Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test PR: Test coverage with bpflsm runner included #1819

Open
wants to merge 107 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
107 commits
Select commit Hold shift + click to select a range
db50d13
add tests for multicontainer suite: non existent container in array
navin772 May 23, 2024
771eb95
Add tests for host policy
navin772 May 23, 2024
fa8271a
Add host visibility to node
navin772 May 23, 2024
eca457d
Fix ci steps
navin772 May 23, 2024
ec95a77
Set hostname to kubearmor-dev
navin772 May 23, 2024
0785b84
Merge branch 'kubearmor:main' into lfx-pretask
navin772 May 23, 2024
a03c319
test actions on ubuntu 22.04
navin772 May 23, 2024
5557fcc
test-2
navin772 May 23, 2024
9bb9b39
test-3
navin772 May 23, 2024
e40772f
Use sed and apply -f to set host policy
navin772 May 23, 2024
f6480db
Merge branch 'kubearmor:main' into test-actions
navin772 May 24, 2024
3aa2ab4
Add smoke test with docker exec
navin772 May 24, 2024
8a6dea1
Add branch for systemd tests
navin772 May 24, 2024
7d0b009
Add ExecCommandHost function in utils
navin772 May 24, 2024
b2a1f95
reformatting
navin772 May 24, 2024
542b514
Add HSP test suite for non_k8s environment
navin772 May 24, 2024
6db00b8
Use ubuntu 20.04 and test coverage
navin772 May 24, 2024
8371766
Use RunDockerCommand for docker exec
navin772 May 24, 2024
3cd04f8
test-1
navin772 May 24, 2024
610d015
debug
navin772 May 24, 2024
e0f3fd8
Remove failing test (only fails in the CI, locally works fine)
navin772 May 24, 2024
2ffbae3
Use AssertCommand in blocposture tests
navin772 May 25, 2024
8756d0b
Merge pull request #1 from navin772/test-actions
navin772 May 25, 2024
56fda5f
test non-k8s hsp ginkgo tests
navin772 Jun 28, 2024
ed7c22d
add another hsp test
navin772 Jun 28, 2024
883bd09
test in CI
navin772 Jun 28, 2024
a009f02
docker tests
navin772 Jun 28, 2024
99d384f
test 2
navin772 Jun 28, 2024
5dc2b4a
use docker compose just to test
navin772 Jun 28, 2024
fb0c84a
mention directory
navin772 Jun 28, 2024
486ebd2
test 2
navin772 Jun 28, 2024
7642868
remove failing test
navin772 Jun 29, 2024
8c9eabb
test
navin772 Jun 29, 2024
62fc5f2
Test KA in docker mode
navin772 Jul 1, 2024
ca6691b
Test KubeArmor in docker mode
navin772 Jul 1, 2024
c4fbe6b
Clear eventChan in karmorlog
navin772 Jul 4, 2024
948f858
test clear eventChan in k8s
navin772 Jul 4, 2024
6369314
Add network test in non-k8s mode
navin772 Jul 7, 2024
0a2d51f
calculte coverage in CI
navin772 Jul 7, 2024
7875105
remove k8s cli actions
navin772 Jul 7, 2024
29098db
Update ci-coverage.yaml
navin772 Jul 7, 2024
801c8b4
test
navin772 Jul 7, 2024
15cdee4
fix main_test.go flags parsing
navin772 Jul 9, 2024
c9df6b1
test coverage in docker compose mode
navin772 Jul 10, 2024
953c58a
retrieve only the main kubearmor process
navin772 Jul 10, 2024
b2e751e
test
navin772 Jul 10, 2024
6acc209
test2
navin772 Jul 10, 2024
63b5a0b
debug with tmate
navin772 Jul 10, 2024
b0affc2
test3
navin772 Jul 10, 2024
bdf5cf0
wait more
navin772 Jul 10, 2024
c85b9a9
cat coverprofile
navin772 Jul 10, 2024
31f719e
send to codecov
navin772 Jul 11, 2024
987e28d
test
navin772 Jul 11, 2024
de1c120
test coverage on k8s
navin772 Jul 12, 2024
9d3e9e7
Use volume mounts to store coverage data
navin772 Jul 14, 2024
ecbb0bf
missing backslash!
navin772 Jul 14, 2024
