handle ginkgo test flakiness

rksharma95 · rksharma95 · commit c60a17a0af34 · 2024-10-08T10:38:10.000+05:30
Signed-off-by: rksharma95 &lt;ramakant@accuknox.com&gt;
diff --git a/tests/k8s_env/multicontainer/multicontainer_test.go b/tests/k8s_env/multicontainer/multicontainer_test.go
@@ -7,6 +7,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/kubearmor/KubeArmor/protobuf"
+
 	. "github.com/kubearmor/KubeArmor/tests/util"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -59,13 +61,16 @@ var _ = Describe("Multicontainer", func() {
 			fmt.Printf("---START---\n%s---END---\n", sout)
 			Expect(sout).To(MatchRegexp(".*Permission denied"))
 
+			expect := protobuf.Alert{
+				PolicyName:    "container-1-block-ls",
+				Severity:      "2",
+				ContainerName: "container-1",
+			}
+
 			// check policy violation alert
-			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
 			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically(">=", 1))
-			Expect(alerts[0].PolicyName).To(Equal("container-1-block-ls"))
-			Expect(alerts[0].Severity).To(Equal("2"))
-			Expect(alerts[0].ContainerName).To(Equal("container-1"))
+			Expect(res.Found).To(BeTrue())
 
 			//container-2 should run ls
 			sout, _, err = K8sExecInPodWithContainer(multicontainer, "multicontainer", "container-2", []string{"bash", "-c", "ls"})
@@ -87,26 +92,33 @@ var _ = Describe("Multicontainer", func() {
 			Expect(sout).To(MatchRegexp(".*Permission denied"))
 
 			// check policy violation alert
-			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+			expect := protobuf.Alert{
+				PolicyName:    "empty-array-ls-block",
+				Severity:      "4",
+				ContainerName: "container-1",
+			}
+
+			// check policy violation alert
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
 			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically(">=", 1))
-			Expect(alerts[0].PolicyName).To(Equal("empty-array-ls-block"))
-			Expect(alerts[0].Severity).To(Equal("4"))
-			Expect(alerts[0].ContainerName).To(Equal("container-1"))
+			Expect(res.Found).To(BeTrue())
 
 			sout, _, err = K8sExecInPodWithContainer(multicontainer, "multicontainer", "container-2", []string{"bash", "-c", "ls"})
 			Expect(err).To(BeNil())
 			fmt.Printf("---START---\n%s---END---\n", sout)
 			Expect(sout).To(MatchRegexp(".*Permission denied"))
 
 			// check policy violation alert
-			_, alerts, err = KarmorGetLogs(5*time.Second, 1)
-			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically(">=", 1))
-			Expect(alerts[0].PolicyName).To(Equal("empty-array-ls-block"))
-			Expect(alerts[0].Severity).To(Equal("4"))
-			Expect(alerts[0].ContainerName).To(Equal("container-2"))
+			expect = protobuf.Alert{
+				PolicyName:    "empty-array-ls-block",
+				Severity:      "4",
+				ContainerName: "container-2",
+			}
 
+			// check policy violation alert
+			res, err = KarmorGetTargetAlert(5*time.Second, &expect)
+			Expect(err).To(BeNil())
+			Expect(res.Found).To(BeTrue())
 		})
 
 		//kubearmor.io/container.name: ""
@@ -123,25 +135,33 @@ var _ = Describe("Multicontainer", func() {
 			Expect(sout).To(MatchRegexp(".*Permission denied"))
 
 			// check policy violation alert
-			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+			expect := protobuf.Alert{
+				PolicyName:    "empty-array-ls-block",
+				Severity:      "4",
+				ContainerName: "container-1",
+			}
+
+			// check policy violation alert
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
 			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically(">=", 1))
-			Expect(alerts[0].PolicyName).To(Equal("empty-array-ls-block"))
-			Expect(alerts[0].Severity).To(Equal("4"))
-			Expect(alerts[0].ContainerName).To(Equal("container-1"))
+			Expect(res.Found).To(BeTrue())
 
 			sout, _, err = K8sExecInPodWithContainer(multicontainer, "multicontainer", "container-2", []string{"bash", "-c", "ls"})
 			Expect(err).To(BeNil())
 			fmt.Printf("---START---\n%s---END---\n", sout)
 			Expect(sout).To(MatchRegexp(".*Permission denied"))
 
 			// check policy violation alert
-			_, alerts, err = KarmorGetLogs(5*time.Second, 1)
+			expect = protobuf.Alert{
+				PolicyName:    "empty-array-ls-block",
+				Severity:      "4",
+				ContainerName: "container-2",
+			}
+
+			// check policy violation alert
+			res, err = KarmorGetTargetAlert(5*time.Second, &expect)
 			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically(">=", 1))
-			Expect(alerts[0].PolicyName).To(Equal("empty-array-ls-block"))
-			Expect(alerts[0].Severity).To(Equal("4"))
-			Expect(alerts[0].ContainerName).To(Equal("container-2"))
+			Expect(res.Found).To(BeTrue())
 
 		})
 
