Skip to content

Commit

Permalink
update tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@simar7
simar7 committed Feb 26, 2025
1 parent f61372d commit 18f448b
Showing 1 changed file with 82 additions and 94 deletions.
176 changes: 82 additions & 94 deletions pkg/plugins/trivy/plugin_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ func TestPlugin_GetScanJobSpec(t *testing.T) {
expectedJobSpec corev1.PodSpec
}{
{
name: "Standalone mode without insecure registry",
name: "Standalone mode without insecure expectedRegistry",
trivyOperatorConfig: map[string]string{
trivyoperator.KeyVulnerabilityScannerEnabled: "true",
trivyoperator.KeyExposedSecretsScannerEnabled: "true",
Expand Down Expand Up @@ -371,7 +371,7 @@ func TestPlugin_GetScanJobSpec(t *testing.T) {
},
},
{
name: "Standalone mode with insecure registry",
name: "Standalone mode with insecure expectedRegistry",
trivyOperatorConfig: map[string]string{
trivyoperator.KeyVulnerabilityScannerEnabled: "false",
trivyoperator.KeyExposedSecretsScannerEnabled: "true",
Expand Down Expand Up @@ -659,7 +659,7 @@ func TestPlugin_GetScanJobSpec(t *testing.T) {
},
},
{
name: "Standalone mode with non-SSL registry",
name: "Standalone mode with non-SSL expectedRegistry",
trivyOperatorConfig: map[string]string{
trivyoperator.KeyVulnerabilityScannerEnabled: "true",
trivyoperator.KeyExposedSecretsScannerEnabled: "false",
Expand Down Expand Up @@ -1591,7 +1591,7 @@ default ignore = false`,
"trivy.resources.limits.cpu": "500m",
"trivy.resources.limits.memory": "500M",

"trivy.registry.mirror.index.docker.io": "mirror.io",
"trivy.expectedRegistry.mirror.index.docker.io": "mirror.io",
},
workloadSpec: &corev1.Pod{
TypeMeta: metav1.TypeMeta{
Expand Down Expand Up @@ -1870,8 +1870,8 @@ default ignore = false`,
"trivy.repository": "docker.io/aquasec/trivy",
"trivy.tag": "0.35.0",
"trivy.mode": string(trivy.Standalone),
"trivy.dbRepository": "custom-registry.com/mirror/trivy-db",
"trivy.javaDbRepository": "custom-registry.com/mirror/trivy-java-db",
"trivy.dbRepository": "custom-expectedRegistry.com/mirror/trivy-db",
"trivy.javaDbRepository": "custom-expectedRegistry.com/mirror/trivy-java-db",
"trivy.resources.requests.cpu": "100m",
"trivy.resources.requests.memory": "100M",
"trivy.resources.limits.cpu": "500m",
Expand Down Expand Up @@ -1972,7 +1972,7 @@ default ignore = false`,
"--cache-dir", "/tmp/trivy/.cache",
"image",
"--download-db-only",
"--db-repository", "custom-registry.com/mirror/trivy-db",
"--db-repository", "custom-expectedRegistry.com/mirror/trivy-db",
},
Resources: corev1.ResourceRequirements{
Requests: corev1.ResourceList{
Expand Down Expand Up @@ -2148,7 +2148,7 @@ default ignore = false`,
},
},
{
name: "ClientServer mode without insecure registry",
name: "ClientServer mode without insecure expectedRegistry",
trivyOperatorConfig: map[string]string{
trivyoperator.KeyVulnerabilityScannerEnabled: "true",
trivyoperator.KeyExposedSecretsScannerEnabled: "true",
Expand Down Expand Up @@ -2377,7 +2377,7 @@ default ignore = false`,
},
},
{
name: "ClientServer mode without insecure registry",
name: "ClientServer mode without insecure expectedRegistry",
trivyOperatorConfig: map[string]string{
trivyoperator.KeyVulnerabilityScannerEnabled: "true",
trivyoperator.KeyExposedSecretsScannerEnabled: "true",
Expand Down Expand Up @@ -2840,7 +2840,7 @@ default ignore = false`,
},
},
{
name: "ClientServer mode with non-SSL registry",
name: "ClientServer mode with non-SSL expectedRegistry",
trivyOperatorConfig: map[string]string{
trivyoperator.KeyVulnerabilityScannerEnabled: "true",
trivyoperator.KeyExposedSecretsScannerEnabled: "false",
Expand Down Expand Up @@ -3605,8 +3605,8 @@ default ignore = false`,
"trivy.tag": "0.35.0",
"trivy.mode": string(trivy.ClientServer),
"trivy.serverURL": "http://trivy.trivy:4954",
"trivy.dbRepository": "custom-registry.com/mirror/trivy-db",
"trivy.javaDbRepository": "custom-registry.com/mirror/trivy-java-db",
"trivy.dbRepository": "custom-expectedRegistry.com/mirror/trivy-db",
"trivy.javaDbRepository": "custom-expectedRegistry.com/mirror/trivy-java-db",
"trivy.resources.requests.cpu": "100m",
"trivy.resources.requests.memory": "100M",
"trivy.resources.limits.cpu": "500m",
Expand Down Expand Up @@ -5169,7 +5169,7 @@ default ignore = false`,
"trivy.resources.limits.cpu": "500m",
"trivy.resources.limits.memory": "500M",

