go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/_motor/discovery/k8s/list_admission_reviews_test.go (about) 1 // Copyright (c) Mondoo, Inc. 2 // SPDX-License-Identifier: BUSL-1.1 3 4 package k8s 5 6 import ( 7 "bytes" 8 "io" 9 "testing" 10 11 "github.com/golang/mock/gomock" 12 "github.com/stretchr/testify/assert" 13 "github.com/stretchr/testify/require" 14 "go.mondoo.com/cnquery/motor/providers" 15 "go.mondoo.com/cnquery/motor/providers/k8s" 16 17 admissionv1 "k8s.io/api/admission/v1" 18 corev1 "k8s.io/api/core/v1" 19 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 20 "k8s.io/apimachinery/pkg/runtime" 21 "k8s.io/apimachinery/pkg/runtime/serializer/json" 22 "k8s.io/client-go/kubernetes/scheme" 23 ) 24 25 func TestListAdmissionReviews(t *testing.T) { 26 mockCtrl := gomock.NewController(t) 27 defer mockCtrl.Finish() 28 29 p := k8s.NewMockKubernetesProvider(mockCtrl) 30 // called for each AdmissionReview 31 p.EXPECT().Runtime().Return("k8s-cluster") 32 33 pod := corev1.Pod{ 34 TypeMeta: metav1.TypeMeta{ 35 Kind: "Pod", 36 APIVersion: "v1", 37 }, 38 ObjectMeta: metav1.ObjectMeta{ 39 Name: "nginx", 40 Namespace: "default", 41 UID: "123", 42 }, 43 Spec: corev1.PodSpec{ 44 Containers: []corev1.Container{{Image: "nginx:1.22.0-alpine"}}, 45 }, 46 } 47 s := json.NewYAMLSerializer(json.DefaultMetaFactory, scheme.Scheme, scheme.Scheme) 48 49 var b bytes.Buffer 50 foo := io.Writer(&b) 51 err := s.Encode(&pod, foo) 52 require.NoError(t, err) 53 // Seed AdmissionReviews 54 admissionReviews := []admissionv1.AdmissionReview{ 55 { 56 TypeMeta: metav1.TypeMeta{ 57 Kind: "AdmissionReview", 58 APIVersion: "admission.k8s.io/v1", 59 }, 60 Request: &admissionv1.AdmissionRequest{ 61 Name: "nginx", 62 Namespace: "default", 63 UID: "123", 64 Object: runtime.RawExtension{Raw: b.Bytes()}, 65 }, 66 }, 67 } 68 69 p.EXPECT().AdmissionReviews().Return(admissionReviews, nil) 70 71 expectedAssetNames := []string{ 72 pod.Namespace + "/" + pod.Name, 73 } 74 75 clusterIdentifier := "//platformid.api.mondoo.app/runtime/k8s/uid/e26043bb-8669-48a2-b684-b1e132198cdc" 76 77 expectedAssetPlatformIds := []string{ 78 clusterIdentifier + "/namespace/" + pod.Namespace + "/admissionreviews/name/" + pod.Name, 79 } 80 81 pCfg := &providers.Config{} 82 ownershipDir := k8s.NewEmptyPlatformIdOwnershipDirectory(clusterIdentifier) 83 assets, err := ListAdmissionReviews(p, pCfg, clusterIdentifier, ownershipDir) 84 require.NoError(t, err) 85 86 var assetNames []string 87 for _, a := range assets { 88 assetNames = append(assetNames, a.Name) 89 } 90 91 var assetPlatformIds []string 92 for _, a := range assets { 93 assetPlatformIds = append(assetPlatformIds, a.PlatformIds[0]) 94 } 95 96 assert.ElementsMatch(t, expectedAssetNames, assetNames) 97 assert.ElementsMatch(t, expectedAssetPlatformIds, assetPlatformIds) 98 assert.Equal(t, "admission.k8s.io/v1", assets[0].Platform.Version) 99 assert.Equal(t, "k8s-admission", assets[0].Platform.Name) 100 assert.ElementsMatch(t, []string{"k8s", "k8s-admission"}, assets[0].Platform.Family) 101 assert.Equal(t, pod.Namespace, assets[0].Labels["k8s.mondoo.com/namespace"]) 102 }