|
7 | 7 |
|
8 | 8 | "github.com/stretchr/testify/assert" |
9 | 9 | "github.com/stretchr/testify/require" |
| 10 | + "github.com/varax/operator/pkg/models" |
10 | 11 | ) |
11 | 12 |
|
12 | 13 | func TestNewVersionCmd(t *testing.T) { |
@@ -195,6 +196,144 @@ func TestNewEvidenceCmd(t *testing.T) { |
195 | 196 | assert.Equal(t, "html", f.Lookup("format").DefValue) |
196 | 197 | } |
197 | 198 |
|
| 199 | +func TestFilterByBenchmark(t *testing.T) { |
| 200 | + result := &models.ScanResult{ |
| 201 | + ID: "test-scan", |
| 202 | + Results: []models.CheckResult{ |
| 203 | + {ID: "CIS-1", Benchmark: "CIS", Status: models.StatusPass, Severity: models.SeverityHigh}, |
| 204 | + {ID: "NSA-1", Benchmark: "NSA-CISA", Status: models.StatusFail, Severity: models.SeverityMedium}, |
| 205 | + {ID: "CIS-2", Benchmark: "CIS", Status: models.StatusFail, Severity: models.SeverityCritical}, |
| 206 | + {ID: "PSS-1", Benchmark: "PSS", Status: models.StatusPass, Severity: models.SeverityLow}, |
| 207 | + }, |
| 208 | + } |
| 209 | + |
| 210 | + filtered := filterByBenchmark(result, "CIS") |
| 211 | + assert.Len(t, filtered.Results, 2) |
| 212 | + assert.Equal(t, "test-scan", filtered.ID) |
| 213 | + assert.Equal(t, 2, filtered.Summary.TotalChecks) |
| 214 | + assert.Equal(t, 1, filtered.Summary.PassCount) |
| 215 | + assert.Equal(t, 1, filtered.Summary.FailCount) |
| 216 | +} |
| 217 | + |
| 218 | +func TestFilterByBenchmark_NoMatches(t *testing.T) { |
| 219 | + result := &models.ScanResult{ |
| 220 | + Results: []models.CheckResult{ |
| 221 | + {Benchmark: "CIS", Status: models.StatusPass}, |
| 222 | + }, |
| 223 | + } |
| 224 | + filtered := filterByBenchmark(result, "RBAC") |
| 225 | + assert.Empty(t, filtered.Results) |
| 226 | + assert.Equal(t, 0, filtered.Summary.TotalChecks) |
| 227 | +} |
| 228 | + |
| 229 | +func TestFilterByBenchmark_AllStatuses(t *testing.T) { |
| 230 | + result := &models.ScanResult{ |
| 231 | + Results: []models.CheckResult{ |
| 232 | + {Benchmark: "CIS", Status: models.StatusPass}, |
| 233 | + {Benchmark: "CIS", Status: models.StatusFail}, |
| 234 | + {Benchmark: "CIS", Status: models.StatusWarn}, |
| 235 | + {Benchmark: "CIS", Status: models.StatusSkip}, |
| 236 | + }, |
| 237 | + } |
| 238 | + filtered := filterByBenchmark(result, "CIS") |
| 239 | + assert.Equal(t, 4, filtered.Summary.TotalChecks) |
| 240 | + assert.Equal(t, 1, filtered.Summary.PassCount) |
| 241 | + assert.Equal(t, 1, filtered.Summary.FailCount) |
| 242 | + assert.Equal(t, 1, filtered.Summary.WarnCount) |
| 243 | + assert.Equal(t, 1, filtered.Summary.SkipCount) |
| 244 | +} |
| 245 | + |
| 246 | +func TestClusterName_NoConfig(t *testing.T) { |
| 247 | + origKubeconfig := kubeconfig |
| 248 | + kubeconfig = "/nonexistent/path" |
| 249 | + defer func() { kubeconfig = origKubeconfig }() |
| 250 | + t.Setenv("KUBECONFIG", "") |
| 251 | + |
| 252 | + name := clusterName() |
| 253 | + assert.Equal(t, "unknown", name) |
| 254 | +} |