065a03a
trigger commit
navin772 Jul 14, 2024
8285d33
test coverage in k8s mode
navin772 Jul 20, 2024
be44f4c
combine coverage in k8s mode
navin772 Jul 20, 2024
2e7dd01
test 1
navin772 Jul 20, 2024
310c56a
reduce sleep time
navin772 Jul 21, 2024
f67ef13
try with kubectl proxy
navin772 Jul 21, 2024
ffb5311
use KUBEARMOR_SERVICE env instead of new func
navin772 Jul 21, 2024
ec45e9e
Use hostPath instead of PVC (better approach)
navin772 Jul 22, 2024
140f09e
Use kubectl patch to edit daemonset
navin772 Jul 22, 2024
cd06c73
increase sleep time
navin772 Jul 22, 2024
8397225
increase sleep time to 35
navin772 Jul 22, 2024
6238ebf
Use download artifact in same dir
navin772 Jul 23, 2024
0233428
fix minor typo
navin772 Jul 23, 2024
f05dd4a
add more sleep
navin772 Jul 23, 2024
1fee93d
test 1
navin772 Jul 23, 2024
65a074a
wait for cov file to be written before copying it
navin772 Jul 23, 2024
ff32bb9
Add k8s HSP tests
navin772 Jul 23, 2024
adc0718
test 2
navin772 Jul 23, 2024
a1a4694
Merge branch 'kubearmor:main' into non-k8s-hsp-test
navin772 Jul 24, 2024
1034997
Fix eventChan re declared error
navin772 Jul 24, 2024
984ba50
Calculate coverage for systemd
navin772 Jul 25, 2024
b1eb16e
Use runner based naming for coverage files
navin772 Jul 25, 2024
9a06a32
Wait for cov file in systemd
navin772 Jul 25, 2024
42b39cc
correct naming for upload-artifact
navin772 Jul 25, 2024
59c9015
Avoid using tmp dir
navin772 Jul 25, 2024
2a3f16a
Add codecov.yml
navin772 Jul 25, 2024
3411a51
Update codecov.yml
navin772 Jul 26, 2024
7a8afd1
Update ci-coverage.yaml
navin772 Jul 26, 2024
7144c35
Merge branch 'kubearmor:main' into non-k8s-hsp-test
navin772 Jul 27, 2024
b931027
Remove addtional files and use new dockerfile build target for covera…
navin772 Jul 27, 2024
27f5301
Set env var for coverage in docker mode
navin772 Jul 27, 2024
f0929d0
Correct build script path in docker mode
navin772 Jul 27, 2024
5a2f77e
test
navin772 Jul 27, 2024
fe236c5
test coverage on bpflsm runner
navin772 Jul 27, 2024
e2fc0c2
Add license headers and fixes
navin772 Jul 27, 2024
5241805
Use docker compose for testing in docker mode
navin772 Jul 29, 2024
ff3e1ff
Merge branch 'main' into test-coverage-all
navin772 Jul 30, 2024
2af3cf2
Merge branch 'kubearmor:main' into test-coverage-all
navin772 Jul 31, 2024
9a8f011
Set GOAPTH for bpflsm runner
navin772 Jul 31, 2024
5e97110
Install protoc-gen-go
navin772 Jul 31, 2024
7dee461
Test systemd on bpflsm
navin772 Jul 31, 2024
78ce57c
Merge branch 'main' into test-coverage-all
navin772 Aug 2, 2024
0c2046b
systemd proper cleanup of package
navin772 Aug 2, 2024
5888118
Merge branch 'kubearmor:main' into test-coverage-all
navin772 Aug 5, 2024
b8c308a
Cleanup docker images
navin772 Aug 5, 2024
075db78
Install protoc in systemd job
navin772 Aug 5, 2024
2e533df
Install protoc in ubuntu-latest only
navin772 Aug 6, 2024
e7c440d
Merge branch 'kubearmor:main' into test-coverage-all
navin772 Aug 7, 2024
b87e064
Merge branch 'kubearmor:main' into test-coverage-all
navin772 Aug 13, 2024
43fc29d
Merge branch 'main' into test-coverage-all
navin772 Aug 25, 2024
ab1416c
Merge branch 'kubearmor:main' into test-coverage-all
navin772 Aug 29, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
474 changes: 474 additions & 0 deletions .github/workflows/ci-coverage.yaml