@@ -158,12 +178,16 @@ var _ = Describe("Multicontainer", func() {
 			Expect(sout).To(MatchRegexp(".*Permission denied"))
 
 			// check policy violation alert
-			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+			expect := protobuf.Alert{
+				PolicyName:    "malformated-array-ls-block",
+				Severity:      "4",
+				ContainerName: "container-1",
+			}
+
+			// check policy violation alert
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
 			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically(">=", 1))
-			Expect(alerts[0].PolicyName).To(Equal("malformated-array-ls-block"))
-			Expect(alerts[0].Severity).To(Equal("4"))
-			Expect(alerts[0].ContainerName).To(Equal("container-1"))
+			Expect(res.Found).To(BeTrue())
 
 			//container-2 should run ls
 			sout, _, err = K8sExecInPodWithContainer(multicontainer, "multicontainer", "container-2", []string{"bash", "-c", "ls"})
diff --git a/tests/k8s_env/smoke/smoke_test.go b/tests/k8s_env/smoke/smoke_test.go
@@ -7,7 +7,9 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/kubearmor/KubeArmor/protobuf"
 	"github.com/kubearmor/KubeArmor/tests/util"
+
 	. "github.com/kubearmor/KubeArmor/tests/util"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -72,11 +74,15 @@ var _ = Describe("Smoke", func() {
 			Expect(sout).To(MatchRegexp("apt.*Permission denied"))
 
 			// check policy violation alert
-			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+			expect := protobuf.Alert{
+				PolicyName: "ksp-wordpress-block-process",
+				Severity:   "3",
+			}
+
+			// check policy violation alert
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
 			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically(">=", 1))
-			Expect(alerts[0].PolicyName).To(Equal("ksp-wordpress-block-process"))
-			Expect(alerts[0].Severity).To(Equal("3"))
+			Expect(res.Found).To(BeTrue())
 		})
 
 		It("can block execution of access to sensitive file with abs path", func() {
@@ -98,13 +104,15 @@ var _ = Describe("Smoke", func() {
 			Expect(sout).To(MatchRegexp("wp-config.php.*Permission denied"))
 
 			// check policy violation alert
-			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+			expect := protobuf.Alert{
+				PolicyName: "ksp-wordpress-block-config",
+				Severity:   "10",
+				Message:    "blocked access to wordpress configuration file",
+			}
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
 			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically(">=", 1))
-			fmt.Printf("%+v\n", alerts[0])
-			Expect(alerts[0].PolicyName).To(Equal("ksp-wordpress-block-config"))
-			Expect(alerts[0].Severity).To(Equal("10"))
-			Expect(alerts[0].Message).To(Equal("blocked access to wordpress configuration file"))
+			Expect(res.Found).To(BeTrue())
+
 		})
 
 		It("can block execution of access to sensitive file with rel path", func() {
@@ -126,13 +134,14 @@ var _ = Describe("Smoke", func() {
 			Expect(sout).To(MatchRegexp("wp-config.php.*Permission denied"))
 
 			// check policy violation alert
-			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
-			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically(">=", 1))
-			fmt.Printf("%+v\n", alerts[0])
-			Expect(alerts[0].PolicyName).To(Equal("ksp-wordpress-block-config"))
-			Expect(alerts[0].Severity).To(Equal("10"))
-			Expect(alerts[0].Message).To(Equal("blocked access to wordpress configuration file"))
+			expect := protobuf.Alert{
+				PolicyName: "ksp-wordpress-block-config",
+				Severity:   "10",
+				Message:    "blocked access to wordpress configuration file",
+			}
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
+			Expect(err).To(BeNil())
+			Expect(res.Found).To(BeTrue())
 		})
 
 		It("can block execution of access to service account token", func() {
@@ -154,11 +163,13 @@ var _ = Describe("Smoke", func() {
 			Expect(sout).To(MatchRegexp("token.*Permission denied"))
 
 			// check policy violation alert
-			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+			expect := protobuf.Alert{
+				PolicyName: "ksp-wordpress-block-sa",
+				Severity:   "7",
+			}
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
 			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically(">=", 1))
-			Expect(alerts[0].PolicyName).To(Equal("ksp-wordpress-block-sa"))
-			Expect(alerts[0].Severity).To(Equal("7"))
+			Expect(res.Found).To(BeTrue())
 		})
 
 		It("allow access for service account token to only cat", func() {
@@ -181,12 +192,14 @@ var _ = Describe("Smoke", func() {
 			Expect(sout).To(MatchRegexp("token.*Permission denied"))
 
 			// check policy violation alert
-			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+			expect := protobuf.Alert{
+				PolicyName: "ksp-wordpress-lenient-allow-sa",
+				Severity:   "7",
+				Source:     "head",
+			}
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
 			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically(">=", 1))
-			fmt.Printf("---Alert---\n%s", alerts[0].String())
-			Expect(alerts[0].PolicyName).To(Equal("ksp-wordpress-lenient-allow-sa"))
-			Expect(alerts[0].Severity).To(Equal("7"))
+			Expect(res.Found).To(BeTrue())
 
