go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/_motor/discovery/k8s/list_nodes_test.go (about) 1 // Copyright (c) Mondoo, Inc. 2 // SPDX-License-Identifier: BUSL-1.1 3 4 package k8s 5 6 import ( 7 "testing" 8 9 "github.com/golang/mock/gomock" 10 "github.com/stretchr/testify/require" 11 "go.mondoo.com/cnquery/motor/providers" 12 "go.mondoo.com/cnquery/motor/providers/k8s" 13 corev1 "k8s.io/api/core/v1" 14 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 15 ) 16 17 func TestListNodesAKS(t *testing.T) { 18 mockCtrl := gomock.NewController(t) 19 defer mockCtrl.Finish() 20 21 p := k8s.NewMockKubernetesProvider(mockCtrl) 22 23 nodes := []corev1.Node{ 24 { 25 TypeMeta: metav1.TypeMeta{ 26 Kind: "Node", 27 APIVersion: "v1", 28 }, 29 ObjectMeta: metav1.ObjectMeta{ 30 Name: "aks-default-36939070-vmss000000", 31 UID: "acc8d118-f62a-4743-a55c-71dd19201c6c", 32 Annotations: map[string]string{ 33 "csi.volume.kubernetes.io/nodeid": `{"disk.csi.azure.com":"aks-default-36939070-vmss000000","file.csi.azure.com":"aks-default-36939070-vmss000000"}`, 34 "node.alpha.kubernetes.io/ttl": "0", 35 "volumes.kubernetes.io/controller-managed-attach-detach": "true", 36 }, 37 Labels: map[string]string{ 38 "agentpool": "default", 39 "beta.kubernetes.io/arch": "amd64", 40 "beta.kubernetes.io/instance-type": "standard_d2_v2", 41 "beta.kubernetes.io/os": "linux", 42 "failure-domain.beta.kubernetes.io/region": "eastus", 43 "failure-domain.beta.kubernetes.io/zone": "0", 44 "kubernetes.azure.com/agentpool": "default", 45 "kubernetes.azure.com/cluster": "MC_mondoo-operator-tests-wcou_mondoo-operator-tests-wcou_eastus", 46 "kubernetes.azure.com/kubelet-identity-client-id": "c032ffd9-e9c3-4c4b-bece-1cee42d3da09", 47 "kubernetes.azure.com/mode": "system", 48 "kubernetes.azure.com/node-image-version": "AKSUbuntu-1804containerd-2022.08.15", 49 "kubernetes.azure.com/os-sku": "Ubuntu", 50 "kubernetes.azure.com/role": "agent", 51 "kubernetes.azure.com/storageprofile": "managed", 52 "kubernetes.azure.com/storagetier": "Standard_LRS", 53 "kubernetes.io/arch": "amd64", 54 "kubernetes.io/hostname": "aks-default-36939070-vmss000000", 55 "kubernetes.io/os": "linux", 56 "kubernetes.io/role": "agent", 57 "node-role.kubernetes.io/agent": "", 58 "node.kubernetes.io/instance-type": "standard_d2_v2", 59 "storageprofile": "managed", 60 "storagetier": "Standard_LRS", 61 "topology.disk.csi.azure.com/zone": "", 62 "topology.kubernetes.io/region": "eastus", 63 "topology.kubernetes.io/zone": "0", 64 }, 65 }, 66 Spec: corev1.NodeSpec{ 67 ProviderID: "azure:///subscriptions/f1a2873a-6b27-4097-aa7c-3df51f103e96/resourceGroups/mc_mondoo-operator-tests-wcou_mondoo-operator-tests-wcou_eastus/providers/Microsoft.Compute/virtualMachineScaleSets/aks-default-36939070-vmss/virtualMachines/0", 68 PodCIDR: "10.244.0.0/24", 69 PodCIDRs: []string{"10.244.0.0/24"}, 70 }, 71 }, 72 } 73 74 