Large diffs are not rendered by default.

74 changes: 74 additions & 0 deletions .github/workflows/ci-test-docker.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
name: ci-test-docker

on:
push:
branches: [main]
paths:
- "KubeArmor/**"
- ".github/workflows/ci-test-docker.yaml"
- "!STABLE-RELEASE"
- "tests/nonk8s_env/**"

jobs:
build-and-run:
name: Build KubeArmor artifacts and run tests / ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
timeout-minutes: 60
steps:
- uses: actions/checkout@v3
with:
submodules: true

- uses: actions/setup-go@v5
with:
go-version-file: 'KubeArmor/go.mod'

- name: Install the latest LLVM toolchain
run: ./.github/workflows/install-llvm.sh

- name: Compile libbpf
run: ./.github/workflows/install-libbpf.sh

- name: Generate KubeArmor artifacts
run: |
GITHUB_SHA=$GITHUB_SHA ./KubeArmor/build/build_kubearmor.sh

# - name: Run KubeArmor init container
# run: |
# docker run --name kubearmor-init -v /tmp/:/opt/kubearmor/BPF kubearmor/kubearmor-init

# - name: Run KubeArmor container
# run: |
# docker run -d --name kubearmor --privileged --pid host -p 32767:32767 \
# -v /tmp/:/opt/kubearmor/BPF \
# -v /sys/fs/bpf:/sys/fs/bpf \
# -v /sys/kernel/security:/sys/kernel/security \
# -v /sys/kernel/debug:/sys/kernel/debug \
# -v /var/run/docker.sock:/var/run/docker.sock \
# -v /var/lib/docker:/var/lib/docker \
# -v /etc/apparmor.d:/etc/apparmor.d \
# kubearmor/kubearmor -k8s=false -enableKubeArmorHostPolicy

- name: Run KubeArmor with docker-compose
run: |
docker-compose -f docker-compose.yaml up -d

- name: Test KubeArmor using Ginkgo
run: |
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo
make
working-directory: ./tests/nonk8s_env
timeout-minutes: 30

- name: Archive log artifacts
if: ${{ failure() }}
uses: actions/upload-artifact@v3
with:
name: kubearmor.logs
path: |
/tmp/kubearmor/
/tmp/kubearmor.*
7 changes: 5 additions & 2 deletions .github/workflows/ci-test-ginkgo.yml
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ jobs:
kubectl wait --timeout=7m --for=condition=ready pod -l kubearmor-app,kubearmor-app!=kubearmor-snitch,kubearmor-app!=kubearmor-controller -n kubearmor
kubectl wait --timeout=1m --for=condition=ready pod -l kubearmor-app=kubearmor-controller -n kubearmor
kubectl get pods -A

sleep 10
DAEMONSET_NAME=$(kubectl get daemonset -n kubearmor -o jsonpath='{.items[0].metadata.name}')
echo "DaemonSet: $DAEMONSET_NAME"
Expand Down Expand Up @@ -158,7 +158,10 @@ jobs:
]'

sleep 15


- name: Add KubeArmor host visibility
run: ./.github/workflows/host-visibility.sh

- name: Get KubeArmor POD info
run: |
DAEMONSET_NAME=$(kubectl get daemonset -n kubearmor -o jsonpath='{.items[0].metadata.name}')
Expand Down
15 changes: 12 additions & 3 deletions .github/workflows/cleanup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,17 @@
cleanup() {
echo "Performing cleanup..."

