Skip to content

Commit

Permalink
update unitest
Browse files Browse the repository at this point in the history
  • Loading branch information
dwertent committed Oct 14, 2021
1 parent 46c2b24 commit d8ac255
Show file tree
Hide file tree
Showing 10 changed files with 10,847 additions and 101 deletions.
58 changes: 40 additions & 18 deletions exceptions/exceptionprocessor.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,46 @@ import (
"k8s.io/apimachinery/pkg/labels"
)

// SetFrameworkExceptions add exceptions to framework report
func SetFrameworkExceptions(frameworkReport *reporthandling.FrameworkReport, exceptionsPolicies []armotypes.PostureExceptionPolicy, clusterName string) {
for c := range frameworkReport.ControlReports {
SetControlExceptions(&frameworkReport.ControlReports[c], exceptionsPolicies, clusterName, frameworkReport.Name)
}
}

// SetControlExceptions add exceptions to control report
func SetControlExceptions(controlReport *reporthandling.ControlReport, exceptionsPolicies []armotypes.PostureExceptionPolicy, clusterName, frameworkName string) {
for r := range controlReport.RuleReports {
SetRuleExceptions(&controlReport.RuleReports[r], exceptionsPolicies, clusterName, frameworkName, controlReport.Name)
}
}

// SetRuleExceptions add exceptions to rule report
func SetRuleExceptions(ruleReport *reporthandling.RuleReport, exceptionsPolicies []armotypes.PostureExceptionPolicy, clusterName, frameworkName, controlName string) {

// adding exceptions to the rules
ruleExceptions := ListRuleExceptions(exceptionsPolicies, frameworkName, controlName, ruleReport.Name)
SetRuleResponsExceptions(ruleReport.RuleResponses, ruleExceptions, clusterName)
}

// SetRuleExceptions add exceptions to rule respons structure
func SetRuleResponsExceptions(results []reporthandling.RuleResponse, ruleExceptions []armotypes.PostureExceptionPolicy, clusterName string) {
if len(ruleExceptions) == 0 {
return
}
for i := range results {
workloads := alertObjectToWorkloads(&results[i].AlertObject)
if len(workloads) == 0 {
continue
}
for w := range workloads {
if exception := getException(ruleExceptions, workloads[w], clusterName); exception != nil {
results[i].Exception = exception
}
}
results[i].RuleStatus = results[i].GetStatus()
}
}
func ListRuleExceptions(exceptionPolicies []armotypes.PostureExceptionPolicy, frameworkName, controlName, ruleName string) []armotypes.PostureExceptionPolicy {
ruleExceptions := []armotypes.PostureExceptionPolicy{}
for i := range exceptionPolicies {
Expand Down Expand Up @@ -43,24 +83,6 @@ func ruleHasExceptions(exceptionPolicy *armotypes.PostureExceptionPolicy, framew

}

func AddExceptionsToRuleResponses(results []reporthandling.RuleResponse, ruleExceptions []armotypes.PostureExceptionPolicy, clusterName string) {
if len(ruleExceptions) == 0 {
return
}
for i := range results {
workloads := alertObjectToWorkloads(&results[i].AlertObject)
if len(workloads) == 0 {
continue
}
for w := range workloads {
if exception := getException(ruleExceptions, workloads[w], clusterName); exception != nil {
results[i].Exception = exception
}
}
results[i].RuleStatus = results[i].GetStatus()
}
}

func alertObjectToWorkloads(obj *reporthandling.AlertObject) []k8sinterface.IWorkload {
resource := []k8sinterface.IWorkload{}

Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ module github.com/armosec/opa-utils
go 1.17

