fixed bug

Ishaanj18 · Jun 10, 2024 · 10a1ac3 · 10a1ac3
1 parent f671c02
commit 10a1ac3
Showing 1 changed file with 105 additions and 105 deletions.
diff --git a/tests/lfx_tests/k8s_env/policy_enforcement/policy_enforcement_test.go b/tests/lfx_tests/k8s_env/policy_enforcement/policy_enforcement_test.go
@@ -58,111 +58,111 @@ var _ = Describe("HSP", func() {
 			})
 		})
 
-		// 		Context("Test hsp-kubearmor-dev-next-file-path-audit", func() {
-		// 			It("Should audit access to /etc/passwd", func() {
-		// 				err := K8sApplyFile("res/hsp-kubearmor-dev-next-file-path-audit.yaml")
-		// 				Expect(err).To(BeNil())
-
-		// 				// Start Kubearmor Logs
-		// 				err = KarmorLogStart("policy", "", "File", "")
-		// 				Expect(err).To(BeNil())
-
-		// 				out, err := exec.Command("cat", "/etc/passwd").CombinedOutput()
-		// 				fmt.Printf("---START---\n%s---END---\n", string(out))
-		// 				Expect(err).ToNot(HaveOccurred())
-
-		// 				out, err = exec.Command("head", "/etc/passwd").CombinedOutput()
-		// 				fmt.Printf("---START---\n%s---END---\n", string(out))
-		// 				Expect(err).ToNot(HaveOccurred())
-
-		// 				// check policy audit alert
-		// 				_, alerts, err := KarmorGetLogs(5*time.Second, 2)
-		// 				Expect(err).To(BeNil())
-		// 				Expect(len(alerts)).To(BeNumerically(">=", 2))
-		// 				for _, alert := range alerts {
-		// 					Expect(alert.PolicyName).To(Equal("hsp-kubearmor-dev-next-file-path-audit"))
-		// 					Expect(alert.Action).To(Equal("Audit"))
-		// 				}
-		// 			})
-		// 		})
-
-		// 		Context("Test hsp-kubearmor-dev-next-file-path-block", func() {
-		// 			It("Should block access to /etc/hostname", func() {
-		// 				err := K8sApplyFile("res/hsp-kubearmor-dev-next-file-path-block.yaml")
-		// 				Expect(err).To(BeNil())
-
-		// 				// Start Kubearmor Logs
-		// 				err = KarmorLogStart("policy", "", "File", "")
-		// 				Expect(err).To(BeNil())
-
-		// 				out, err := exec.Command("cat", "/etc/hostname").CombinedOutput()
-		// 				fmt.Printf("---START---\n%s---END---\n", string(out))
-		// 				Expect(err).To(HaveOccurred())
-
-		// 				// check policy violation alert
-		// 				_, alerts, err := KarmorGetLogs(5*time.Second, 1)
-		// 				Expect(err).To(BeNil())
-		// 				Expect(len(alerts)).To(BeNumerically(">=", 1))
-		// 				Expect(alerts[0].PolicyName).To(Equal("hsp-kubearmor-dev-next-file-path-block"))
-		// 				Expect(alerts[0].Action).To(Equal("Block"))
-		// 			})
-		// 		})
-
-		// 		Context("Test hsp-kubearmor-dev-next-proc-path-block-fromsource", func() {
-		// 			It("Should block execution of /bin/date by /bin/bash", func() {
-		// 				// Apply KubeArmor policy
-		// 				err := K8sApplyFile("res/hsp-kubearmor-dev-next-proc-path-block-fromSource.yaml")
-		// 				Expect(err).To(BeNil(), "Failed to apply KubeArmor policy")
-
-		// 				// Start Kubearmor Logs
-		// 				err = KarmorLogStart("policy", "", "Process", "")
-		// 				Expect(err).To(BeNil(), "Failed to start KubeArmor logs")
-
-		// 				// Execute 'date' command from 'bash' shell
-		// 				out, err := exec.Command("bash", "-c", "date").CombinedOutput()
-		// 				fmt.Printf("---START---\n%s---END---\n", string(out))
-		// 				Expect(err).To(HaveOccurred(), "Expected error, but none occurred")
