:target>cnf->cnf-t>cnf-ta>cnf-tar>cnf-targ>cnf-targe>cnf-target>cnf-target->cnf-target-podjOperators---------Operators----------Thelabelsthateachoperator'sCSVoftheCNFundertestmusthavetobeverifiedIfanewlabelisusedforthispurposemakesureitisaddedtotheCNFoperator'sCSVs.Enteracomma-separatedlistoflabelstoidentifytheCNF'soperatorsundertest.Syntax:operator-label-1[,operator-label-2]...Example:redhat-best-practices-for-k8s.com/operator1:target>cnf-target-operatorCRDfilters---------CRDfilters----------TheCRDnamesuffixusedtofiltertheCNF'sCRDsamongalltheCRDspresentinthecluster.ItmustalsobespecifiediftheresourcesownbytheCRDarescalableornotinordertoavoidsomelifecycletestcases.Enteracomma-separatedlistoftheCRD'snamesuffixesthattheCNFcontains.Also,specifyiftheresourcesmanagedbythoseCRDsarescalable.Syntax:crd-name-suffix/{true|false}[,crd-name-suffix/{true|false}]...Example:group1.test.com/false>group1.test.com/falseManagedStatefulSets---------ManagedStatefulSets----------🡸---------🡸----------MovetopreviousmenuCNFresourcesExceptions---------Exceptions----------Allowaddingexceptionstoskipseveralchecksfordifferentresources.TheexceptionsmustbejustifiedinordertopasstheCNFCertification.FeedbackregardingtheexceptionsconfiguredcanbeprovidedinanHTMLpageafterloadingtheclaim.jsonfilewiththeresults.KerneltaintsHelmchartsProtocolnamesServicesNon-scalableDeploymentsNon-scalableStatefulSets---------Kerneltaints----------ThelistofkernelmodulesloadedbytheCNFthatmaketheLinuxkernelmarkitselfas"tainted"butthatshouldskipverification.Testcasesaffected:platform-alteration-tainted-node-kernel.Enteracomma-separatedlistofkerneltaints(modules)Syntax:mod1[,mod2]...Example:vboxsf,vboxguest>vboxsfKerneltaintsHelmcharts---------Helmcharts----------ThelistofHelmchartsthattheCNFuseswhosecertificationstatuswillnotbeverified.Ifnoexceptionisconfigured,thecertificationstatusforallHelmchartswillbecheckedintheOpenShiftHelmsChartsrepository(seehttps://charts.openshift.io/).Testcasesaffected:affiliated-certification-helmchart-is-certifiedProtocolnames---------Protocolnames----------Thelistofallowedprotocolnamestobeusedforcontainerportnames.Thenamefieldofacontainerportmustbeoftheform<protocol>[-<suffix>]where<protocol>mustbeallowedbydefaultoraddedtothislist.Theoptional<suffix>canbechosenbytheapplication.Protocolnamesallowedbydefault:"grpc","grpc-web","http","http2","tcp","udp".Testcasesaffected:manageability-container-port-name-format.Enteracomma-separatedlistofprotocolnamesSyntax:proto1[,proto2]...Example:http3,sctp>sctpNon-scalableDeployments---------Non-scalableDeployments----------ThelistofDeploymentsthatdonotsupportscalein/outoperations.Deploymentsincludedinthislistwillskipanyscalingoperationcheck.Testcasesaffected:lifecycle-deployment-scalingCollector---------Collector----------ParametersrequiredtosendtheCNFCertificationSuiteresultstoadatacollector.Settings---------Settings----------ConfigurevarioussettingsfortheCNFCertificationSuite.DebugDaemonSetnamespace---------DebugDaemonSetnamespace----------SetthenamespacewherethedebugDaemonSetwillbedeployed.Thenamespacewillbecreatedincaseitdoesnotexist.Ifnotset,thedefaultnamespaceis"cnf-suite".ThisDaemonSet,called"tnf-debug"isdeployedandusedinternallybytheCNFCertificationSuitetoissuesomeshellcommandsthatareneededincertaintestcases.Someofthesetestcasesmightfailorbeskippedincaseitisnotdeployedcorrectly.EnterthenamespaceinwhichdedebugDaemonSetwillbedeployed.Syntax:ds-namespaceExample:cnf-cert>cnf-testCreateShow---------Show----------ShowthecurrentconfigurationinYAMLformatSave---------Save----------SavethecurrentconfigurationtoaYAMLfile(default"tnf_config.yaml")CNFconfigfile:certsuite_config.ymlConfigurationsaved>cat>catcertsuite_config.ymltargetNameSpaces:-name:cnfpodsUnderTestLabels:-cnf-target-podoperatorsUnderTestLabels:-cnf-target-operatortargetCrdFilters:-nameSuffix:group1.test.comscalable:falseacceptedKernelTaints:-module:vboxsfvalidProtocolNames:-sctpdebugDaemonSetNamespace:cnf-test>.>./>./t>./tn>./tnfg>./tnfge>./tnfgen>./tnfgene>./tnfgener>./tnfgenera>./tnfgenerat>./tnfgeneratec>./tnfgenerateco>./tnfgeneratecon>./tnfgenerateconf>./tnfgenerateconfi>cnf-target-p>cnf-target-po>cnf-target-o>cnf-target-op>cnf-target-ope>cnf-target-oper>cnf-target-opera>cnf-target-operat>cnf-target-operato>g>gr>gro>grou>group>group1>group1.>group1.t>group1.te>group1.tes>group1.test>group1.test.>group1.test.c>group1.test.co>group1.test.com>group1.test.com/>group1.test.com/f>group1.test.com/fa>group1.test.com/fal>group1.test.com/falsManagedDeployments---------ManagedDeployments---------->v>vb>vbo>vbox>vboxs>s>sc>sctServices---------Services----------ThelistofServicesthatwillskipverification.Servicesincludedinthislistwillbefilteredoutattheautodiscoverystageandwillnotbesubjecttochecksinanytestcase.Testscasesaffected:networking-dual-stack-service,access-control-service-typeNon-scalableStatefulSets---------Non-scalableStatefulSets----------ThelistofStatefulSetsthatdonotsupportscalein/outoperations.StatefulSetsincludedinthislistwillskipanyscalingoperationcheck.Testcasesaffected:lifecycle-statefulset-scaling>cnf-te>cnf-tesDebugDaemonSetnamespaceCNFconfigfile:█nf_config.ymlExit---------Exit----------Exitthetool(changesnotsavedwillbelost)>c>ca>catt>cattn>cattnf>cattnf_>cattnf_c>cattnf_co>cattnf_con>cattnf_conf>cattnf_confi>cattnf_config>cattnf_config.>cattnf_config.y>cattnf_config.ymexit \ No newline at end of file diff --git a/docs/configuration.md b/docs/configuration.md index 09b5cdb1e..b147fb9a3 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -3,7 +3,7 @@ The Red Hat Best Practices Test Suite for Kubernetes uses a YAML configuration file to certify a specific workload. This file specifies the workload's resources to be certified, as well as any exceptions or other general configuration options. -By default a file named _tnf_config.yml_ will be used. Here's an [example](https://github.com/redhat-best-practices-for-k8s/certsuite/blob/main/config/tnf_config.yml) of the Config File. For a description of each config option see the section [Config File options](#config-file-options). +By default a file named _certsuite_config.yml_ will be used. Here's an [example](https://github.com/redhat-best-practices-for-k8s/certsuite/blob/main/config/certsuite_config.yml) of the Config File. For a description of each config option see the section [Config File options](#config-file-options). ## Config Generator @@ -38,7 +38,7 @@ These options allow configuring the workload resources to be verified. Only the !!! note Using the number of labels to determine how to get the resources under test.
