framework

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 2, 2021 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const PodStartTimeout = 45 * time.Second

Initial pod start can be delayed O(minutes) by slow docker pulls

View Source 
const Poll = 2 * time.Second

How often to Poll pods, nodes and claims.

Variables

View Source 
var AlpineImage = TestImageProperties{
	Description:                "Alpine Image",
	HasScanFailures:            ImagePropertyFalse,
	HasVulnerabilities:         ImagePropertyTrue,
	HasCriticalVulnerabilities: ImagePropertyFalse,
	HasFixableVulnerabilities:  ImagePropertyFalse,
}
View Source 
var CleanImage = TestImageProperties{
	Description:                "Clean Image",
	HasScanFailures:            ImagePropertyFalse,
	HasVulnerabilities:         ImagePropertyFalse,
	HasCriticalVulnerabilities: ImagePropertyFalse,
	HasFixableVulnerabilities:  ImagePropertyFalse,
}
View Source 
var CleanImageBuiltFromScratch = TestImageProperties{
	Description:                "Clean (Vuln. free) Image Built from Scratch",
	HasScanFailures:            ImagePropertyFalse,
	HasVulnerabilities:         ImagePropertyFalse,
	HasCriticalVulnerabilities: ImagePropertyFalse,
	HasFixableVulnerabilities:  ImagePropertyFalse,
}
View Source 
var DistrolessImage = TestImageProperties{
	Description:                "Distroless Image",
	HasScanFailures:            ImagePropertyFalse,
	HasVulnerabilities:         ImagePropertyTrue,
	HasCriticalVulnerabilities: ImagePropertyFalse,
	HasFixableVulnerabilities:  ImagePropertyFalse,
}
View Source 
var FailedScanImage = TestImageProperties{
	Description:                "Image which was failed to scan",
	HasScanFailures:            ImagePropertyTrue,
	HasVulnerabilities:         ImagePropertyFalse,
	HasCriticalVulnerabilities: ImagePropertyFalse,
	HasFixableVulnerabilities:  ImagePropertyFalse,
}
View Source 
var ManyVulnsImage = TestImageProperties{
	Description:                "Image with many vulnerabilities",
	HasScanFailures:            ImagePropertyFalse,
	HasVulnerabilities:         ImagePropertyTrue,
	HasCriticalVulnerabilities: ImagePropertyTrue,
	HasFixableVulnerabilities:  ImagePropertyTrue,
}
View Source 
var TestImages = []TestImageInfo{

	{
		Image:               "gcr.io/dcvisor-162009/iskan/e2e/zerovuln_scratch:latest",
		TestImageProperties: CleanImageBuiltFromScratch,
		PullSecret:          "gcr",
	},
	{
		Image:               "gcr.io/dcvisor-162009/iskan/e2e/zerovuln_distroless:latest",
		TestImageProperties: DistrolessImage,
		PullSecret:          "gcr",
	},

	{
		Image:               "893825821121.dkr.ecr.us-west-2.amazonaws.com/iskan/zerovuln_distroless:latest",
		TestImageProperties: CleanImage,
		PullSecret:          "ecr",
	},
	{
		Image:               "893825821121.dkr.ecr.us-west-2.amazonaws.com/iskan/zerovuln_scratch:latest",
		TestImageProperties: FailedScanImage,
		PullSecret:          "ecr",
	},

	{
		Image:               "alcide.azurecr.io/iskan/zerovuln_distroless:latest",
		TestImageProperties: CleanImage,
		PullSecret:          "acr",
	},

	{
		Image:               "iskan/zerovuln_distroless:latest",
		TestImageProperties: DistrolessImage,
		PullSecret:          "",
	},
	{
		Image:               "iskan/zerovuln_scratch:latest",
		TestImageProperties: CleanImage,
		PullSecret:          "",
	},
	{
		Image:               "iskan/vuln_alpine:latest",
		TestImageProperties: AlpineImage,
		PullSecret:          "",
	},
	{
		Image:               "alcide/iskan:v1.3.0-localscan",
		TestImageProperties: AlpineImage,
		PullSecret:          "insightvm",
		Tags:                sets.NewString("insightvm"),
	},
}

