Use testhelper funcs

redhat-best-practices-for-k8s · Nov 21, 2023 · db326b1 · db326b1
1 parent 96b0b40
commit db326b1
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 101 deletions.
diff --git a/cnf-certification-test/accesscontrol/suite.go b/cnf-certification-test/accesscontrol/suite.go
@@ -62,74 +62,6 @@ var (
 		env = provider.GetTestEnvironment()
 		return nil
 	}
-
-	skipIfNoContainersFn = func() (bool, string) {
-		if len(env.Containers) == 0 {
-			logrus.Warnf("No containers to check...")
-			return true, "There are no containers to check. Please check under test labels."
-		}
-
-		return false, ""
-	}
-
-	skipIfNoPodsFn = func() (bool, string) {
-		if len(env.Pods) == 0 {
-			logrus.Warn("No pods to check.")
-			return true, "There are no pods to check."
-		}
-
-		return false, ""
-	}
-
-	skipIfNoNamespacesFn = func() (bool, string) {
-		if len(env.Namespaces) == 0 {
-			warnStr := "No namespaces to check."
-			logrus.Warn(warnStr)
-			return true, warnStr
-		}
-
-		return false, ""
-	}
-
-	skipIfDaemonsetFailedToSpawnFn = func() (bool, string) {
-		warnStr := "Debug Daemonset failed to spawn skipping test."
-		if env.DaemonsetFailedToSpawn {
-			logrus.Warn(warnStr)
-			return true, warnStr
-		}
-
-		return false, ""
-	}
-
-	skipIfSharedProcessNamespacePodsFn = func() (bool, string) {
-		warnStr := "No shared process namespace pods to check."
-		if len(env.GetShareProcessNamespacePods()) == 0 {
-			logrus.Warn(warnStr)
-			return true, warnStr
-		}
-
-		return false, ""
-	}
-
-	skipIfNoCrdsFn = func() (bool, string) {
-		warnStr := "No CRDs to check."
-		if len(env.Crds) == 0 {
-			logrus.Warn(warnStr)
-			return true, warnStr
-		}
-
-		return false, ""
-	}
-
-	skipIfNoRolesFn = func() (bool, string) {
-		warnStr := "No roles to check."
-		if len(env.Roles) == 0 {
-			logrus.Warn(warnStr)
-			return true, warnStr
-		}
-
-		return false, ""
-	}
 )
 
 //nolint:funlen
@@ -141,220 +73,215 @@ func init() {
 
 	testID, tags := identifiers.GetGinkgoTestIDAndLabels(identifiers.TestSecContextIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoContainersFn).
+		WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testContainerSCC(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestSysAdminIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoContainersFn).
+		WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testSysAdminCapability(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestNetAdminIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoContainersFn).
+		WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testNetAdminCapability(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestNetRawIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoContainersFn).
+		WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testNetRawCapability(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestIpcLockIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoContainersFn).
+		WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testIpcLockCapability(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestBpfIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoContainersFn).
+		WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testBpfCapability(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestSecConNonRootUserIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoContainersFn).
+		WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testSecConRootUser(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestSecConPrivilegeEscalation)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoContainersFn).
+		WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testSecConPrivilegeEscalation(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestContainerHostPort)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoContainersFn).
+		WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testContainerHostPort(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestPodHostNetwork)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoPodsFn).
+		WithSkipCheckFn(testhelper.GetNoPodsUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testPodHostNetwork(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestPodHostPath)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoPodsFn).
+		WithSkipCheckFn(testhelper.GetNoPodsUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testPodHostPath(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestPodHostIPC)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoPodsFn).
+		WithSkipCheckFn(testhelper.GetNoPodsUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testPodHostIPC(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestPodHostPID)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoPodsFn).
+		WithSkipCheckFn(testhelper.GetNoPodsUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testPodHostPID(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestNamespaceBestPracticesIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoNamespacesFn).
+		WithSkipCheckFn(testhelper.GetNoNamespacesSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testNamespace(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestPodServiceAccountBestPracticesIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoPodsFn).
+		WithSkipCheckFn(testhelper.GetNoPodsUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testPodServiceAccount(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestPodRoleBindingsBestPracticesIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoPodsFn).
+		WithSkipCheckFn(testhelper.GetNoPodsUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testPodRoleBindings(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestPodClusterRoleBindingsBestPracticesIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoPodsFn).
+		WithSkipCheckFn(testhelper.GetNoPodsUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testPodClusterRoleBindings(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestPodAutomountServiceAccountIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoPodsFn).
+		WithSkipCheckFn(testhelper.GetNoPodsUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testAutomountServiceToken(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestOneProcessPerContainerIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoContainersFn).
-		WithSkipCheckFn(skipIfDaemonsetFailedToSpawnFn).
+		WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env), testhelper.GetDaemonSetFailedToSpawnSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testOneProcessPerContainer(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestSYSNiceRealtimeCapabilityIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoContainersFn).
+		WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testSYSNiceRealtimeCapability(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestSysPtraceCapabilityIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfSharedProcessNamespacePodsFn).
+		WithSkipCheckFn(testhelper.GetSharedProcessNamespacePodsSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testSysPtraceCapability(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestNamespaceResourceQuotaIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoPodsFn).
+		WithSkipCheckFn(testhelper.GetNoPodsUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testNamespaceResourceQuota(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestNoSSHDaemonsAllowedIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfDaemonsetFailedToSpawnFn).
-		WithSkipCheckFn(skipIfNoContainersFn).
+		WithSkipCheckFn(testhelper.GetDaemonSetFailedToSpawnSkipFn(&env), testhelper.GetNoContainersUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testNoSSHDaemonsAllowed(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestPodRequestsAndLimitsIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoPodsFn).
+		WithSkipCheckFn(testhelper.GetNoPodsUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testPodRequestsAndLimits(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.Test1337UIDIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoPodsFn).
+		WithSkipCheckFn(testhelper.GetNoPodsUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			test1337UIDs(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestServicesDoNotUseNodeportsIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoContainersFn).
-		WithSkipCheckFn(skipIfNoPodsFn).
+		WithSkipCheckFn(testhelper.GetNoContainersUnderTestSkipFn(&env), testhelper.GetNoPodsUnderTestSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testNodePort(c, &env)
 			return nil
 		}))
 
