adding smoke tests

[Prateeknandle]

Signed-off-by: Prateeknandle prateeknandle@gmail.com

opened new pr, old one is closed without merging, i blundered it during rebase.

[Prateeknandle]

didn't understood the problem here, working fine locally. here ig the exec.Command is not working.

[rksharma95]

kubearmor/kubearmor-client#241 (comment) i opened an issue on kubearmor-client, ig it will ease out things here. after handling that we'll no longer required to handle policies from stdout and also the port-forward instruction will not be there to mess the json encoding.
WDYT @seswarrajan @nyrahul

[Prateeknandle]

@rksharma95 now i'm getting the same error locally, seems like karmor discover cmd is not working. I tried the cmd in terminal but it does not generate any output

[Prateeknandle]

@nyrahul can you run thi pr locally and please confirm, are you getting an error?

[nyrahul]

@nyrahul can you run thi pr locally and please confirm, are you getting an error?

@rksharma95 , can you please check this? Thanks

[Prateeknandle]

@rksharma95 @nyrahul please review the pr

[Prateeknandle]

@nyrahul I tried to reduce the sleep time to 10 sec and also added the checkpod in BeforeSuite but it was giving error in unmarshalling, when i increase the sleep time to 20 & 25, it works fine.

Also the test case for Network policy also checks for protocol type and port no., should we not check them because sometimes it passes and sometimes not. Basically the policcy keeps changing the protocol and port no.

[nyrahul]

@nyrahul I tried to reduce the sleep time to 10 sec and also added the checkpod in BeforeSuite but it was giving error in unmarshalling, when i increase the sleep time to 20 & 25, it works fine.

Also the test case for Network policy also checks for protocol type and port no., should we not check them because sometimes it passes and sometimes not. Basically the policcy keeps changing the protocol and port no.

• the unmarshalling error needs to be debugged
• You say the policies keep changing ... Can you paste the policies that are generated in all cases?

[Prateeknandle]

@nyrahul

1. [{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-egress-ffczpxzqoteados","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"wordpress"}},"spec":{"podSelector":{"matchLabels":{"app":"wordpress"}},"egress":[{"ports":[{"protocol":"UDP"}]},{"ports":[{"protocol":"TCP","port":3306}]}],"policyTypes":["Egress"]}},{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-ingress-mxxzuhbjcjqwlyo","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"wordpress"}},"spec":{"podSelector":{"matchLabels":{"app":"wordpress"}},"ingress":[{"ports":[{"protocol":"TCP","port":3306}],"from":[{"podSelector":{"matchLabels":{"app":"mysql"}}}]}],"policyTypes":["Ingress"]}},{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-egress-vqrepkxgmyhoxwn","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"mysql"}},"spec":{"podSelector":{"matchLabels":{"app":"mysql"}},"egress":[{"ports":[{"protocol":"UDP"}]},{"ports":[{"protocol":"TCP","port":3306}],"to":[{"podSelector":{"matchLabels":{"app":"wordpress"}}}]}],"policyTypes":["Egress"]}}]

2. [{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-ingress-xearahknuzwbstx","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"mysql"}},"spec":{"podSelector":{"matchLabels":{"app":"mysql"}},"ingress":[{"ports":[{"protocol":"UDP"}]},{"ports":[{"protocol":"UDP","port":3306}]}],"policyTypes":["Ingress"]}},{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-egress-ayduueeldqknuak","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"mysql"}},"spec":{"podSelector":{"matchLabels":{"app":"mysql"}},"egress":[{"ports":[{"protocol":"UDP"}]}],"policyTypes":["Egress"]}},{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-egress-hkdgbznulihhvgx","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"wordpress"}},"spec":{"podSelector":{"matchLabels":{"app":"wordpress"}},"egress":[{"ports":[{"protocol":"UDP"}]},{"ports":[{"protocol":"TCP","port":3306}]}],"policyTypes":["Egress"]}}]

[Prateeknandle]

@nyrahul while using sleep time 10 secs karmor discover cmd does not provide any policy as a output, that is why we're getting error while unmarshal, I've also implemented checkpod() to check wether the pod is up and running or not.

[nyrahul]

@nyrahul while using sleep time 10 secs karmor discover cmd does not provide any policy as a output, that is why we're getting error while unmarshal, I've also implemented checkpod() to check wether the pod is up and running or not.

