updated test

Signed-off-by: mehul <[email protected]>
kubearmor · Jan 8, 2025 · b5d1912 · b5d1912
1 parent 37817df
commit b5d1912
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 111 deletions.
diff --git a/tests/k8s_env/syscalls/syscalls_test.go b/tests/k8s_env/syscalls/syscalls_test.go
@@ -58,10 +58,8 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /dummy"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}, MatchRegexp(".*"), true)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /dummy"}, MatchRegexp(".*"), true)
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -86,13 +84,9 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /bin/unlink"})
-			Expect(err).To(BeNil())
-
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "/bin/unlink /dummy"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /bin/unlink"}, MatchRegexp(".*"), true)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}, MatchRegexp(".*"), true)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "/bin/unlink /dummy"}, MatchRegexp(".*"), true)
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -117,16 +111,13 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "mkdir -p /foo/bar"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "mkdir -p /foo/bar"}, MatchRegexp(".*"), true)
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /foo/bar/unlink"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /foo/bar/unlink"}, MatchRegexp(".*"), true)
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "/foo/bar/unlink /dummy"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}, MatchRegexp(".*"), true)
+
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "/foo/bar/unlink /dummy"}, MatchRegexp(".*"), true)
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -151,13 +142,11 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /unlink"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /unlink"}, MatchRegexp(".*"), true)
+
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}, MatchRegexp(".*"), true)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "/unlink /dummy"}, MatchRegexp(".*"), true)
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "/unlink /dummy"})
-			Expect(err).To(BeNil())
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -185,10 +174,9 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), true)
+
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -213,10 +201,8 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /dummy"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}, MatchRegexp(".*"), true)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /dummy"}, MatchRegexp(".*"), true)
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -237,17 +223,14 @@ var _ = Describe("Syscalls", func() {
 			err := K8sApply([]string{"manifests/matchpaths/unlink-dir-recursive-fromsource-path.yaml"})
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /bin/unlink"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /bin/unlink"}, MatchRegexp(".*"), true)
 
 			// Start Kubearmor Logs
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "/bin/unlink /home/dummy"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "/bin/unlink /home/dummy"}, MatchRegexp(".*"), true)
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -272,10 +255,9 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), true)
+
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -296,17 +278,14 @@ var _ = Describe("Syscalls", func() {
 			err := K8sApply([]string{"manifests/matchpaths/unlink-dir-recursive-fromsource-dir.yaml"})
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /bin/unlink"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /bin/unlink"}, MatchRegexp(".*"), true)
 
 			// Start Kubearmor Logs
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "/bin/unlink /home/dummy"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "/bin/unlink /home/dummy"}, MatchRegexp(".*"), true)
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -334,10 +313,9 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), true)
+
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -363,10 +341,9 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), true)
+
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -392,10 +369,10 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"})
-			Expect(err).To(BeNil())
+
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), true)
+
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -421,10 +398,9 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), false)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), false)
+
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -452,10 +428,9 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), false)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), false)
+
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -481,10 +456,10 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"})
-			Expect(err).To(BeNil())
+
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), false)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), false)
+
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -510,10 +485,9 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"})
-			Expect(err).To(BeNil())
+
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), false)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), false)
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -539,10 +513,8 @@ var _ = Describe("Syscalls", func() {
 			err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
 			Expect(err).To(BeNil())
 
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"})
-			Expect(err).To(BeNil())
-			_, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"})
-			Expect(err).To(BeNil())
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), false)
+			AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), false)
 
 			// check policy alert
 			expect := protobuf.Alert{
@@ -567,13 +539,15 @@ var _ = Describe("Syscalls", func() {
 			Expect(err).To(BeNil())
 
 			// execute mount inside the pod
-			sout, _, err := K8sExecInPod(ubuntu, "syscalls",
-				[]string{"bash", "-c", "mkdir /mnt/test"})
-			Expect(err).To(BeNil())
-			sout, _, err = K8sExecInPod(ubuntu, "syscalls",
-				[]string{"bash", "-c", "mount /home /mnt/test"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(
+				ubuntu, "syscalls", []string{"bash", "-c", "mkdir /mnt/test"},
+				MatchRegexp(".*"), true,
+			)
+
+			AssertCommand(
+				ubuntu, "syscalls", []string{"bash", "-c", "mount /home /mnt/test"},
+				MatchRegexp(".*"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "DefaultPosture",
@@ -596,10 +570,10 @@ var _ = Describe("Syscalls", func() {
 			Expect(err).To(BeNil())
 
