initial version of polarion test for local-cluster

tests/cypress/README.md

@@ -88,13 +88,6 @@ These files are used to contain a raw YAML which is being used in a test e.g. as
 
 This configuration file contain policy details that can be used both for policy creation and policy validation (checking that policy as respective properties). In some cases multiple policies can be specified in one file, policy name being (usually) a section header. Within a section there are various policy attributes specified.
 
-### policy placement rule description
- * State: draft (used in demo) - in a future it may be merged with policy description described above
- * Path: Usually stored in a subfolder under `tests/cypress/config`.
- * Example: [config/sample/demo-policy-placement-rule.yaml](https://github.com/open-cluster-management/grc-ui/blob/master/tests/cypress/config/sample/demo-policy-placement-rule.yaml)
-
-This configuration file is being used for validation of the policy placement rule at the detailed policy status page. It also contain the expected (overall) compliance status for each relevant cluster.
-
 ### violations patterns
  * State: draft (used in demo)
  * Path: [tests/cypress/config/violation-patterns.yaml](https://github.com/open-cluster-management/grc-ui/pull/358/files#diff-df2d42454a9fad5cc02820a2ef9c68b1fefcbd1a4bea58d377f4c4d22aabafca)

tests/cypress/config/multiple_policies_governance/clusters.yaml

@@ -0,0 +1,2 @@
+local-cluster:
+  status: Ready

tests/cypress/config/multiple_policies_governance/policy-config.yaml

@@ -0,0 +1,110 @@
+# these are policies required by following Polarion test cases:
+# RHACM4K-548
+# RHACM4K-549
+# RHACM4K-550
+# RHACM4K-551
+# RHACM4K-552
+# RHACM4K-553
+# RHACM4K-634
+# RHACM4K-660
+# RHACM4K-661
+# RHACM4K-901
+# RHACM4K-902
+# RHACM4K-903
+# RHACM4K-904
+# RHACM4K-1569
+
+test-iam-policy-[ID]:
+  apiVersion: 'policy.open-cluster-management.io/v1'
+  namespace: 'default'
+  cluster_binding:
+    - 'local-cluster: "true"'
+  binding_selector:
+    - 'matchExpressions =[ { "key": "local-cluster", "operator": "In", "values": [ "true" ] } ]'
+  kind: 'IamPolicy'
+  specifications:
+    - 'IamPolicy'
+  standards:
+    - 'NIST-CSF'
+  categories:
+    - 'PR.AC Identity Management and Access Control'
+  controls:
+    - 'PR.AC-4 Access Control'
+  enforce: False
+  disable: False
+
+test-pod-security-policy-[ID]:
+  apiVersion: 'policy.open-cluster-management.io/v1'
+  namespace: 'default'
+  cluster_binding:
+    - 'local-cluster: "true"'
+  binding_selector:
+    - 'matchExpressions =[ { "key": "local-cluster", "operator": "In", "values": [ "true" ] } ]'
+  kind: 'ConfigurationPolicy'
+  specifications:
+    - 'PodSecurityPolicy'
+  standards:
+    - 'NIST-CSF'
+  categories:
+    - 'PR.PT Protective Technology'
+  controls:
+    - 'PR.PT-3 Least Functionality'
+  enforce: False
+  disable: 
+
+test-role-policy-[ID]:
+  apiVersion: 'policy.open-cluster-management.io/v1'
+  namespace: 'default'
+  cluster_binding:
+    - 'local-cluster: "true"'
+  binding_selector:
+    - 'matchExpressions =[ { "key": "local-cluster", "operator": "In", "values": [ "true" ] } ]'
+  kind: 'ConfigurationPolicy'
+  specifications:
+    - 'Role - role must follow defined permissions'
+  standards:
+    - 'NIST-CSF'
+  categories:
+    - 'PR.AC Identity Management and Access Control'
+  controls:
+    - 'PR.AC-4 Access Control'
+  enforce: False
+  disable: False
+
+test-role-binding-policy-[ID]:
+  apiVersion: 'policy.open-cluster-management.io/v1'
+  namespace: 'default'
+  cluster_binding:
+    - 'local-cluster: "true"'
+  binding_selector:
+    - 'matchExpressions =[ { "key": "local-cluster", "operator": "In", "values": [ "true" ] } ]'
+  kind: 'ConfigurationPolicy'
+  specifications:
+    - 'Role - role must follow defined permissions'
+  standards:
+    - 'NIST-CSF'
+  categories:
+    - 'PR.AC Identity Management and Access Control'
+  controls:
+    - 'PR.AC-4 Access Control'
+  enforce: False
+  disable: False
+
+test-security-context-constraints-policy-[ID]:
+  apiVersion: 'policy.open-cluster-management.io/v1'
+  namespace: 'default'
+  cluster_binding:
+    - 'local-cluster: "true"'
+  binding_selector:
+    - 'matchExpressions =[ { "key": "local-cluster", "operator": "In", "values": [ "true" ] } ]'
+  kind: 'ConfigurationPolicy'
+  specifications:
+    - 'SecurityContextConstraints'
+  standards:
+    - 'NIST-CSF'
+  categories:
+    - 'PR.PT Protective Technology'
+  controls:
+    - 'PR.PT-3 Least Functionality'
+  enforce: False
+  disable: False