-		// 				Expect(string(out)).To(ContainSubstring("Permission denied"), "Expected permission denied error")
-
-		// 				// Execute 'ls' command from 'bash' shell
-		// 				out, err = exec.Command("bash", "-c", "ls").CombinedOutput()
-		// 				fmt.Printf("---START---\n%s---END---\n", string(out))
-		// 				Expect(err).ToNot(HaveOccurred(), "Expected no error, but an error occurred")
-
-		// 				// Check for policy violation alert for 'date' command
-		// 				_, alerts, err := KarmorGetLogs(5*time.Second, 1)
-		// 				Expect(err).To(BeNil(), "Failed to retrieve KubeArmor logs")
-		// 				Expect(len(alerts)).To(BeNumerically(">=", 1), "Expected at least one alert")
-		// 				Expect(alerts[0].PolicyName).To(Equal("hsp-kubearmor-dev-next-proc-path-block-fromSource"), "Unexpected policy name in alert")
-		// 				Expect(alerts[0].Action).To(Equal("Block"), "Unexpected action in alert")
-		// 			})
-		// 		})
-
-		// 		Context("Test hsp-kubearmor-dev-next-proc-path-allow-fromsource", func() {
-		// 			It("Should allow execution of /bin/date by /bin/bash", func() {
-		// 				err := K8sApplyFile("res/hsp-kubearmor-dev-next-proc-path-allow-fromSource.yaml")
-		// 				Expect(err).To(BeNil())
-
-		// 				// Start Kubearmor Logs
-		// 				err = KarmorLogStart("policy", "", "Process", "")
-		// 				Expect(err).To(BeNil())
-
-		// 				out, err := exec.Command("bash", "-c", "date").CombinedOutput()
-		// 				fmt.Printf("---START---\n%s---END---\n", string(out))
-		// 				Expect(err).ToNot(HaveOccurred())
-
-		// 				out, err = exec.Command("bash", "-c", "ls").CombinedOutput()
-		// 				fmt.Printf("---START---\n%s---END---\n", string(out))
-		// 				Expect(err).To(HaveOccurred())
-
-		// 				// check policy allow alert for date command
-		// 				_, alerts, err := KarmorGetLogs(5*time.Second, 1)
-		// 				Expect(err).To(BeNil())
-		// 				Expect(len(alerts)).To(BeNumerically(">=", 1))
-		// 				Expect(alerts[0].PolicyName).To(Equal("hsp-kubearmor-dev-next-proc-path-allow-fromsource"))
-		// 				Expect(alerts[0].Action).To(Equal("Allow"))
-		// 			})
-		// 		})
+		Context("Test hsp-kubearmor-dev-next-file-path-audit", func() {
+			It("Should audit access to /etc/passwd", func() {
+				err := K8sApplyFile("res/hsp-kubearmor-dev-next-file-path-audit.yaml")
+				Expect(err).To(BeNil())
+
+				// Start Kubearmor Logs
+				err = KarmorLogStart("policy", "", "File", "")
+				Expect(err).To(BeNil())
+
+				out, err := exec.Command("cat", "/etc/passwd").CombinedOutput()
+				fmt.Printf("---START---\n%s---END---\n", string(out))
+				Expect(err).ToNot(HaveOccurred())
+
+				out, err = exec.Command("head", "/etc/passwd").CombinedOutput()
+				fmt.Printf("---START---\n%s---END---\n", string(out))
+				Expect(err).ToNot(HaveOccurred())
+
+				// check policy audit alert
+				_, alerts, err := KarmorGetLogs(5*time.Second, 2)
+				Expect(err).To(BeNil())
+				Expect(len(alerts)).To(BeNumerically(">=", 2))
+				for _, alert := range alerts {
+					Expect(alert.PolicyName).To(Equal("hsp-kubearmor-dev-next-file-path-audit"))
+					Expect(alert.Action).To(Equal("Audit"))
+				}
+			})
+		})
+
+		Context("Test hsp-kubearmor-dev-next-file-path-block", func() {
+			It("Should block access to /etc/hostname", func() {
+				err := K8sApplyFile("res/hsp-kubearmor-dev-next-file-path-block.yaml")
