55from utils .onboarding .injection_log_parser import command_injection_skipped
66
77
8- class _AutoInjectBlockListBaseTest :
9- """Base class to test the block list on auto instrumentation"""
8+ class _AutoInjectWorkloadSelectionBaseTest :
9+ """Base class to test workload selection policies on auto instrumentation. """
1010
1111 def _execute_remote_command (self , ssh_client , command ):
1212 """Execute remote command and get remote log file from the vm. You can use this method using env variables or using injection config file"""
@@ -32,35 +32,37 @@ def _execute_remote_command(self, ssh_client, command):
3232@features .host_block_list
3333@scenarios .installer_auto_injection
3434@irrelevant (condition = context .weblog_variant == "test-app-dotnet-iis" )
35- class TestAutoInjectBlockListInstallManualHost (_AutoInjectBlockListBaseTest ):
36- builtin_args_commands_block = {
35+ class TestAutoInjectWorkloadSelectionInstallManualHost (_AutoInjectWorkloadSelectionBaseTest ):
36+ """Test that auto instrumentation respects workload selection policies (excluded specific commands and args)."""
37+
38+ # Commands with args excluded by workload selection policy per language (should not be instrumented)
39+ commands_excluded_by_workload_policy = {
3740 "java" : ["java -version" , "MY_ENV_VAR=hello java -version" ],
38- "donet " : [
41+ "dotnet " : [
3942 "dotnet restore" ,
4043 "dotnet build -c Release" ,
41- "sudo -E dotnet publish" ,
44+ "dotnet publish" ,
4245 "MY_ENV_VAR=hello dotnet build -c Release" ,
4346 ],
4447 }
4548
46- builtin_args_commands_injected = {
49+ # Commands with args included by workload selection policy per language (should be instrumented)
50+ commands_not_excluded_by_workload_policy = {
4751 "java" : [
4852 "java -jar myjar.jar" ,
4953 "sudo -E java -jar myjar.jar" ,
5054 "version=-version java -jar myjar.jar" ,
5155 "java -Dversion=-version -jar myapp.jar" ,
5256 ],
53- "donet " : [
57+ "dotnet " : [
5458 "dotnet run -- -p build" ,
5559 "dotnet build.dll -- -p build" ,
5660 "sudo -E dotnet run myapp.dll -- -p build" ,
57- "sudo dotnet publish" ,
5861 "MY_ENV_VAR=build dotnet myapp.dll" ,
5962 ],
6063 }
6164
62- builtin_commands_not_injected = [
63- "ps -fea" ,
65+ no_language_found_commands = [
6466 "touch myfile.txt" ,
6567 "hello=hola cat myfile.txt" ,
6668 "ls -la" ,
@@ -72,45 +74,51 @@ class TestAutoInjectBlockListInstallManualHost(_AutoInjectBlockListBaseTest):
7274 or "alpine" in context .weblog_variant
7375 or "buildpack" in context .weblog_variant
7476 )
75- def test_builtin_block_commands (self ):
76- """Check that commands are skipped from the auto injection. This commands are defined on the buildIn processes to block """
77+ def test_no_language_found_commands (self ):
78+ """Check that commands with no language found are skipped from auto injection."""
7779 virtual_machine = context .virtual_machine
78- logger .info (f"[{ virtual_machine .get_ip ()} ] Executing commands that should be blocked " )
80+ logger .info (f"[{ virtual_machine .get_ip ()} ] Executing commands with no language found " )
7981 ssh_client = virtual_machine .get_ssh_connection ()
80- for command in self .builtin_commands_not_injected :
82+ for command in self .no_language_found_commands :
8183 local_log_file = self ._execute_remote_command (ssh_client , command )
82- assert command_injection_skipped (command , local_log_file ), f"The command { command } was instrumented!"
84+ assert command_injection_skipped (command , local_log_file ), (
85+ f"The command '{ command } ' was allowed by auto injection but should have been denied"
86+ )
8387
8488 @irrelevant (
8589 condition = "container" in context .weblog_variant
8690 or "alpine" in context .weblog_variant
8791 or "buildpack" in context .weblog_variant
8892 )
89- def test_builtin_block_args (self ):
90- """Check that we are blocking command with args. These args are defined in the buildIn args ignore list for each language ."""
93+ def test_commands_denied_by_workload_selection (self ):
94+ """Check that commands are skipped from auto injection based on workload selection policies ."""
9195 virtual_machine = context .virtual_machine
92- logger .info (f"[{ virtual_machine .get_ip ()} ] Executing test_builtIn_block_args " )
96+ logger .info (f"[{ virtual_machine .get_ip ()} ] Executing commands that are denied by workload selection policies " )
9397 language = context .library .name
94- if language in self .builtin_args_commands_block :
95- ssh_client = virtual_machine .get_ssh_connection ()
96- for command in self .builtin_args_commands_block [language ]:
97- local_log_file = self ._execute_remote_command (ssh_client , command )
98- assert command_injection_skipped (command , local_log_file ), f"The command { command } was instrumented!"
98+ if language not in self .commands_excluded_by_workload_policy :
99+ return
100+ ssh_client = virtual_machine .get_ssh_connection ()
101+ for command in self .commands_excluded_by_workload_policy [language ]:
102+ local_log_file = self ._execute_remote_command (ssh_client , command )
103+ assert command_injection_skipped (command , local_log_file ), (
104+ f"The command '{ command } ' was allowed by auto injection but should have been denied"
105+ )
99106
100107 @irrelevant (
101108 condition = "container" in context .weblog_variant
102109 or "alpine" in context .weblog_variant
103110 or "buildpack" in context .weblog_variant
104111 )
105- def test_builtin_instrument_args (self ):
106- """Check that we are instrumenting the command with args that it should be instrumented. The args are not included on the buildIn args list """
112+ def test_commands_allowed_by_workload_selection (self ):
113+ """Check that commands are allowed to be instrumented based on workload selection policies. """
107114 virtual_machine = context .virtual_machine
108- logger .info (f"[{ virtual_machine .get_ip ()} ] Executing test_builtIn_instrument_args " )
115+ logger .info (f"[{ virtual_machine .get_ip ()} ] Executing commands that are allowed by workload selection policies " )
109116 language = context .library .name
110- if language in self .builtin_args_commands_injected :
111- ssh_client = virtual_machine .get_ssh_connection ()
112- for command in self .builtin_args_commands_injected [language ]:
113- local_log_file = self ._execute_remote_command (ssh_client , command )
114- assert command_injection_skipped (command , local_log_file ) is False , (
115- f"The command { command } was not instrumented, but it should be instrumented!"
116- )
117+ if language not in self .commands_not_excluded_by_workload_policy :
118+ return
119+ ssh_client = virtual_machine .get_ssh_connection ()
120+ for command in self .commands_not_excluded_by_workload_policy [language ]:
121+ local_log_file = self ._execute_remote_command (ssh_client , command )
122+ assert command_injection_skipped (command , local_log_file ) is False , (
123+ f"The command '{ command } ' was denied by auto injection but should have been allowed"
124+ )
0 commit comments