require (
github.com/armosec/armoapi-go v0.0.2
github.com/armosec/armoapi-go v0.0.7
github.com/armosec/k8s-interface v0.0.2
github.com/francoispqt/gojay v1.2.13
github.com/open-policy-agent/opa v0.33.1
Expand Down
3 changes: 2 additions & 1 deletion go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -81,8 +81,9 @@ github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hC
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/armosec/armoapi-go v0.0.2 h1:lF+5O7k6enaGvQ+ZNu5S23HzmMuhBx38svlccOEMOGk=
github.com/armosec/armoapi-go v0.0.2/go.mod h1:vIK17yoKbJRQyZXWWLe3AqfqCRITxW8qmSkApyq5xFs=
github.com/armosec/armoapi-go v0.0.7 h1:SN13+iYrIkxgatU+MwuWnSlhxP1G7rZP7dC8us2I7v0=
github.com/armosec/armoapi-go v0.0.7/go.mod h1:iaVVGyc23QGGzAdv4n+szGQg3Rbpixn9yQTU3qWRpaw=
github.com/armosec/k8s-interface v0.0.2 h1:Xw7HbQLNO9DN4NlD486VgXPwVpMFFxxwTlrVkcpsn5M=
github.com/armosec/k8s-interface v0.0.2/go.mod h1:xxS+V5QT3gVQTwZyAMMDrYLWGrfKOpiJ7Jfhfa0w9sM=
github.com/armosec/utils-go v0.0.2/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
Expand Down
7 changes: 0 additions & 7 deletions reporthandling/datastructures.go
Original file line number Diff line number Diff line change
Expand Up @@ -177,10 +177,3 @@ type PolicyIdentifier struct {
Kind NotificationPolicyKind `json:"kind"`
Name string `json:"name"`
}

type IReportStatus interface {
GetStatus() string
Passed() bool
Warning() bool
Failed() bool
}
19 changes: 19 additions & 0 deletions reporthandling/datastructuresmethods.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,22 @@ func (frameworkReport *FrameworkReport) Failed() bool {
}
return false
}
func (frameworkReport *FrameworkReport) SetDefaultScore() {
frameworkReport.Score = float32(percentage(frameworkReport.GetNumberOfResources(), frameworkReport.GetNumberOfFailedResources()))
}

/*
func SetDefaultScore()
// set score
for c, controlReport := range opap.PostureReport.FrameworkReports[f].ControlReports {
// sumFailed += controlReport.GetNumberOfFailedResources()
// sumTotal += controlReport.GetNumberOfResources()
opap.PostureReport.FrameworkReports[f].ControlReports[c].Score = float32(percentage(controlReport.GetNumberOfResources(), controlReport.GetNumberOfFailedResources()))
}
opap.PostureReport.FrameworkReports[f].Score = float32(percentage(frameworkReport.GetNumberOfResources(), frameworkReport.GetNumberOfFailedResources()))
*/
// ==============================================================================================
// ========================== ControlReport =====================================================
// ==============================================================================================
Expand Down Expand Up @@ -182,6 +197,10 @@ func (controlReport *ControlReport) RemoveData(keepFields, keepMetadataFields []
}
}

func (controlReport *ControlReport) SetDefaultScore() {
controlReport.Score = float32(percentage(controlReport.GetNumberOfResources(), controlReport.GetNumberOfFailedResources()))
}

// ==============================================================================================
// ============================ RuleReport ======================================================
// ==============================================================================================
Expand Down
158 changes: 84 additions & 74 deletions reporthandling/datastructuresmethods_test.go
Original file line number Diff line number Diff line change
@@ -1,83 +1,93 @@
package reporthandling

// import (
// "encoding/json"
// "testing"
import (
"encoding/json"
"testing"

// "github.com/armosec/opa-utils/reporthandling/mock"
// "github.com/stretchr/testify/assert"
// )
"github.com/armosec/opa-utils/reporthandling/mock"
"github.com/stretchr/testify/assert"
)

// func FrameworkResultsMock(report string) (*FrameworkReport, error) {
// frameworkReport := &FrameworkReport{}
// if err := json.Unmarshal([]byte(report), frameworkReport); err != nil {
// return nil, err
// }
// return frameworkReport, nil
// }
func FrameworkResultsMock(report string) (*FrameworkReport, error) {
frameworkReport := &FrameworkReport{}
if err := json.Unmarshal([]byte(report), frameworkReport); err != nil {
return nil, err
}
return frameworkReport, nil
}

// func ControlsResultsMock(report string) ([]ControlReport, error) {
// f, err := FrameworkResultsMock(report)
// if err != nil {
// return nil, err
// }
// return f.ControlReports, nil
// }
func ControlsResultsMock(report string) ([]ControlReport, error) {
f, err := FrameworkResultsMock(report)
if err != nil {
return nil, err
}
return f.ControlReports, nil
}

// func TestControlsResults(t *testing.T) {
// framework, err := FrameworkResultsMock(mock.NSAScanWithExceptions)
// assert.NoError(t, err, err)
// assert.Equal(t, len(framework.ControlReports), 21)
func TestControlsResults(t *testing.T) {
framework, err := FrameworkResultsMock(mock.NSAScanV10119)
assert.NoError(t, err, err)
assert.Equal(t, len(framework.ControlReports), 21)

