move syscall test to syscalls suite

Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com>
kubearmor · Jun 23, 2023 · 10be32c · 10be32c
1 parent 5036c11
commit 10be32c
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 51 deletions.
diff --git a/.github/workflows/ci-test-controllers.yml b/.github/workflows/ci-test-controllers.yml
@@ -6,7 +6,7 @@ on:
       - "main"
     paths:
       - "pkg/**"
-      - ".github/workflows/ci-test-ginkgo.yml"
+      - ".github/workflows/ci-test-controllers.yml"
 
 jobs:
   kubearmor-controller-test:
@@ -22,9 +22,13 @@ jobs:
           go-version: "v1.20"
 
       - uses: actions/checkout@v3
+        with:
+          go-version: "v1.20"
 
       - name: Setup a Kubernetes environment
-        run: ./.github/workflows/install-k3s.sh
+        run: |
+          cd ../../
+          .github/workflows/install-k3s.sh
 
       - name: Build KubeArmorController
         run: make docker-build TAG=latest

diff --git a/tests/ksp/ksp_test.go b/tests/ksp/ksp_test.go
@@ -568,55 +568,6 @@ var _ = Describe("Ksp", func() {
 
 		})
 
-		It("mount will be blocked by default for a pod", func() {
-			// Start KubeArmor Logs
-			err := KarmorLogStart("policy", "multiubuntu", "Syscall", ub3)
-			Expect(err).To(BeNil())
-
-			// execute mount inside the pod
-			sout, _, err := K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "mkdir /mnt/test"})
-			Expect(err).To(BeNil())
-			sout, _, err = K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "mount /home /mnt/test"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-
-			expect := protobuf.Alert{
-				PolicyName: "DefaultPosture",
-				Action:     "Block",
-				Result:     "Permission denied",
-				Data:       "syscall=SYS_MOUNT",
-			}
-
-			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
-			Expect(err).To(BeNil())
-			Expect(res.Found).To(BeTrue())
-		})
-
-		It("umount will be blocked by default for a pod as the capability not added", func() {
-			// Start KubeArmor Logs
-			err := KarmorLogStart("policy", "multiubuntu", "Syscall", ub3)
-			Expect(err).To(BeNil())
-
-			// execute umount inside the pod
-			sout, _, err := K8sExecInPod(ub3, "multiubuntu",
-				[]string{"bash", "-c", "umount /mnt"})
-			Expect(err).To(BeNil())
-			fmt.Printf("OUTPUT: %s\n", sout)
-
-			expect := protobuf.Alert{
-				PolicyName: "DefaultPosture",
-				Action:     "Block",
-				Result:     "Operation not permitted",
-				Data:       "syscall=SYS_UMOUNT2",
-			}
-
-			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
-			Expect(err).To(BeNil())
-			Expect(res.Found).To(BeTrue())
-		})
-
 	})
 
 	Describe("Apply Files Policies", func() {

diff --git a/tests/syscalls/syscalls_test.go b/tests/syscalls/syscalls_test.go
@@ -4,8 +4,10 @@
 package syscalls
 
 import (
+	"fmt"
 	"time"
 
+	"github.com/kubearmor/KubeArmor/protobuf"
 	. "github.com/kubearmor/KubeArmor/tests/util"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -477,6 +479,55 @@ var _ = Describe("Syscalls", func() {
 			Expect(alerts[0].Tags).To(Equal("Global tag"))
 			Expect(alerts[0].Message).To(Equal("Local message"))
 		})
+
+		It("mount will be blocked by default for a pod", func() {
+			// Start KubeArmor Logs
+			err := KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
+			Expect(err).To(BeNil())
+
+			// execute mount inside the pod
+			sout, _, err := K8sExecInPod(ubuntu, "syscalls",
+				[]string{"bash", "-c", "mkdir /mnt/test"})
+			Expect(err).To(BeNil())
+			sout, _, err = K8sExecInPod(ubuntu, "syscalls",
+				[]string{"bash", "-c", "mount /home /mnt/test"})
+			Expect(err).To(BeNil())
+			fmt.Printf("OUTPUT: %s\n", sout)
+
+			expect := protobuf.Alert{
+				PolicyName: "DefaultPosture",
+				Action:     "Block",
+				Result:     "Permission denied",
+				Data:       "syscall=SYS_MOUNT",
+			}
+
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
+			Expect(err).To(BeNil())
+			Expect(res.Found).To(BeTrue())
+		})
+
+		It("umount will be blocked by default for a pod as the capability not added", func() {
+			// Start KubeArmor Logs
+			err := KarmorLogStart("policy", "syscalls", "Syscall", ubuntu)
+			Expect(err).To(BeNil())
+
+			// execute umount inside the pod
+			sout, _, err := K8sExecInPod(ubuntu, "syscalls",
+				[]string{"bash", "-c", "umount /mnt"})
+			Expect(err).To(BeNil())
+			fmt.Printf("OUTPUT: %s\n", sout)
+
+			expect := protobuf.Alert{
+				PolicyName: "DefaultPosture",
+				Action:     "Block",
+				Result:     "Operation not permitted",
+				Data:       "syscall=SYS_UMOUNT2",
+			}
+
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
+			Expect(err).To(BeNil())
+			Expect(res.Found).To(BeTrue())
+		})
 	})
 
 })