p.EXPECT().Runtime().Return("k8s-cluster") 75 p.EXPECT().Nodes().Return(nodes, nil) 76 77 clusterIdentifier := "//platformid.api.mondoo.app/runtime/k8s/uid/e26043bb-8669-48a2-b684-b1e132198cdc" 78 79 pCfg := &providers.Config{} 80 assets, relInfo, err := ListNodes(p, pCfg, clusterIdentifier) 81 require.NoError(t, err) 82 require.Len(t, assets, 1) 83 require.Equal(t, "Kubernetes Node", assets[0].Platform.Title) 84 require.Equal(t, "k8s-node", assets[0].Platform.Name) 85 require.Equal(t, providers.Kind_KIND_K8S_OBJECT, assets[0].Platform.Kind) 86 require.ElementsMatch(t, []string{"k8s"}, assets[0].Platform.Family) 87 require.Equal(t, []string{"//platformid.api.mondoo.app/runtime/k8s/uid/e26043bb-8669-48a2-b684-b1e132198cdc/nodes/name/aks-default-36939070-vmss000000"}, assets[0].PlatformIds) 88 89 // Adds relationship to host 90 require.Len(t, assets[0].RelatedAssets, 1) 91 require.Equal(t, "aks-default-36939070-vmss000000", assets[0].RelatedAssets[0].Name) 92 require.Equal(t, providers.Kind_KIND_VIRTUAL_MACHINE, assets[0].RelatedAssets[0].Platform.Kind) 93 require.Equal(t, providers.RUNTIME_AZ_COMPUTE, assets[0].RelatedAssets[0].Platform.Runtime) 94 require.Equal(t, "amd64", assets[0].RelatedAssets[0].Platform.Arch) 95 require.Equal(t, []string{"//platformid.api.mondoo.app/runtime/azure/subscriptions/f1a2873a-6b27-4097-aa7c-3df51f103e96/resourceGroups/mc_mondoo-operator-tests-wcou_mondoo-operator-tests-wcou_eastus/providers/Microsoft.Compute/virtualMachineScaleSets/aks-default-36939070-vmss/virtualMachines/0"}, assets[0].RelatedAssets[0].PlatformIds) 96 97 require.NotNil(t, relInfo[0].hostInstanceAsset) 98 require.Equal(t, assets[0].RelatedAssets[0], relInfo[0].hostInstanceAsset) 99 require.NotNil(t, relInfo[0].cloudAccountAsset) 100 require.Equal(t, []string{"//platformid.api.mondoo.app/runtime/azure/subscriptions/f1a2873a-6b27-4097-aa7c-3df51f103e96"}, relInfo[0].cloudAccountAsset.PlatformIds) 101 require.Equal(t, providers.Kind_KIND_API, relInfo[0].cloudAccountAsset.Platform.Kind) 102 require.Equal(t, providers.RUNTIME_AZ, relInfo[0].cloudAccountAsset.Platform.Runtime) 103 } 104 105 func TestListNodesGKE(t *testing.T) { 106 mockCtrl := gomock.NewController(t) 107 defer mockCtrl.Finish() 108 109 p := k8s.NewMockKubernetesProvider(mockCtrl) 110 111 nodes := []corev1.Node{ 112 { 113 TypeMeta: metav1.TypeMeta{ 114 Kind: "Node", 115 APIVersion: "v1", 116 }, 117 ObjectMeta: metav1.ObjectMeta{ 118 Name: "gke-gke-cluster-generic-pool-4dfcd37f-s3d6", 119 UID: "f2cd325c-23eb-465d-8843-9e53665779f0", 120 Annotations: map[string]string{ 121 "container.googleapis.com/instance_id": "8976889368772093420", 122 }, 123 Labels: map[string]string{ 124 "beta.kubernetes.io/arch": "amd64", 125 "beta.kubernetes.io/instance-type": "n1-standard-2", 126 "beta.kubernetes.io/os": "linux", 127 "cloud.google.com/gke-boot-disk": "pd-standard", 128 "cloud.google.com/gke-container-runtime": "docker", 129 "cloud.google.com/gke-netd-ready": "true", 130 "cloud.google.com/gke-nodepool": "generic-pool", 131 "cloud.google.com/gke-os-distribution": "cos", 132 "cloud.google.com/machine-family": "n1", 133 "cluster_name": "gke-cluster", 134 "failure-domain.beta.kubernetes.io/region": "us-central1", 135 "failure-domain.beta.kubernetes.io/zone": "us-central1-b", 136 "iam.gke.io/gke-metadata-server-enabled": "true", 137 "kubernetes.io/arch": "amd64", 138 "kubernetes.io/hostname": "gke-gke-cluster-generic-pool-4dfcd37f-s3d6", 139 "kubernetes.io/os": "linux", 140 "node.kubernetes.io/instance-type": "n1-standard-2", 141 "node.kubernetes.io/masq-agent-ds-ready": "true", 142 "node_pool": "generic-pool", 143 "topology.gke.io/zone": "us-central1-b", 144 "topology.kubernetes.io/region": "us-central1", 145 "topology.kubernetes.io/zone": "us-central1-b", 146 }, 147 }, 148 Spec: corev1.NodeSpec{ 149 ProviderID: "gce://mondoo-test/us-central1-b/gke-gke-cluster-generic-pool-4dfcd37f-s3d6", 150 PodCIDR: "192.168.1.0/24", 151 PodCIDRs: []string{"192.168.1.0/24"}, 152 }, 153 }, 154 } 155 156 p.EXPECT().Runtime().Return("k8s-cluster") 157 p.EXPECT().Nodes().Return(nodes, nil) 158 159 clusterIdentifier := "//platformid.api.mondoo.app/runtime/k8s/uid/e26043bb-8669-48a2-b684-b1e132198cdc" 160 161 pCfg := &providers.Config{} 162 assets, relInfo, err := ListNodes(p, pCfg, clusterIdentifier) 163 require.NoError(t, err) 164 require.Len(t, assets, 1) 165 require.Equal(t, "Kubernetes Node", assets[0].Platform.Title) 166 require.Equal(t, "k8s-node", assets[0].Platform.Name) 167 require.Equal(t, providers.Kind_KIND_K8S_OBJECT, assets[0].Platform.Kind) 168 require.ElementsMatch(t, []string{"k8s"}, assets[0].Platform.Family) 169 require.Equal(t, []string{"//platformid.api.mondoo.app/runtime/k8s/uid/e26043bb-8669-48a2-b684-b1e132198cdc/nodes/name/gke-gke-cluster-generic-pool-4dfcd37f-s3d6"}, assets[0].PlatformIds) 170 171 // Adds relatonship to host 172 require.Len(t, assets[0].RelatedAssets, 1) 173 require.Equal(t, "gke-gke-cluster-generic-pool-4dfcd37f-s3d6", assets[0].RelatedAssets[0].Name) 174 require.Equal(t, providers.Kind_KIND_VIRTUAL_MACHINE, assets[0].RelatedAssets[0].Platform.Kind) 175 require.Equal(t, providers.RUNTIME_GCP_COMPUTE, assets[0].RelatedAssets[0].Platform.Runtime) 176 require.Equal(t, "amd64", assets[0].RelatedAssets[0].Platform.Arch) 177 require.Equal(t, []string{"//platformid.api.mondoo.app/runtime/gcp/compute/v1/projects/mondoo-test/zones/us-central1-b/instances/8976889368772093420"}, assets[0].RelatedAssets[0].PlatformIds) 178 179 require.NotNil(t, relInfo[0].hostInstanceAsset) 180 require.Equal(t, assets[0].RelatedAssets[0], relInfo[0].hostInstanceAsset) 181 require.NotNil(t, relInfo[0].cloudAccountAsset) 182 require.Equal(t, []string{"//platformid.api.mondoo.app/runtime/gcp/projects/mondoo-test"}, relInfo[0].cloudAccountAsset.PlatformIds) 