// SetUniqueResourcesCounter(framework)
SetUniqueResourcesCounter(framework)

// assert.Equal(t, 106, framework.GetNumberOfFailedResources(), "framework.GetNumberOfFailedResources")
// assert.Equal(t, 30, framework.GetNumberOfWarningResources(), "framework.GetNumberOfWarningResources")
assert.Equal(t, 24, framework.GetNumberOfFailedResources(), "framework.GetNumberOfFailedResources")
assert.Equal(t, 37, framework.GetNumberOfWarningResources(), "framework.GetNumberOfWarningResources")

// for _, control := range framework.ControlReports {
// switch control.ControlID {
// case "C-0005":
// assert.Equal(t, 0, control.GetNumberOfFailedResources(), "C-0005: control.GetNumberOfFailedResources")
// assert.Equal(t, 0, control.GetNumberOfFailedResources(), "C-0005: control.GetNumberOfFailedResources")
// assert.Equal(t, 0, control.GetNumberOfWarningResources(), "C-0005: GetNumberOfWarningResources")
// assert.True(t, control.Passed(), "C-0005: Passed")
// assert.False(t, control.Warning(), "C-0005: Warning")
// assert.False(t, control.Failed(), "C-0005: Failed")

// case "C-0038":
// assert.Equal(t, 0, control.GetNumberOfFailedResources(), "C-0038: GetNumberOfFailedResources")
// assert.Equal(t, 0, control.GetNumberOfWarningResources(), "C-0038: GetNumberOfWarningResources")
// assert.True(t, control.Passed(), "C-0038: Passed")
// assert.False(t, control.Warning(), "C-0038: Warning")
// assert.False(t, control.Failed(), "C-0038: Failed")
// case "C-0017": // TODO - test
// assert.Equal(t, 29, control.GetNumberOfFailedResources(), "C-0017: GetNumberOfFailedResources")
// assert.Equal(t, 10, control.GetNumberOfWarningResources(), "C-0017: GetNumberOfWarningResources")
// assert.False(t, control.Passed(), "C-0017: Passed")
// assert.False(t, control.Warning(), "C-0017: Warning")
// assert.True(t, control.Failed(), "C-0017: Failed")
// for _, rule := range control.RuleReports {
// assert.Equal(t, 29, rule.GetNumberOfFailedResources(), "C-0017: rule.GetNumberOfFailedResources")
// assert.Equal(t, 10, rule.GetNumberOfWarningResources(), "C-0017: rule.GetNumberOfWarningResources")
// }
// case "C-0009": // TODO - test
// assert.Equal(t, 0, control.GetNumberOfFailedResources(), "C-0009: GetNumberOfFailedResources")
// assert.Equal(t, 13, control.GetNumberOfWarningResources(), "C-0009: GetNumberOfWarningResources")
// assert.False(t, control.Passed(), "C-0009: Passed")
// assert.True(t, control.Warning(), "C-0009: Warning")
// assert.False(t, control.Failed(), "C-0009: Failed")
// case "C-0030": // TODO - test
// assert.Equal(t, 29, control.GetNumberOfFailedResources(), "C-0030: GetNumberOfFailedResources")
// assert.Equal(t, 10, control.GetNumberOfWarningResources(), "C-0030: GetNumberOfWarningResources")
// assert.False(t, control.Passed(), "C-0030: Passed")
// assert.False(t, control.Warning(), "C-0030: Warning")
// assert.True(t, control.Failed(), "C-0030: Failed")
// case "C-0013": // TODO - test
// assert.Equal(t, 0, control.GetNumberOfFailedResources(), "C-0013: GetNumberOfFailedResources")
// assert.Equal(t, 0, control.GetNumberOfWarningResources(), "C-0013: GetNumberOfWarningResources")
// assert.True(t, control.Passed(), "C-0013: Passed")
// assert.False(t, control.Warning(), "C-0013: Warning")
// assert.False(t, control.Failed(), "C-0013: Failed")
// }
// }
// }
for _, control := range framework.ControlReports {
switch control.ControlID {
case "C-0005":
assert.Equal(t, 0, control.GetNumberOfFailedResources(), "C-0005: control.GetNumberOfFailedResources")