/usr/local/bin/k3s-killall.sh
if [ -f /usr/local/bin/k3s-killall.sh ]; then
/usr/local/bin/k3s-killall.sh
else
echo "/usr/local/bin/k3s-killall.sh not found. Skipping..."
fi

/usr/local/bin/k3s-uninstall.sh
if [ -f /usr/local/bin/k3s-uninstall.sh ]; then
/usr/local/bin/k3s-uninstall.sh
else
echo "/usr/local/bin/k3s-uninstall.sh not found. Skipping..."
fi

docker system prune -a -f

Expand All @@ -18,5 +26,6 @@ cleanup() {

echo "Cleanup complete."
}

# Invoke the cleanup function
cleanup
cleanup
20 changes: 20 additions & 0 deletions .github/workflows/host-visibility.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/bin/bash
// SPDX-License-Identifier: Apache-2.0
// Copyright 2024 Authors of KubeArmor

DAEMONSET_NAME=$(kubectl get daemonset -n kubearmor -o jsonpath='{.items[0].metadata.name}')

kubectl patch daemonset $DAEMONSET_NAME -n kubearmor --type='json' -p='[
{
"op": "add",
"path": "/spec/template/spec/containers/0/args/-",
"value": "-enableKubeArmorHostPolicy"
}
]'

sleep 16

# Apply annotations to the node
NODE_NAME=$(kubectl get nodes -o=jsonpath='{.items[0].metadata.name}')
kubectl annotate node $NODE_NAME "kubearmorvisibility=process,file,network,capabilities"
kubectl get no -o wide
4 changes: 4 additions & 0 deletions .github/workflows/install-k3s.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
#!/bin/bash
# SPDX-License-Identifier: Apache-2.0
# Copyright 2021 Authors of KubeArmor
# Set the hostname
# sudo hostnamectl set-hostname kubearmor-dev

echo "RUNTIME="$RUNTIME

Expand All @@ -15,3 +17,5 @@ if [ "$RUNTIME" == "crio" ]; then
fi

./contribution/k3s/install_k3s.sh

kubectl get no -o wide
24 changes: 24 additions & 0 deletions docker-compose.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
services:
kubearmor-init:
image: kubearmor/kubearmor-init:latest
volumes:
- /tmp/:/opt/kubearmor/BPF

kubearmor:
image: kubearmor/kubearmor:latest
depends_on:
kubearmor-init:
condition: service_completed_successfully
privileged: true
command: ["-k8s=false", "-enableKubeArmorHostPolicy"]
pid: "host"
ports:
- "32767:32767"
volumes:
- /tmp/:/opt/kubearmor/BPF
- /sys/fs/bpf:/sys/fs/bpf
- /sys/kernel/security:/sys/kernel/security
- /sys/kernel/debug:/sys/kernel/debug
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker:/var/lib/docker
- /etc/apparmor.d:/etc/apparmor.d
5 changes: 0 additions & 5 deletions tests/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,6 @@ github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3Bum
github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=
github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI=
github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
Expand All @@ -101,8 +99,6 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/pprof v0.0.0-20240319011627-a57c5dfe54fd h1:LjW4RcTwfcqOYGmD7UpFrn1gfBZ9mgu7QN5mSeFkCog=
github.com/google/pprof v0.0.0-20240319011627-a57c5dfe54fd/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
Expand Down Expand Up @@ -251,7 +247,6 @@ github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
Expand Down
16 changes: 16 additions & 0 deletions tests/k8s_env/hsp/hsp_suite_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
// SPDX-License-Identifier: Apache-2.0
// Copyright 2022 Authors of KubeArmor

package hsp_test

import (
"testing"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
)

func TestHsp(t *testing.T) {
RegisterFailHandler(Fail)
RunSpecs(t, "Hsp Suite")
}
Loading
Loading