Skip to content

Commit 89bf5b8

Browse files
Anna-KoudelkovaAnna-Koudelkova
committed
Add check for instructions in manual ccrs
1 parent def3a79 commit 89bf5b8

File tree

2 files changed

+123
-0
lines changed

2 files changed

+123
-0
lines changed

e2e_test.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -146,6 +146,11 @@ func TestPlatformCompliance(t *testing.T) {
146146
}
147147
afterRemediation = true
148148

149+
err = helpers.CheckRulesForInstructions(tc, c, platformBindingName)
150+
if err != nil {
151+
t.Fatalf("Failed to check rules for instructions: %s", err)
152+
}
153+
149154
finalResults, err := helpers.CreateResultMap(tc, c, platformBindingName)
150155
if err != nil {
151156
t.Fatalf("Failed to create result map: %s", err)
@@ -259,6 +264,11 @@ func TestNodeCompliance(t *testing.T) {
259264
}
260265
afterRemediation = true
261266

267+
err = helpers.CheckRulesForInstructions(tc, c, nodeBindingName)
268+
if err != nil {
269+
t.Fatalf("Failed to check rules for instructions: %s", err)
270+
}
271+
262272
finalResults, err := helpers.CreateResultMap(tc, c, nodeBindingName)
263273
if err != nil {
264274
t.Fatalf("Failed to create result map: %s", err)

helpers/utilities.go

Lines changed: 113 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1762,6 +1762,119 @@ func CreateResultMap(_ *testConfig.TestConfig, c dynclient.Client, suiteName str
17621762
return resultMap, nil
17631763
}
17641764

