diff --git a/README.md b/README.md index c505264..085b252 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ We want to maintain this as an open-source project to fight against the attacks [![Build status](https://img.shields.io/github/workflow/status/kube-tarian/tarian/CI?style=flat)](https://github.com/kube-tarian/tarian/actions) [![Go Report Card](https://goreportcard.com/badge/github.com/kube-tarian/tarian)](https://goreportcard.com/report/github.com/kube-tarian/tarian) +[![codecov](https://codecov.io/gh/kube-tarian/tarian/graph/badge.svg?token=PH8E9ZOVR4)](https://codecov.io/gh/kube-tarian/tarian) --- diff --git a/cmd/tarianctl/cmd/add/action_test.go b/cmd/tarianctl/cmd/add/action_test.go index 61db3c8..8f39828 100644 --- a/cmd/tarianctl/cmd/add/action_test.go +++ b/cmd/tarianctl/cmd/add/action_test.go @@ -13,7 +13,7 @@ import ( ) func TestAddActionCommandRun(t *testing.T) { - t.Parallel() + tests := []struct { name string expectedErr string @@ -112,7 +112,7 @@ action: delete-pod { name: "Use real gRPC client", action: "delete-pod", - expectedErr: "rpc error: code = Unimplemented desc = unknown service tarianpb.api.Config", + expectedErr: "unknown service tarianpb.api.Config", }, } diff --git a/cmd/tarianctl/cmd/add/constraints_test.go b/cmd/tarianctl/cmd/add/constraints_test.go index 3c527ae..4333624 100644 --- a/cmd/tarianctl/cmd/add/constraints_test.go +++ b/cmd/tarianctl/cmd/add/constraints_test.go @@ -89,7 +89,7 @@ allowedfiles: constraintName: "test-constraint", matchLabels: []string{"key1=val1"}, allowedProcesses: []string{"process1", "process2"}, - expectedErr: "rpc error: code = Unimplemented desc = unknown service tarianpb.api.Config", + expectedErr: "unknown service tarianpb.api.Config", }, // TODO: Add test for from-violated-pod after faking GetEvents() // { diff --git a/cmd/tarianctl/cmd/flags/flag.go b/cmd/tarianctl/cmd/flags/flag.go index 6bddae4..34487dd 100644 --- a/cmd/tarianctl/cmd/flags/flag.go +++ b/cmd/tarianctl/cmd/flags/flag.go @@ -1,4 +1,3 @@ -// Package flags provides a way to manage global flags for the application. package flags import ( @@ -11,6 +10,11 @@ import ( const ( defaultServerAddress = "localhost:50051" + + tarianServerAddressEnv = "TARIAN_SERVER_ADDRESS" + tarianTLSEnabledEnv = "TARIAN_TLS_ENABLED" + tarianTLSCAFileEnv = "TARIAN_TLS_CA_FILE" + tarianTLSInsecureEnv = "TARIAN_TLS_INSECURE_SKIP_VERIFY" ) // GlobalFlags holds the global flag values for the application. @@ -88,15 +92,16 @@ func (globalFlags *GlobalFlags) ValidateGlobalFlags() error { // GetFlagValuesFromEnvVar reads the environment variables for the global flags. func (globalFlags *GlobalFlags) GetFlagValuesFromEnvVar(logger *logrus.Logger) { // Read environment variable for "server-address" flag - if globalFlags.ServerAddr == defaultServerAddress { - if serverAddressEnv := os.Getenv("TARIAN_SERVER_ADDRESS"); serverAddressEnv != "" { + if globalFlags.ServerAddr == defaultServerAddress || globalFlags.ServerAddr == "" { + fmt.Println("here") + if serverAddressEnv := os.Getenv(tarianServerAddressEnv); serverAddressEnv != "" { logger.Debugf("Setting server address from environment variable, TARIAN_SERVER_ADDRESS=%s", serverAddressEnv) globalFlags.ServerAddr = serverAddressEnv } } // Read environment variable for "server-tls-enabled" flag - if serverTLSEnabledEnv := os.Getenv("TARIAN_TLS_ENABLED"); serverTLSEnabledEnv != "" { + if