Skip to content

Implemented Helm Unit Tests #1949

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Weltraumschaf merged 35 commits into from
Sep 29, 2023
Merged

Implemented Helm Unit Tests #1949

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
f4be4aa
#1814 Added helm unit tests for bodgeit
Ilyesbdlala Sep 8, 2023
d39fa64
#1814 Added helm unit tests for dummy-ssh
Sep 11, 2023
85bfafe
#1814 Added helm unit tests for http-webhook
Sep 11, 2023
eab2330
#1814 Added helm unit tests for juice-shop
Sep 11, 2023
393fe80
#1814 Added helm unit tests for old-joomla
Sep 11, 2023
f2643b6
#1814 Added helm unit tests for old-typo3
Sep 11, 2023
6095348
#1814 Added helm unit tests for old-wordpress
Sep 11, 2023
928f35f
#1814 Added helm unit tests for swagger-petstore
Sep 11, 2023
c204be9
#1814 Added helm unit tests for unsafe-https
Sep 11, 2023
af8c0bf
#1814 Added helm unit tests for vulnerable-log4j
Sep 11, 2023
0c4bffd
#1814 Refactoring demo-targets unittests
Sep 11, 2023
eb73d58
#1814 refactored .helmignore of demo-targets to ignore docs and test…
Ilyesbdlala Sep 12, 2023
febcc7d
#1814 Added helm unit tests for cascading-scans hook
Ilyesbdlala Sep 15, 2023
e75f0ff
#1814 Added helm unit tests for finding-post-processing hook
Ilyesbdlala Sep 15, 2023
b0784d1
#1814 Added helm unit tests for generic-webhook hook
Ilyesbdlala Sep 15, 2023
3866a4e
#1814 Added helm unit tests for notification hook
Ilyesbdlala Sep 15, 2023
77d55ef
#1814 Added helm unit tests for persistence-azure-monitor hook
Ilyesbdlala Sep 15, 2023
e23494b
#1814 Added helm unit tests for persistence-defectdojo hook
Ilyesbdlala Sep 15, 2023
2e524c4
#1814 Added helm unit tests for persistence-elastic hook
Ilyesbdlala Sep 15, 2023
9b2aec0
#1814 Added helm unit tests for update-field-hook hook
Ilyesbdlala Sep 15, 2023
d33e40f
#1814 Added makefile target to iterate through hooks helm unit tests
Ilyesbdlala Sep 15, 2023
823b343
#1814 Added makefile target to run the helm unit tests for the hook i…
Ilyesbdlala Sep 15, 2023
2a9b706
#1814 Refactored demo-targets unit tests to set all attributes that a…
Ilyesbdlala Sep 15, 2023
e3e6c64
#1814 Added makefile target to iterate through demo-targets helm unit…
Ilyesbdlala Sep 15, 2023
6c3eca5
#1814 Added helm unit tests for operator
Ilyesbdlala Sep 15, 2023
9f39782
#1814 Added helm unit tests for autodiscovery
Ilyesbdlala Sep 15, 2023
383d584
#1814 Added helm unit tests for scanners
Ilyesbdlala Sep 15, 2023
54d2012
#1814 Removed cascading-rules templates since no default cascadingru…
Ilyesbdlala Sep 15, 2023
f4b63ec
#1814 Added makefile targets to run helm unit tests for scanners, ho…
Ilyesbdlala Sep 15, 2023
1a332a8
#1814 Fixed issue where attributes in zap-scan-type.yaml are defined…
Ilyesbdlala Sep 15, 2023
e5717d7
#1813 Added a ci job to run helm chart unit-tests
Ilyesbdlala Sep 15, 2023
fc778c6
#1814 Added missing helm unittest plugin install step
Ilyesbdlala Sep 15, 2023
e95caf3
#1814 Updated snapshot to include changes after rebase
Ilyesbdlala Sep 15, 2023
2511061
#1814 Pinned Helm unittest plugin version
Ilyesbdlala Sep 15, 2023
886bc6b
#1814 Made helm-unit-tests loop targets POSIX compliant
Ilyesbdlala Sep 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ env:
KIND_BINARY_VERSION: "v0.20.0"
KUBECTL_VERSION: "v1.27.4"
HELM_VERSION: "v3.12.2"
HELM_PLUGIN_UNITTEST: "0.3.5"

jobs:
# ---- NVM Setup ----
Expand Down Expand Up @@ -99,6 +100,51 @@ jobs:

# ---- Unit-Test | Java ----

helm-unit-test:
name: "Unit-Test | Helm"
runs-on: ubuntu-22.04
needs:
- k8s-setup
steps:
- uses: actions/checkout@v3
- name: Download Helm
uses: actions/download-artifact@v3
with:
name: helm
path: ./helm

- name: Make binaries globally available
run: |
chmod +x ./helm/helm && sudo mv ./helm/helm /usr/local/bin/helm

- name: Verify tools
run: |
helm version

- name: Install Helm Unit Test Plugin
run: |
helm plugin install https://github.com/helm-unittest/helm-unittest.git --version ${{ env.HELM_PLUGIN_UNITTEST }}

- name: Helm-Chart Unit Tests | Operator
working-directory: ./operator
run: make helm-unit-tests

- name: Helm-Chart Unit Tests | AutoDiscovery
working-directory: ./auto-discovery/kubernetes
run: make helm-unit-tests

- name: Helm-Chart Unit Tests | Hooks
working-directory: ./hooks
run: make helm-unit-tests

- name: Helm-Chart Unit Tests | Scanners
working-directory: ./scanners
run: make helm-unit-tests

- name: Helm-Chart Unit Tests | Demo-Targets
working-directory: ./demo-targets
run: make helm-unit-tests

unit-java:
name: "Unit-Test | Java"
runs-on: ubuntu-22.04
Expand Down
3 changes: 2 additions & 1 deletion auto-discovery/kubernetes/.helmignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,5 @@ go.sum
main.go
Makefile
PROJECT
auto-discovery-config.yaml
auto-discovery-config.yaml
./tests/
6 changes: 6 additions & 0 deletions auto-discovery/kubernetes/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,12 @@ test: manifests generate fmt vet envtest ## Run tests.
ginkgo: manifests generate fmt vet envtest ## Run tests.
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" ginko test ./... -coverprofile cover.out -v --progress

## Helm unit tests
.PHONY: helm-unit-tests
helm-unit-tests:
echo "Running helm unit tests for operator"; \
helm unittest . \