 	testID, tags = identifiers.GetGinkgoTestIDAndLabels(identifiers.TestCrdRoleIdentifier)
 	checksGroup.Add(checksdb.NewCheck(testID, tags).
-		WithSkipCheckFn(skipIfNoCrdsFn).
-		WithSkipCheckFn(skipIfNoRolesFn).
-		WithSkipCheckFn(skipIfNoNamespacesFn).
+		WithSkipCheckFn(testhelper.GetNoCrdsUnderTestSkipFn(&env), testhelper.GetNoNamespacesSkipFn(&env), testhelper.GetNoRolesSkipFn(&env)).
 		WithCheckFn(func(c *checksdb.Check) error {
 			testCrdRoles(c, &env)
 			return nil

diff --git a/pkg/testhelper/testhelper.go b/pkg/testhelper/testhelper.go
@@ -369,7 +369,47 @@ func GetNoStatefulSetsUnderTestSkipFn(env *provider.TestEnvironment) func() (boo
 func GetNoCrdsUnderTestSkipFn(env *provider.TestEnvironment) func() (bool, string) {
 	return func() (bool, string) {
 		if len(env.Crds) == 0 {
-			return true, "no CRDs to check found"
+			return true, "no roles to check"
+		}
+
+		return false, ""
+	}
+}
+
+func GetNoNamespacesSkipFn(env *provider.TestEnvironment) func() (bool, string) {
+	return func() (bool, string) {
+		if len(env.Namespaces) == 0 {
+			return true, "There are no namespaces to check. Please check config."
+		}
+
+		return false, ""
+	}
+}
+
+func GetNoRolesSkipFn(env *provider.TestEnvironment) func() (bool, string) {
+	return func() (bool, string) {
+		if len(env.Roles) == 0 {
+			return true, "There are no roles to check. Please check config."
+		}
+
+		return false, ""
+	}
+}
+
+func GetDaemonSetFailedToSpawnSkipFn(env *provider.TestEnvironment) func() (bool, string) {
+	return func() (bool, string) {
+		if env.DaemonsetFailedToSpawn {
+			return true, "DaemonSet failed to spawn."
+		}
+
+		return false, ""
+	}
+}
+
+func GetSharedProcessNamespacePodsSkipFn(env *provider.TestEnvironment) func() (bool, string) {
+	return func() (bool, string) {
+		if len(env.GetShareProcessNamespacePods()) == 0 {
+			return true, "Shared process namespace pods found."
 		}
 
 		return false, ""