From 5df39eed029608ba2ad649e32adeb13ee98a4d72 Mon Sep 17 00:00:00 2001
From: Simarpreet Singh <simar@linux.com>
Date: Mon, 10 Jun 2019 13:37:29 -0700
Subject: [PATCH] ocp-3.10: Fix malformed yaml and improve
 TestControls_RunChecks

This improves the TestControls_RunChecks() test by making
more comprehensive assertions on a more fully fledged input yaml

Fixes: https://github.com/aquasecurity/kube-bench/issues/304

Signed-off-by: Simarpreet Singh <simar@linux.com>
---
 cfg/ocp-3.10/node.yaml |  2 +-
 check/controls_test.go | 26 ++++++++++++++++++++++----
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/cfg/ocp-3.10/node.yaml b/cfg/ocp-3.10/node.yaml
index fc27642..cc894c5 100644
--- a/cfg/ocp-3.10/node.yaml
+++ b/cfg/ocp-3.10/node.yaml
@@ -196,7 +196,7 @@ groups:
   - id: 7.15
     text: "Verify that the RotateKubeletServerCertificate argument is set to true"
     audit: "grep -B1 RotateKubeletServerCertificate=true /etc/origin/node/node-config.yaml"
-    test:
+    tests:
       test_items:
       - flag: "RotateKubeletServerCertificate=true"
         compare:
diff --git a/check/controls_test.go b/check/controls_test.go
index 18e92cb..bcf14d5 100644
--- a/check/controls_test.go
+++ b/check/controls_test.go
@@ -103,13 +103,26 @@ type: "master"
 groups:
 - id: G1
   checks:
-    - id: G1/C1
+  - id: G1/C1
 - id: G2
   checks:
-    - id: G2/C1
+  - id: G2/C1
+    text: "Verify that the SomeSampleFlag argument is set to true"
+    audit: "grep -B1 SomeSampleFlag=true /this/is/a/file/path"
+    tests:
+      test_items:
+      - flag: "SomeSampleFlag=true"
+        compare:
+          op: has
+          value: "true"
+        set: true
+    remediation: |
+      Edit the config file /this/is/a/file/path and set SomeSampleFlag to true.
+    scored: true
 `)
 		// and
-		controls, _ := NewControls(MASTER, in)
+		controls, err := NewControls(MASTER, in)
+		assert.NoError(t, err)
 		// and
 		runner.On("Run", controls.Groups[0].Checks[0]).Return(PASS)
 		runner.On("Run", controls.Groups[1].Checks[0]).Return(FAIL)
@@ -130,6 +143,12 @@ groups:
 		G2 := controls.Groups[1]
 		assert.Equal(t, "G2", G2.ID)
 		assert.Equal(t, "G2/C1", G2.Checks[0].ID)
+		assert.Equal(t, "has", G2.Checks[0].Tests.TestItems[0].Compare.Op)
+		assert.Equal(t, "true", G2.Checks[0].Tests.TestItems[0].Compare.Value)
+		assert.Equal(t, true, G2.Checks[0].Tests.TestItems[0].Set)
+		assert.Equal(t, "SomeSampleFlag=true", G2.Checks[0].Tests.TestItems[0].Flag)
+		assert.Equal(t, "Edit the config file /this/is/a/file/path and set SomeSampleFlag to true.\n", G2.Checks[0].Remediation)
+		assert.Equal(t, true, G2.Checks[0].Scored)
 		assertEqualGroupSummary(t, 0, 1, 0, 0, G2)
 		// and
 		assert.Equal(t, 1, controls.Summary.Pass)
@@ -139,7 +158,6 @@ groups:
 		// and
 		runner.AssertExpectations(t)
 	})
-
 }
 
 func assertEqualGroupSummary(t *testing.T, pass, fail, info, warn int, actual *Group) {
-- 
GitLab