183 require.Equal(t, providers.Kind_KIND_API, relInfo[0].cloudAccountAsset.Platform.Kind) 184 require.Equal(t, providers.RUNTIME_GCP, relInfo[0].cloudAccountAsset.Platform.Runtime) 185 } 186 187 func TestListNodesEKS(t *testing.T) { 188 mockCtrl := gomock.NewController(t) 189 defer mockCtrl.Finish() 190 191 p := k8s.NewMockKubernetesProvider(mockCtrl) 192 193 nodes := []corev1.Node{ 194 { 195 TypeMeta: metav1.TypeMeta{ 196 Kind: "Node", 197 APIVersion: "v1", 198 }, 199 ObjectMeta: metav1.ObjectMeta{ 200 Name: "ip-10-0-5-36.eu-central-1.compute.internal", 201 UID: "c9a5bb24-e77b-46fd-be55-8a247faee098", 202 Annotations: map[string]string{ 203 "alpha.kubernetes.io/provided-node-ip": "10.0.5.36", 204 }, 205 Labels: map[string]string{ 206 "beta.kubernetes.io/arch": "amd64", 207 "beta.kubernetes.io/instance-type": "m5zn.large", 208 "beta.kubernetes.io/os": "linux", 209 "eks.amazonaws.com/capacityType": "SPOT", 210 "eks.amazonaws.com/nodegroup": "eks-managed-nodes-l3il-20220901164719853800000006", 211 "eks.amazonaws.com/nodegroup-image": "ami-01c52a64630ff492f", 212 "eks.amazonaws.com/sourceLaunchTemplateId": "lt-0b3c2c84c209ec814", 213 "eks.amazonaws.com/sourceLaunchTemplateVersion": "1", 214 "failure-domain.beta.kubernetes.io/region": "eu-central-1", 215 "failure-domain.beta.kubernetes.io/zone": "eu-central-1b", 216 "k8s.io/cloud-provider-aws": "10f49535c88faa0a8024328860a01464", 217 "kubernetes.io/arch": "amd64", 218 "kubernetes.io/hostname": "ip-10-0-5-36.eu-central-1.compute.internal", 219 "kubernetes.io/os": "linux", 220 "node.kubernetes.io/instance-type": "m5zn.large", 221 "topology.kubernetes.io/region": "eu-central-1", 222 "topology.kubernetes.io/zone": "eu-central-1b", 223 }, 224 }, 225 Spec: corev1.NodeSpec{ 226 ProviderID: "aws:///eu-central-1b/i-0178150be4c94393d", 227 }, 228 }, 229 } 230 231 p.EXPECT().Runtime().Return("k8s-cluster") 232 p.EXPECT().Nodes().Return(nodes, nil) 233 234 clusterIdentifier := "//platformid.api.mondoo.app/runtime/k8s/uid/e26043bb-8669-48a2-b684-b1e132198cdc" 235 236 pCfg := &providers.Config{} 237 assets, relInfo, err := ListNodes(p, pCfg, clusterIdentifier) 238 require.NoError(t, err) 239 require.Len(t, assets, 1) 240 require.Equal(t, "Kubernetes Node", assets[0].Platform.Title) 241 require.Equal(t, "k8s-node", assets[0].Platform.Name) 242 require.Equal(t, providers.Kind_KIND_K8S_OBJECT, assets[0].Platform.Kind) 243 require.ElementsMatch(t, []string{"k8s"}, assets[0].Platform.Family) 244 require.Equal(t, []string{"//platformid.api.mondoo.app/runtime/k8s/uid/e26043bb-8669-48a2-b684-b1e132198cdc/nodes/name/ip-10-0-5-36.eu-central-1.compute.internal"}, assets[0].PlatformIds) 245 246 require.Len(t, assets[0].RelatedAssets, 0) 247 248 require.Nil(t, relInfo[0].hostInstanceAsset) 249 require.Nil(t, relInfo[0].cloudAccountAsset) 250 } 251 252 func TestListNodesK3S(t *testing.T) { 