-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding test for network policy regex #517
base: master
Are you sure you want to change the base?
Adding test for network policy regex #517
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Vincent056 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
2af02ae
to
ad58969
Compare
ad58969
to
e071a5b
Compare
/retest |
Added e2e test for configure-network-policies-namespaces rule, test if whitelist-regex works as expected
e071a5b
to
5e89f7d
Compare
Co-authored-by: Watson Yuuma Sato <[email protected]>
Sorry @Vincent056 we got an error on |
/retest |
@Vincent056 Still the same error:
|
@Vincent056: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
t.Fatal(err) | ||
} | ||
|
||
regextValue := "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: regexValue
regextValue := "" | ||
|
||
for _, ns := range nsList.Items { | ||
if strings.HasPrefix(ns.Name, "openshift-") || strings.HasPrefix(ns.Name, "kube-") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note for reviewers:
We don't need to add these to the regular expression explicitly since we've baked that into the rule.
@@ -1933,6 +1934,169 @@ func TestSuspendScanSettingDoesNotCreateScan(t *testing.T) { | |||
} | |||
} | |||
|
|||
func TestConfigureNetworkPolicy(t *testing.T) { | |||
f := framework.Global | |||
suiteName := "test-configure-network-policy" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: We could use suiteNameCompliant
and suiteNameNonCompliant
to distinguish these and align them closer to their status asserted towards the end of the test.
|
||
regextValue = regextValue + ns.ObjectMeta.Name | ||
|
||
tp := &compv1alpha1.TailoredProfile{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Similar naming comment as above with the suites (could do something like compliantTailoredProfile
or tpCompliant
.
Then on line 2010, something like nonCompliantTailoredProfile
, or tpNonCompliant
.
} | ||
defer f.Client.Delete(context.TODO(), tpNoPass) | ||
|
||
ssb := &compv1alpha1.ScanSettingBinding{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Similar naming comment as above.
} | ||
defer f.Client.Delete(context.TODO(), ssb) | ||
|
||
ssbNoPass := &compv1alpha1.ScanSettingBinding{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Similar naming comment as above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, just minor nits that we can address in a follow up if needed. But it also looks like we need to rebase this anyway, so we can fix them in the next revision, too.
Added e2e test for configure-network-policies-namespaces rule, test if whitelist-regex works as expected.
This works in-conjunction with ComplianceAsCode/content#11952