fixes

Signed-off-by: Ved Ratan <[email protected]>
5GSEC · Feb 20, 2024 · 0755e9c · 0755e9c
1 parent fb1223a
commit 0755e9c
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 42 deletions.
diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml
@@ -104,44 +104,44 @@ jobs:
         - name: Checkout
           uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-          # install tools
         - name: Install helm
           id: helm
           uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
           with:
             token: ${{ secrets.GITHUB_TOKEN }}
 
-          # install go
+
 
         - name: Install go
           uses: actions/setup-go@v5
           with:
             go-version: '1.21.7' # The Go version to download (if necessary) and use.
 
 
-        # install chainsaw
 
         - name: Install chainsaw
           uses: kyverno/action-install-chainsaw@8307cf9038333ce168dd4339ae24f9ab16ab7a00 # v0.1.4
 
-        # create kind cluster
 
         - name: Create k8s Kind Cluster
           uses: helm/kind-action@v1
 
 
         - name: start server
           run: |
-            make install
-            make run &
+            make docker-build
+            helm upgrade --install nimbus-operator /deployments/nimbus -n nimbus --create-namespace --set image.pullPolicy=Never
 
 
         - name: Wait for server to start
+          # run: |
+          #   until $(wget http://localhost:8081/readyz); do
+          #     echo 'Waiting for the server to start...'
+          #     sleep 5
+          #   done
           run: |
-            until $(wget http://localhost:8081/readyz); do
-              echo 'Waiting for the server to start...'
-              sleep 5
-            done
+            kubectl wait --for=condition=ready --timeout=5m -n nimbus pod -l app.kubernetes.io/name=nimbus
+            kubectl get pods -A
           
         - name: Run Tests
           run: |

diff --git a/tests/controllers/np-creation/chainsaw-test.yaml b/tests/controllers/np-creation/chainsaw-test.yaml
@@ -7,13 +7,9 @@ spec:
     assert: 10s
   steps:
   - try:
-    # first operation: create the config map
     - apply:
-        # file is relative to the test folder
         file: ../../../examples/namespaced/dns-manipulation-si-sib.yaml
-    # second operation: verify the config map exists and contains the expected data
     - assert:
-        # file is relative to the test folder
         file: ../../../examples/namespaced/dns-manipulation-si-sib.yaml
     - assert:
         file: nimbus-policy.yaml

diff --git a/tests/controllers/np-updation/chainsaw-test.yaml b/tests/controllers/np-updation/chainsaw-test.yaml
@@ -10,7 +10,6 @@ spec:
   - name: step-01 
     try:
       - apply:
-          # file is relative to the test folder
           file: ../../../examples/namespaced/dns-manipulation-si-sib.yaml
       - assert:
           file: ../../../examples/namespaced/dns-manipulation-si-sib.yaml

diff --git a/tests/controllers/sib-deletion/chainsaw-test.yaml b/tests/controllers/sib-deletion/chainsaw-test.yaml
@@ -6,29 +6,33 @@ spec:
   timeouts:
     assert: 10s
   steps:
-
-  - name: step-01 
+  - name: 01-Create-Resources
     try:
       - apply:
-          # file is relative to the test folder
           file: ../../../examples/namespaced/dns-manipulation-si-sib.yaml
       - assert:
           file: ../../../examples/namespaced/dns-manipulation-si-sib.yaml
-  - name: step-02
+  - name: 02-Delete-SIB
     try:
       - delete:
           ref:
             apiVersion: intent.security.nimbus.com/v1
             kind: SecurityIntentBinding
-            namespace: $(namespace)
             name: dns-manipulation-binding
           expect:
           - match:
               apiVersion: intent.security.nimbus.com/v1
               kind: SecurityIntentBinding
-              namespace: $(namespace)
               name: dns-manipulation-binding
             check:
               ($error != null): true
 
+
+  - name: 03-Assert-NP-Deletion
+    try:
+      - script:
+          content: kubectl get np -n $NAMESPACE dns-manipulation-binding
+          check: 
+            ($error != null): true
+
 
diff --git a/tests/controllers/sib-deletion/np-assert.yaml b/tests/controllers/sib-deletion/np-assert.yaml
@@ -0,0 +1,20 @@
+apiVersion: intent.security.nimbus.com/v1
+kind: NimbusPolicy
+metadata:
+  name: dns-manipulation-binding
+  ownerReferences:
+   - apiVersion: intent.security.nimbus.com/v1
+     blockOwnerDeletion: true
+     controller: true
+     kind: SecurityIntentBinding
+     name: dns-manipulation-binding
+spec:
+   rules:
+   - description: An adversary can manipulate DNS requests to redirect network traffic
+       and potentially reveal end user activity.
+     id: dnsManipulation
+     rule:
+       action: Block
+   selector:
+     matchLabels:
+       app: nginx
diff --git a/tests/controllers/sib-deletion/sib.yaml b/tests/controllers/sib-deletion/sib.yaml
diff --git a/tests/controllers/sib-updation/chainsaw-test.yaml b/tests/controllers/sib-updation/chainsaw-test.yaml
@@ -6,22 +6,19 @@ spec:
   timeouts:
     assert: 10s
   steps:
-
-  - name: step-01 
+  - name: 01-Create-Resources 
     try:
       - apply:
-          # file is relative to the test folder
           file: ../../../examples/namespaced/dns-manipulation-si-sib.yaml
       - assert:
           file: ../../../examples/namespaced/dns-manipulation-si-sib.yaml
-  - name: step-02
+  - name: 02-Update-SIB
     try:
       - apply:
           file: updated-sib.yaml
       - assert:
-          file: updated-sib.yaml
-
-  - name: step-03
+          file: updated-sib.yaml 
+  - name: 03-Assert-NP
     try:
       - script:
           content: kubectl get np -n $NAMESPACE dns-manipulation-binding -o=jsonpath='{.spec.selector.matchLabels.app}'