- If there are labels defined, we get the list of pods, statefulsets, deployments, csvs, by fetching the resources matching the labels. Otherwise, if the labels are not defined, we only test the resources that are in the namespaces under test (defined in tnf_config.yml). + If there are labels defined, we get the list of pods, statefulsets, deployments, csvs, by fetching the resources matching the labels. Otherwise, if the labels are not defined, we only test the resources that are in the namespaces under test (defined in certsuite_config.yml). #### targetNameSpaces diff --git a/docs/test-run.md b/docs/test-run.md index cc159931a..515455a66 100644 --- a/docs/test-run.md +++ b/docs/test-run.md @@ -62,7 +62,7 @@ The following is a non-exhaustive list of the most common flags that the `certsu * `-k, --kubeconfig`: Path to the Kubeconfig file of the target cluster. -* `-c, --config-file`: Path to the `tnf_config.yml` file. +* `-c, --config-file`: Path to the `certsuite_config.yml` file. * `--preflight-dockerconfig`: Path to the Dockerconfig file to be used by the Preflight test suite @@ -92,7 +92,7 @@ The Test Suite requires 3 files that must be provided to the test container: * The _Kubeconfig_ for the target cluster. * The _Dockerconfig_ of the local Docker installation (only for the Preflight test suite). -* The `tnf_config.yml`. +* The `certsuite_config.yml`. To reduce the number of shared volumes with the test container in the example below those files are copied into a folder called "config". Also, another folder to contain the output files called "results" has been created. The files saved in the output directory after the test run are: @@ -108,7 +108,7 @@ docker run --rm --network host \ certsuite run \ --kubeconfig=/usr/certsuite/config/kubeconfig \ --preflight-dockerconfig=/usr/certsuite/config/dockerconfig \ - --config-file=/usr/certsuite/config/tnf_config.yml \ + --config-file=/usr/certsuite/config/certsuite_config.yml \ --output-dir=/usr/certsuite/results \ --label-filter=all ``` diff --git a/docs/test-spec-implementation.md b/docs/test-spec-implementation.md index 1eb762ec8..1be0b68a0 100644 --- a/docs/test-spec-implementation.md +++ b/docs/test-spec-implementation.md @@ -5,7 +5,7 @@ This section explains the implementation of some test cases so that users can ha ## [lifecycle-deployment-scaling](https://github.com/redhat-best-practices-for-k8s/certsuite/blob/main/CATALOG.md#lifecycle-deployment-scaling) and [lifecycle-statefulset-scaling](https://github.com/redhat-best-practices-for-k8s/certsuite/blob/main/CATALOG.md#lifecycle-statefulset-scaling) -For each discovered deployment in the [target namespaces](https://github.com/redhat-best-practices-for-k8s/certsuite/blob/main/cnf-certification-test/tnf_config.yml#L1), the test case will try to modify its replica count to check whether pod's can be correctly removed and re-deployed in the cluster. +For each discovered deployment in the [target namespaces](https://github.com/redhat-best-practices-for-k8s/certsuite/blob/main/cnf-certification-test/certsuite_config.yml#L1), the test case will try to modify its replica count to check whether pod's can be correctly removed and re-deployed in the cluster. @@ -15,11 +15,11 @@ As depicted in the image, the way to modify the number of replicas varies depend - If the deployment/statefulset is an standalone resource, the test case just decreases the `.spec.replicas` field by one, waits for that pod to be removed and then it restores the original number increasing the field by one again. The test case