tests/cypress/config/multiple_policies_governance/policy-config.yaml.orig

@@ -0,0 +1,100 @@
+# these are policies required by following Polarion test cases:
+# RHACM4K-548
+# RHACM4K-549
+# RHACM4K-550
+# RHACM4K-551
+# RHACM4K-552
+# RHACM4K-553
+# RHACM4K-634
+# RHACM4K-660
+# RHACM4K-661
+# RHACM4K-901
+# RHACM4K-902
+# RHACM4K-903
+# RHACM4K-904
+# RHACM4K-1569
+
+test-iam-policy-[ID]:
+  apiVersion: 'policy.open-cluster-management.io/v1'
+  namespace: 'default'
+  cluster_binding:
+    - 'local-cluster: "true"'
+  kind: 'IamPolicy'
+  specifications:
+    - 'IamPolicy'
+  standards:
+    - 'NIST-CSF'
+  categories:
+    - 'PR.AC Identity Management and Access Control'
+  controls:
+    - 'PR.AC-4 Access Control'
+  enforce: False
+  disable: False
+
+test-pod-security-policy-[ID]:
+  apiVersion: 'policy.open-cluster-management.io/v1'
+  namespace: 'default'
+  cluster_binding:
+    - 'local-cluster: "true"'
+  kind: 'ConfigurationPolicy'
+  specifications:
+    - 'PodSecurityPolicy'
+  standards:
+    - 'NIST-CSF'
+  categories:
+    - 'PR.PT Protective Technology'
+  controls:
+    - 'PR.PT-3 Least Functionality'
+  enforce: False
+  disable: 
+
+test-role-policy-[ID]:
+  apiVersion: 'policy.open-cluster-management.io/v1'
+  namespace: 'default'
+  cluster_binding:
+    - 'local-cluster: "true"'
+  kind: 'ConfigurationPolicy'
+  specifications:
+    - 'Role - role must follow defined permissions'
+  standards:
+    - 'NIST-CSF'
+  categories:
+    - 'PR.AC Identity Management and Access Control'
+  controls:
+    - 'PR.AC-4 Access Control'
+  enforce: False
+  disable: False
+
+test-role-binding-policy-[ID]:
+  apiVersion: 'policy.open-cluster-management.io/v1'
+  namespace: 'default'
+  cluster_binding:
+    - 'local-cluster: "true"'
+  kind: 'ConfigurationPolicy'
+  specifications:
+    - 'Role - role must follow defined permissions'
+  standards:
+    - 'NIST-CSF'
+  categories:
+    - 'PR.AC Identity Management and Access Control'
+  controls:
+    - 'PR.AC-4 Access Control'
+  enforce: False
+  disable: False
+
+test-security-context-constraints-policy-[ID]:
+  apiVersion: 'policy.open-cluster-management.io/v1'
+  namespace: 'default'
+  cluster_binding:
+    - 'local-cluster: "true"'
+  kind: 'ConfigurationPolicy'
+  specifications:
+    - 'SecurityContextConstraints'
+  standards:
+    - 'NIST-CSF'
+  categories:
+    - 'PR.PT Protective Technology'
+  controls:
+    - 'PR.PT-3 Least Functionality'
+  enforce: False
+  disable: False

tests/cypress/config/multiple_policies_governance/policy-config.yaml.short

@@ -0,0 +1,32 @@
+# these are policies required by following Polarion test cases:
+# RHACM4K-548
+# RHACM4K-549
+# RHACM4K-550
+# RHACM4K-551
+# RHACM4K-552
+# RHACM4K-553
+# RHACM4K-634
+# RHACM4K-660
+# RHACM4K-661
+# RHACM4K-901
+# RHACM4K-902
+# RHACM4K-903
+# RHACM4K-904
+# RHACM4K-1569
+
+test-iam-policy-[ID]:
+  apiVersion: 'policy.open-cluster-management.io/v1'
+  namespace: 'default'
+  cluster_binding:
+    - 'local-cluster: "true"'
+  kind: 'IamPolicy'
+  specifications:
+    - 'IamPolicy'
+  standards:
+    - 'NIST-CSF'
+  categories:
+    - 'PR.AC Identity Management and Access Control'
+  controls:
+    - 'PR.AC-4 Access Control'
+  enforce: False
+  disable: False

