Update go unit test

.gitignore

@@ -2,5 +2,5 @@
 knoxAutoPolicy/knoxAutoPolicy
 policies/*.yaml
 bin/
-src/go.sum
+knoxAutoPolicy/go.sum
 !policies/.keep

knoxAutoPolicy/Makefile

@@ -3,11 +3,18 @@ CURDIR=$(shell pwd)
 .PHONY: build
 build:
 	# for build_image -> CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -ldflags '-s -w' -o knoxAutoPolicy main.go
-	go build -o knoxAutoPolicy main.go
+	cd $(CURDIR); go build -o knoxAutoPolicy main.go
+
+.PHONY: test
+test:
+	cd $(CURDIR)/core; go clean -testcache .; go test -v .
+	cd $(CURDIR)/libs; go clean -testcache .; go test -v .
+	cd $(CURDIR)/plugin; go clean -testcache .; go test -v .
+	cd $(CURDIR)/server; go clean -testcache .; go test -v .
 
 .PHONY: clean
 clean:
-	rm -f knoxAutoPolicy go.sum
+	cd $(CURDIR); rm -f knoxAutoPolicy go.sum
 
 .PHONY: image
 image:

knoxAutoPolicy/core/configManager.go

@@ -45,7 +45,7 @@ func LoadConfigDB() types.ConfigDB {
 			cfgDB.DBHost = libs.GetExternalIPAddr()
 		}
 	} else {
-		cfgDB.DBHost = libs.GetEnv("DB_HOST", "database")
+		cfgDB.DBHost = libs.GetEnv("DB_HOST", "database") // for docker-compose
 		dbAddr, err := net.LookupIP(cfgDB.DBHost)
 		if err == nil {
 			cfgDB.DBHost = dbAddr[0].String()
@@ -59,7 +59,7 @@ func LoadConfigDB() types.ConfigDB {
 	cfgDB.TableDiscoveredPolicy = libs.GetEnv("TB_DISCOVERED_POLICY", "discovered_policy")
 	cfgDB.TableConfiguration = libs.GetEnv("TB_CONFIGURATION", "auto_policy_config")
 
-	PlugIn = "cilium"
+	PlugIn = "cilium" // for now, cilium only supported
 
 	return cfgDB
 }
@@ -94,7 +94,7 @@ func LoadConfigCiliumHubble() types.ConfigCiliumHubble {
 func LoadDefaultConfig() {
 	Cfg = types.Configuration{}
 
-	// basic
+	// base
 	Cfg.ConfigName = "default"
 	Cfg.Status = 1
 

knoxAutoPolicy/core/configManager_test.go

@@ -1 +1,81 @@
 package core
+
+import (
+	"testing"
+
+	types "github.com/accuknox/knoxAutoPolicy/src/types"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLoadConfigDB(t *testing.T) {
+	cfg := LoadConfigDB()
+
+	assert.NotEmpty(t, cfg.DBDriver, "db driver should not be empty")
+	assert.NotEmpty(t, cfg.DBUser, "db user should not be empty")
+	assert.NotEmpty(t, cfg.DBPass, "db pass should not be empty")
+	assert.NotEmpty(t, cfg.DBName, "db name should not be empty")
+	assert.NotEmpty(t, cfg.DBHost, "db host should not be empty")
+	assert.NotEmpty(t, cfg.DBPort, "db host should not be empty")
+
+	assert.NotEmpty(t, cfg.TableNetworkFlow, "table networkf_flow should not be empty")
+	assert.NotEmpty(t, cfg.TableDiscoveredPolicy, "table discovered_policy should not be empty")
+	assert.NotEmpty(t, cfg.TableConfiguration, "table auto_policy_config should not be empty")
+}
+
+func TestLoadDefaultConfig(t *testing.T) {
+	LoadDefaultConfig()
+
+	assert.NotEmpty(t, Cfg.OperationMode, "operation mode should not be empty")
+
+	assert.NotEmpty(t, Cfg.NetworkLogFrom, "network log from should not be empty")
+	assert.NotEmpty(t, Cfg.NetworkLogFile, "network log file should not be empty")
+
+	assert.NotEmpty(t, Cfg.DiscoveredPolicyTo, "discovery policy to should not be empty")
+
+	assert.NotEmpty(t, Cfg.DiscoveryPolicyTypes, "discovery policy types should not be empty")
+	assert.NotEmpty(t, Cfg.DiscoveryRuleTypes, "discovery rule types should not be empty")
+	assert.NotEmpty(t, Cfg.CIDRBits, "cidr bits should not be empty")
+
+	assert.NotEmpty(t, Cfg.L3AggregationLevel, "L3 aggregation level should not be empty")
+	assert.NotEmpty(t, Cfg.L4Compression, "L4 compression should not be empty")
+	assert.NotEmpty(t, Cfg.L7AggregationLevel, "L7 aggregation level should not be empty")
+}
+
+func TestSetLogFile(t *testing.T) {
+	SetLogFile("test_log.log")
+
+	assert.Equal(t, Cfg.NetworkLogFile, "test_log.log", "network log file should be \"test_log.log\"")
+}
+
+func TestManageConfiguration(t *testing.T) {
+	newCfg := types.Configuration{}
+	newCfg.ConfigName = "test_config"
+	newCfg.CIDRBits = 32
+
+	// add configuration
+	err := AddConfiguration(newCfg)
+	assert.NoError(t, err)
+
+	// get configuration
+	results, err := GetConfigurations(newCfg.ConfigName)
+	assert.NoError(t, err)
+	assert.Equal(t, results[0].ConfigName, "test_config")
+
+	// apply configuration
+	err = ApplyConfiguration(newCfg.ConfigName)
+	assert.NoError(t, err)
+
+	// update configuration
+	upCfg := types.Configuration{}
+	upCfg.ConfigName = "test_config"
+	upCfg.CIDRBits = 24
+	err = UpdateConfiguration("test_config", upCfg)
+
+	results, err = GetConfigurations(newCfg.ConfigName)
+	assert.NoError(t, err)
+	assert.Equal(t, results[0].CIDRBits, upCfg.CIDRBits)
+
+	// delete configuration
+	err = DeleteConfiguration(newCfg.ConfigName)
+	assert.NoError(t, err)
+}