"trivy.registry.mirror.000000000000.dkr.ecr.us-east-1.amazonaws.com": "000000000000.dkr.ecr.eu-west-1.amazonaws.com",
"trivy.expectedRegistry.mirror.000000000000.dkr.ecr.us-east-1.amazonaws.com": "000000000000.dkr.ecr.eu-west-1.amazonaws.com",
},
workloadSpec: &corev1.Pod{
TypeMeta: metav1.TypeMeta{
Expand Down Expand Up @@ -5775,7 +5775,7 @@ default ignore = false`,
"trivy.resources.limits.cpu": "500m",
"trivy.resources.limits.memory": "500M",

"trivy.registry.mirror.index.docker.io": "mirror.io",
"trivy.expectedRegistry.mirror.index.docker.io": "mirror.io",
},
workloadSpec: &corev1.Pod{
TypeMeta: metav1.TypeMeta{
Expand Down Expand Up @@ -7059,10 +7059,10 @@ func TestGetInitContainers(t *testing.T) {
configData map[string]string
}{
{
name: "Standalone mode with image command java-db from private registry",
name: "Standalone mode with image command java-db from private expectedRegistry",
configData: map[string]string{
"trivy.dbRepository": trivy.DefaultDBRepository,
"trivy.javaDbRepository": "my-private-registry.io/aquasec/trivy-java-db",
"trivy.javaDbRepository": "my-private-expectedRegistry.io/aquasec/trivy-java-db",
"trivy.skipJavaDBUpdate": "false",
"trivy.repository": "gcr.io/aquasec/trivy",
"trivy.tag": "0.35.0",
Expand Down Expand Up @@ -7116,7 +7116,7 @@ func TestGetInitContainers(t *testing.T) {
require.NoError(t, err)

assert.Len(t, jobSpec.InitContainers, 2)
// Assert first init container to download trivy-db from private registry
// Assert first init container to download trivy-db from private expectedRegistry
trivyDbInitContainer := jobSpec.InitContainers[0]

containsDownloadDBOnly := false
Expand All @@ -7138,10 +7138,10 @@ func TestGetInitContainers(t *testing.T) {
hasTrivyPassword = true
}
}
assert.True(t, hasTrivyUsername, "Expected init container to have username env var for private trivy-db registry")
assert.True(t, hasTrivyPassword, "Expected init container to have password env var for private trivy-db registry")
assert.True(t, hasTrivyUsername, "Expected init container to have username env var for private trivy-db expectedRegistry")
assert.True(t, hasTrivyPassword, "Expected init container to have password env var for private trivy-db expectedRegistry")

