Skip to content

Commit

Permalink
Added bats testing (#8)
Browse files Browse the repository at this point in the history
  • Loading branch information
garethahealy authored May 21, 2020
1 parent 7203e80 commit 665ced5
Show file tree
Hide file tree
Showing 5 changed files with 121 additions and 2 deletions.
8 changes: 6 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,9 @@ A list of git repos that contain rego polices which can be combined with this re
- [deprek8ion: Rego policies to monitor Kubernetes APIs deprecations](https://github.com/swade1987/deprek8ion)

## Conftest
conftest is a CLI to execute rego policies. It can be used to test locally before pushing to OPA.
- https://www.conftest.dev/install/
conftest is a CLI to execute rego policies. It can be used to test locally before pushing to [OPA](https://www.openpolicyagent.org/).
- https://www.conftest.dev/install/

## OPA Playground
OPA provides a web based playground, which can highlight which lines have been activated. Having issues with your policy? check it out with "Coverage" enabled:
- https://play.openpolicyagent.org/
15 changes: 15 additions & 0 deletions _test/k8s-validation-rolebinding/list.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
apiVersion: v1
kind: List
items:
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: NoApiGroup
roleRef:
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: NoKind
roleRef:
apiGroup: rbac.authorization.k8s.io
28 changes: 28 additions & 0 deletions _test/ocp-42-deprecated-apiversions/list.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
apiVersion: v1
kind: List
items:
- apiVersion: servicecatalog.k8s.io/v1beta1
kind: Foo
metadata:
name: Bar
- apiVersion: automationbroker.io/v1alpha1
kind: Foo
metadata:
name: Bar
- apiVersion: osb.openshift.io/v1
kind: Foo
metadata:
name: Bar
- apiVersion: operatorsources.operators.coreos.com/v1
kind: Foo
metadata:
name: Bar
- apiVersion: catalogsourceconfigs.operators.coreos.com/v1
kind: Foo
metadata:
name: Bar
- apiVersion: catalogsourceconfigs.operators.coreos.com/v2
kind: Foo
metadata:
name: Bar
35 changes: 35 additions & 0 deletions _test/ocp-43-deprecated-apiversions/template.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
apiVersion: v1
kind: Template
metadata:
name: Foo
---
apiVersion: template.openshift.io/v1
kind: Template
metadata:
name: Foo
objects:
- apiVersion: v1
kind: ProjectRequest
metadata:
name: Bar
- apiVersion: v1
kind: ImageStream
metadata:
name: Bar
- apiVersion: v1
kind: BuildConfig
metadata:
name: Bar
- apiVersion: v1
kind: DeploymentConfig
metadata:
name: Bar
- apiVersion: v1
kind: RoleBinding
metadata:
name: Bar
- apiVersion: v1
kind: Route
metadata:
name: Bar
37 changes: 37 additions & 0 deletions _test/tests.bats
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#!/usr/bin/env bats

@test "k8s-validation-rolebinding" {
run conftest test _test/k8s-validation-rolebinding --output tap

[ "$status" -eq 1 ]
[ "${lines[1]}" = "not ok 1 - _test/k8s-validation-rolebinding/list.yml - RoleBinding/NoApiGroup: RoleBinding roleRef.apiGroup key is null, use rbac.authorization.k8s.io instead." ]
[ "${lines[2]}" = "not ok 2 - _test/k8s-validation-rolebinding/list.yml - RoleBinding/NoKind: RoleBinding roleRef.kind key is null, use ClusterRole or Role instead." ]
[ "${lines[3]}" = "# Successes" ]
}

@test "ocp-42-deprecated-apiversions" {
run conftest test _test/ocp-42-deprecated-apiversions --output tap

[ "$status" -eq 1 ]
[ "${lines[1]}" = "not ok 1 - _test/ocp-42-deprecated-apiversions/list.yml - Foo/Bar: servicecatalog.k8s.io/v1beta1 is deprecated." ]
[ "${lines[2]}" = "not ok 2 - _test/ocp-42-deprecated-apiversions/list.yml - Foo/Bar: automationbroker.io/v1alpha1 is deprecated." ]
[ "${lines[3]}" = "not ok 3 - _test/ocp-42-deprecated-apiversions/list.yml - Foo/Bar: osb.openshift.io/v1 is deprecated." ]
[ "${lines[4]}" = "not ok 4 - _test/ocp-42-deprecated-apiversions/list.yml - Foo/Bar: operatorsources.operators.coreos.com/v1 is deprecated." ]
[ "${lines[5]}" = "not ok 5 - _test/ocp-42-deprecated-apiversions/list.yml - Foo/Bar: catalogsourceconfigs.operators.coreos.com/v1 is deprecated." ]
[ "${lines[6]}" = "not ok 6 - _test/ocp-42-deprecated-apiversions/list.yml - Foo/Bar: catalogsourceconfigs.operators.coreos.com/v2 is deprecated." ]
[ "${lines[7]}" = "# Successes" ]
}

@test "ocp-43-deprecated-apiversions" {
run conftest test _test/ocp-43-deprecated-apiversions --output tap

[ "$status" -eq 1 ]
[ "${lines[1]}" = "not ok 1 - _test/ocp-43-deprecated-apiversions/template.yml - Template/Foo: API v1 for Template is no longer served by default, use template.openshift.io/v1 instead." ]
[ "${lines[2]}" = "not ok 2 - _test/ocp-43-deprecated-apiversions/template.yml - ProjectRequest/Bar: API v1 for ProjectRequest is no longer served by default, use project.openshift.io/v1 instead." ]
[ "${lines[3]}" = "not ok 3 - _test/ocp-43-deprecated-apiversions/template.yml - ImageStream/Bar: API v1 for ImageStream is no longer served by default, use image.openshift.io/v1 instead." ]
[ "${lines[4]}" = "not ok 4 - _test/ocp-43-deprecated-apiversions/template.yml - BuildConfig/Bar: API v1 for BuildConfig is no longer served by default, use build.openshift.io/v1 instead." ]
[ "${lines[5]}" = "not ok 5 - _test/ocp-43-deprecated-apiversions/template.yml - DeploymentConfig/Bar: API v1 for DeploymentConfig is no longer served by default, use apps.openshift.io/v1 instead." ]
[ "${lines[6]}" = "not ok 6 - _test/ocp-43-deprecated-apiversions/template.yml - RoleBinding/Bar: API v1 for RoleBinding is no longer served by default, use rbac.authorization.k8s.io/v1 instead." ]
[ "${lines[7]}" = "not ok 7 - _test/ocp-43-deprecated-apiversions/template.yml - Route/Bar: API v1 for Route is no longer served by default, use route.openshift.io/v1 instead." ]
[ "${lines[8]}" = "# Successes" ]
}

0 comments on commit 665ced5

Please sign in to comment.