+				Expect(err).To(BeNil())
+
+				// Start Kubearmor Logs
+				err = KarmorLogStart("policy", "", "File", "")
+				Expect(err).To(BeNil())
+
+				out, err := exec.Command("cat", "/etc/hostname").CombinedOutput()
+				fmt.Printf("---START---\n%s---END---\n", string(out))
+				Expect(err).To(HaveOccurred())
+
+				// check policy violation alert
+				_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+				Expect(err).To(BeNil())
+				Expect(len(alerts)).To(BeNumerically(">=", 1))
+				Expect(alerts[0].PolicyName).To(Equal("hsp-kubearmor-dev-next-file-path-block"))
+				Expect(alerts[0].Action).To(Equal("Block"))
+			})
+		})
+
+		Context("Test hsp-kubearmor-dev-next-proc-path-block-fromsource", func() {
+			It("Should block execution of /bin/date by /bin/bash", func() {
+				// Apply KubeArmor policy
+				err := K8sApplyFile("res/hsp-kubearmor-dev-next-proc-path-block-fromSource.yaml")
+				Expect(err).To(BeNil(), "Failed to apply KubeArmor policy")
+
+				// Start Kubearmor Logs
+				err = KarmorLogStart("policy", "", "Process", "")
+				Expect(err).To(BeNil(), "Failed to start KubeArmor logs")
+
+				// Execute 'date' command from 'bash' shell
+				out, err := exec.Command("bash", "-c", "date").CombinedOutput()
+				fmt.Printf("---START---\n%s---END---\n", string(out))
+				Expect(err).To(HaveOccurred(), "Expected error, but none occurred")
+				Expect(string(out)).To(ContainSubstring("Permission denied"), "Expected permission denied error")
+
+				// Execute 'ls' command from 'bash' shell
+				out, err = exec.Command("bash", "-c", "ls").CombinedOutput()
+				fmt.Printf("---START---\n%s---END---\n", string(out))
+				Expect(err).ToNot(HaveOccurred(), "Expected no error, but an error occurred")
+
+				// Check for policy violation alert for 'date' command
+				_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+				Expect(err).To(BeNil(), "Failed to retrieve KubeArmor logs")
+				Expect(len(alerts)).To(BeNumerically(">=", 1), "Expected at least one alert")
+				Expect(alerts[0].PolicyName).To(Equal("hsp-kubearmor-dev-next-proc-path-block-fromSource"), "Unexpected policy name in alert")
+				Expect(alerts[0].Action).To(Equal("Block"), "Unexpected action in alert")
+			})
+		})
+
+		Context("Test hsp-kubearmor-dev-next-proc-path-allow-fromsource", func() {
+			It("Should allow execution of /bin/date by /bin/bash", func() {
+				err := K8sApplyFile("res/hsp-kubearmor-dev-next-proc-path-allow-fromSource.yaml")
+				Expect(err).To(BeNil())
+
+				// Start Kubearmor Logs
+				err = KarmorLogStart("policy", "", "Process", "")
+				Expect(err).To(BeNil())
+
+				out, err := exec.Command("bash", "-c", "date").CombinedOutput()
+				fmt.Printf("---START---\n%s---END---\n", string(out))
+				Expect(err).ToNot(HaveOccurred())
+
+				out, err = exec.Command("bash", "-c", "ls").CombinedOutput()
+				fmt.Printf("---START---\n%s---END---\n", string(out))
+				Expect(err).To(HaveOccurred())
+
+				// check policy allow alert for date command
+				_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+				Expect(err).To(BeNil())
+				Expect(len(alerts)).To(BeNumerically(">=", 1))
+				Expect(alerts[0].PolicyName).To(Equal("hsp-kubearmor-dev-next-proc-path-allow-fromsource"))
+				Expect(alerts[0].Action).To(Equal("Allow"))
+			})
+		})
 
 	})
 })