// Assert second init container to download java-db from private registry
// Assert second init container to download java-db from private expectedRegistry
javaDbInitContainer := jobSpec.InitContainers[1]

containsDownloadJavaDBOnly := false
Expand All @@ -7163,8 +7163,8 @@ func TestGetInitContainers(t *testing.T) {
hasTrivyPassword = true
}
}
assert.True(t, hasTrivyUsername, "Expected init container to have username env var for private java-db registry")
assert.True(t, hasTrivyPassword, "Expected init container to have password env var for private java-db registry")
assert.True(t, hasTrivyUsername, "Expected init container to have username env var for private java-db expectedRegistry")
assert.True(t, hasTrivyPassword, "Expected init container to have password env var for private java-db expectedRegistry")

})
}
Expand Down Expand Up @@ -7632,157 +7632,145 @@ func TestExcludeImages(t *testing.T) {

func TestParseImageRef(t *testing.T) {
testCases := []struct {
name string
// args:
imageRef string
imageID string
// result:
registry v1alpha1.Registry
artifact v1alpha1.Artifact
err error
name string
inputImageRef string
inputImageID string
expectedRegistry v1alpha1.Registry
expectedArtifact v1alpha1.Artifact
expectedErr error
}{
{
name: "1. short image ref with latest tag",
imageRef: "nginx:v1.3.4",
imageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
registry: v1alpha1.Registry{
name: "short image ref with latest tag",
inputImageRef: "nginx:v1.3.4",
inputImageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
expectedRegistry: v1alpha1.Registry{
Server: "index.docker.io",
},
artifact: v1alpha1.Artifact{
expectedArtifact: v1alpha1.Artifact{
Repository: "library/nginx",
Digest: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
Tag: "v1.3.4",
},
err: nil,
},
{
name: "2. short repo with default lib with latest tag",
imageRef: "library/nginx:v.4.5.6",
imageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
registry: v1alpha1.Registry{
name: "short repo with default lib with latest tag",
inputImageRef: "library/nginx:v.4.5.6",
inputImageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
expectedRegistry: v1alpha1.Registry{
Server: "index.docker.io",
},
artifact: v1alpha1.Artifact{
expectedArtifact: v1alpha1.Artifact{
Repository: "library/nginx",
Digest: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
Tag: "v.4.5.6",
},
err: nil,
},
{
name: "3. well known image without tag & digest",
imageRef: "quay.io/centos/centos",
imageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
registry: v1alpha1.Registry{
name: "well known image without tag & digest",
inputImageRef: "quay.io/centos/centos",
inputImageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
expectedRegistry: v1alpha1.Registry{
Server: "quay.io",
},
artifact: v1alpha1.Artifact{
expectedArtifact: v1alpha1.Artifact{
Repository: "centos/centos",
Digest: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
Tag: "latest",
},
err: nil,
},
{
name: "4. docker registry image ref with tag",
imageRef: "docker.io/library/alpine:v2.3.4",
imageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
registry: v1alpha1.Registry{
name: "docker expectedRegistry image ref with tag",
inputImageRef: "docker.io/library/alpine:v2.3.4",
inputImageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
expectedRegistry: v1alpha1.Registry{
Server: "index.docker.io",
},
artifact: v1alpha1.Artifact{
expectedArtifact: v1alpha1.Artifact{
Repository: "library/alpine",
Digest: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
Tag: "v2.3.4",
},
err: nil,
},
{
name: "5. short repo with private repo with tag",
imageRef: "my-private-repo.company.com/my-app:1.2.3",
imageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
registry: v1alpha1.Registry{
name: "short repo with private repo with tag",
inputImageRef: "my-private-repo.company.com/my-app:1.2.3",
inputImageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
expectedRegistry: v1alpha1.Registry{
Server: "my-private-repo.company.com",
},
artifact: v1alpha1.Artifact{
expectedArtifact: v1alpha1.Artifact{