serverTLSEnabledEnv := os.Getenv(tarianTLSEnabledEnv); serverTLSEnabledEnv != "" { if serverTLSEnabledEnv == "true" { globalFlags.ServerTLSEnabled = true } @@ -104,14 +109,14 @@ func (globalFlags *GlobalFlags) GetFlagValuesFromEnvVar(logger *logrus.Logger) { // Read environment variable for "server-tls-ca-file" flag if globalFlags.ServerTLSCAFile == "" { - if serverTLSCAFileEnv := os.Getenv("TARIAN_TLS_CA_FILE"); serverTLSCAFileEnv != "" { + if serverTLSCAFileEnv := os.Getenv(tarianTLSCAFileEnv); serverTLSCAFileEnv != "" { logger.Debugf("Setting server TLS CA file from environment variable, TARIAN_TLS_CA_FILE=%s", serverTLSCAFileEnv) globalFlags.ServerTLSCAFile = serverTLSCAFileEnv } } // Read environment variable for "server-tls-insecure-skip-verify" flag - if serverTLSInsecureSkipVerifyEnv := os.Getenv("TARIAN_TLS_INSECURE_SKIP_VERIFY"); serverTLSInsecureSkipVerifyEnv != "" { + if serverTLSInsecureSkipVerifyEnv := os.Getenv(tarianTLSInsecureEnv); serverTLSInsecureSkipVerifyEnv != "" { if serverTLSInsecureSkipVerifyEnv == "false" { globalFlags.ServerTLSInsecureSkipVerify = false } diff --git a/cmd/tarianctl/cmd/flags/flags_test.go b/cmd/tarianctl/cmd/flags/flags_test.go index 04a5863..8fc3578 100644 --- a/cmd/tarianctl/cmd/flags/flags_test.go +++ b/cmd/tarianctl/cmd/flags/flags_test.go @@ -67,34 +67,30 @@ func TestValidateGlobalFlags(t *testing.T) { func TestGetFlagValuesFromEnvVar(t *testing.T) { // Set environment variables for testing - tarianServerEnvVar := "TARIAN_SERVER_ADDRESS" tarianServerEnvVarValue := "test-server:1234" - if err := os.Setenv(tarianServerEnvVar, tarianServerEnvVarValue); !assert.NoError(t, err) { + if err := os.Setenv(tarianServerAddressEnv, tarianServerEnvVarValue); !assert.NoError(t, err) { assert.FailNow(t, err.Error()) } - defer os.Unsetenv(tarianServerEnvVar) + defer os.Unsetenv(tarianServerAddressEnv) // Set more environment variables for testing - TLSEnabledEnvVar := "TARIAN_TLS_ENABLED" TLSEnabledEnvVarValue := "true" - if err := os.Setenv(TLSEnabledEnvVar, TLSEnabledEnvVarValue); !assert.NoError(t, err) { + if err := os.Setenv(tarianTLSEnabledEnv, TLSEnabledEnvVarValue); !assert.NoError(t, err) { assert.FailNow(t, err.Error()) } - defer os.Unsetenv(TLSEnabledEnvVar) + defer os.Unsetenv(tarianTLSEnabledEnv) - TLSCAFilEnvVar := "TARIAN_TLS_CA_FILE" TLSCAFilEnvVarValue := "/path/to/ca.pem" - if err := os.Setenv(TLSCAFilEnvVar, TLSCAFilEnvVarValue); !assert.NoError(t, err) { + if err := os.Setenv(tarianTLSCAFileEnv, TLSCAFilEnvVarValue); !assert.NoError(t, err) { assert.FailNow(t, err.Error()) } - defer os.Unsetenv(TLSCAFilEnvVar) + defer os.Unsetenv(tarianTLSCAFileEnv) - TLSInsecureEnvVar := "TARIAN_TLS_INSECURE_SKIP_VERIFY" TLSInsecureEnvVarValue := "false" - if err := os.Setenv(TLSInsecureEnvVar, TLSInsecureEnvVarValue); !assert.NoError(t, err) { + if err := os.Setenv(tarianTLSInsecureEnv, TLSInsecureEnvVarValue); !assert.NoError(t, err) { assert.FailNow(t, err.Error()) } - defer os.Unsetenv(TLSInsecureEnvVar) + defer os.Unsetenv(tarianTLSInsecureEnv) // Create global flags and load values from environment variables globalFlags := &GlobalFlags{} diff --git a/cmd/tarianctl/cmd/get/action_test.go b/cmd/tarianctl/cmd/get/action_test.go index df08bbd..e5797a3 100644 --- a/cmd/tarianctl/cmd/get/action_test.go +++ b/cmd/tarianctl/cmd/get/action_test.go @@ -17,7 +17,7 @@ import ( ) func TestGetActionCommandRun(t *testing.T) { - t.Parallel() + textOut := `-------------------------------------------------------------------------------------- NAMESPACE ACTION NAME SELECTOR TRIGGER ACTION -------------------------------------------------------------------------------------- @@ -66,7 +66,7 @@ action: delete-pod }, { name: "Use real gRPC client", - expectedErr: "rpc error: code = Unimplemented desc = unknown service tarianpb.api.Config", + expectedErr: "unknown service tarianpb.api.Config", }, } serverAddr := "localhost:50053" diff --git a/cmd/tarianctl/cmd/get/constraints_test.go b/cmd/tarianctl/cmd/get/constraints_test.go index a312dbb..881b134 100644 --- a/cmd/tarianctl/cmd/get/constraints_test.go +++ b/cmd/tarianctl/cmd/get/constraints_test.go @@ -16,7 +16,7 @@ import ( ) func TestGetConstraintCommandRun(t *testing.T) { - // t.Parallel() + // textOut := `--------------------------------------------------------------------------------------------- NAMESPACE CONSTRAINT NAME SELECTOR ALLOWED PROCESSES ALLOWED FILES --------------------------------------------------------------------------------------------- @@ -61,7 +61,7 @@ allowedfiles: }, { name: "Use real gRPC client", - expectedErr: "rpc error: code = Unimplemented desc = unknown service tarianpb.api.Config", + expectedErr: "unknown service tarianpb.api.Config", }, } diff --git a/cmd/tarianctl/cmd/import/import_test.go b/cmd/tarianctl/cmd/import/import_test.go index 85a1999..e803092 100644 --- a/cmd/tarianctl/cmd/import/import_test.go +++ b/cmd/tarianctl/cmd/import/import_test.go @@ -51,7 +51,7 @@ func generateTempFile(directory, content string) string { return tempFile.Name() } func TestImportCommandRun(t *testing.T) { - t.Parallel() + tempDir, err := os.MkdirTemp("", "import-dir-*") assert.NoError(t, err) defer os.RemoveAll(tempDir) @@ -67,7 +67,7 @@ func TestImportCommandRun(t *testing.T) { { name: "Use real gRPC client", args: []string{generateTempFile(tempDir, constraint1)}, - expectedErr: "rpc error: code = Unimplemented desc = unknown service tarianpb.api.Config", + expectedErr: "unknown service tarianpb.api.Config", }, { name: "Zero files", diff --git a/cmd/tarianctl/cmd/remove/actions_test.go b/cmd/tarianctl/cmd/remove/actions_test.go index 78398ac..c431c1e 100644 --- a/cmd/tarianctl/cmd/remove/actions_test.go +++ b/cmd/tarianctl/cmd/remove/actions_test.go @@ -12,7 +12,7 @@ import ( ) func TestRemoveActionsCommandRun(t *testing.T) { - t.Parallel() + tests := []struct { name string expectedErr string @@ -30,7 +30,7 @@ func TestRemoveActionsCommandRun(t *testing.T) { { name: "Use real gRPC client", args: []string{"action1", "action2"}, - expectedErr: "rpc error: code = Unimplemented desc = unknown service tarianpb.api.Config", + expectedErr: "unknown service tarianpb.api.Config", }, { name: "no actions specified", diff --git a/cmd/tarianctl/cmd/remove/constraints_test.go b/cmd/tarianctl/cmd/remove/constraints_test.go index 4da7e4f..368d5a7 100644 --- a/cmd/tarianctl/cmd/remove/constraints_test.go +++ b/cmd/tarianctl/cmd/remove/constraints_test.go @@ -29,7 +29,7 @@ func TestRemoveConstraintsCommandRun(t *testing.T) { { name: "Use real gRPC client", args: []string{"constraint1", "constraint2"}, - expectedErr: "rpc error: code = Unimplemented desc = unknown service tarianpb.api.Config", + expectedErr: "unknown service tarianpb.api.Config", }, { name: "no constraints specified",