Functions

func ExpectNoError 

func ExpectNoError(err error, explain ...interface{})

func FilterByHasAnyTag added in v1.4.0 

func FilterByHasAnyTag(tags sets.String) func(info *TestImageInfo) bool

func FilterByKind 

func FilterByKind(kind string) func(info *TestImageInfo) bool

func FilterByKinds 

func FilterByKinds(kinds sets.String) func(info *TestImageInfo) bool

func FilterByPrivateRegistries 

func FilterByPrivateRegistries() func(info *TestImageInfo) bool

func FilterByPublicRegistries 

func FilterByPublicRegistries() func(info *TestImageInfo) bool

func ImagePropertyFalse 

func ImagePropertyFalse() bool

func ImagePropertyTrue 

func ImagePropertyTrue() bool

func Logf 

func Logf(format string, args ...interface{})

func RegisterFrameworkFlags 

func RegisterFrameworkFlags()

func WaitForPodNameRunningInNamespace 

func WaitForPodNameRunningInNamespace(c clientset.Interface, podName, namespace string) error

Waits default amount of time (PodStartTimeout) for the specified pod to become running. Returns an error if timeout occurs first, or pod goes in to failed state.

Types

type Config 

type Config struct {
	PullSecrets map[string]*string

	ApiConfigFile string
}
var GlobalConfig Config = Config{
	PullSecrets: map[string]*string{
		"gcr": &gcrPullSecret,
		"ecr": &ecrPullSecret,
		"acr": &acrPullSecret,
		"":    &noSecret,
	},
	ApiConfigFile: "",
}

type Framework 

type Framework struct {
	Namespace string

	Client clientset.Interface
	// contains filtered or unexported fields
}

func NewDefaultFramework 

func NewDefaultFramework(basename string) (*Framework, error)

func (*Framework) AfterEach 

func (f *Framework) AfterEach()

func (*Framework) BeforeEach 

func (f *Framework) BeforeEach()

func (*Framework) CreateImagePullSecret 

func (f *Framework) CreateImagePullSecret(name string, secret string) *v1.Secret

func (*Framework) CreatePodWithContainerImage 

func (f *Framework) CreatePodWithContainerImage(name string, image string, imagePullSecretName string) *v1.Pod

func (*Framework) DeployTestImage 

func (f *Framework) DeployTestImage(info *TestImageInfo) (*v1.Secret, *v1.Pod)

func (*Framework) NewClusterScanner 

func (f *Framework) NewClusterScanner(policy *types.Policy) *scan.ClusterScanner

func (*Framework) NewClusterScannerWithConfig 

func (f *Framework) NewClusterScannerWithConfig(policy *types.Policy, config *types.VulnProvidersConfig) *scan.ClusterScanner

func (*Framework) NewImageScanner added in v1.4.0 

func (f *Framework) NewImageScanner(policy *types.Policy) *scan.ImageScanner

func (*Framework) NewImageScannerWithConfig added in v1.4.0 

func (f *Framework) NewImageScannerWithConfig(policy *types.Policy, config *types.VulnProvidersConfig) *scan.ImageScanner

type ImagePropertyChecker 

type ImagePropertyChecker func() bool

type TestImageInfo 

type TestImageInfo struct {
	Image string
	TestImageProperties
	PullSecret string
	Tags       sets.String
}

type TestImageIterator 

type TestImageIterator struct {
	Filter func(img *TestImageInfo) bool
	// contains filtered or unexported fields
}

func NewTestImageIterator 

func NewTestImageIterator(filter func(img *TestImageInfo) bool) *TestImageIterator

func (*TestImageIterator) Next 

func (i *TestImageIterator) Next() (*TestImageInfo, bool)

type TestImageProperties 

type TestImageProperties struct {
	Description                string
	HasScanFailures            ImagePropertyChecker
	HasVulnerabilities         ImagePropertyChecker
	HasCriticalVulnerabilities ImagePropertyChecker
	HasFixableVulnerabilities  ImagePropertyChecker
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.