From 0bb7100cbf3490344fa2dd0e5d6aa062bf2643a9 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Wed, 18 Jan 2023 16:05:33 +0200 Subject: [PATCH] more tests --- .../tests/daemonset/generic_test.yaml | 61 +++++++++++++++++++ .../tests/deployment/names_test.yaml | 2 +- .../tests/statefulset/generic_test.yaml | 61 +++++++++++++++++++ 3 files changed, 123 insertions(+), 1 deletion(-) create mode 100644 library/common-test/tests/daemonset/generic_test.yaml create mode 100644 library/common-test/tests/statefulset/generic_test.yaml diff --git a/library/common-test/tests/daemonset/generic_test.yaml b/library/common-test/tests/daemonset/generic_test.yaml new file mode 100644 index 0000000000..04c4f49022 --- /dev/null +++ b/library/common-test/tests/daemonset/generic_test.yaml @@ -0,0 +1,61 @@ +suite: daemonset generic test +templates: + - common.yaml +tests: + - it: should pass with controller set to DaemonSet + documentIndex: &daemonsetDoc 0 + set: + controller.type: DaemonSet + asserts: + - hasDocuments: + count: 3 + - isKind: + of: DaemonSet + - isAPIVersion: + of: apps/v1 + + + - it: should pass with podSecurityContext changed + documentIndex: *daemonsetDoc + set: + controller.type: DaemonSet + podSecurityContext: + fsGroup: 0 + fsGroupChangePolicy: Always + supplementalGroups: + - 1000 + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 0 + fsGroupChangePolicy: Always + supplementalGroups: + - 1000 + + + - it: should pass with podSecurityContext changed + documentIndex: *daemonsetDoc + set: + controller.type: DaemonSet + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + capabilities: + add: + - something + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + capabilities: + add: + - something + drop: + - ALL diff --git a/library/common-test/tests/deployment/names_test.yaml b/library/common-test/tests/deployment/names_test.yaml index eb48507ae1..8c220ae69b 100644 --- a/library/common-test/tests/deployment/names_test.yaml +++ b/library/common-test/tests/deployment/names_test.yaml @@ -8,7 +8,7 @@ tests: - hasDocuments: count: 3 - isKind: - of: StatefulSet + of: Deployment - equal: path: metadata.name value: RELEASE-NAME-common-test diff --git a/library/common-test/tests/statefulset/generic_test.yaml b/library/common-test/tests/statefulset/generic_test.yaml new file mode 100644 index 0000000000..6d0fb79014 --- /dev/null +++ b/library/common-test/tests/statefulset/generic_test.yaml @@ -0,0 +1,61 @@ +suite: statefulset generic test +templates: + - common.yaml +tests: + - it: should pass with controller set to StatefulSet + documentIndex: &statefulsetDoc 0 + set: + controller.type: StatefulSet + asserts: + - hasDocuments: + count: 3 + - isKind: + of: StatefulSet + - isAPIVersion: + of: apps/v1 + + + - it: should pass with podSecurityContext changed + documentIndex: *statefulsetDoc + set: + controller.type: StatefulSet + podSecurityContext: + fsGroup: 0 + fsGroupChangePolicy: Always + supplementalGroups: + - 1000 + asserts: + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 0 + fsGroupChangePolicy: Always + supplementalGroups: + - 1000 + + + - it: should pass with podSecurityContext changed + documentIndex: *statefulsetDoc + set: + controller.type: StatefulSet + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + capabilities: + add: + - something + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext + value: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + capabilities: + add: + - something + drop: + - ALL