File: security_policies_worker_test.go

package info (click to toggle)
gitlab-agent 16.11.5-1
  • links: PTS, VCS
  • area: contrib
  • in suites: experimental
  • size: 7,072 kB
  • sloc: makefile: 193; sh: 55; ruby: 3
file content (119 lines) | stat: -rw-r--r-- 3,088 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
package agent

import (
	"bytes"
	"context"
	"encoding/json"
	"io"
	"net/http"
	"testing"
	"time"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"gitlab.com/gitlab-org/cluster-integration/gitlab-agent/v16/internal/module/modagent"
	"gitlab.com/gitlab-org/cluster-integration/gitlab-agent/v16/internal/tool/testing/mock_modagent"
	"gitlab.com/gitlab-org/cluster-integration/gitlab-agent/v16/internal/tool/testing/testhelpers"
	"gitlab.com/gitlab-org/cluster-integration/gitlab-agent/v16/pkg/agentcfg"
	"go.uber.org/mock/gomock"
)

func TestSecurityPoliciesWorker(t *testing.T) {
	testCases := []struct {
		description string
		status      int32
		response    *getSecurityPoliciesResponse
		expected    configurationToUpdateData
	}{
		{
			description: "worker sends update when a policy is present",
			status:      http.StatusOK,
			response: &getSecurityPoliciesResponse{
				Policies: []*SecurityPolicyConfiguration{
					{
						Cadence:    "0 2 * * *",
						Namespaces: []string{"ns1", "ns2"},
						UpdatedAt:  time.Now(),
					},
				},
			},
			expected: configurationToUpdateData{
				agentID: testhelpers.AgentID,
				containerScanningConfig: &agentcfg.ContainerScanningCF{
					Cadence: "0 2 * * *",
					VulnerabilityReport: &agentcfg.VulnerabilityReport{
						Namespaces: []string{"ns1", "ns2"},
					},
				},
			},
		},
		{
			description: "worker sends update when a policy is not present",
			status:      http.StatusOK,
			response: &getSecurityPoliciesResponse{
				Policies: []*SecurityPolicyConfiguration{},
			},
			expected: configurationToUpdateData{
				agentID:                 testhelpers.AgentID,
				containerScanningConfig: nil,
			},
		},
		{
			description: "works sends update when status is 404",
			status:      http.StatusNotFound,
			response:    nil,
			expected: configurationToUpdateData{
				agentID:                 testhelpers.AgentID,
				containerScanningConfig: nil,
			},
		},
	}

	for _, tc := range testCases {
		t.Run(tc.description, func(t *testing.T) {
			ctrl := gomock.NewController(t)
			api := mock_modagent.NewMockAPI(ctrl)
			updater := make(chan configurationToUpdateData)

			ctx, cancel := context.WithCancel(context.Background())

			api.EXPECT().
				MakeGitLabRequest(
					ctx,
					"/policies_configuration",
					gomock.Any(),
				).MinTimes(1).
				DoAndReturn(func(ctx context.Context, path string, opts ...modagent.GitLabRequestOption) (*modagent.GitLabResponse, error) {
					var body []byte
					if tc.response != nil {
						var err error
						body, err = json.Marshal(tc.response)
						require.NoError(t, err)
					}

					return &modagent.GitLabResponse{
						StatusCode: tc.status,
						Body:       io.NopCloser(bytes.NewReader(body)),
					}, nil
				})

			api.EXPECT().
				GetAgentID(ctx).
				MinTimes(1).
				Return(testhelpers.AgentID, nil)

			policiesWorker := &securityPoliciesWorker{
				api:     api,
				updater: updater,
			}

			go func() {
				data := <-updater
				assert.Equal(t, tc.expected, data)
				cancel()
			}()

			policiesWorker.Run(ctx)
		})
	}
}