Use falcoctl 0.0.3 w/ unique names

Use the changes in falcosecurity/falcoctl#25 that make sure rules, macros, lists, and rule names all have a unique prefix. In this case the prefix is based on the psp name, so make sure the psp name actually reflects what it does--there were a few cut-and-paste carryovers. This test assumes that falcoctl will be tagged/released as 0.0.3--the tests won't pass until the falcoctl PR is merged and there's a release. Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
falcosecurity · Oct 23, 2019 · 182e284 · 182e284
1 parent 3fafac3
commit 182e284
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 43 deletions.
diff --git a/test/falco_test.py b/test/falco_test.py
@@ -43,7 +43,7 @@ def setUp(self):
         self.falcodir = self.params.get('falcodir', '/', default=build_dir)
 
         self.psp_conv_path = os.path.join(build_dir, "falcoctl")
-        self.psp_conv_url = "https://github.com/falcosecurity/falcoctl/releases/download/0.0.2/falcoctl-0.0.2-linux-amd64"
+        self.psp_conv_url = "https://github.com/falcosecurity/falcoctl/releases/download/v0.0.3/falcoctl-0.0.3-linux-amd64"
 
         self.stdout_is = self.params.get('stdout_is', '*', default='')
         self.stderr_is = self.params.get('stderr_is', '*', default='')

diff --git a/test/falco_tests_psp.yaml b/test/falco_tests_psp.yaml
@@ -21,7 +21,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (privileged) K8s Audit": 1
+      - "PSP no_privileged Violation (privileged) K8s Audit": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/privileged.yaml
@@ -31,7 +31,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (privileged) System Activity": 1
+      - "PSP no_privileged Violation (privileged) System Activity": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/privileged.yaml
@@ -48,7 +48,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (hostPID)": 1
+      - "PSP no_host_pid Violation (hostPID)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/host_pid.yaml
@@ -65,7 +65,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (hostIPC)": 1
+      - "PSP no_host_ipc Violation (hostIPC)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/host_ipc.yaml
@@ -82,7 +82,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (hostNetwork)": 1
+      - "PSP no_host_network Violation (hostNetwork)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/host_network.yaml
@@ -99,7 +99,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (hostPorts)": 1
+      - "PSP host_ports_100_200_only Violation (hostPorts)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/host_network_ports.yaml
@@ -116,7 +116,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (volumes)": 1
+      - "PSP only_secret_volumes Violation (volumes)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/volumes.yaml
@@ -133,7 +133,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (allowedHostPaths)": 1
+      - "PSP only_mount_host_usr Violation (allowedHostPaths)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/allowed_host_paths.yaml
@@ -150,7 +150,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (allowedFlexVolumes)": 1
+      - "PSP only_lvm_cifs_flex_volumes Violation (allowedFlexVolumes)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/flex_volumes.yaml
@@ -167,7 +167,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (fsGroup)": 1
+      - "PSP fs_group_must_run_as_30 Violation (fsGroup)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/fs_group_must_run_as.yaml
@@ -177,7 +177,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (fsGroup)": 1
+      - "PSP fs_group_must_run_as_30 Violation (fsGroup)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/fs_group_must_run_as.yaml
@@ -187,7 +187,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (fsGroup)": 1
+      - "PSP fs_group_may_run_as_30 Violation (fsGroup)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/fs_group_may_run_as.yaml
@@ -218,7 +218,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (readOnlyRootFilesystem) K8s Audit": 1
+      - "PSP read_only_root_fs Violation (readOnlyRootFilesystem) K8s Audit": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/read_only_root_fs.yaml
@@ -228,7 +228,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (readOnlyRootFilesystem) System Activity": 1
+      - "PSP read_only_root_fs Violation (readOnlyRootFilesystem) System Activity": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/read_only_root_fs.yaml
@@ -245,7 +245,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsUser=MustRunAs) K8s Audit": 1
+      - "PSP user_must_run_as_30 Violation (runAsUser=MustRunAs) K8s Audit": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/user_must_run_as.yaml
@@ -255,7 +255,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsUser=MustRunAs) K8s Audit": 1
+      - "PSP user_must_run_as_30 Violation (runAsUser=MustRunAs) K8s Audit": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/user_must_run_as.yaml
@@ -265,7 +265,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsUser=MustRunAs) System Activity": 1
+      - "PSP user_must_run_as_30 Violation (runAsUser=MustRunAs) System Activity": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/user_must_run_as.yaml
@@ -282,7 +282,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsUser=MustRunAs) K8s Audit": 1
+      - "PSP user_must_run_as_30 Violation (runAsUser=MustRunAs) K8s Audit": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/user_must_run_as.yaml
@@ -299,7 +299,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsUser=MustRunAs) K8s Audit": 1
+      - "PSP user_must_run_as_30 Violation (runAsUser=MustRunAs) K8s Audit": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/user_must_run_as.yaml
@@ -316,7 +316,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsUser=MustRunAsNonRoot) K8s Audit": 1
+      - "PSP user_must_run_as_non_root Violation (runAsUser=MustRunAsNonRoot) K8s Audit": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/user_must_run_as_non_root.yaml
@@ -326,7 +326,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsUser=MustRunAsNonRoot) System Activity": 1
+      - "PSP user_must_run_as_non_root Violation (runAsUser=MustRunAsNonRoot) System Activity": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/user_must_run_as_non_root.yaml
@@ -343,7 +343,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsUser=MustRunAsNonRoot) K8s Audit": 1
+      - "PSP user_must_run_as_non_root Violation (runAsUser=MustRunAsNonRoot) K8s Audit": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/user_must_run_as_non_root.yaml
@@ -360,7 +360,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsUser=MustRunAsNonRoot) K8s Audit": 1
+      - "PSP user_must_run_as_non_root Violation (runAsUser=MustRunAsNonRoot) K8s Audit": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/user_must_run_as_non_root.yaml
@@ -377,7 +377,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsGroup=MustRunAs) K8s Audit": 1
+      - "PSP group_must_run_as_30 Violation (runAsGroup=MustRunAs) K8s Audit": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/group_must_run_as.yaml
@@ -387,7 +387,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsGroup=MustRunAs) K8s Audit": 1
+      - "PSP group_must_run_as_30 Violation (runAsGroup=MustRunAs) K8s Audit": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/group_must_run_as.yaml
@@ -397,7 +397,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsGroup=MustRunAs) System Activity": 1
+      - "PSP group_must_run_as_30 Violation (runAsGroup=MustRunAs) System Activity": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/group_must_run_as.yaml
@@ -414,7 +414,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsGroup=MustRunAs) K8s Audit": 1
+      - "PSP group_must_run_as_30 Violation (runAsGroup=MustRunAs) K8s Audit": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/group_must_run_as.yaml
@@ -431,7 +431,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsGroup=MustRunAs) K8s Audit": 1
+      - "PSP group_must_run_as_30 Violation (runAsGroup=MustRunAs) K8s Audit": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/group_must_run_as.yaml
@@ -455,7 +455,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsGroup=MayRunAs)": 1
+      - "PSP group_may_run_as_30 Violation (runAsGroup=MayRunAs)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/group_may_run_as.yaml
@@ -472,7 +472,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsGroup=MayRunAs)": 1
+      - "PSP group_may_run_as_30 Violation (runAsGroup=MayRunAs)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/group_may_run_as.yaml
@@ -489,7 +489,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (runAsGroup=MayRunAs)": 1
+      - "PSP group_may_run_as_30 Violation (runAsGroup=MayRunAs)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/group_may_run_as.yaml
@@ -506,7 +506,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (supplementalGroups=MustRunAs)": 1
+      - "PSP supplemental_groups_must_run_as_30 Violation (supplementalGroups=MustRunAs)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/supplemental_groups_must_run_as_30_40.yaml
@@ -516,7 +516,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (supplementalGroups=MustRunAs)": 1
+      - "PSP supplemental_groups_must_run_as_30 Violation (supplementalGroups=MustRunAs)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/supplemental_groups_must_run_as_30_40.yaml
@@ -526,7 +526,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (supplementalGroups=MustRunAs)": 1
+      - "PSP supplemental_groups_must_run_as_30_10 Violation (supplementalGroups=MustRunAs)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/supplemental_groups_must_run_as_30_40_10_15.yaml
@@ -557,7 +557,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (supplementalGroups=MayRunAs)": 1
+      - "PSP supplemental_groups_may_run_as_30 Violation (supplementalGroups=MayRunAs)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/supplemental_groups_may_run_as_30_40.yaml
@@ -567,7 +567,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (supplementalGroups=MayRunAs)": 1
+      - "PSP supplemental_groups_may_run_as_30_10 Violation (supplementalGroups=MayRunAs)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/supplemental_groups_may_run_as_30_40_10_15.yaml
@@ -591,7 +591,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (allowPrivilegeEscalation)": 1
+      - "PSP no_privilege_escalation Violation (allowPrivilegeEscalation)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/privilege_escalation.yaml
@@ -601,7 +601,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (allowedCapabilities)": 1
+      - "PSP allow_capability_sys_nice Violation (allowedCapabilities)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/allowed_capabilities.yaml
@@ -625,7 +625,7 @@ trace_files: !mux
     detect: True
     detect_level: WARNING
     detect_counts:
-      - "PSP Violation (allowedProcMountTypes)": 1
+      - "PSP allow_default_proc_mount_type Violation (allowedProcMountTypes)": 1
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/allowed_proc_mount_types.yaml