assert.Equal(t, 0, control.GetNumberOfWarningResources(), "C-0005: GetNumberOfWarningResources")
assert.True(t, control.Passed(), "C-0005: Passed")
assert.False(t, control.Warning(), "C-0005: Warning")
assert.False(t, control.Failed(), "C-0005: Failed")
case "C-0038":
assert.Equal(t, 0, control.GetNumberOfFailedResources(), "C-0038: GetNumberOfFailedResources")
assert.Equal(t, 0, control.GetNumberOfWarningResources(), "C-0038: GetNumberOfWarningResources")
assert.True(t, control.Passed(), "C-0038: Passed")
assert.False(t, control.Warning(), "C-0038: Warning")
assert.False(t, control.Failed(), "C-0038: Failed")
case "C-0017":
assert.Equal(t, 0, control.GetNumberOfFailedResources(), "C-0017: GetNumberOfFailedResources")
assert.Equal(t, 6, control.GetNumberOfWarningResources(), "C-0017: GetNumberOfWarningResources")
assert.False(t, control.Passed(), "C-0017: Passed")
assert.True(t, control.Warning(), "C-0017: Warning")
assert.False(t, control.Failed(), "C-0017: Failed")
for _, rule := range control.RuleReports {
assert.Equal(t, 0, rule.GetNumberOfFailedResources(), "C-0017: rule.GetNumberOfFailedResources")
assert.Equal(t, 6, rule.GetNumberOfWarningResources(), "C-0017: rule.GetNumberOfWarningResources")
}
case "C-0009":
assert.Equal(t, 0, control.GetNumberOfFailedResources(), "C-0009: GetNumberOfFailedResources")
assert.Equal(t, 6, control.GetNumberOfWarningResources(), "C-0009: GetNumberOfWarningResources")
assert.False(t, control.Passed(), "C-0009: Passed")
assert.True(t, control.Warning(), "C-0009: Warning")
assert.False(t, control.Failed(), "C-0009: Failed")
case "C-0030":
assert.Equal(t, 7, control.GetNumberOfFailedResources(), "C-0030: GetNumberOfFailedResources")
assert.Equal(t, 0, control.GetNumberOfWarningResources(), "C-0030: GetNumberOfWarningResources")
assert.False(t, control.Passed(), "C-0030: Passed")
assert.False(t, control.Warning(), "C-0030: Warning")
assert.True(t, control.Failed(), "C-0030: Failed")
case "C-0013":
assert.Equal(t, 0, control.GetNumberOfFailedResources(), "C-0013: GetNumberOfFailedResources")
assert.Equal(t, 0, control.GetNumberOfWarningResources(), "C-0013: GetNumberOfWarningResources")
assert.True(t, control.Passed(), "C-0013: Passed")
assert.False(t, control.Warning(), "C-0013: Warning")
assert.False(t, control.Failed(), "C-0013: Failed")
case "C-0034":
assert.Equal(t, 5, control.GetNumberOfFailedResources(), "C-0034: GetNumberOfFailedResources")
assert.Equal(t, 31, control.GetNumberOfWarningResources(), "C-0034: GetNumberOfWarningResources")
assert.False(t, control.Passed(), "C-0034: Passed")
assert.False(t, control.Warning(), "C-0034: Warning")
assert.True(t, control.Failed(), "C-0034: Failed")
case "C-0035":
assert.Equal(t, 6, control.GetNumberOfFailedResources(), "C-0035: GetNumberOfFailedResources")
assert.Equal(t, 0, control.GetNumberOfWarningResources(), "C-0035: GetNumberOfWarningResources")
assert.False(t, control.Passed(), "C-0035: Passed")
assert.False(t, control.Warning(), "C-0035: Warning")
assert.True(t, control.Failed(), "C-0035: Failed")
}
}
}
10 changes: 10 additions & 0 deletions reporthandling/datastructuresmethodshelper.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,3 +34,13 @@ func StringInSlice(strSlice []string, str string) bool {
func RemoveResponse(slice []RuleResponse, index int) []RuleResponse {
return append(slice[:index], slice[index+1:]...)
}

func percentage(big, small int) int {
if big == 0 {
if small == 0 {
return 100
}
return 0
}
return int(float64(float64(big-small)/float64(big)) * 100)
}
Loading

0 comments on commit d8ac255

Please sign in to comment.