knoxAutoPolicy/core/deduplicator.go

@@ -13,17 +13,6 @@ import (
 // == Get Latest Policy in DB == //
 // ============================= //
 
-// updateOutdatedPolicy function
-func updateOutdatedPolicy(outdatedPolicy types.KnoxNetworkPolicy, newPolicy *types.KnoxNetworkPolicy) {
-	for _, id := range outdatedPolicy.FlowIDs {
-		if !libs.ContainsElement(newPolicy.FlowIDs, id) {
-			newPolicy.FlowIDs = append(newPolicy.FlowIDs, id)
-		}
-	}
-
-	libs.UpdateOutdatedPolicy(Cfg.ConfigDB, outdatedPolicy.Metadata["name"], newPolicy.Metadata["name"])
-}
-
 // includeSelectorLabels function
 func includeSelectorLabels(newSelectorLabels map[string]string, existSelectorLabels map[string]string) bool {
 	includeSelector := true
@@ -299,6 +288,17 @@ func GetLatestServicePolicy(existingPolicies []types.KnoxNetworkPolicy, policy t
 // == Update Outdated Policy == //
 // ============================ //
 
+// updateOutdatedPolicy function
+func updateOutdatedPolicy(outdatedPolicy types.KnoxNetworkPolicy, newPolicy *types.KnoxNetworkPolicy) {
+	for _, id := range outdatedPolicy.FlowIDs {
+		if !libs.ContainsElement(newPolicy.FlowIDs, id) {
+			newPolicy.FlowIDs = append(newPolicy.FlowIDs, id)
+		}
+	}
+
+	libs.UpdateOutdatedPolicy(Cfg.ConfigDB, outdatedPolicy.Metadata["name"], newPolicy.Metadata["name"])
+}
+
 // includedHTTPPath function
 func includedHTTPPath(httpRules []types.SpecHTTP, targetRule types.SpecHTTP) bool {
 	included := false
@@ -360,6 +360,13 @@ func UpdateHTTP(newPolicy types.KnoxNetworkPolicy, existingPolicies []types.Knox
 			continue
 		}
 
+		// case 3: if policy has no toHTTPs, append it
+		for _, rule := range existHTTP {
+			if !includedHTTPPath(newHTTP, rule) {
+				newHTTP = append(newHTTP, rule)
+			}
+		}
+
 		// annotate the outdated policy
 		updateOutdatedPolicy(latestPolicy, &newPolicy)
 		updated = true
@@ -819,11 +826,11 @@ func IsExistingPolicy(existingPolicies []types.KnoxNetworkPolicy, newPolicy type
 }
 
 // ======================================== //
-// == Removing Duplicated Network Policy == //
+// == Update Duplicated Network Policy == //
 // ======================================== //
 
-// RemoveDuplicatePolicy function
-func RemoveDuplicatePolicy(existingPolicies []types.KnoxNetworkPolicy, discoveredPolicies []types.KnoxNetworkPolicy, dnsToIPs map[string][]string) []types.KnoxNetworkPolicy {
+// UpdateDuplicatedPolicy function
+func UpdateDuplicatedPolicy(existingPolicies []types.KnoxNetworkPolicy, discoveredPolicies []types.KnoxNetworkPolicy, dnsToIPs map[string][]string) []types.KnoxNetworkPolicy {
 	newPolicies := []types.KnoxNetworkPolicy{}
 
 	// update policy name map