From 46e28a3260090291fc897bcc34811a00a4f52e9a Mon Sep 17 00:00:00 2001 From: mehul Date: Sun, 5 Jan 2025 16:52:41 +0000 Subject: [PATCH 1/6] checking if the CI works Signed-off-by: mehul --- tests/k8s_env/blockposture/block_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/k8s_env/blockposture/block_test.go b/tests/k8s_env/blockposture/block_test.go index 5e3bc6b1ff..240e176301 100644 --- a/tests/k8s_env/blockposture/block_test.go +++ b/tests/k8s_env/blockposture/block_test.go @@ -74,10 +74,10 @@ var _ = Describe("Posture", func() { MatchRegexp("curl.*Could not resolve host: google.com"), true, ) - out, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "curl 142.250.193.46"}) - Expect(err).To(BeNil()) - fmt.Printf("---START---\n%s---END---\n", out) - Expect(out).To(MatchRegexp("((?:.*\r?\n?)*)")) + AssertCommand( + wp, "wordpress-mysql", []string{"bash", "-c", "curl 142.250.193.46"}, + MatchRegexp("((?:.*\\r?\\n?)*)"), true, + ) // check policy violation alert _, alerts, err := KarmorGetLogs(5*time.Second, 1) Expect(err).To(BeNil()) From 1f08d3e3b39220fd4cf8e462e9ab6401af5104fe Mon Sep 17 00:00:00 2001 From: mehul Date: Sun, 5 Jan 2025 18:53:36 +0000 Subject: [PATCH 2/6] testing on ci Signed-off-by: mehul --- tests/k8s_env/blockposture/block_test.go | 16 ++-- tests/k8s_env/ksp/ksp_test.go | 108 +++++++++++------------ tests/k8s_env/smoke/smoke_test.go | 100 +++++++-------------- 3 files changed, 90 insertions(+), 134 deletions(-) diff --git a/tests/k8s_env/blockposture/block_test.go b/tests/k8s_env/blockposture/block_test.go index 240e176301..1dc15eb81a 100644 --- a/tests/k8s_env/blockposture/block_test.go +++ b/tests/k8s_env/blockposture/block_test.go @@ -101,16 +101,16 @@ var _ = Describe("Posture", func() { Expect(err).To(BeNil()) //curl needs UDP for DNS resolution - sout, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "cat wp-config.php"}) - Expect(err).To(BeNil()) - fmt.Printf("---START---\n%s---END---\n", sout) - Expect(sout).To(MatchRegexp("cat.*Permission denied")) + AssertCommand( + wp, "wordpress-mysql", []string{"bash", "-c", "cat wp-config.php"}, + MatchRegexp("cat.*Permission denied"), true, + ) //test that tcp is whitelisted - out, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "cat readme.html"}) - Expect(err).To(BeNil()) - fmt.Printf("---START---\n%s---END---\n", out) - Expect(out).To(MatchRegexp("((?:.*\r?\n?)*)")) + AssertCommand( + wp, "wordpress-mysql", []string{"bash", "-c", "cat readme.html"}, + MatchRegexp("((?:.*\r?\n?)*)"), true, + ) // check policy violation alert _, alerts, err := KarmorGetLogs(5*time.Second, 1) Expect(err).To(BeNil()) diff --git a/tests/k8s_env/ksp/ksp_test.go b/tests/k8s_env/ksp/ksp_test.go index a172fcdfd2..630c1ae26e 100644 --- a/tests/k8s_env/ksp/ksp_test.go +++ b/tests/k8s_env/ksp/ksp_test.go @@ -84,9 +84,10 @@ var _ = Describe("Ksp", func() { err = KarmorLogStart("all", "nginx", "", pods.Items[0].Name) Expect(err).To(BeNil()) - sout, _, err := K8sExecInPod(pods.Items[0].Name, "nginx", []string{"ls"}) - Expect(err).To(BeNil()) - fmt.Printf("---START---\n%s---END---\n", sout) + AssertCommand( + pods.Items[0].Name, "nginx", []string{"ls"}, + MatchRegexp(".*"), true, + ) // check audit logs logs, _, err := KarmorGetLogs(5*time.Second, 50) @@ -110,11 +111,10 @@ var _ = Describe("Ksp", func() { err = KarmorLogStart("policy", "multiubuntu", "Network", ub1) Expect(err).To(BeNil()) - sout, _, err := K8sExecInPod(ub1, "multiubuntu", - []string{"bash", "-c", "ping -c 1 127.0.0.1"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(MatchRegexp("PING.*127.0.0.1")) + AssertCommand( + ub1, "multiubuntu", []string{"bash", "-c", "ping -c 1 127.0.0.1"}, + MatchRegexp("PING.