| 255 | + |
| 256 | +func TestClusterName_WithConfig(t *testing.T) { |
| 257 | + tmpDir := t.TempDir() |
| 258 | + fakeKubeconfig := filepath.Join(tmpDir, "config") |
| 259 | + require.NoError(t, os.WriteFile(fakeKubeconfig, []byte(` |
| 260 | +apiVersion: v1 |
| 261 | +kind: Config |
| 262 | +clusters: |
| 263 | +- cluster: |
| 264 | + server: https://my-cluster:6443 |
| 265 | + name: test |
| 266 | +contexts: |
| 267 | +- context: |
| 268 | + cluster: test |
| 269 | + user: test |
| 270 | + name: test |
| 271 | +current-context: test |
| 272 | +users: |
| 273 | +- name: test |
| 274 | + user: |
| 275 | + token: fake-token |
| 276 | +`), 0600)) |
| 277 | + |
| 278 | + origKubeconfig := kubeconfig |
| 279 | + kubeconfig = fakeKubeconfig |
| 280 | + defer func() { kubeconfig = origKubeconfig }() |
| 281 | + |
| 282 | + name := clusterName() |
| 283 | + assert.Equal(t, "https://my-cluster:6443", name) |
| 284 | +} |
| 285 | + |
| 286 | +func TestRunEvidence_MutualExclusion(t *testing.T) { |
| 287 | + // Neither --control nor --all |
| 288 | + evidenceControl = "" |
| 289 | + evidenceAll = false |
| 290 | + err := runEvidence(nil, nil) |
| 291 | + assert.Error(t, err) |
| 292 | + assert.Contains(t, err.Error(), "must specify either --control or --all") |
| 293 | + |
| 294 | + // Both --control and --all |
| 295 | + evidenceControl = "CC6.1" |
| 296 | + evidenceAll = true |
| 297 | + err = runEvidence(nil, nil) |
| 298 | + assert.Error(t, err) |
| 299 | + assert.Contains(t, err.Error(), "cannot specify both --control and --all") |
| 300 | + |
| 301 | + // Reset |
| 302 | + evidenceControl = "" |
| 303 | + evidenceAll = false |
| 304 | +} |
| 305 | + |
| 306 | +func TestRunEvidence_InvalidFormat(t *testing.T) { |
| 307 | + evidenceControl = "CC6.1" |
| 308 | + evidenceAll = false |
| 309 | + evidenceFormat = "pdf" |
| 310 | + defer func() { evidenceFormat = "html" }() |
| 311 | + |
| 312 | + err := runEvidence(nil, nil) |
| 313 | + assert.Error(t, err) |
| 314 | + assert.Contains(t, err.Error(), "unsupported format") |
| 315 | +} |
| 316 | + |
| 317 | +func TestRunReport_InvalidFormat(t *testing.T) { |
| 318 | + reportType = "readiness" |
| 319 | + reportFormat = "pdf" |
| 320 | + defer func() { reportFormat = "html" }() |
| 321 | + |
| 322 | + err := runReport(nil, nil) |
| 323 | + assert.Error(t, err) |
| 324 | + assert.Contains(t, err.Error(), "unsupported format") |
| 325 | +} |
| 326 | + |
| 327 | +func TestRunReport_InvalidType(t *testing.T) { |
| 328 | + reportFormat = "html" |
| 329 | + reportType = "detailed" |
| 330 | + defer func() { reportType = "readiness" }() |
| 331 | + |
| 332 | + err := runReport(nil, nil) |
| 333 | + assert.Error(t, err) |
| 334 | + assert.Contains(t, err.Error(), "unsupported report type") |
| 335 | +} |
| 336 | + |
198 | 337 | func TestBuildRESTConfig_FromEnv(t *testing.T) { |
199 | 338 | origKubeconfig := kubeconfig |
200 | 339 | kubeconfig = "" |
|
0 commit comments