139 строки
5.2 KiB
PowerShell
139 строки
5.2 KiB
PowerShell
# Copyright (c) Microsoft Corporation.
|
|
# Licensed under the MIT License.
|
|
|
|
#
|
|
# Unit tests for Kubernetes pod rules
|
|
#
|
|
|
|
[CmdletBinding()]
|
|
param ()
|
|
|
|
BeforeAll {
|
|
# Setup error handling
|
|
$ErrorActionPreference = 'Stop';
|
|
Set-StrictMode -Version latest;
|
|
|
|
if ($Env:SYSTEM_DEBUG -eq 'true') {
|
|
$VerbosePreference = 'Continue';
|
|
}
|
|
|
|
# Setup tests paths
|
|
$rootPath = $PWD;
|
|
Import-Module (Join-Path -Path $rootPath -ChildPath out/modules/PSRule.Rules.Kubernetes) -Force;
|
|
$here = (Resolve-Path $PSScriptRoot).Path;
|
|
}
|
|
|
|
Describe 'Kubernetes.Pod' {
|
|
BeforeAll {
|
|
$testParams = @{
|
|
Module = 'PSRule.Rules.Kubernetes'
|
|
Option = Join-Path -Path $here -ChildPath ps-rule.yaml
|
|
InputPath = Join-Path -Path $here -ChildPath Resources.Pod.yaml
|
|
}
|
|
|
|
$result = Invoke-PSRule @testParams -WarningAction Ignore;
|
|
}
|
|
|
|
Context 'Security' {
|
|
It 'Kubernetes.Pod.PrivilegeEscalation' {
|
|
$filteredResult = $result | Where-Object { $_.RuleName -eq 'Kubernetes.Pod.PrivilegeEscalation' };
|
|
|
|
# Fail
|
|
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
|
|
$ruleResult | Should -Not -BeNullOrEmpty;
|
|
$ruleResult.Length | Should -Be 1;
|
|
$ruleResult.TargetName | Should -Be 'deployment/deployment-B';
|
|
|
|
# Pass
|
|
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
|
|
$ruleResult | Should -Not -BeNullOrEmpty;
|
|
$ruleResult.Length | Should -Be 1;
|
|
$ruleResult.TargetName | Should -Be 'deployment/deployment-A';
|
|
}
|
|
|
|
It 'Kubernetes.Pod.Latest' {
|
|
$filteredResult = $result | Where-Object { $_.RuleName -eq 'Kubernetes.Pod.Latest' };
|
|
|
|
# Fail
|
|
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
|
|
$ruleResult | Should -Not -BeNullOrEmpty;
|
|
$ruleResult.Length | Should -Be 1;
|
|
$ruleResult.TargetName | Should -Be 'deployment/deployment-B';
|
|
|
|
# Pass
|
|
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
|
|
$ruleResult | Should -Not -BeNullOrEmpty;
|
|
$ruleResult.Length | Should -Be 1;
|
|
$ruleResult.TargetName | Should -Be 'deployment/deployment-A';
|
|
}
|
|
|
|
It 'Kubernetes.Pod.Secrets' {
|
|
$filteredResult = $result | Where-Object { $_.RuleName -eq 'Kubernetes.Pod.Secrets' };
|
|
|
|
# Fail
|
|
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
|
|
$ruleResult | Should -Not -BeNullOrEmpty;
|
|
$ruleResult.Length | Should -Be 1;
|
|
$ruleResult.TargetName | Should -Be 'deployment/deployment-B';
|
|
|
|
# Pass
|
|
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
|
|
$ruleResult | Should -Not -BeNullOrEmpty;
|
|
$ruleResult.Length | Should -Be 1;
|
|
$ruleResult.TargetName | Should -Be 'deployment/deployment-A';
|
|
}
|
|
}
|
|
|
|
Context 'Resource management' {
|
|
It 'Kubernetes.Pod.Resources' {
|
|
$filteredResult = $result | Where-Object { $_.RuleName -eq 'Kubernetes.Pod.Resources' };
|
|
|
|
# Fail
|
|
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
|
|
$ruleResult | Should -Not -BeNullOrEmpty;
|
|
$ruleResult.Length | Should -Be 1;
|
|
$ruleResult.TargetName | Should -Be 'deployment/deployment-B';
|
|
|
|
# Pass
|
|
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
|
|
$ruleResult | Should -Not -BeNullOrEmpty;
|
|
$ruleResult.Length | Should -Be 1;
|
|
$ruleResult.TargetName | Should -Be 'deployment/deployment-A';
|
|
}
|
|
}
|
|
|
|
Context 'Reliability' {
|
|
It 'Kubernetes.Pod.Health' {
|
|
$filteredResult = $result | Where-Object { $_.RuleName -eq 'Kubernetes.Pod.Health' };
|
|
|
|
# Fail
|
|
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
|
|
$ruleResult | Should -Not -BeNullOrEmpty;
|
|
$ruleResult.Length | Should -Be 1;
|
|
$ruleResult.TargetName | Should -Be 'deployment/deployment-B';
|
|
|
|
# Pass
|
|
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
|
|
$ruleResult | Should -Not -BeNullOrEmpty;
|
|
$ruleResult.Length | Should -Be 1;
|
|
$ruleResult.TargetName | Should -Be 'deployment/deployment-A';
|
|
}
|
|
|
|
It 'Kubernetes.Pod.Replicas' {
|
|
$filteredResult = $result | Where-Object { $_.RuleName -eq 'Kubernetes.Pod.Replicas' };
|
|
|
|
# Fail
|
|
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' });
|
|
$ruleResult | Should -Not -BeNullOrEmpty;
|
|
$ruleResult.Length | Should -Be 1;
|
|
$ruleResult.TargetName | Should -Be 'deployment/deployment-B';
|
|
|
|
# Pass
|
|
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });
|
|
$ruleResult | Should -Not -BeNullOrEmpty;
|
|
$ruleResult.Length | Should -Be 1;
|
|
$ruleResult.TargetName | Should -Be 'deployment/deployment-A';
|
|
}
|
|
}
|
|
}
|