*127.0.0.1"), true, + ) expect := protobuf.Alert{ PolicyName: "ksp-ubuntu-1-audit-net-icmp", @@ -220,11 +220,10 @@ var _ = Describe("Ksp", func() { err = KarmorLogStart("policy", "multiubuntu", "Network", ub1) Expect(err).To(BeNil()) - sout, _, err := K8sExecInPod(ub1, "multiubuntu", - []string{"bash", "-c", "arping -c 1 127.0.0.1"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(MatchRegexp("ARPING 127.0.0.1")) + AssertCommand( + ub1, "multiubuntu", []string{"bash", "-c", "arping -c 1 127.0.0.1"}, + MatchRegexp("ARPING 127.0.0.1"), true, + ) expect := protobuf.Alert{ PolicyName: "ksp-ubuntu-1-audit-net-raw", @@ -422,10 +421,10 @@ var _ = Describe("Ksp", func() { err = KarmorLogStart("policy", "multiubuntu", "Process", ub4) Expect(err).To(BeNil()) - sout, _, err := K8sExecInPod(ub4, "multiubuntu", - []string{"bash", "-c", "sleep 1"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) + AssertCommand( + ub4, "multiubuntu", []string{"bash", "-c", "sleep 1"}, + BeEmpty(), true, + ) expect := protobuf.Alert{ PolicyName: "ksp-group-2-audit-proc-path", @@ -629,11 +628,10 @@ var _ = Describe("Ksp", func() { AssertCommand(ub3, "multiubuntu", []string{"bash", "-c", "/home/user1/hello"}, MatchRegexp("hello.*Permission denied"), true, ) - sout, _, err := K8sExecInPod(ub3, "multiubuntu", - []string{"bash", "-c", "/home/user1/hello"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(MatchRegexp("hello.*Permission denied")) + AssertCommand( + ub3, "multiubuntu", []string{"bash", "-c", "/home/user1/hello"}, + MatchRegexp("hello.*Permission denied"), true, + ) expect := protobuf.Alert{ PolicyName: "ksp-ubuntu-3-block-proc-path-owner", @@ -934,10 +932,10 @@ var _ = Describe("Ksp", func() { err = KarmorLogStart("policy", "multiubuntu", "File", ub1) Expect(err).To(BeNil()) - sout, _, err := K8sExecInPod(ub1, "multiubuntu", - []string{"bash", "-c", "touch /home/user1/new1"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) + AssertCommand( + ub1, "multiubuntu", []string{"bash", "-c", "touch /home/user1/new1"}, + BeEmpty(), true, + ) expect := protobuf.Alert{ PolicyName: "ksp-ubuntu-1-audit-file-access-owner-readonly", @@ -1514,10 +1512,10 @@ var _ = Describe("Ksp", func() { err = KarmorLogStart("system", "multiubuntu", "File", ub4) Expect(err).To(BeNil()) - sout, _, err := K8sExecInPod(ub4, "multiubuntu", - []string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) + AssertCommand( + ub4, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"}, + BeEmpty(), true, + ) // Expect(sout).To(ContainSubstring("secret file user1")) expectLog := protobuf.Log{ @@ -1631,10 +1629,10 @@ var _ = Describe("Ksp", func() { // Test 3: write operation on the file by the owner should also be allowed // No need for AssertCommand here since there is nothing to match - sout, _, err := K8sExecInPod(ub3, "multiubuntu", - []string{"bash", "-c", "su - user1 -c 'echo user1 >> /home/user1/secret_data1.txt'"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) + AssertCommand( + ub3, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'echo user1 >> /home/user1/secret_data1.txt'"}, + BeEmpty(), true, + ) }) @@ -1693,11 +1691,10 @@ var _ = Describe("Ksp", func() { err = KarmorLogStart("system", "multiubuntu", "File", ub4) Expect(err).To(BeNil()) - sout, _, err := K8sExecInPod(ub4, "multiubuntu", - []string{"bash", "-c", "./readwrite -r /secret.txt"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(ContainSubstring("s")) + AssertCommand( + ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -r /secret.txt"}, + ContainSubstring("s"), true, + ) expectLog = protobuf.Log{ Resource: "secret.txt", @@ -1731,10 +1728,10 @@ var _ = Describe("Ksp", func() { err = KarmorLogStart("policy", "multiubuntu", "File", ub4) Expect(err).To(BeNil()) - sout, _, err := K8sExecInPod(ub4, "multiubuntu", - []string{"bash", "-c", "./readwrite -w /credentials/password"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) + AssertCommand( + ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -r /secret.txt"}, + BeEmpty(), true, + ) expect := protobuf.Alert{ PolicyName: "DefaultPosture", @@ -1750,10 +1747,10 @@ var _ = Describe("Ksp", func() { // Test 