added Assert command

Signed-off-by: abhashsolanki18 <[email protected]>
kubearmor · Nov 10, 2024 · f4f90bb · f4f90bb
1 parent 559945a
commit f4f90bb
Show file tree

Hide file tree

Showing 5 changed files with 333 additions and 246 deletions.
diff --git a/tests/k8s_env/blockposture/block_test.go b/tests/k8s_env/blockposture/block_test.go
@@ -73,11 +73,10 @@ var _ = Describe("Posture", func() {
 				wp, "wordpress-mysql", []string{"bash", "-c", "curl google.com"},
 				MatchRegexp("curl.*Could not resolve host: google.com"), true,
 			)
-
-			out, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "curl 142.250.193.46"})
-			Expect(err).To(BeNil())
-			fmt.Printf("---START---\n%s---END---\n", out)
-			Expect(out).To(MatchRegexp("<HTML>((?:.*\r?\n?)*)</HTML>"))
+			AssertCommand(
+				wp, "wordpress-mysql", []string{"bash", "-c", "curl 142.250.193.46"}, 
+				MatchRegexp("<HTML>((?:.*\r?\n?)*)</HTML>"), false
+			)
 			// check policy violation alert
 			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
 			Expect(err).To(BeNil())
@@ -101,16 +100,15 @@ var _ = Describe("Posture", func() {
 			Expect(err).To(BeNil())
 
 			//curl needs UDP for DNS resolution
-			sout, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "cat wp-config.php"})
-			Expect(err).To(BeNil())
-			fmt.Printf("---START---\n%s---END---\n", sout)
-			Expect(sout).To(MatchRegexp("cat.*Permission denied"))
-
+			AssertCommand(
+				wp, "wordpress-mysql", []string{"bash", "-c", "cat wp-config.php"}, 
+				MatchRegexp("cat.*Permission denied"), false
+			)
 			//test that tcp is whitelisted
-			out, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "cat readme.html"})
-			Expect(err).To(BeNil())
-			fmt.Printf("---START---\n%s---END---\n", out)
-			Expect(out).To(MatchRegexp("<!DOCTYPE html>((?:.*\r?\n?)*)</html>"))
+			AssertCommand(
+				wp, "wordpress-mysql", []string{"bash", "-c", "cat readme.html"}, 
+				MatchRegexp("<!DOCTYPE html>((?:.*\r?\n?)*)</html>"), false
+			)
 			// check policy violation alert
 			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
 			Expect(err).To(BeNil())

diff --git a/tests/k8s_env/ksp/ksp_test.go b/tests/k8s_env/ksp/ksp_test.go
@@ -84,9 +84,10 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("all", "nginx", "", pods.Items[0].Name)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(pods.Items[0].Name, "nginx", []string{"ls"})
-			Expect(err).To(BeNil())
-			fmt.Printf("---START---\n%s---END---\n", sout)
+			AssertCommand(
+				pods.Items[0].Name, "nginx", []string{"ls"}, 
+			        MatchRegexp(".*"), false
+			)
 
 			// check audit logs
 			logs, _, err := KarmorGetLogs(5*time.Second, 50)
@@ -110,12 +111,10 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Network", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "ping -c 1 127.0.0.1"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("PING.*127.0.0.1"))
-
+			AssertCommand(
+				ub1, "multiubuntu", []string{"bash", "-c", "ping -c 1 127.0.0.1"}, 
+				MatchRegexp("PING.*127.0.0.1"), false
+			)
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-audit-net-icmp",
 				Severity:   "8",
@@ -220,11 +219,10 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Network", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "arping -c 1 127.0.0.1"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("ARPING 127.0.0.1"))
+			AssertCommand(
+				ub1, "multiubuntu", []string{"bash", "-c", "arping -c 1 127.0.0.1"}, 
+				MatchRegexp("ARPING 127.0.0.1"), false
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-audit-net-raw",
@@ -396,10 +394,10 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "Process", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "sleep 1"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(
+				ub4, "multiubuntu", []string{"bash", "-c", "sleep 1"}, 
+				MatchRegexp(""), false
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-group-2-audit-proc-path",
@@ -603,11 +601,10 @@ var _ = Describe("Ksp", func() {
 			AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "/home/user1/hello"},
 				MatchRegexp("hello.*Permission denied"), true,
 			)
-			sout, _, err := K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "/home/user1/hello"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("hello.*Permission denied"))
+			AssertCommand(
+				ub3, "multiubuntu", []string{"bash", "-c", "/home/user1/hello"}, 
+				MatchRegexp("hello.*Permission denied"), false
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-3-block-proc-path-owner",
@@ -908,10 +905,10 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub1)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub1, "multiubuntu",
-				[]string{"bash", "-c", "touch  /home/user1/new1"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(
+				ub1, "multiubuntu", []string{"bash", "-c", "touch /home/user1/new1"}, 
+				MatchRegexp(".*"), false
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-1-audit-file-access-owner-readonly",
@@ -1488,10 +1485,11 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("system", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(
+				ub4, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"}, 
+				MatchRegexp(".*"), false
+			)
+
 			// Expect(sout).To(ContainSubstring("secret file user1"))
 
 			expectLog := protobuf.Log{
@@ -1605,10 +1603,10 @@ var _ = Describe("Ksp", func() {
 
 			// Test 3: write operation on the file by the owner should also be allowed
 			// No need for AssertCommand here since there is nothing to match
-			sout, _, err := K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "su - user1 -c 'echo user1 >> /home/user1/secret_data1.txt'"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(
+				ub3, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'echo user1 >> /home/user1/secret_data1.txt'"}, 
+				MatchRegexp(".*"), false
+			)
 
 		})
 
@@ -1667,11 +1665,10 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("system", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "./readwrite -r /secret.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("s"))
+			AssertCommand(
+				ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -r /secret.txt"}, 
+				MatchRegexp("s"), false
+			)
 
 			expectLog = protobuf.Log{
 				Resource: "secret.txt",
@@ -1705,10 +1702,10 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "./readwrite -w /credentials/password"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(
+				ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -w /credentials/password"}, 
+				MatchRegexp(".*"), false
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -1724,10 +1721,10 @@ var _ = Describe("Ksp", func() {
 
 			// Test 3: reading some other file should be denied as not allowed by the policy
 
-			sout, _, err = K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "./readwrite -r /secret.txt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(
+				ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -r /secret.txt"}, 
+				MatchRegexp(".*"), false
+			)
 
 			expect = protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -1806,10 +1803,10 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("policy", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "touch /dev/shm/new"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(
+				ub4, "multiubuntu", []string{"bash", "-c", "touch /dev/shm/new"}, 
+				MatchRegexp(".*"), false
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "ksp-ubuntu-4-audit-file-path-readonly",
@@ -1982,11 +1979,11 @@ var _ = Describe("Ksp", func() {
 			err = KarmorLogStart("system", "multiubuntu", "File", ub4)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(ub4, "multiubuntu",
-				[]string{"bash", "-c", "cat /credentials/password"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(ContainSubstring("password file"))
+			AssertCommand(
+				ub4, "multiubuntu", []string{"bash", "-c", "cat /credentials/password"}, 
+				ContainSubstring("password file"), false
+			)
+
 		})
 
 	})