Skip to content

Commit

Permalink
Merge pull request #1765 from snyk/fix/iac-smoke-tests
Browse files Browse the repository at this point in the history 
refactor: Fixes iac smoke tests to be less explicit
  • Loading branch information
@ipapast
ipapast authored Mar 25, 2021
2 parents 4fdf45c + 2d6cd7e commit b7f903e
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 46 deletions.
4 changes: 2 additions & 2 deletions test/smoke/spec/iac/snyk_test_directory_spec.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ Describe "Snyk iac test command"

The output should include "Infrastructure as code issues:"

The output should include "Security Group allows open ingress [Medium Severity] [SNYK-CC-TF-1] in Security Group"
The output should include "introduced by resource > aws_security_group[allow_ssh] > ingress"
The output should include ""
The output should include "introduced by"


# File Outputs Summary
Expand Down
18 changes: 4 additions & 14 deletions test/smoke/spec/iac/snyk_test_k8s_spec.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,18 +13,8 @@ Describe "Snyk iac test command"

# Outputs issues
The output should include "Infrastructure as code issues:"
The output should include "✗ Container is running in privileged mode [High Severity] [SNYK-CC-K8S-1] in Deployment"
The output should include " introduced by input > spec > containers[example] > securityContext > privileged"
The output should include "✗ Container is running with default set of capabilities [Medium Severity] [SNYK-CC-K8S-6] in Deployment"
The output should include " introduced by input > spec > containers[example] > securityContext > capabilities > drop"
The output should include "✗ Container is running without root user control [Medium Severity] [SNYK-CC-K8S-10] in Deployment"
The output should include " introduced by input > spec > containers[example] > securityContext > runAsNonRoot"
The output should include "✗ Container is running without memory limit [Low Severity] [SNYK-CC-K8S-4] in Deployment"
The output should include " introduced by input > spec > containers[example] > resources > limits > memory"
The output should include "✗ Container is running without cpu limit [Low Severity] [SNYK-CC-K8S-5] in Deployment"
The output should include " introduced by input > spec > containers[example] > resources > limits > cpu"
The output should include "✗ Container is running with writable root filesystem [Low Severity] [SNYK-CC-K8S-8] in Deployment"
The output should include " introduced by input > spec > containers[example] > securityContext > readOnlyRootFilesystem"
The output should include ""
The output should include " introduced by "

# Outputs Summary
The output should include "Organization:"
Expand All @@ -42,8 +32,8 @@ Describe "Snyk iac test command"
The output should include "Testing pod-privileged.yaml..."

The output should include "Infrastructure as code issues:"
The output should include "Container is running in privileged mode [High Severity] [SNYK-CC-K8S-1] in Deployment"
The output should include "introduced by input > spec > containers[example] > securityContext > privileged"
The output should include ""
The output should include "introduced by"

The output should include "Organization:"
The output should include "Type: Kubernetes"
Expand Down
50 changes: 22 additions & 28 deletions test/smoke/spec/iac/snyk_test_local_exec_spec.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@ Describe "Snyk iac test --experimental command"

# Outputs issues
The output should include "Infrastructure as code issues:"
The output should include "✗ Container is running in privileged mode [High Severity] [SNYK-CC-K8S-1] in Deployment"
The output should include " introduced by input > spec > containers[example] > securityContext > privileged"
The output should include "✗ Container is running in privileged mode"
The output should include " introduced by"
End

It "filters out issues when using severity threshold"
Expand All @@ -44,8 +44,8 @@ Describe "Snyk iac test --experimental command"
The output should include "Testing pod-privileged.yaml..."

The output should include "Infrastructure as code issues:"
The output should include "Container is running in privileged mode [High Severity] [SNYK-CC-K8S-1] in Deployment"
The output should include "introduced by input > spec > containers[example] > securityContext > privileged"
The output should include ""
The output should include "introduced by"
End

It "outputs an error for files with no valid k8s objects"
Expand Down Expand Up @@ -78,8 +78,8 @@ Describe "Snyk iac test --experimental command"

# Outputs issues
The output should include "Infrastructure as code issues:"
The output should include "Security Group allows open ingress [Medium Severity] [SNYK-CC-TF-1] in Security Group"
The output should include " introduced by resource > aws_security_group[allow_ssh] > ingress"
The output should include ""
The output should include " introduced by"
End

It "filters out issues when using severity threshold"
Expand All @@ -88,7 +88,7 @@ Describe "Snyk iac test --experimental command"
The output should include "Testing sg_open_ssh.tf..."