3: reading some other file should be denied as not allowed by the policy - sout, _, err = K8sExecInPod(ub4, "multiubuntu", - []string{"bash", "-c", "./readwrite -r /secret.txt"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) + AssertCommand( + ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -r /secret.txt"}, + BeEmpty(), true, + ) expect = protobuf.Alert{ PolicyName: "DefaultPosture", @@ -1832,10 +1829,10 @@ var _ = Describe("Ksp", func() { err = KarmorLogStart("policy", "multiubuntu", "File", ub4) Expect(err).To(BeNil()) - sout, _, err := K8sExecInPod(ub4, "multiubuntu", - []string{"bash", "-c", "touch /dev/shm/new"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) + AssertCommand( + ub4, "multiubuntu", []string{"bash", "-c", "touch /dev/shm/new"}, + BeEmpty(), true, + ) expect := protobuf.Alert{ PolicyName: "ksp-ubuntu-4-audit-file-path-readonly", @@ -2008,11 +2005,10 @@ var _ = Describe("Ksp", func() { err = KarmorLogStart("system", "multiubuntu", "File", ub4) Expect(err).To(BeNil()) - sout, _, err := K8sExecInPod(ub4, "multiubuntu", - []string{"bash", "-c", "cat /credentials/password"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(ContainSubstring("password file")) + AssertCommand( + ub4, "multiubuntu", []string{"bash", "-c", "cat /credentials/password"}, + ContainSubstring("password file"), true, + ) }) }) diff --git a/tests/k8s_env/smoke/smoke_test.go b/tests/k8s_env/smoke/smoke_test.go index f0f3b1a303..34f406de41 100644 --- a/tests/k8s_env/smoke/smoke_test.go +++ b/tests/k8s_env/smoke/smoke_test.go @@ -68,10 +68,8 @@ var _ = Describe("Smoke", func() { // wait for policy creation time.Sleep(5 * time.Second) - sout, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "apt"}) - Expect(err).To(BeNil()) - fmt.Printf("---START---\n%s---END---\n", sout) - Expect(sout).To(MatchRegexp("apt.*Permission denied")) + AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "apt"}, MatchRegexp("apt.*Permission denied"), true) + // check policy violation alert expect := protobuf.Alert{ @@ -97,11 +95,8 @@ var _ = Describe("Smoke", func() { // wait for policy creation time.Sleep(5 * time.Second) - sout, _, err := K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "cat /var/www/html/wp-config.php"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(MatchRegexp("wp-config.php.*Permission denied")) + AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "cat /var/www/html/wp-config.php"}, MatchRegexp("wp-config.php.*Permission denied"), true) + // check policy violation alert expect := protobuf.Alert{ @@ -127,11 +122,7 @@ var _ = Describe("Smoke", func() { // wait for policy creation time.Sleep(5 * time.Second) - sout, _, err := K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "cat wp-config.php"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(MatchRegexp("wp-config.php.*Permission denied")) + AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "cat wp-config.php"}, MatchRegexp("wp-config.php.*Permission denied"), true) // check policy violation alert expect := protobuf.Alert{ @@ -156,11 +147,8 @@ var _ = Describe("Smoke", func() { // wait for policy creation time.Sleep(5 * time.Second) - sout, _, err := K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "cat /run/secrets/kubernetes.io/serviceaccount/token"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(MatchRegexp("token.*Permission denied")) + AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "cat /run/secrets/kubernetes.io/serviceaccount/token"}, MatchRegexp("token.*Permission denied"), true) + // check policy violation alert expect := protobuf.Alert{ @@ -185,11 +173,7 @@ var _ = Describe("Smoke", func() { time.Sleep(5 * time.Second) // trigger policy violation alert - sout, _, err := K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "head /run/secrets/kubernetes.io/serviceaccount/token"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(MatchRegexp("token.