passes as soon as the new pod is up and running again. - If there's an [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) (HPA) managing the resource, the test case decreases and increases the HPA's MaxReplicas field accordingly. -- If [the owner](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/#owner-references-in-object-specifications) of the resource is a CR, the test makes sure that CR's CRD matches any of the suffixes in the tnf_config.yaml's [targetCrdFilters](https://github.com/redhat-best-practices-for-k8s/certsuite/blob/d2b718753f438ec8f33ed8bca5ac60ecf71ef599/cnf-certification-test/tnf_config.yml#L8) field. If there's a match, the test case is skipped as it's there's another test case called lifecycle-crd-scaling that will test it. Otherwise it will flagged as failed. +- If [the owner](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/#owner-references-in-object-specifications) of the resource is a CR, the test makes sure that CR's CRD matches any of the suffixes in the tnf_config.yaml's [targetCrdFilters](https://github.com/redhat-best-practices-for-k8s/certsuite/blob/d2b718753f438ec8f33ed8bca5ac60ecf71ef599/cnf-certification-test/certsuite_config.yml#L8) field. If there's a match, the test case is skipped as it's there's another test case called lifecycle-crd-scaling that will test it. Otherwise it will flagged as failed. ## [lifecycle-crd-scaling](https://github.com/redhat-best-practices-for-k8s/certsuite/blob/main/CATALOG.md#lifecycle-crd-scaling) -During the program's startup, an autodiscovery phase is performed where all the CRDs and their existing CRs in the [target namespaces](https://github.com/redhat-best-practices-for-k8s/certsuite/blob/main/cnf-certification-test/tnf_config.yml#L1) are stored to be tested later. Only CRs whose CRD's suffix matches at least one of the [targetCrdFilters](https://github.com/redhat-best-practices-for-k8s/certsuite/blob/d2b718753f438ec8f33ed8bca5ac60ecf71ef599/cnf-certification-test/tnf_config.yml#L8) and has an [scale subresource](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#scale-subresource) will be selected as test targets. +During the program's startup, an autodiscovery phase is performed where all the CRDs and their existing CRs in the [target namespaces](https://github.com/redhat-best-practices-for-k8s/certsuite/blob/main/cnf-certification-test/certsuite_config.yml#L1) are stored to be tested later. Only CRs whose CRD's suffix matches at least one of the [targetCrdFilters](https://github.com/redhat-best-practices-for-k8s/certsuite/blob/d2b718753f438ec8f33ed8bca5ac60ecf71ef599/cnf-certification-test/certsuite_config.yml#L8) and has an [scale subresource](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#scale-subresource) will be selected as test targets. For every CR under test, a similar approach to the scaling of deployments and statefulsets is done. diff --git a/go.mod b/go.mod index 62d7ac5e5..e3e876dcf 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.22.6 require ( github.com/Masterminds/semver/v3 v3.3.0 - github.com/redhat-best-practices-for-k8s/certsuite-claim v1.0.46 + github.com/redhat-best-practices-for-k8s/certsuite-claim v1.0.47 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 diff --git a/go.sum b/go.sum index 1c7e6aefa..835e323be 100644 --- a/go.sum +++ b/go.sum @@ -373,8 +373,8 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/redhat-best-practices-for-k8s/certsuite-claim v1.0.46 h1:FIMxVB4qGIDIuvQ/oKgbMZoKqC2j6H9vorSGjcL441c= -github.com/redhat-best-practices-for-k8s/certsuite-claim