##@ Build

.PHONY: build
Expand Down
287 changes: 287 additions & 0 deletions auto-discovery/kubernetes/tests/__snapshot__/auto-discovery_test.yaml.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,287 @@
matches the snapshot:
1: |
apiVersion: v1
data:
auto-discovery.yaml: |
{
"apiVersion": "config.securecodebox.io/v1",
"cluster": {
"name": "docker-desktop"
},
"containerAutoDiscovery": {
"enabled": false,
"passiveReconcileInterval": "1m",
"scanConfigs": [
{
"annotations": {
"defectdojo.securecodebox.io/engagement-name": "{{ .Target.Name }}",
"defectdojo.securecodebox.io/engagement-version": "{{if (index .Target.Labels `app.kubernetes.io/version`) }}{{ index .Target.Labels `app.kubernetes.io/version` }}{{end}}",
"defectdojo.securecodebox.io/product-name": "{{ .Cluster.Name }} | {{ .Namespace.Name }} | {{ .Target.Name }}",
"defectdojo.securecodebox.io/product-tags": "cluster/{{ .Cluster.Name }},namespace/{{ .Namespace.Name }}"
},
"hookSelector": {},
"labels": {},
"name": "trivy",
"parameters": [
"{{ .ImageID }}"
],
"repeatInterval": "168h",
"scanType": "trivy-image-autodiscovery",
"volumeMounts": [],
"volumes": []
}
]
},
"health": {
"healthProbeBindAddress": ":8081"
},
"imagePullSecretConfig": {
"mapImagePullSecretsToEnvironmentVariables": true,
"passwordEnvironmentVariableName": "TRIVY_PASSWORD",
"usernameEnvironmentVariableName": "TRIVY_USERNAME"
},
"kind": "AutoDiscoveryConfig",
"leaderElection": {
"leaderElect": true,
"resourceName": "0e41a1f4.securecodebox.io"
},
"metrics": {
"bindAddress": "127.0.0.1:8080"
},
"resourceInclusion": {
"mode": "enabled-per-namespace"
},
"serviceAutoDiscovery": {
"enabled": true,
"passiveReconcileInterval": "1m",
"scanConfigs": [
{
"annotations": {
"defectdojo.securecodebox.io/engagement-name": "{{ .Target.Name }}",
"defectdojo.securecodebox.io/engagement-version": "{{if (index .Target.Labels `app.kubernetes.io/version`) }}{{ index .Target.Labels `app.kubernetes.io/version` }}{{end}}",
"defectdojo.securecodebox.io/product-name": "{{ .Cluster.Name }} | {{ .Namespace.Name }} | {{ .Target.Name }}",
"defectdojo.securecodebox.io/product-tags": "cluster/{{ .Cluster.Name }},namespace/{{ .Namespace.Name }}"
},
"hookSelector": {},
"labels": {},
"name": "zap",
"parameters": [
"-t",
"{{ .Host.Type }}://{{ .Service.Name }}.{{ .Service.Namespace }}.svc:{{ .Host.Port }}"
],
"repeatInterval": "168h",
"scanType": "zap-advanced-scan",
"volumeMounts": [],
"volumes": []
}
]
}
}
kind: ConfigMap
metadata:
name: auto-discovery
2: |
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: auto-discovery
name: auto-discovery
spec:
replicas: 1
selector:
matchLabels:
control-plane: auto-discovery
template:
metadata:
labels:
control-plane: auto-discovery
spec:
containers:
- args:
- --config
- /etc/securecodebox/auto-discovery.yaml
command:
- /manager
image: securecodebox/auto-discovery-kubernetes:0.0.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: auto-discovery
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 100m
memory: 20Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
volumeMounts:
- mountPath: /etc/securecodebox/auto-discovery.yaml
name: config
readOnly: true
subPath: auto-discovery.yaml
imagePullSecrets:
- name: foo
securityContext:
fsGroup: 1234
serviceAccountName: auto-discovery
terminationGracePeriodSeconds: 10
volumes:
- configMap:
name: auto-discovery
name: config
3: |
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: auto-discovery-leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
4: |
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: auto-discovery-leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: auto-discovery-leader-election-role
subjects:
- kind: ServiceAccount
name: auto-discovery
namespace: NAMESPACE
5: |
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: auto-discovery
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/status
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- get
- apiGroups:
- execution.securecodebox.io
resources:
- scantypes
verbs:
- get
- list
- watch
- apiGroups:
- execution.securecodebox.io
resources:
- scheduledscans
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- execution.securecodebox.io/status
resources:
- scheduledscans
verbs:
- get
- patch
- update
6: |
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: auto-discovery
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: auto-discovery
subjects:
- kind: ServiceAccount
name: auto-discovery
namespace: NAMESPACE
7: |
apiVersion: v1
kind: ServiceAccount
metadata:
name: auto-discovery
15 changes: 15 additions & 0 deletions auto-discovery/kubernetes/tests/auto-discovery_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
suite: Full Snapshot
templates:
- rbac/*.yaml
- manager/*.yaml
tests:
- it: matches the snapshot
chart:
version: 0.0.0
appVersion: 0.0.0
set:
imagePullSecrets: [{name: foo}]
podSecurityContext: {fsGroup: 1234}

asserts:
- matchSnapshot: {}
Loading