*Permission denied")) + AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "head /run/secrets/kubernetes.io/serviceaccount/token"}, MatchRegexp("token.*Permission denied"), true) // check policy violation alert expect := protobuf.Alert{ @@ -202,20 +186,11 @@ var _ = Describe("Smoke", func() { Expect(res.Found).To(BeTrue()) // trigger normal operations permitted by policy - sout, _, err = K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "cat /run/secrets/kubernetes.io/serviceaccount/token"}) - Expect(err).To(BeNil()) - Expect(sout).To(Not(ContainSubstring("Permission denied"))) + AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "cat /run/secrets/kubernetes.io/serviceaccount/token"}, Not(MatchRegexp("Permission denied")), true) - sout, _, err = K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "cat /etc/passwd"}) - Expect(err).To(BeNil()) - Expect(sout).To(Not(ContainSubstring("Permission denied"))) - - sout, _, err = K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "head /etc/passwd"}) - Expect(err).To(BeNil()) - Expect(sout).To(Not(ContainSubstring("Permission denied"))) + AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "cat /etc/passwd"}, Not(MatchRegexp("Permission denied")), true) + + AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "head /etc/passwd"}, Not(MatchRegexp("Permission denied")), true) // check for no policy violation alert expect = protobuf.Alert{ @@ -241,10 +216,7 @@ var _ = Describe("Smoke", func() { time.Sleep(5 * time.Second) fname := fmt.Sprintf("/var/lib/mysql/%s", RandString(12)) - sout, _, err := K8sExecInPod(sql, "wordpress-mysql", - []string{"bash", "-c", fmt.Sprintf("touch %s", fname)}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) + AssertCommand(sql, "wordpress-mysql", []string{"bash", "-c", fmt.Sprintf("touch %s", fname)}, MatchRegexp(""), true) // check policy violation alert expect := protobuf.Alert{ @@ -255,9 +227,8 @@ var _ = Describe("Smoke", func() { Expect(err).To(BeNil()) Expect(res.Found).To(BeTrue()) - _, _, err = K8sExecInPod(sql, "wordpress-mysql", - []string{"bash", "-c", fmt.Sprintf("rm %s", fname)}) - Expect(err).To(BeNil()) + AssertCommand(sql, "wordpress-mysql", []string{"bash", "-c", fmt.Sprintf("rm %s", fname)}, BeNil(), true) + }) It("can enforce multiple rules targeting same pod", func() { @@ -270,17 +241,10 @@ var _ = Describe("Smoke", func() { Expect(err).To(BeNil()) // trigger policy violation alert - sout, _, err := K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "cat /etc/passwd"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(MatchRegexp("/etc/passwd.*Permission denied")) + AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "cat /etc/passwd"}, MatchRegexp("/etc/passwd.*Permission denied"), true) + + AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "cat /etc/shadow"}, MatchRegexp("/etc/shadow.*Permission denied"), true) - sout, _, err = K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "cat /etc/shadow"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(MatchRegexp("/etc/shadow.*Permission denied")) }) It("can block write access and only allow read access to mounted files", func() { @@ -295,11 +259,10 @@ var _ = Describe("Smoke", func() { // wait for policy creation time.Sleep(5 * time.Second) - sout, _, err := K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "touch /dev/shm/new"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(ContainSubstring("Permission denied")) + AssertCommand( + wp, "wordpress-mysql", []string{"bash", "-c", "touch /dev/shm/new"}, + MatchRegexp("Permission denied"), true, + ) // check policy violation alert expect := protobuf.Alert{ @@ -324,12 +287,10 @@ var _ = Describe("Smoke", func() { // wait for policy creation time.Sleep(5 * time.Second) - sout, _, err := K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "curl 142.250.193.46"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - // tcp