-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
84 additions
and
0 deletions.
There are no files selected for viewing
16 changes: 16 additions & 0 deletions
16
tests/providers/kubernetes/lib/mutelist/fixtures/kubernetes_mutelist.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
### Account, Check and/or Region can be * to apply for all the cases. | ||
### Resources and tags are lists that can have either Regex or Keywords. | ||
### Tags is an optional list that matches on tuples of 'key=value' and are "ANDed" together. | ||
### Use an alternation Regex to match one of multiple tags with "ORed" logic. | ||
### For each check you can except Accounts, Regions, Resources and/or Tags. | ||
########################### MUTELIST EXAMPLE ########################### | ||
Mutelist: | ||
Accounts: | ||
"project_1": | ||
Checks: | ||
"controllermanager_bind_address": | ||
Regions: | ||
- "*" | ||
Resources: | ||
- "resource_1" | ||
- "resource_2" |
68 changes: 68 additions & 0 deletions
68
tests/providers/kubernetes/lib/mutelist/kubernetes_mutelist_test.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
import yaml | ||
from mock import MagicMock | ||
|
||
from prowler.providers.kubernetes.lib.mutelist.mutelist import MutelistKubernetes | ||
|
||
MUTELIST_FIXTURE_PATH = ( | ||
"tests/providers/kubernetes/lib/mutelist/fixtures/kubernetes_mutelist.yaml" | ||
) | ||
|
||
|
||
class TestMutelistGCP: | ||
def test_get_mutelist_file_from_local_file(self): | ||
mutelist = MutelistKubernetes(mutelist_path=MUTELIST_FIXTURE_PATH) | ||
|
||
with open(MUTELIST_FIXTURE_PATH) as f: | ||
mutelist_fixture = yaml.safe_load(f)["Mutelist"] | ||
|
||
assert mutelist.mutelist == mutelist_fixture | ||
assert mutelist.mutelist_file_path == MUTELIST_FIXTURE_PATH | ||
|
||
def test_get_mutelist_file_from_local_file_non_existent(self): | ||
mutelist_path = "tests/lib/mutelist/fixtures/not_present" | ||
mutelist = MutelistKubernetes(mutelist_path=mutelist_path) | ||
|
||
assert mutelist.mutelist == {} | ||
assert mutelist.mutelist_file_path == mutelist_path | ||
|
||
def test_validate_mutelist_not_valid_key(self): | ||
mutelist_path = MUTELIST_FIXTURE_PATH | ||
with open(mutelist_path) as f: | ||
mutelist_fixture = yaml.safe_load(f)["Mutelist"] | ||
|
||
mutelist_fixture["Accounts1"] = mutelist_fixture["Accounts"] | ||
del mutelist_fixture["Accounts"] | ||
|
||
mutelist = MutelistKubernetes(mutelist_content=mutelist_fixture) | ||
|
||
assert not mutelist.validate_mutelist() | ||
assert mutelist.mutelist == {} | ||
assert mutelist.mutelist_file_path is None | ||
|
||
def test_is_finding_muted(self): | ||
# Mutelist | ||
mutelist_content = { | ||
"Accounts": { | ||
"cluster_1": { | ||
"Checks": { | ||
"check_test": { | ||
# TODO: review this with Sergio | ||
"Regions": ["*"], | ||
"Resources": ["test_resource"], | ||
} | ||
} | ||
} | ||
} | ||
} | ||
|
||
mutelist = MutelistKubernetes(mutelist_content=mutelist_content) | ||
|
||
finding = MagicMock | ||
finding.check_metadata = MagicMock | ||
finding.check_metadata.CheckID = "check_test" | ||
finding.status = "FAIL" | ||
finding.resource_name = "test_resource" | ||
finding.namespace = "test-location" | ||
finding.resource_tags = [] | ||
|
||
assert mutelist.is_finding_muted(finding, "cluster_1") |