tests/cypress/config/multiple_policies_governance/violations.yaml

@@ -0,0 +1,6 @@
+"local-cluster":
+ - [UNAME]-example-0
+ - [UNAME]-sample-restricted-psp-1
+ - [UNAME]-sample-role-1
+ - [UNAME]-sample-rolebinding-1
+ - [UNAME]-sample-restricted-scc-1

tests/cypress/config/sample/demo-policy-config.yaml

@@ -7,6 +7,8 @@ policyConfig:
   - 'CertificatePolicy - cert management expiration'
   cluster_binding:
     - 'name: "local-cluster"'
+  binding_selector:
+    - 'matchExpressions =[ { "key": "name", "operator": "In", "values": [ "local-cluster" ] } ]'
   standards:
     - 'NIST-CSF'
     - 'FISMA'
@@ -17,4 +19,4 @@ policyConfig:
     - 'PR.DS-2 Data-in-transit'
     - 'PR.DS-2 Data-at-rest'
   enforce: False
-  disable: False
+  disable: False

tests/cypress/config/sample/violations.yaml

@@ -0,0 +1,2 @@
+"local-cluster":
+ - [UNAME]-example-0

tests/cypress/config/violation-patterns.yaml

@@ -38,3 +38,7 @@ gatekeeper-operator-subscription:
 [UNAME]-sample-role:
  0: "notification - roles \\[sample-role\\] in namespace default exist as specified, therefore this Object template is compliant"
  1: "violation - roles `sample-role` does not exist as specified"
+[UNAME]-sample-rolebinding:
+ 1: "violation - rolebindings `sample-rolebinding` does not exist as specified"
+[UNAME]-sample-restricted-scc:
+ 1: "violation - securitycontextconstraints `sample-restricted-scc` does not exist as specified"

tests/cypress/tests/demos/policy-demo.spec.js

@@ -17,7 +17,7 @@ describe('Testing policy named demo-policy in demo.yaml file', () => {
     // demo-policy-config.yaml is used for validating the policy "demo-policy"
     // demo-policy-config.yaml isn't raw policy yaml but config yaml and need be converted to a dictionary
     const { policyConfig } = getConfigObject('sample/demo-policy-config.yaml')
-    const policyPlacementRule = getConfigObject('sample/demo-policy-placement-rule.yaml', 'yaml', getDefaultSubstitutionRules(uPolicyName))
+    const confClusterViolations = getConfigObject('sample/violations.yaml', 'yaml', getDefaultSubstitutionRules(policyName))
 
     it (`Can create new policy ${uPolicyName} from YAML editor`, () => {
       cy.FromGRCToCreatePolicyPage()
@@ -37,6 +37,7 @@ describe('Testing policy named demo-policy in demo.yaml file', () => {
 
     it('Disable policy', () => {
       actionPolicyActionInListing(uPolicyName, 'Disable')
+      cy.wait(1000) // wait 1 sec to not to parse current page since it will be reloaded
     })
 
     it('Check disabled policy', () => {
@@ -45,6 +46,7 @@ describe('Testing policy named demo-policy in demo.yaml file', () => {
 
     it('Enable policy', () => {
       actionPolicyActionInListing(uPolicyName, 'Enable')
+      cy.wait(1000) // wait 1 sec to not to parse current page since it will be reloaded
     })
 
     it('Check enabled policy', () => {
@@ -53,6 +55,7 @@ describe('Testing policy named demo-policy in demo.yaml file', () => {
 
     it('Enforce policy', () => {
       actionPolicyActionInListing(uPolicyName, 'Enforce')
+      cy.wait(1000) // wait 1 sec to not to parse current page since it will be reloaded
     })
 
     it('Check enforced policy', () => {
@@ -63,6 +66,7 @@ describe('Testing policy named demo-policy in demo.yaml file', () => {
 
     it('Inform policy', () => {
       actionPolicyActionInListing(uPolicyName, 'Inform')
+      cy.wait(1000) // wait 1 sec to not to parse current page since it will be reloaded
     })
 
     it('Check informed policy', () => {
@@ -77,7 +81,7 @@ describe('Testing policy named demo-policy in demo.yaml file', () => {
          .then(() => {
            verifyPolicyInPolicyDetails(uPolicyName, policyConfig, 'enabled', 1, '0/1')
            verifyPolicyInPolicyDetailsTemplates(uPolicyName, policyConfig)
-           verifyPlacementRuleInPolicyDetails(policyPlacementRule)
+           verifyPlacementRuleInPolicyDetails(uPolicyName, policyConfig, confClusterViolations)
            verifyPlacementBindingInPolicyDetails(uPolicyName, policyConfig)
          })
     })