action - Expect(sout).To(ContainSubstring("http://www.google.com/")) + AssertCommand( + wp, "wordpress-mysql", []string{"bash", "-c", "curl 142.250.193.46"}, + MatchRegexp("http://www.google.com/"), true, + ) // check alert _, alerts, err := KarmorGetLogs(5*time.Second, 1) @@ -338,11 +299,10 @@ var _ = Describe("Smoke", func() { Expect(len(alerts)).To(Equal(0)) // tcp + udp + raw action - sout, _, err = K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "curl google.com"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(ContainSubstring("http://www.google.com/")) + AssertCommand( + wp, "wordpress-mysql", []string{"bash", "-c", "curl google.com"}, + MatchRegexp("http://www.google.com/"), true, + ) // check alert expect := protobuf.Alert{ From 4597f9d20649c0563ac3dbc3e32dcb7bb5aa6ab5 Mon Sep 17 00:00:00 2001 From: mehul Date: Sun, 5 Jan 2025 20:04:52 +0000 Subject: [PATCH 3/6] fixing ci Signed-off-by: mehul --- tests/k8s_env/ksp/ksp_test.go | 14 +++++++------- tests/k8s_env/smoke/smoke_test.go | 4 ++-- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/k8s_env/ksp/ksp_test.go b/tests/k8s_env/ksp/ksp_test.go index 630c1ae26e..f018a5ed42 100644 --- a/tests/k8s_env/ksp/ksp_test.go +++ b/tests/k8s_env/ksp/ksp_test.go @@ -423,7 +423,7 @@ var _ = Describe("Ksp", func() { AssertCommand( ub4, "multiubuntu", []string{"bash", "-c", "sleep 1"}, - BeEmpty(), true, + MatchRegexp(".*"), true, ) expect := protobuf.Alert{ @@ -934,7 +934,7 @@ var _ = Describe("Ksp", func() { AssertCommand( ub1, "multiubuntu", []string{"bash", "-c", "touch /home/user1/new1"}, - BeEmpty(), true, + MatchRegexp(".*"), true, ) expect := protobuf.Alert{ @@ -1514,7 +1514,7 @@ var _ = Describe("Ksp", func() { AssertCommand( ub4, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'cat /home/user1/secret_data1.txt'"}, - BeEmpty(), true, + MatchRegexp(".*"), true, ) // Expect(sout).To(ContainSubstring("secret file user1")) @@ -1631,7 +1631,7 @@ var _ = Describe("Ksp", func() { // No need for AssertCommand here since there is nothing to match AssertCommand( ub3, "multiubuntu", []string{"bash", "-c", "su - user1 -c 'echo user1 >> /home/user1/secret_data1.txt'"}, - BeEmpty(), true, + MatchRegexp(".*"), true, ) }) @@ -1730,7 +1730,7 @@ var _ = Describe("Ksp", func() { AssertCommand( ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -r /secret.txt"}, - BeEmpty(), true, + MatchRegexp(".*"), true, ) expect := protobuf.Alert{ @@ -1749,7 +1749,7 @@ var _ = Describe("Ksp", func() { AssertCommand( ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -r /secret.txt"}, - BeEmpty(), true, + MatchRegexp(".*"), true, ) expect = protobuf.Alert{ @@ -1831,7 +1831,7 @@ var _ = Describe("Ksp", func() { AssertCommand( ub4, "multiubuntu", []string{"bash", "-c", "touch /dev/shm/new"}, - BeEmpty(), true, + MatchRegexp(".*"), true, ) expect := protobuf.Alert{ diff --git a/tests/k8s_env/smoke/smoke_test.go b/tests/k8s_env/smoke/smoke_test.go index 34f406de41..0c25276574 100644 --- a/tests/k8s_env/smoke/smoke_test.go +++ b/tests/k8s_env/smoke/smoke_test.go @@ -216,7 +216,7 @@ var _ = Describe("Smoke", func() { time.Sleep(5 * time.Second) fname := fmt.Sprintf("/var/lib/mysql/%s", RandString(12)) - AssertCommand(sql, "wordpress-mysql", []string{"bash", "-c", fmt.Sprintf("touch %s", fname)}, MatchRegexp(""), true) + AssertCommand(sql, "wordpress-mysql", []string{"bash", "-c", fmt.Sprintf("touch %s", fname)}, MatchRegexp(".*"), true) // check policy violation alert expect := protobuf.Alert{ @@ -227,7 +227,7 @@ var _ = Describe("Smoke", func() { Expect(err).To(BeNil()) Expect(res.Found).To(BeTrue()) - AssertCommand(sql, "wordpress-mysql", []string{"bash", "-c", fmt.Sprintf("rm %s", fname)}, BeNil(), true) + AssertCommand(sql, "wordpress-mysql", []string{"bash", "-c", fmt.Sprintf("rm %s", fname)}, MatchRegexp(".