Ok i see, in general, the discovery-engine might require to observe at least for 10 seconds before it can discover the policy.

[nyrahul]

@nyrahul

1. [{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-egress-ffczpxzqoteados","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"wordpress"}},"spec":{"podSelector":{"matchLabels":{"app":"wordpress"}},"egress":[{"ports":[{"protocol":"UDP"}]},{"ports":[{"protocol":"TCP","port":3306}]}],"policyTypes":["Egress"]}},{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-ingress-mxxzuhbjcjqwlyo","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"wordpress"}},"spec":{"podSelector":{"matchLabels":{"app":"wordpress"}},"ingress":[{"ports":[{"protocol":"TCP","port":3306}],"from":[{"podSelector":{"matchLabels":{"app":"mysql"}}}]}],"policyTypes":["Ingress"]}},{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-egress-vqrepkxgmyhoxwn","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"mysql"}},"spec":{"podSelector":{"matchLabels":{"app":"mysql"}},"egress":[{"ports":[{"protocol":"UDP"}]},{"ports":[{"protocol":"TCP","port":3306}],"to":[{"podSelector":{"matchLabels":{"app":"wordpress"}}}]}],"policyTypes":["Egress"]}}]
2. [{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-ingress-xearahknuzwbstx","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"mysql"}},"spec":{"podSelector":{"matchLabels":{"app":"mysql"}},"ingress":[{"ports":[{"protocol":"UDP"}]},{"ports":[{"protocol":"UDP","port":3306}]}],"policyTypes":["Ingress"]}},{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-egress-ayduueeldqknuak","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"mysql"}},"spec":{"podSelector":{"matchLabels":{"app":"mysql"}},"egress":[{"ports":[{"protocol":"UDP"}]}],"policyTypes":["Egress"]}},{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-egress-hkdgbznulihhvgx","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"wordpress"}},"spec":{"podSelector":{"matchLabels":{"app":"wordpress"}},"egress":[{"ports":[{"protocol":"UDP"}]},{"ports":[{"protocol":"TCP","port":3306}]}],"policyTypes":["Egress"]}}]
3. [{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-egress-lrmbvlwhgeqtkhj","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"wordpress"}},"spec":{"podSelector":{"matchLabels":{"app":"wordpress"}},"egress":[{"ports":[{"protocol":"UDP"}]},{"ports":[{"protocol":"TCP","port":3306}]}],"policyTypes":["Egress"]}},{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-ingress-mfiznqrzwlbqexw","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"mysql"}},"spec":{"podSelector":{"matchLabels":{"app":"mysql"}},"ingress":[{"ports":[{"protocol":"UDP"}]},{"ports":[{"protocol":"UDP","port":3306}]}],"policyTypes":["Ingress"]}},{"kind":"NetworkPolicy","apiVersion":"networking.k8s.io/v1","metadata":{"name":"autopol-egress-qrlmdyysvkwrnyt","namespace":"wordpress-mysql","creationTimestamp":null,"labels":{"app":"mysql"}},"spec":{"podSelector":{"matchLabels":{"app":"mysql"}},"egress":[{"ports":[{"protocol":"UDP"}]}],"policyTypes":["Egress"]}}]

Please point to specifics. What do you see changing?

[Prateeknandle]

@rksharma95 can you please check why go-sec is failing, also @rksharma95 @nyrahul please review the pr

[rksharma95]

@Prateeknandle PTAL https://www.joeshaw.org/dont-defer-close-on-writable-files/ ig it might help with deferring close() issues.

[rksharma95]

@Prateeknandle PTAL kubearmor/KubeArmor#1098 for gosec issues.

[Prateeknandle]

@rksharma95 @nyrahul now you can review the pr

[Prateeknandle]

@seswarrajan here is the network policy we are getting after 300 seconds so the policy we are getting should be considered final, do you think this is a valid policy and test cases should be molded acc to this?
policy - https://github.com/accuknox/discovery-engine/actions/runs/4118258190/jobs/7155494607#step:7:1154

policy have no protocal mentioned with port and port is also not 3306.
And if this policy is not a final/ideal network policy then should we consider the test for network policy to be flaky and keep it as it is ?

[Prateeknandle]

@PrimalPimmy @rksharma95 can you please review the pr

[PrimalPimmy]

LGTM

resolved, so merging it