 			// execute umount inside the pod
-			sout, _, err := K8sExecInPod(ubuntu, "syscalls",
-				[]string{"bash", "-c", "umount /mnt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
+			AssertCommand(
+				ubuntu, "syscalls", []string{"bash", "-c", "umount /mnt"},
+				MatchRegexp(".*"), true,
+			)
 
 			expect := protobuf.Alert{
 				PolicyName: "DefaultPosture",

diff --git a/tests/k8s_env/throttling/throttling_test.go b/tests/k8s_env/throttling/throttling_test.go
@@ -74,11 +74,11 @@ var _ = Describe("Smoke", func() {
 			// wait for policy creation
 			time.Sleep(5 * time.Second)
 
-			sout, _, err := K8sExecInPod(wp, "wordpress-mysql",
-				[]string{"bash", "-c", "count=0; while [ $count -lt 5 ]; do apt; count=$((count + 1)); done;"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-			Expect(sout).To(MatchRegexp("apt.*Permission denied"))
+			AssertCommand(
+				wp, "wordpress-mysql",
+				[]string{"bash", "-c", "count=0; while [ $count -lt 5 ]; do apt; count=$((count + 1)); done;"},
+				MatchRegexp("apt.*Permission denied"), true,
+			)
 
 			// check policy violation alert
 			_, alerts, err := KarmorGetLogs(5*time.Second, 1)
@@ -93,11 +93,11 @@ var _ = Describe("Smoke", func() {
 			Expect(err).To(BeNil())
 
 			// check for throttling, alerts should not be genrated
-			sout, _, err = K8sExecInPod(wp, "wordpress-mysql",
-				[]string{"bash", "-c", "apt update"})
-			Expect(err).To(BeNil())
-			fmt.Printf("---START---\n%s---END---\n", sout)
-			Expect(sout).To(MatchRegexp("apt.*Permission denied"))
+			AssertCommand(
+				wp, "wordpress-mysql",
+				[]string{"bash", "-c", "apt update"},
+				MatchRegexp("apt.*Permission denied"), true,
+			)
 
 			_, alerts, err = KarmorGetLogs(5*time.Second, 1)
 			Expect(err).To(BeNil())

diff --git a/tests/k8s_env/visibility/visibility_test.go b/tests/k8s_env/visibility/visibility_test.go
@@ -60,9 +60,8 @@ var _ = Describe("Visibility", func() {
 			err = KarmorLogStart("all", "wordpress-mysql", "", wp)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "ping google.com -c1"})
-			Expect(err).To(BeNil())
-			fmt.Printf("---START---\n%s---END---\n", sout)
+			AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "ping google.com -c1"}, MatchRegexp(".*"), true)
+
 
 			// check audit logs
 			logs, _, err := KarmorGetLogs(5*time.Second, 50)
@@ -89,9 +88,8 @@ var _ = Describe("Visibility", func() {
 			err = KarmorLogStart("all", "wordpress-mysql", "", wp)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "ping google.com -c1"})
-			Expect(err).To(BeNil())
-			fmt.Printf("---START---\n%s---END---\n", sout)
+			AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "ping google.com -c1"}, MatchRegexp(".*"), true)
+
 
 			// check audit logs
 			logs, _, err := KarmorGetLogs(5*time.Second, 50)
@@ -115,9 +113,7 @@ var _ = Describe("Visibility", func() {
 			err = KarmorLogStart("all", "wordpress-mysql", "", wp)
 			Expect(err).To(BeNil())
 
-			sout, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "ping google.com -c1"})
-			Expect(err).To(BeNil())
-			fmt.Printf("---START---\n%s---END---\n", sout)
+			AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "ping google.com -c1"}, MatchRegexp(".*"), true)
 
 			// check audit logs
 			logs, _, err := KarmorGetLogs(5*time.Second, 50)