*"), true) }) From c3dcb80856a32cbf7efd05b10ea9540774d9072e Mon Sep 17 00:00:00 2001 From: mehul Date: Mon, 6 Jan 2025 02:20:51 +0530 Subject: [PATCH 4/6] fixed ci Signed-off-by: mehul --- tests/k8s_env/ksp/ksp_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/k8s_env/ksp/ksp_test.go b/tests/k8s_env/ksp/ksp_test.go index f018a5ed42..7a46554392 100644 --- a/tests/k8s_env/ksp/ksp_test.go +++ b/tests/k8s_env/ksp/ksp_test.go @@ -1729,7 +1729,7 @@ var _ = Describe("Ksp", func() { Expect(err).To(BeNil()) AssertCommand( - ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -r /secret.txt"}, + ub4, "multiubuntu", []string{"bash", "-c", "./readwrite -w /credentials/password"}, MatchRegexp(".*"), true, ) From 36a140a67990bebdc1a40ada4e5e22dcd9bed423 Mon Sep 17 00:00:00 2001 From: mehul Date: Mon, 6 Jan 2025 03:12:50 +0530 Subject: [PATCH 5/6] updated test Signed-off-by: mehul --- tests/k8s_env/syscalls/syscalls_test.go | 158 ++++++++------------ tests/k8s_env/throttling/throttling_test.go | 20 +-- tests/k8s_env/visibility/visibility_test.go | 14 +- 3 files changed, 81 insertions(+), 111 deletions(-) diff --git a/tests/k8s_env/syscalls/syscalls_test.go b/tests/k8s_env/syscalls/syscalls_test.go index 0a94c691d9..82228e1bbb 100644 --- a/tests/k8s_env/syscalls/syscalls_test.go +++ b/tests/k8s_env/syscalls/syscalls_test.go @@ -58,10 +58,8 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /dummy"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}, MatchRegexp(".*"), true) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /dummy"}, MatchRegexp(".*"), true) // check policy alert expect := protobuf.Alert{ @@ -86,13 +84,9 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /bin/unlink"}) - Expect(err).To(BeNil()) - - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "/bin/unlink /dummy"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /bin/unlink"}, MatchRegexp(".*"), true) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}, MatchRegexp(".*"), true) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "/bin/unlink /dummy"}, MatchRegexp(".*"), true) // check policy alert expect := protobuf.Alert{ @@ -117,16 +111,13 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "mkdir -p /foo/bar"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "mkdir -p /foo/bar"}, MatchRegexp(".*"), true) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /foo/bar/unlink"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /foo/bar/unlink"}, MatchRegexp(".*"), true) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "/foo/bar/unlink /dummy"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}, MatchRegexp(".*"), true) + + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "/foo/bar/unlink /dummy"}, MatchRegexp(".*"), true) // check policy alert expect := protobuf.Alert{ @@ -151,13 +142,11 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /unlink"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /unlink"}, MatchRegexp(".*"), true) + + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}, MatchRegexp(".*"), true) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "/unlink /dummy"}, MatchRegexp(".*"), true) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "/unlink /dummy"}) - Expect(err).To(BeNil()) // check policy alert expect := protobuf.Alert{ @@ -185,10 +174,9 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), true) + // check policy alert expect := protobuf.Alert{ @@ -213,10 +201,8 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /dummy"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /dummy"}, MatchRegexp(".*"), true) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /dummy"}, MatchRegexp(".*"), true) // check policy alert expect := protobuf.Alert{ @@ -237,17 +223,14 @@ var _ = Describe("Syscalls", func() { err := K8sApply([]string{"manifests/matchpaths/unlink-dir-recursive-fromsource-path.yaml"}) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /bin/unlink"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /bin/unlink"}, MatchRegexp(".