v1.0.46/go.mod h1:zl22noTFxcP05POwr1aMNa13j4M1Fitq8TsxLrw/mJE= +github.com/redhat-best-practices-for-k8s/certsuite-claim v1.0.47 h1:xAOVi+7YXBJNBsZeezAWWCHx84IU6AWIw53BT9tATas= +github.com/redhat-best-practices-for-k8s/certsuite-claim v1.0.47/go.mod h1:zl22noTFxcP05POwr1aMNa13j4M1Fitq8TsxLrw/mJE= github.com/redhat-best-practices-for-k8s/oct v0.0.20 h1:u2HhR6ilkHYVf1TaHaFstMz5AxnalmhvQ5gcKwO6058= github.com/redhat-best-practices-for-k8s/oct v0.0.20/go.mod h1:BMcFp+p6SMrtjmkrl+eedhlaHZp1O7ZGuvs2TWhNrJI= github.com/redhat-best-practices-for-k8s/privileged-daemonset v1.0.33 h1:ZOfbO2vycaV2B154ddLmSszgp8jvcsz9VV0vLslDEXk= diff --git a/internal/results/html/results.html b/internal/results/html/results.html index 700549448..9bf257a56 100644 --- a/internal/results/html/results.html +++ b/internal/results/html/results.html @@ -1,230 +1,2 @@ - - +Moved Permanently. - - CNF Certification Test Parser - - - - - - - - - - - - - - - - - - - - - - -
- Red Hat -

CNF Certification Test Parser

-
-

Upload file

-
- -
- -

Scenario

-
- - - -
- - -
-
- - -
-
- -

Results

-
-

- Upload Feedback File: -

- Download - Results - Download Feedback as a JSON file -
-
-
-
-
- -
- - Configuration - - -
- - - Metadata - - - -
- - - Nodes - - -
- - - Results - - - - - - - - - - - - - - - - - - - - - - - Versions - - - -
- - - - - - - -
- - - - - © 2022 Red Hat, Inc. - - - - - - - - - - - diff --git a/pkg/claimhelper/claimhelper.go b/pkg/claimhelper/claimhelper.go index 0226f4f3d..badfc9dd2 100644 --- a/pkg/claimhelper/claimhelper.go +++ b/pkg/claimhelper/claimhelper.go @@ -130,12 +130,12 @@ func NewClaimBuilder() (*ClaimBuilder, error) { root.Claim.Configurations = claimConfigurations root.Claim.Nodes = GenerateNodes() root.Claim.Versions = &claim.Versions{ - Tnf: versions.GitDisplayRelease, - TnfGitCommit: versions.GitCommit, - OcClient: diagnostics.GetVersionOcClient(), - Ocp: diagnostics.GetVersionOcp(), - K8s: diagnostics.GetVersionK8s(), - ClaimFormat: versions.ClaimFormatVersion, + CertSuite: versions.GitDisplayRelease, + CertSuiteGitCommit: versions.GitCommit, + OcClient: diagnostics.GetVersionOcClient(), + Ocp: diagnostics.GetVersionOcp(), + K8s: diagnostics.GetVersionK8s(), + ClaimFormat: versions.ClaimFormatVersion, } return &ClaimBuilder{ diff --git a/pkg/claimhelper/claimhelper_test.go b/pkg/claimhelper/claimhelper_test.go index 9b35d713a..f6f87ded9 100644 --- a/pkg/claimhelper/claimhelper_test.go +++ b/pkg/claimhelper/claimhelper_test.go @@ -211,7 +211,7 @@ func TestMarshalClaimOutput(t *testing.T) { EndTime: "2023-12-20 14:51:34 -0600 MST", }, Versions: &claim.Versions{ - Tnf: "1.0.0", + CertSuite: "1.0.0", }, Results: map[string]claim.Result{ "test-case1": { @@ -230,7 +230,7 @@ func TestMarshalClaimOutput(t *testing.T) { // Check if the output is a valid JSON //nolint:lll - assert.Contains(t, string(output), "{\n \"claim\": {\n \"configurations\": null,\n \"metadata\": {\n \"endTime\": \"2023-12-20 14:51:34 -0600 MST\",\n \"startTime\": \"2023-12-20 14:51:33 -0600 MST\"\n },\n \"nodes\": null,\n \"results\": {\n \"test-case1\": {\n \"capturedTestOutput\": \"\",\n \"catalogInfo\": null,\n \"categoryClassification\": null,\n \"checkDetails\": \"\",\n \"duration\": 0,\n \"failureLineContent\": \"\",\n \"failureLocation\": \"\",\n \"skipReason\": \"\",\n \"startTime\": \"\",\n \"state\": \"failed\",\n \"testID\": {\n \"id\": \"test-case1\",\n \"suite\": \"test-suite1\",\n \"tags\": \"\"\n }\n }\n },\n \"versions\": {\n \"claimFormat\": \"\",\n \"k8s\": \"\",\n \"ocClient\": \"\",\n \"ocp\": \"\",\n \"tnf\": \"1.0.0\",\n \"tnfGitCommit\": \"\"\n }\n }\n}") + assert.Contains(t, string(output), "{\n \"claim\": {\n \"configurations\": null,\n \"metadata\": {\n \"endTime\": \"2023-12-20 14:51:34 -0600 MST\",\n \"startTime\": \"2023-12-20 14:51:33 -0600 MST\"\n },\n \"nodes\": null,\n \"results\": {\n \"test-case1\": {\n \"capturedTestOutput\": \"\",\n \"catalogInfo\": null,\n \"categoryClassification\": null,\n \"checkDetails\": \"\",\n \"duration\": 0,\n \"failureLineContent\": \"\",\n \"failureLocation\": \"\",\n \"skipReason\": \"\",\n \"startTime\": \"\",\n \"state\": \"failed\",\n \"testID\": {\n \"id\": \"test-case1\",\n \"suite\": \"test-suite1\",\n \"tags\": \"\"\n }\n }\n },\n \"versions\": {\n \"certSuite\": \"1.0.0\",\n \"certSuiteGitCommit\": \"\",\n \"claimFormat\": \"\",\n \"k8s\": \"\",\n \"ocClient\": \"\",\n \"ocp\": \"\"\n }\n }\n}") } func TestWriteClaimOutput(t *testing.T) { @@ -241,7 +241,7 @@ func TestWriteClaimOutput(t *testing.T) { EndTime: "2023-12-20 14:51:34 -0600 MST", }, Versions: &claim.Versions{ - Tnf: "1.0.0", + CertSuite: "1.0.0", }, Results: map[string]claim.Result{ "test-case1": { @@ -266,7 +266,7 @@ func TestWriteClaimOutput(t *testing.T) { // Check if the output is a valid JSON //nolint:lll - assert.Contains(t, string(output), "{\n \"claim\": {\n \"configurations\": null,\n \"metadata\": {\n \"endTime\": \"2023-12-20 14:51:34 -0600 MST\",\n \"startTime\": \"2023-12-20 14:51:33 -0600 MST\"\n },\n \"nodes\": null,\n \"results\": {\n \"test-case1\": {\n \"capturedTestOutput\": \"\",\n \"catalogInfo\": null,\n \"categoryClassification\": null,\n \"checkDetails\": \"\",\n \"duration\": 0,\n \"failureLineContent\": \"\",\n \"failureLocation\": \"\",\n \"skipReason\": \"\",\n \"startTime\": \"\",\n \"state\": \"failed\",\n \"testID\": {\n \"id\": \"test-case1\",\n \"suite\": \"test-suite1\",\n \"tags\": \"\"\n }\n }\n },\n \"versions\": {\n \"claimFormat\": \"\",\n \"k8s\": \"\",\n \"ocClient\": \"\",\n \"ocp\": \"\",\n \"tnf\": \"1.0.0\",\n \"tnfGitCommit\": \"\"\n }\n }\n}") + assert.Contains(t, string(output), "{\n \"claim\": {\n \"configurations\": null,\n \"metadata\": {\n \"endTime\": \"2023-12-20 14:51:34 -0600 MST\",\n \"startTime\": \"2023-12-20 14:51:33 -0600 MST\"\n },\n \"nodes\": null,\n \"results\": {\n \"test-case1\": {\n \"capturedTestOutput\": \"\",\n \"catalogInfo\": null,\n \"categoryClassification\": null,\n \"checkDetails\": \"\",\n \"duration\": 0,\n \"failureLineContent\": \"\",\n \"failureLocation\": \"\",\n \"skipReason\": \"\",\n \"startTime\": \"\",\n \"state\": \"failed\",\n \"testID\": {\n \"id\": \"test-case1\",\n \"suite\": \"test-suite1\",\n \"tags\": \"\"\n }\n }\n },\n \"versions\": {\n \"certSuite\": \"1.0.0\",\n \"certSuiteGitCommit\": \"\",\n \"claimFormat\": \"\",\n \"k8s\": \"\",\n \"ocClient\": \"\",\n \"ocp\": \"\"\n }\n }\n}") // Assert the file permissions are 0644 fileInfo, err := os.Stat(outputFile) @@ -282,7 +282,7 @@ func TestReadClaimFile(t *testing.T) { EndTime: "2023-12-20 14:51:34 -0600 MST", }, Versions: &claim.Versions{ - Tnf: "1.0.0", + CertSuite: "1.0.0", }, Results: map[string]claim.Result{ "test-case1": { diff --git a/pkg/configuration/configuration.go b/pkg/configuration/configuration.go index f2198a800..0af76def6 100644 --- a/pkg/configuration/configuration.go +++ b/pkg/configuration/configuration.go @@ -107,8 +107,8 @@ type TestParameters struct { DaemonsetMemReq string DaemonsetMemLim string SanitizeClaim bool - TnfImageRepo string - TnfDebugImage string + CertSuiteImageRepo string + CertSuiteProbeImage string