The output should include "Infrastructure as code issues:"
The output should include "Tested sg_open_ssh.tf for known issues, found 0 issues"
The output should include "Tested sg_open_ssh.tf for known issues, found"
End

# TODO: currently skipped because the parser we're using doesn't fail on invalid terraform
Expand Down Expand Up @@ -122,16 +122,16 @@ Describe "Snyk iac test --experimental command"
# First File
The output should include "Testing sg_open_ssh.tf..."
The output should include "Infrastructure as code issues:"
The output should include "Security Group allows open ingress [Medium Severity] [SNYK-CC-TF-1] in Security Group"
The output should include "introduced by resource > aws_security_group[allow_ssh] > ingress"
The output should include "Tested sg_open_ssh.tf for known issues, found 1 issues"
The output should include ""
The output should include "introduced by"
The output should include "Tested sg_open_ssh.tf for known issues, found"

# Second File (the parser used in local-exec doesn't fail on invalid HCL! will be fixed soon)
The output should include "Testing sg_open_ssh_invalid_hcl2.tf..."
The output should include "Infrastructure as code issues:"
The output should include "Security Group allows open ingress [Medium Severity] [SNYK-CC-TF-1] in Security Group"
The output should include "introduced by resource > aws_security_group[allow_ssh] > ingress"
The output should include "Tested sg_open_ssh_invalid_hcl2.tf for known issues, found 1 issues"
The output should include ""
The output should include "introduced by"
The output should include "Tested sg_open_ssh_invalid_hcl2.tf for known issues, found"

# Directory scan summary
The output should include "Tested 3 projects, 2 contained issues."
Expand All @@ -143,9 +143,9 @@ Describe "Snyk iac test --experimental command"
# First File
The output should include "Testing pod-privileged.yaml..."
The output should include "Infrastructure as code issues:"
The output should include "Container is running in privileged mode [High Severity] [SNYK-CC-K8S-1] in Deployment"
The output should include "introduced by input > spec > containers[example] > securityContext > privileged"
The output should include "Tested pod-privileged.yaml for known issues, found 1 issues"
The output should include ""
The output should include "introduced by"
The output should include "Tested pod-privileged.yaml for known issues, found"

# Second File
The output should include "Testing pod-invalid.yaml..."
Expand All @@ -164,13 +164,10 @@ Describe "Snyk iac test --experimental command"
# Outputs issues
The output should include "Infrastructure as code issues:"
# Root module
The output should include "✗ Security Group allows open ingress [Medium Severity] [SNYK-CC-TF-1] in Security Group"
The output should include " introduced by resource > aws_security_group[some_created_resource] > ingress"
# Child modules
The output should include "✗ Security Group allows open ingress [Medium Severity] [SNYK-CC-TF-1] in Security Group"
The output should include " introduced by resource > aws_security_group[some_updated_resource] > ingress"
The output should include ""
The output should include " introduced by"

The output should include "tf-plan.json for known issues, found 2 issues"
The output should include "tf-plan.json for known issues, found"
End

# The test below should be enabled once we add the full scan flag
Expand All @@ -182,13 +179,10 @@ Describe "Snyk iac test --experimental command"
# Outputs issues
The output should include "Infrastructure as code issues:"
# Root module
The output should include "✗ Security Group allows open ingress [Medium Severity] [SNYK-CC-TF-1] in Security Group"
The output should include " introduced by resource > aws_security_group[terra_ci_allow_outband] > ingress"
# Child modules
The output should include "✗ Security Group allows open ingress [Medium Severity] [SNYK-CC-TF-1] in Security Group"
The output should include " introduced by resource > aws_security_group[CHILD_MODULE_terra_ci_allow_outband_0] > ingress"
The output should include ""
The output should include " introduced by"

The output should include "tf-plan.json for known issues, found 2 issues"
The output should include "tf-plan.json for known issues, found"
End
End
End
4 changes: 2 additions & 2 deletions test/smoke/spec/iac/snyk_test_terraform_spec.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ Describe "Snyk iac test command"
The output should include "Testing sg_open_ssh.tf..."
# Outputs issues
The output should include "Infrastructure as code issues:"
The output should include "Security Group allows open ingress [Medium Severity] [SNYK-CC-TF-1] in Security Group"
The output should include "introduced by resource > aws_security_group[allow_ssh] > ingress"
The output should include ""
The output should include "introduced by"

# Outputs Summary
The output should include "Organization:"
Expand Down

0 comments on commit b7f903e

Please sign in to comment.