1765+
// CheckRulesForInstructions checks that all compliance check results have instructions.
1766+
// Compliance check results in the exception list are skipped from the instruction check.
1767+
func CheckRulesForInstructions(tc *testConfig.TestConfig, c dynclient.Client, suiteName string) error {
1768+
exceptionList := map[string]bool{
1769+
"platform-acs-sensor-exists": true,
1770+
"platform-cluster-wide-proxy-set": true,
1771+
"platform-rbac-cluster-roles-defined": true,
1772+
"platform-rbac-roles-defined": true,
1773+
"rhcos-node-master-audit-privileged-commands-init": true,
1774+
"rhcos-node-master-audit-privileged-commands-poweroff": true,
1775+
"rhcos-node-master-audit-privileged-commands-reboot": true,
1776+
"rhcos-node-master-audit-privileged-commands-shutdown": true,
1777+
"rhcos-node-master-audit-rules-login-events": true,
1778+
"rhcos-node-master-audit-rules-session-events": true,
1779+
"rhcos-node-master-bios-disable-usb-boot": true,
1780+
"rhcos-node-master-chronyd-or-ntpd-specify-multiple-servers": true,
1781+
"rhcos-node-master-coreos-nousb-kernel-argument": true,
1782+
"rhcos-node-master-disable-prelink": true,
1783+
"rhcos-node-master-file-permissions-sudo": true,
1784+
"rhcos-node-master-grub2-enable-apparmor": true,
1785+
"rhcos-node-master-grub2-nousb-argument": true,
1786+
"rhcos-node-master-kernel-module-freevxfs-disabled": true,
1787+
"rhcos-node-master-kernel-module-hfs-disabled": true,
1788+
"rhcos-node-master-kernel-module-hfsplus-disabled": true,
1789+
"rhcos-node-master-kernel-module-jffs2-disabled": true,
1790+
"rhcos-node-master-kernel-module-squashfs-disabled": true,
1791+
"rhcos-node-master-kernel-module-udf-disabled": true,
1792+
"rhcos-node-master-kernel-module-vfat-disabled": true,
1793+
"rhcos-node-master-ntpd-specify-multiple-servers": true,
1794+
"rhcos-node-master-package-apparmor-installed": true,
1795+
"rhcos-node-master-package-inetutils-telnetd-removed": true,
1796+
"rhcos-node-master-package-nis-removed": true,
1797+
"rhcos-node-master-package-ntpdate-removed": true,
1798+
"rhcos-node-master-package-telnetd-removed": true,
1799+
"rhcos-node-master-package-telnetd-ssl-removed": true,
1800+
"rhcos-node-master-root-path-no-dot": true,
1801+
"rhcos-node-master-service-netfs-disabled": true,
1802+
"rhcos-node-master-wireless-disable-in-bios": true,
1803+
"rhcos-node-worker-audit-privileged-commands-init": true,
1804+
"rhcos-node-worker-audit-privileged-commands-poweroff": true,
1805+
"rhcos-node-worker-audit-privileged-commands-reboot": true,
1806+
"rhcos-node-worker-audit-privileged-commands-shutdown": true,
1807+
"rhcos-node-worker-audit-rules-login-events": true,
1808+
"rhcos-node-worker-audit-rules-session-events": true,
1809+
"rhcos-node-worker-bios-disable-usb-boot": true,
1810+
"rhcos-node-worker-chronyd-or-ntpd-specify-multiple-servers": true,
1811+
"rhcos-node-worker-coreos-nousb-kernel-argument": true,
1812+
"rhcos-node-worker-disable-prelink": true,
1813+
"rhcos-node-worker-file-permissions-sudo": true,
1814+
"rhcos-node-worker-grub2-enable-apparmor": true,
1815+
"rhcos-node-worker-grub2-nousb-argument": true,
1816+
"rhcos-node-worker-kernel-module-freevxfs-disabled": true,
1817+
"rhcos-node-worker-kernel-module-hfs-disabled": true,
1818+
"rhcos-node-worker-kernel-module-hfsplus-disabled": true,
1819+
"rhcos-node-worker-kernel-module-jffs2-disabled": true,
1820+
"rhcos-node-worker-kernel-module-squashfs-disabled": true,
1821+
"rhcos-node-worker-kernel-module-udf-disabled": true,
1822+
"rhcos-node-worker-kernel-module-vfat-disabled": true,
1823+
"rhcos-node-worker-ntpd-specify-multiple-servers": true,
1824+
"rhcos-node-worker-package-apparmor-installed": true,
1825+
"rhcos-node-worker-package-inetutils-telnetd-removed": true,
1826+
"rhcos-node-worker-package-nis-removed": true,
1827+
"rhcos-node-worker-package-ntpdate-removed": true,
1828+
"rhcos-node-worker-package-telnetd-removed": true,
1829+
"rhcos-node-worker-package-telnetd-ssl-removed": true,
1830+
"rhcos-node-worker-root-path-no-dot": true,
1831+
"rhcos-node-worker-service-netfs-disabled": true,
1832+
"rhcos-node-worker-wireless-disable-in-bios": true,
1833+
}
1834+
1835+
labelSelector, err := labels.Parse(cmpv1alpha1.SuiteLabel + "=" + suiteName)
1836+
if err != nil {
1837+
return fmt.Errorf("failed to parse label selector: %w", err)
1838+
}
1839+
1840+
resultList := &cmpv1alpha1.ComplianceCheckResultList{}
1841+
opts := &dynclient.ListOptions{
1842+
LabelSelector: labelSelector,
1843+
Namespace: tc.OperatorNamespace.Namespace,
1844+
}
1845+
err = c.List(goctx.TODO(), resultList, opts)
1846+
if err != nil {
1847+
return fmt.Errorf("failed to get compliance check results for suite %s: %w", suiteName, err)
1848+
}
1849+
1850+
if len(resultList.Items) == 0 {
1851+
log.Printf("No compliance check results found for suite %s", suiteName)
1852+
return nil
1853+
}
1854+
1855+
// Check each result for instructions
1856+
var missingInstructions []string
1857+
for i := range resultList.Items {
1858+
result := &resultList.Items[i]
1859+
1860+
if exceptionList[result.Name] {
1861+
continue
1862+
}
1863+
1864+
if result.Instructions == "" {
1865+
missingInstructions = append(missingInstructions, result.Name)
1866+
log.Printf("Compliance check result '%s' does not have instructions", result.Name)
1867+
}
1868+
}
1869+
1870+
if len(missingInstructions) > 0 {
1871+
return fmt.Errorf("found %d compliance check result(s) without instructions for suite %s: %v",
1872+
len(missingInstructions), suiteName, missingInstructions)
1873+
}
1874+
1875+
return nil
1876+
}
1877+
17651878
// SaveResultAsYAML saves YAML data about the scan results to a file in the configured log directory.
17661879
func SaveResultAsYAML(tc *testConfig.TestConfig, results map[string]string, filename string) error {
17671880
p := path.Join(tc.LogDir, filename)

0 commit comments

Comments
 (0)