Adding test for network policy regex

Added e2e test for configure-network-policies-namespaces rule, test if whitelist-regex works as expected
ComplianceAsCode · May 10, 2024 · 2af02ae · 2af02ae
1 parent 5b4e351
commit 2af02ae
Showing 1 changed file with 100 additions and 0 deletions.
diff --git a/tests/e2e/serial/main_test.go b/tests/e2e/serial/main_test.go
@@ -6,6 +6,7 @@ import (
 	"log"
 	"os"
 	"runtime"
+	"strings"
 	"testing"
 	"time"
 
@@ -1606,6 +1607,105 @@ func TestSuspendScanSettingDoesNotCreateScan(t *testing.T) {
 	}
 }
 
+func TestConfigureNetworkPolicy(t *testing.T) {
+	f := framework.Global
+	suiteName := "test-configure-network-policy"
+	// Create a dummy namespace to test the network policy
+	ns := &corev1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "test-configure-network-policy",
+		},
+	}
+	err := f.Client.Create(context.TODO(), ns, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	defer f.Client.Delete(context.TODO(), ns)
+
+	nsList := corev1.NamespaceList{}
+	err = f.Client.List(context.TODO(), &nsList)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	regextValue := ""
+
+	for _, ns := range nsList.Items {
+		if strings.HasPrefix(ns.Name, "openshift-") || strings.HasPrefix(ns.Name, "kube-") {
+			continue
+		}
+		regextValue = regextValue + ns.Name + "|"
+	}
+
+	regextValue = regextValue + ns.ObjectMeta.Name
+
+	tp := &compv1alpha1.TailoredProfile{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      suiteName,
+			Namespace: f.OperatorNamespace,
+		},
+		Spec: compv1alpha1.TailoredProfileSpec{
+			Title:       "test-configure-network-policy",
+			Description: "A test tailored profile to test configure network policy",
+			EnableRules: []compv1alpha1.RuleReferenceSpec{
+				{
+					Name:      "ocp4-configure-network-policies-namespaces",
+					Rationale: "To be tested",
+				},
+				{
+					Name:      "ocp4-version-detect-in-ocp",
+					Rationale: "To be tested",
+				},
+			},
+			SetValues: []compv1alpha1.VariableValueSpec{
+				{
+					Name:      "ocp4-var-network-policies-namespaces-whitelist-regex",
+					Rationale: "Value to be set",
+					Value:     regextValue,
+				},
+			},
+		},
+	}
+	createTPErr := f.Client.Create(context.TODO(), tp, nil)
+	if createTPErr != nil {
+		t.Fatal(createTPErr)
+	}
+	defer f.Client.Delete(context.TODO(), tp)
+
+	ssb := &compv1alpha1.ScanSettingBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      suiteName,
+			Namespace: f.OperatorNamespace,
+		},
+		Profiles: []compv1alpha1.NamedObjectReference{
+			{
+				APIGroup: "compliance.openshift.io/v1alpha1",
+				Kind:     "TailoredProfile",
+				Name:     suiteName,
+			},
+		},
+		SettingsRef: &compv1alpha1.NamedObjectReference{
+			APIGroup: "compliance.openshift.io/v1alpha1",
+			Kind:     "ScanSetting",
+			Name:     "default",
+		},
+	}
+
+	err = f.Client.Create(context.TODO(), ssb, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer f.Client.Delete(context.TODO(), ssb)
+
+	// Ensure that all the scans in the suite have finished and are marked as Done
+	err = f.WaitForSuiteScansStatus(f.OperatorNamespace, suiteName, compv1alpha1.PhaseDone, compv1alpha1.ResultCompliant)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+}
+
 //testExecution{
 //	Name:       "TestNodeSchedulingErrorFailsTheScan",
 //	IsParallel: false,