public_git
/
bitnami-containers
mirror of https://github.com/bitnami/containers.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[bitnami/kubescape] Add goss tests (#61100) 

* [bitnami/kubescape] Add goss tests

Signed-off-by: Miguel Ruiz <miruiz@vmware.com>

* Use testfiles

Signed-off-by: Miguel Ruiz <miruiz@vmware.com>

* Update .vib/kubescape/vib-verify.json

Co-authored-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>

---------

Signed-off-by: Miguel Ruiz <miruiz@vmware.com>
Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
Co-authored-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
Co-authored-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>
This commit is contained in:
Miguel Ruiz 2024-02-15 17:25:06 +01:00 committed by GitHub
parent 27b7de9cee
commit 0719a55829
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 117 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.vib/kubescape/goss/goss.yaml Normal file
View File

@ -0,0 +1,15 @@
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../kubescape/goss/kubescape.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

18
.vib/kubescape/goss/kubescape.yaml Normal file
View File

@ -0,0 +1,18 @@
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
command:
{{- $target := printf "/tmp/%s" (randAlpha 5) }}
check-scan:
exec: mkdir {{ $target }} && tar -xf ./kubescape/goss/testfiles/sealed-secrets.tar.gz -C {{ $target }}; kubescape scan ./kubescape/goss/testfiles/sealed-secrets.tar.gz --format=json {{ $target }}
exit-status: 0
timeout: 30000
stderr:
- "Overall compliance-score"
{{- $target := printf "/tmp/%s" (randAlpha 5) }}
check-oss-assessment:
exec: mkdir {{ $target }} && tar -xf ./kubescape/goss/testfiles/sealed-secrets.tar.gz -C {{ $target }}; /opt/bitnami/scripts/kubescape/entrypoint.sh oss-assessment {{ $target }}
exit-status: 0
timeout: 30000
stdout:
- "\"security\":"

BIN
.vib/kubescape/goss/testfiles/sealed-secrets.tar.gz Normal file
View File

Binary file not shown.

11
.vib/kubescape/goss/vars.yaml Normal file
View File

@ -0,0 +1,11 @@
binaries:
- kubescape
root_dir: /opt/bitnami
directories:
- mode: "0775"
paths:
- /opt/bitnami/kubescape/.kubescape
- /opt/bitnami/kubescape/.cache
version:
bin_name: kubescape
flag: version

73
.vib/kubescape/vib-verify.json Normal file
View File

@ -0,0 +1,73 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
}
},
{
"action_id": "container-image-lint",
"params": {
"threshold": "error"
}
}
]
},
"verify": {
"actions": [
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
},
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "kubescape/goss/goss.yaml",
"vars_file": "kubescape/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-kubescape"
}
}
}
}
]
}
}
}