From b18050dad78888eedd2ac3380f367c9afc4e8123 Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@gmail.com>
Date: Thu, 24 Oct 2019 10:53:23 -0700
Subject: [PATCH] Use falcoctl 0.0.4+ tests for space/dash psp names

Use falcoctl, which properly handles psp names containing
spaces/dashes. Also add tests that verify that the resulting rules are
valid.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
---
 test/falco_test.py                         |  2 +-
 test/falco_tests_psp.yaml                  | 22 +++++++++++++++++++++-
 test/psps/privileged_name_with_dashes.yaml |  8 ++++++++
 test/psps/privileged_name_with_spaces.yaml |  8 ++++++++
 4 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 test/psps/privileged_name_with_dashes.yaml
 create mode 100644 test/psps/privileged_name_with_spaces.yaml

diff --git a/test/falco_test.py b/test/falco_test.py
index 9795bdb843f..e8c8ae6a1d1 100644
--- a/test/falco_test.py
+++ b/test/falco_test.py
@@ -43,7 +43,7 @@ def setUp(self):
         self.falcodir = self.params.get('falcodir', '/', default=build_dir)
 
         self.psp_conv_path = os.path.join(build_dir, "falcoctl")
-        self.psp_conv_url = "https://github.com/falcosecurity/falcoctl/releases/download/v0.0.3/falcoctl-0.0.3-linux-amd64"
+        self.psp_conv_url = "https://github.com/falcosecurity/falcoctl/releases/download/v0.0.4/falcoctl-0.0.4-linux-amd64"
 
         self.stdout_is = self.params.get('stdout_is', '*', default='')
         self.stderr_is = self.params.get('stderr_is', '*', default='')
diff --git a/test/falco_tests_psp.yaml b/test/falco_tests_psp.yaml
index e0afe3bb4c2..a9d2a6131bf 100644
--- a/test/falco_tests_psp.yaml
+++ b/test/falco_tests_psp.yaml
@@ -643,4 +643,24 @@ trace_files: !mux
     rules_file: []
     conf_file: confs/psp.yaml
     psp_file: psps/allowed_proc_mount_types.yaml
-    trace_file: trace_files/psp/proc_mount_type_default.json
\ No newline at end of file
+    trace_file: trace_files/psp/proc_mount_type_default.json
+
+  psp_name_with_dashes:
+    detect: True
+    detect_level: WARNING
+    detect_counts:
+      - "PSP no_privileged Violation (privileged) System Activity": 1
+    rules_file: []
+    conf_file: confs/psp.yaml
+    psp_file: psps/privileged_name_with_dashes.yaml
+    trace_file: trace_files/psp/privileged.scap
+
+  psp_name_with_spaces:
+    detect: True
+    detect_level: WARNING
+    detect_counts:
+      - "PSP no_privileged Violation (privileged) System Activity": 1
+    rules_file: []
+    conf_file: confs/psp.yaml
+    psp_file: psps/privileged_name_with_spaces.yaml
+    trace_file: trace_files/psp/privileged.scap
diff --git a/test/psps/privileged_name_with_dashes.yaml b/test/psps/privileged_name_with_dashes.yaml
new file mode 100644
index 00000000000..15fa8abec57
--- /dev/null
+++ b/test/psps/privileged_name_with_dashes.yaml
@@ -0,0 +1,8 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  annotations:
+    falco-rules-psp-images: "[nginx]"
+  name: no-privileged
+spec:
+  privileged: false
diff --git a/test/psps/privileged_name_with_spaces.yaml b/test/psps/privileged_name_with_spaces.yaml
new file mode 100644
index 00000000000..dbb724bc92c
--- /dev/null
+++ b/test/psps/privileged_name_with_spaces.yaml
@@ -0,0 +1,8 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  annotations:
+    falco-rules-psp-images: "[nginx]"
+  name: no privileged
+spec:
+  privileged: false