 			// trigger normal operations permitted by policy
 			sout, _, err = K8sExecInPod(wp, "wordpress-mysql",
@@ -205,9 +218,14 @@ var _ = Describe("Smoke", func() {
 			Expect(sout).To(Not(ContainSubstring("Permission denied")))
 
 			// check for no policy violation alert
-			_, alerts, err = KarmorGetLogs(3*time.Second, 1)
-			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically("==", 0))
+			expect = protobuf.Alert{
+				PolicyName: "ksp-wordpress-lenient-allow-sa",
+				Severity:   "7",
+				Source:     "cat",
+			}
+			res, err = KarmorGetTargetAlert(5*time.Second, &expect)
+			Expect(err).To(BeNil())
+			Expect(res.Found).To(BeFalse())
 		})
 
 		It("can audit access to sensitive data path", func() {
@@ -229,12 +247,13 @@ var _ = Describe("Smoke", func() {
 			fmt.Printf("OUTPUT: %s\n", sout)
 
 			// check policy violation alert
-			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+			expect := protobuf.Alert{
+				PolicyName: "ksp-mysql-audit-dir",
+				Severity:   "5",
+			}
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
 			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically(">=", 1))
-			fmt.Printf("---Alert---\n%s", alerts[0].String())
-			Expect(alerts[0].PolicyName).To(Equal("ksp-mysql-audit-dir"))
-			Expect(alerts[0].Severity).To(Equal("5"))
+			Expect(res.Found).To(BeTrue())
 
 			_, _, err = K8sExecInPod(sql, "wordpress-mysql",
 				[]string{"bash", "-c", fmt.Sprintf("rm %s", fname)})
@@ -283,10 +302,13 @@ var _ = Describe("Smoke", func() {
 			Expect(sout).To(ContainSubstring("Permission denied"))
 
 			// check policy violation alert
-			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
+			expect := protobuf.Alert{
+				PolicyName: "ksp-wordpress-block-mount-file",
+				Severity:   "5",
+			}
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
 			Expect(err).To(BeNil())
-			Expect(alerts[0].PolicyName).To(Equal("ksp-wordpress-block-mount-file"))
-			Expect(alerts[0].Severity).To(Equal("5"))
+			Expect(res.Found).To(BeTrue())
 		})
 		It("will allow use of tcp network protocol by curl and bash", func() {
 			err := util.AnnotateNS("wordpress-mysql", "kubearmor-network-posture", "audit")
@@ -323,11 +345,13 @@ var _ = Describe("Smoke", func() {
 			Expect(sout).To(ContainSubstring("http://www.google.com/"))
 
 			// check alert
-			_, alerts, err = KarmorGetLogs(5*time.Second, 1)
+			expect := protobuf.Alert{
+				PolicyName: "DefaultPosture",
+				Result:     "Passed",
+			}
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
 			Expect(err).To(BeNil())
-			Expect(len(alerts)).To(BeNumerically(">=", 1))
-			Expect(alerts[0].PolicyName).To(Equal("DefaultPosture"))
-			Expect(alerts[0].Result).To(Equal("Passed"))
+			Expect(res.Found).To(BeTrue())
 		})
 	})
 })
diff --git a/tests/util/karmorlog.go b/tests/util/karmorlog.go
@@ -124,6 +124,11 @@ func getAlertWithInfo(alert *pb.Alert, target *pb.Alert) bool {
 			return false
 		}
 	}
+	if target.Source != "" {
+		if !strings.Contains(alert.Source, target.Source) {
+			return false
+		}
+	}
 	if target.NamespaceName != "" {
 		if alert.NamespaceName != target.NamespaceName {
 			return false
@@ -134,6 +139,11 @@ func getAlertWithInfo(alert *pb.Alert, target *pb.Alert) bool {
 			return false
 		}
 	}
+	if target.ContainerName != "" {
+		if !strings.Contains(alert.ContainerName, target.ContainerName) {
+			return false
+		}
+	}
 
 	return true
 }

Original file line number	Diff line number	Diff line change
`@@ -124,6 +124,11 @@ func getAlertWithInfo(alert pb.Alert, target pb.Alert) bool {`
`124`	`124`	`return false`
`125`	`125`	`}`
`126`	`126`	`}`
	`127`	`+ if target.Source != "" {`
	`128`	`+ if !strings.Contains(alert.Source, target.Source) {`
	`129`	`+ return false`
	`130`	`+ }`
	`131`	`+ }`
`127`	`132`	`if target.NamespaceName != "" {`
`128`	`133`	`if alert.NamespaceName != target.NamespaceName {`
`129`	`134`	`return false`
`@@ -134,6 +139,11 @@ func getAlertWithInfo(alert pb.Alert, target pb.Alert) bool {`
`134`	`139`	`return false`
`135`	`140`	`}`
`136`	`141`	`}`
	`142`	`+ if target.ContainerName != "" {`
	`143`	`+ if !strings.Contains(alert.ContainerName, target.ContainerName) {`
	`144`	`+ return false`
	`145`	`+ }`
	`146`	`+ }`
`137`	`147`
`138`	`148`	`return true`
`139`	`149`	`}`