github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/gke/no_public_control_plane_test.go (about) 1 package gke 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/google/gke" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckNoPublicControlPlane(t *testing.T) { 17 tests := []struct { 18 name string 19 input gke.GKE 20 expected bool 21 }{ 22 { 23 name: "Master authorized network with public CIDR", 24 input: gke.GKE{ 25 Clusters: []gke.Cluster{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 MasterAuthorizedNetworks: gke.MasterAuthorizedNetworks{ 29 Metadata: defsecTypes.NewTestMetadata(), 30 CIDRs: []defsecTypes.StringValue{ 31 defsecTypes.String("0.0.0.0/0", defsecTypes.NewTestMetadata()), 32 }, 33 }, 34 }, 35 }, 36 }, 37 expected: true, 38 }, 39 { 40 name: "Master authorized network with private CIDR", 41 input: gke.GKE{ 42 Clusters: []gke.Cluster{ 43 { 44 Metadata: defsecTypes.NewTestMetadata(), 45 MasterAuthorizedNetworks: gke.MasterAuthorizedNetworks{ 46 Metadata: defsecTypes.NewTestMetadata(), 47 CIDRs: []defsecTypes.StringValue{ 48 defsecTypes.String("10.10.128.0/24", defsecTypes.NewTestMetadata()), 49 }, 50 }, 51 }, 52 }, 53 }, 54 expected: false, 55 }, 56 } 57 for _, test := range tests { 58 t.Run(test.name, func(t *testing.T) { 59 var testState state.State 60 testState.Google.GKE = test.input 61 results := CheckNoPublicControlPlane.Evaluate(&testState) 62 var found bool 63 for _, result := range results { 64 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckNoPublicControlPlane.Rule().LongID() { 65 found = true 66 } 67 } 68 if test.expected { 69 assert.True(t, found, "Rule should have been found") 70 } else { 71 assert.False(t, found, "Rule should not have been found") 72 } 73 }) 74 } 75 }