253 mockCtrl := gomock.NewController(t) 254 defer mockCtrl.Finish() 255 256 p := k8s.NewMockKubernetesProvider(mockCtrl) 257 258 nodes := []corev1.Node{ 259 { 260 TypeMeta: metav1.TypeMeta{ 261 Kind: "Node", 262 APIVersion: "v1", 263 }, 264 ObjectMeta: metav1.ObjectMeta{ 265 Name: "x1", 266 UID: "08677417-062a-4521-af10-901913b575cf", 267 Annotations: map[string]string{ 268 "k3s.io/hostname": "x1", 269 "k3s.io/internal-ip": "192.168.1.87", 270 "k3s.io/node-args": `'["server","--write-kubeconfig-mode","0644"]'`, 271 "k3s.io/node-config-hash": "LUZJBAJBVUEWLANIK5CQFBP3IKZUSSX643EDQVRRLL4O4D6AVNLQ====", 272 "k3s.io/node-env": `'{"K3S_DATA_DIR":"/var/lib/rancher/k3s/data/577968fa3d58539cc4265245941b7be688833e6bf5ad7869fa2afe02f15f1cd2"}'`, 273 "node.alpha.kubernetes.io/ttl": "0", 274 "volumes.kubernetes.io/controller-managed-attach-detach": "true", 275 }, 276 Labels: map[string]string{ 277 "beta.kubernetes.io/arch": "amd64", 278 "beta.kubernetes.io/instance-type": "k3s", 279 "beta.kubernetes.io/os": "linux", 280 "egress.k3s.io/cluster": "true", 281 "kubernetes.io/arch": "amd64", 282 "kubernetes.io/hostname": "x1", 283 "kubernetes.io/os": "linux", 284 "node-role.kubernetes.io/control-plane": "true", 285 "node-role.kubernetes.io/master": "true", 286 "node.kubernetes.io/instance-type": "k3s", 287 }, 288 }, 289 Spec: corev1.NodeSpec{ 290 ProviderID: "k3s://x1", 291 PodCIDR: "10.42.0.0/24", 292 PodCIDRs: []string{"10.42.0.0/24"}, 293 }, 294 }, 295 } 296 297 p.EXPECT().Runtime().Return("k8s-cluster") 298 p.EXPECT().Nodes().Return(nodes, nil) 299 300 clusterIdentifier := "//platformid.api.mondoo.app/runtime/k8s/uid/e26043bb-8669-48a2-b684-b1e132198cdc" 301 302 pCfg := &providers.Config{} 303 assets, relInfo, err := ListNodes(p, pCfg, clusterIdentifier) 304 require.NoError(t, err) 305 require.Len(t, assets, 1) 306 require.Equal(t, "Kubernetes Node", assets[0].Platform.Title) 307 require.Equal(t, "k8s-node", assets[0].Platform.Name) 308 require.Equal(t, providers.Kind_KIND_K8S_OBJECT, assets[0].Platform.Kind) 309 require.ElementsMatch(t, []string{"k8s"}, assets[0].Platform.Family) 310 require.Equal(t, []string{"//platformid.api.mondoo.app/runtime/k8s/uid/e26043bb-8669-48a2-b684-b1e132198cdc/nodes/name/x1"}, assets[0].PlatformIds) 311 312 // Adds relationship to host 313 require.Len(t, assets[0].RelatedAssets, 1) 314 require.Equal(t, "x1", assets[0].RelatedAssets[0].Name) 315 require.Equal(t, providers.Kind_KIND_UNKNOWN, assets[0].RelatedAssets[0].GetPlatform().GetKind()) 316 require.Equal(t, "", assets[0].RelatedAssets[0].GetPlatform().GetRuntime()) 317 require.Equal(t, []string{"//platformid.api.mondoo.app/hostname/x1"}, assets[0].RelatedAssets[0].PlatformIds) 318 319 require.NotNil(t, relInfo[0].hostInstanceAsset) 320 require.Equal(t, assets[0].RelatedAssets[0], relInfo[0].hostInstanceAsset) 321 require.Nil(t, relInfo[0].cloudAccountAsset) 322 }