Add simple tests for yamlprobe #1479
Conversation
| <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:1"> | ||
| <ind-def:path>/tmp</ind-def:path> | ||
| <ind-def:filename>openshift-logging.yaml</ind-def:filename> | ||
| <ind-def:yamlpath>/kind</ind-def:yamlpath> |
There was a problem hiding this comment.
Current YAML Path definition is here: https://github.com/evgenyz/libyaml-yamlpath-filter/wiki/YAML-Path-(OVAL-subset). It became even smaller; for now there are only keys, indexes and slices (for lists, not for maps). And only dot notation (to be more compatible with JSONPath).
You can get the idea of what it is capable of right now here: https://github.com/evgenyz/libyaml-yamlpath-filter/blob/afb1fec90a5eb3974d1115bab1d1bfff4956b91a/test-paths.c#L170.
There was a problem hiding this comment.
for now there are only keys, indexes and slices (for lists, not for maps).
I'm not sure if array slicing will be that useful. Can we be sure of the order of the items in a list?
So hash key searching is not supported? 😢
I think key searching will be the most useful feature.
There was a problem hiding this comment.
There is a case already for slices (which could be used as any filter for sequences), in the example we have we are looking for at least one record of certain type. The path is .spec.pipelines[:].inputSource and result would be ['logs.app', 'logs.infra', 'logs.audit']. We are after logs.audit.
There was a problem hiding this comment.
Key searching is another thing. You can address anything by an exact key. But there is no fuzzy key search of any kind right now. Until we prove it to be useful. I try to keep it as dumb as possible to actually have all the logic in OVAL territory.
There was a problem hiding this comment.
Can we be sure of the order of the items in a list?
Yes, it'd be the same as in the document.
There was a problem hiding this comment.
Lets just stick to what we have right now, and evolve with the content, should the need arise.
I understand, we need to start writing content as soon as possible then, to collect use cases, even when the probe is not ready.
But I want to be sure that workaround is ugly enough or impossible before starting to deal with all the problems related to [XXX=YYY].
At the same time, one of the goals of the probe is to avoid need for workarounds or complex OVAL contents.
There was a problem hiding this comment.
At the same time, one of the goals of the probe is to avoid need for workarounds or complex OVAL contents.
Balance. That is what we usually looking for :)
I understand, we need to start writing content as soon as possible then, to collect use cases, even when the probe is not ready.
Exactly. So I'm trying to create something to give our OCP colleagues tools to start working and pinpointing weak spots.
Is the python style slicing syntax specific to libyaml-yamlpath-fitler?
yaml-get doesn't like it.
Yes, it is. And it is how things are done in JSONPath. I don't like YAML Paths' version because you can't collect the whole list with it.
YAML Paths' '.spec.pipelines.inputSource' is too ambiguous. It completely skips the list in the middle, inputSource may as well be just a key in pipelines dictionary, which is not acceptable at all. It is so because YAML Path uses so called arrays pass-through, which is not good from a security-related tool point of view, IMHO.
There was a problem hiding this comment.
BTW, if you want to play with our (he-he) YAML Path, go ahead: https://github.com/OpenSCAP/yaml-filter. We even have a console tool now :)
|
I feel like you overdoing this right now. We have unit tests for YAML Path behaviour in the library. We are after the probe integration tests: no results, 1 result, multiple results, errors (no file, invalid path, path pointing to a non-scalar value). |
tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.sh
Outdated
Show resolved
Hide resolved
tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.sh
Outdated
Show resolved
Hide resolved
tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.xml
Outdated
Show resolved
Hide resolved
| <ind-def:state state_ref="oval:0:ste:2"/> | ||
| </ind-def:yamlfilecontent_test> | ||
|
|
||
| <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:3" check="all" comment="error"> |
There was a problem hiding this comment.
Because the path .metadata on the test yaml file will return an non-scalar: https://github.com/OpenSCAP/openscap/pull/1479/files/68289f537fbb8607212c56e6300d413af24b24be#diff-5ca741cc9861804e1ff83bfe153329cbR3
|
|
||
| rm -f $YAML_FILE | ||
|
|
||
| return $ret_val |
There was a problem hiding this comment.
Where do you test that the correct data was extracted from the YAML? Please add assertions on collected items.
There was a problem hiding this comment.
The tests have states, if they pass doesn't it mean we have collected the correct data?
There was a problem hiding this comment.
What about the that expected error result? And what about that non-existing scalar? The test could assume that no objects are collected.
There was a problem hiding this comment.
Per yamlpath description in https://github.com/OVAL-Community/OVAL/pull/90/files#diff-ae56180beddebc6013e4387e9ed9fe0eR2118, error is the expected result when the path leads to a non-scalar.
The xpath field in xmlfilecontent_object behaves the same way.
There was a problem hiding this comment.
Oh, maybe @matejak is asking about how the test verifies that the result was error?
In verify_results() the result of evaluation is compared with the results the comments.
There was a problem hiding this comment.
Thanks, I was not able to understand just by looking at verify_results documentation. That doc needs a refresh.
tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.xml
Outdated
Show resolved
Hide resolved
By updating the scheman version to a future one, and providing updated "future" schemas, we can overcome issues with schema validations.
tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.xml
Outdated
Show resolved
Hide resolved
tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.xml
Outdated
Show resolved
Hide resolved
tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.xml
Outdated
Show resolved
Hide resolved
tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.xml
Outdated
Show resolved
Hide resolved
😃
@evgenyz I don't understand what you are missing. |
I think that Evgeny is not happy with the library being tested twice - once in respective unit-tests and basically once by analysing OVAL results produced by the probe that uses the library. |
| <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:5"> | ||
| <ind-def:path>/tmp</ind-def:path> | ||
| <ind-def:filename>yaml-filter.yaml</ind-def:filename> | ||
| <ind-def:yamlpath>.foo[1].some\.el\/here</ind-def:yamlpath> |
There was a problem hiding this comment.
The test yaml file modification is needed in order for this to pass, right?
There was a problem hiding this comment.
Actually back-slash escaping is not supported so far. This won't work no matter what, ATM.
There was a problem hiding this comment.
@evgenyz Do we expect to support it?
There was a problem hiding this comment.
The test yaml file modification is needed in order for this to pass, right?
I forgot to add yaml-filter.yaml into the commit.
But I'll drop the commit for now.
There was a problem hiding this comment.
Yes, we expect. Working on it. But you'd better not include it in this PR. (Edit: Actually it could be a bit different)
Yeah, I'm grumbling about excessive tests, not because something is missing. While excessive test might be seemed as a neutral or even a positive feature, one should always keep in mind that there is a toll of test maintenance (and execution time, BTW) in a developing library (such as libyamlpath) and usually there are no gains from this duplicity. |
The comment had the id, and id was empty
yuumasato
force-pushed
the
add-yamlfilecontent-test
branch
from
8231672 to
d54d078
Compare
I'm happy to remove anything that is excessive and duplicate. |
|
Per #1479 (comment) I've dropped escaped key test: b61d5f9 |
|
I'm fine. |
But it's your request for changes still active :) |
|
I'm fine with this PR, don't take my whining about excessiveness as a blocker |
Description
yamlfilecontent_testto exercise not-yet-existingyamlfileprobe(time to TDD).