Repository: "my-app",
Digest: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
Tag: "1.2.3",
},
err: nil,
},
{
name: "6. with tag",
imageRef: "quay.io/prometheus-operator/prometheus-operator:v0.63.0",
imageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
registry: v1alpha1.Registry{
name: "with tag",
inputImageRef: "quay.io/prometheus-operator/prometheus-operator:v0.63.0",
inputImageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
expectedRegistry: v1alpha1.Registry{
Server: "quay.io",
},
artifact: v1alpha1.Artifact{
expectedArtifact: v1alpha1.Artifact{
Repository: "prometheus-operator/prometheus-operator",
Digest: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
Tag: "v0.63.0",
},
},
{
name: "7. artifact registry image ref with tag",
imageRef: "europe-west4-docker.pkg.dev/my-project/my-repo/my-app:1.0.0",
imageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
registry: v1alpha1.Registry{
name: "artifact registry image ref with tag",
inputImageRef: "europe-west4-docker.pkg.dev/my-project/my-repo/my-app:1.0.0",
inputImageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
expectedRegistry: v1alpha1.Registry{
Server: "europe-west4-docker.pkg.dev",
},
artifact: v1alpha1.Artifact{
expectedArtifact: v1alpha1.Artifact{
Repository: "my-project/my-repo/my-app",
Digest: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
Tag: "1.0.0",
},
err: nil,
},
{
name: "8. repo with digest",
imageRef: "quay.io/prometheus-operator/prometheus-operator@sha256:1420cefd4b20014b3361951c22593de6e9a2476bbbadd1759464eab5bfc0d34f",
imageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
registry: v1alpha1.Registry{
name: "repo with digest",
inputImageRef: "quay.io/prometheus-operator/prometheus-operator@sha256:1420cefd4b20014b3361951c22593de6e9a2476bbbadd1759464eab5bfc0d34f",
inputImageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
expectedRegistry: v1alpha1.Registry{
Server: "quay.io",
},
artifact: v1alpha1.Artifact{
expectedArtifact: v1alpha1.Artifact{
Repository: "prometheus-operator/prometheus-operator",
Digest: "sha256:1420cefd4b20014b3361951c22593de6e9a2476bbbadd1759464eab5bfc0d34f",
Tag: "",
},
err: nil,
},
{
name: "9. private registry image ref tag & with digest",
imageRef: "my-private-repo.company.com/my-app:some-tag@sha256:1420cefd4b20014b3361951c22593de6e9a2476bbbadd1759464eab5bfc0d34f",
imageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
registry: v1alpha1.Registry{
name: "private expectedRegistry image ref tag & with digest",
inputImageRef: "my-private-repo.company.com/my-app:some-tag@sha256:1420cefd4b20014b3361951c22593de6e9a2476bbbadd1759464eab5bfc0d34f",
inputImageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
expectedRegistry: v1alpha1.Registry{
Server: "my-private-repo.company.com",
},
artifact: v1alpha1.Artifact{
expectedArtifact: v1alpha1.Artifact{
Repository: "my-app",
Digest: "sha256:1420cefd4b20014b3361951c22593de6e9a2476bbbadd1759464eab5bfc0d34f",
Tag: "some-tag",
},
err: nil,
},
{
name: "10. incorrect input",
imageRef: "## some incorrect imput ###",
imageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
registry: v1alpha1.Registry{},
artifact: v1alpha1.Artifact{},
err: errors.New("could not parse reference: ## some incorrect imput ###"),
name: "incorrect input",
inputImageRef: "## some incorrect input ###",
inputImageID: "sha256:2bc57c6bcb194869d18676e003dfed47b87d257fce49667557fb8eb1f324d5d6",
expectedErr: errors.New("could not parse reference: ## some incorrect input ###"),
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
registry, artifact, err := trivy.ParseImageRef(tc.imageRef, tc.imageID)
assert.Equal(t, tc.registry, registry)
assert.Equal(t, tc.artifact, artifact)
if tc.err != nil {
require.Errorf(t, err, "expected: %v", tc.err)
registry, artifact, err := trivy.ParseImageRef(tc.inputImageRef, tc.inputImageID)
if tc.expectedErr != nil {
require.Errorf(t, err, "expected: %v", tc.expectedErr)
}
assert.Equal(t, tc.expectedRegistry, registry)
assert.Equal(t, tc.expectedArtifact, artifact)
})
}
}

0 comments on commit 18f448b

Please sign in to comment.