NonIntrusiveOnly bool AllowPreflightInsecure bool IncludeWebFilesInOutputFolder bool diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go index 3c09be94c..a45a67f08 100644 --- a/pkg/provider/provider.go +++ b/pkg/provider/provider.go @@ -181,7 +181,7 @@ var ( func deployDaemonSet(namespace string) error { k8sPrivilegedDs.SetDaemonSetClient(clientsholder.GetClientsHolder().K8sClient) - dsImage := env.params.TnfImageRepo + "/" + env.params.TnfDebugImage + dsImage := env.params.CertSuiteProbeImage if k8sPrivilegedDs.IsDaemonSetReady(DaemonSetName, namespace, dsImage) { return nil } @@ -196,11 +196,11 @@ func deployDaemonSet(namespace string) error { configuration.GetTestParameters().DaemonsetMemLim, ) if err != nil { - return fmt.Errorf("could not deploy tnf daemonset, err=%v", err) + return fmt.Errorf("could not deploy certsuite daemonset, err=%v", err) } err = k8sPrivilegedDs.WaitDaemonsetReady(namespace, DaemonSetName, debugPodsTimeout) if err != nil { - return fmt.Errorf("timed out waiting for tnf daemonset, err=%v", err) + return fmt.Errorf("timed out waiting for certsuite daemonset, err=%v", err) } return nil diff --git a/script/run-basic-batch-operators-test.sh b/script/run-basic-batch-operators-test.sh index 4fb101a8d..d1ea8b955 100755 --- a/script/run-basic-batch-operators-test.sh +++ b/script/run-basic-batch-operators-test.sh @@ -13,7 +13,7 @@ INDEX_FILE=index2.html # INPUTS # tnf_config.yaml template file path -CONFIG_YAML_TEMPLATE="$(pwd)"/tnf_config.yml.template +CONFIG_YAML_TEMPLATE="$(pwd)"/certsuite_config.yml.template # CatalogSource.yaml template file path CATALOG_SOURCE_TEMPLATE="$(pwd)"/CatalogSource.yaml.template @@ -366,7 +366,7 @@ report_failure() { # Add tnf_config link echo ", tnf_config: " - echo ''"link"'' + echo ''"link"'' # New line echo "
" @@ -584,7 +584,7 @@ while IFS=, read -r package_name catalog_index; do echo_color "$RED" "Error, creating report dir failed" fi - config_yaml="$report_dir"/tnf_config.yml + config_yaml="$report_dir"/certsuite_config.yml # Change the target_name_space in tnf_config file sed "s/\$ns/$ns/" "$CONFIG_YAML_TEMPLATE" >"$config_yaml" @@ -683,7 +683,7 @@ while IFS=, read -r package_name catalog_index; do # Add tnf_config link echo ", tnf_config: " - echo ''"link"'' + echo ''"link"'' # new line echo "
" diff --git a/version.json b/version.json index 62fc3bc98..09ea25757 100644 --- a/version.json +++ b/version.json @@ -1,5 +1,5 @@ { "debugTag": "v0.0.7", - "claimFormat": "v0.4.0", - "parserTag": "v0.4.7" + "claimFormat": "v0.5.0", + "parserTag": "v0.5.0" } diff --git a/webserver/webserver.go b/webserver/webserver.go index 6f992f116..47367739f 100644 --- a/webserver/webserver.go +++ b/webserver/webserver.go @@ -265,7 +265,7 @@ func runHandler(w http.ResponseWriter, r *http.Request) { log.Info("Web Server kubeconfig file : %v (copied into %v)", fileHeader.Filename, kubeconfigTempFile.Name()) log.Info("Web Server Labels filter : %v", flattenedOptions) - tnfConfig, err := os.ReadFile("tnf_config.yml") + tnfConfig, err := os.ReadFile("certsuite_config.yml") if err != nil { log.Fatal("Error reading YAML file: %v", err) //nolint:gocritic // exitAfterDefer } @@ -274,7 +274,7 @@ func runHandler(w http.ResponseWriter, r *http.Request) { // Write the modified YAML data back to the file var filePerm fs.FileMode = 0o644 // owner can read/write, group and others can only read - err = os.WriteFile("tnf_config.yml", newData, filePerm) + err = os.WriteFile("certsuite_config.yml", newData, filePerm) if err != nil { log.Fatal("Error writing YAML file: %v", err) }