*"), true) // Start Kubearmor Logs err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "/bin/unlink /home/dummy"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "/bin/unlink /home/dummy"}, MatchRegexp(".*"), true) // check policy alert expect := protobuf.Alert{ @@ -272,10 +255,9 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), true) + // check policy alert expect := protobuf.Alert{ @@ -296,17 +278,14 @@ var _ = Describe("Syscalls", func() { err := K8sApply([]string{"manifests/matchpaths/unlink-dir-recursive-fromsource-dir.yaml"}) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /bin/unlink"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "cp /usr/bin/unlink /bin/unlink"}, MatchRegexp(".*"), true) // Start Kubearmor Logs err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "/bin/unlink /home/dummy"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "/bin/unlink /home/dummy"}, MatchRegexp(".*"), true) // check policy alert expect := protobuf.Alert{ @@ -334,10 +313,9 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), true) + // check policy alert expect := protobuf.Alert{ @@ -363,10 +341,9 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), true) + // check policy alert expect := protobuf.Alert{ @@ -392,10 +369,10 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}) - Expect(err).To(BeNil()) + + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), true) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), true) + // check policy alert expect := protobuf.Alert{ @@ -421,10 +398,9 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), false) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), false) + // check policy alert expect := protobuf.Alert{ @@ -452,10 +428,9 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), false) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), false) + // check policy alert expect := protobuf.Alert{ @@ -481,10 +456,10 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}) - Expect(err).To(BeNil()) + + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), false) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), false) + // check policy alert expect := protobuf.Alert{ @@ -510,10 +485,9 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}) - Expect(err).To(BeNil()) + + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), false) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), false) // check policy alert expect := protobuf.Alert{ @@ -539,10 +513,8 @@ var _ = Describe("Syscalls", func() { err = KarmorLogStart("policy", "syscalls", "Syscall", ubuntu) Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}) - Expect(err).To(BeNil()) - _, _, err = K8sExecInPod(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}) - Expect(err).To(BeNil()) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "touch /home/dummy"}, MatchRegexp(".*"), false) + AssertCommand(ubuntu, "syscalls", []string{"bash", "-c", "unlink /home/dummy"}, MatchRegexp(".*"), false) // check policy alert expect := protobuf.Alert{ @@ -567,13 +539,15 @@ var _ = Describe("Syscalls", func() { Expect(err).To(BeNil()) // execute mount inside the pod - sout, _, err := K8sExecInPod(ubuntu, "syscalls", - []string{"bash", "-c", "mkdir /mnt/test"}) - Expect(err).To(BeNil()) - sout, _, err = K8sExecInPod(ubuntu, "syscalls", - []string{"bash", "-c", "mount /home /mnt/test"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) + AssertCommand( + ubuntu, "syscalls", []string{"bash", "-c", "mkdir /mnt/test"}, + MatchRegexp(".*"), true, + ) + + AssertCommand( + ubuntu, "syscalls", []string{"bash", "-c", "mount /home /mnt/test"}, + MatchRegexp(".*"), true, + ) expect := protobuf.Alert{ PolicyName: "DefaultPosture", @@ -596,10 +570,10 @@ var _ = Describe("Syscalls", func() { Expect(err).To(BeNil()) // execute umount inside the pod - sout, _, err := K8sExecInPod(ubuntu, "syscalls", - []string{"bash", "-c", "umount /mnt"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) + AssertCommand( + ubuntu, "syscalls", []string{"bash", "-c", "umount /mnt"}, + MatchRegexp(".