diff --git a/test/psps/privilege_escalation.yaml b/test/psps/privilege_escalation.yaml
@@ -3,6 +3,6 @@ kind: PodSecurityPolicy
 metadata:
   annotations:
     falco-rules-psp-images: "[nginx]"
-  name: no_privileged
+  name: no_privilege_escalation
 spec:
   allowPrivilegeEscalation: false
diff --git a/test/psps/supplemental_groups_may_run_as_30_40_10_15.yaml b/test/psps/supplemental_groups_may_run_as_30_40_10_15.yaml
@@ -3,7 +3,7 @@ kind: PodSecurityPolicy
 metadata:
   annotations:
     falco-rules-psp-images: "[nginx]"
-  name: supplemental_groups_may_run_as_30
+  name: supplemental_groups_may_run_as_30_10
 spec:
   supplementalGroups:
     rule: "MayRunAs"

diff --git a/test/psps/supplemental_groups_must_run_as_30_40_10_15.yaml b/test/psps/supplemental_groups_must_run_as_30_40_10_15.yaml
@@ -3,7 +3,7 @@ kind: PodSecurityPolicy
 metadata:
   annotations:
     falco-rules-psp-images: "[nginx]"
-  name: supplemental_groups_must_run_as_30
+  name: supplemental_groups_must_run_as_30_10
 spec:
   supplementalGroups:
     rule: "MustRunAs"