*"), true, + ) expect := protobuf.Alert{ PolicyName: "DefaultPosture", diff --git a/tests/k8s_env/throttling/throttling_test.go b/tests/k8s_env/throttling/throttling_test.go index bfacaa17d1..7459b1815d 100644 --- a/tests/k8s_env/throttling/throttling_test.go +++ b/tests/k8s_env/throttling/throttling_test.go @@ -74,11 +74,11 @@ var _ = Describe("Smoke", func() { // wait for policy creation time.Sleep(5 * time.Second) - sout, _, err := K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "count=0; while [ $count -lt 5 ]; do apt; count=$((count + 1)); done;"}) - Expect(err).To(BeNil()) - fmt.Printf("OUTPUT: %s\n", sout) - Expect(sout).To(MatchRegexp("apt.*Permission denied")) + AssertCommand( + wp, "wordpress-mysql", + []string{"bash", "-c", "count=0; while [ $count -lt 5 ]; do apt; count=$((count + 1)); done;"}, + MatchRegexp("apt.*Permission denied"), true, + ) // check policy violation alert _, alerts, err := KarmorGetLogs(5*time.Second, 1) @@ -93,11 +93,11 @@ var _ = Describe("Smoke", func() { Expect(err).To(BeNil()) // check for throttling, alerts should not be genrated - sout, _, err = K8sExecInPod(wp, "wordpress-mysql", - []string{"bash", "-c", "apt update"}) - Expect(err).To(BeNil()) - fmt.Printf("---START---\n%s---END---\n", sout) - Expect(sout).To(MatchRegexp("apt.*Permission denied")) + AssertCommand( + wp, "wordpress-mysql", + []string{"bash", "-c", "apt update"}, + MatchRegexp("apt.*Permission denied"), true, + ) _, alerts, err = KarmorGetLogs(5*time.Second, 1) Expect(err).To(BeNil()) diff --git a/tests/k8s_env/visibility/visibility_test.go b/tests/k8s_env/visibility/visibility_test.go index b26ebac49c..4ae2ce7e28 100644 --- a/tests/k8s_env/visibility/visibility_test.go +++ b/tests/k8s_env/visibility/visibility_test.go @@ -60,9 +60,8 @@ var _ = Describe("Visibility", func() { err = KarmorLogStart("all", "wordpress-mysql", "", wp) Expect(err).To(BeNil()) - sout, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "ping google.com -c1"}) - Expect(err).To(BeNil()) - fmt.Printf("---START---\n%s---END---\n", sout) + AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "ping google.com -c1"}, MatchRegexp(".*"), true) + // check audit logs logs, _, err := KarmorGetLogs(5*time.Second, 50) @@ -89,9 +88,8 @@ var _ = Describe("Visibility", func() { err = KarmorLogStart("all", "wordpress-mysql", "", wp) Expect(err).To(BeNil()) - sout, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "ping google.com -c1"}) - Expect(err).To(BeNil()) - fmt.Printf("---START---\n%s---END---\n", sout) + AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "ping google.com -c1"}, MatchRegexp(".*"), true) + // check audit logs logs, _, err := KarmorGetLogs(5*time.Second, 50) @@ -115,9 +113,7 @@ var _ = Describe("Visibility", func() { err = KarmorLogStart("all", "wordpress-mysql", "", wp) Expect(err).To(BeNil()) - sout, _, err := K8sExecInPod(wp, "wordpress-mysql", []string{"bash", "-c", "ping google.com -c1"}) - Expect(err).To(BeNil()) - fmt.Printf("---START---\n%s---END---\n", sout) + AssertCommand(wp, "wordpress-mysql", []string{"bash", "-c", "ping google.com -c1"}, MatchRegexp(".*"), true) // check audit logs logs, _, err := KarmorGetLogs(5*time.Second, 50) From c82f3959c2c5f9f87e74ce176fae2060e0e3dd2c Mon Sep 17 00:00:00 2001 From: hellspwan679 Date: Sat, 18 Jan 2025 17:22:46 +0530 Subject: [PATCH 6/6] mirror import fix Signed-off-by: hellspwan679 --- tests/k8s_env/syscalls/syscalls_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/k8s_env/syscalls/syscalls_test.go b/tests/k8s_env/syscalls/syscalls_test.go index 82228e1bbb..ed0d23f7f0 100644 --- a/tests/k8s_env/syscalls/syscalls_test.go +++ b/tests/k8s_env/syscalls/syscalls_test.go @@ -4,7 +4,7 @@ package syscalls import ( - "fmt" + "time" "github.com/kubearmor/KubeArmor/protobuf"