test: update compliance constructor

Signed-off-by: chenk <hen.keinan@gmail.com>
aquasecurity · Apr 4, 2022 · 07460b2 · 07460b2
1 parent f53142c
commit 07460b2
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 13 deletions.
diff --git a/pkg/cmd/get_clustercompliancereport.go b/pkg/cmd/get_clustercompliancereport.go
@@ -3,11 +3,13 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"io"
+
 	"github.com/aquasecurity/starboard/pkg/apis/aquasecurity/v1alpha1"
 	"github.com/aquasecurity/starboard/pkg/compliance"
+	"github.com/aquasecurity/starboard/pkg/operator/etc"
 	"github.com/aquasecurity/starboard/pkg/starboard"
 	"github.com/spf13/cobra"
-	"io"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
@@ -50,7 +52,11 @@ func NewGetClusterComplianceReportsCmd(executable string, cf *genericclioptions.
 				return err
 			}
 			// generate compliance and compliance failure detail reports
-			complianceMgr := compliance.NewMgr(kubeClient, logger)
+			operatorConfig, err := etc.GetOperatorConfig()
+			if err != nil {
+				return fmt.Errorf("getting client config: %w", err)
+			}
+			complianceMgr := compliance.NewMgr(kubeClient, logger, operatorConfig)
 			err = complianceMgr.GenerateComplianceReport(ctx, report.Spec)
 			if err != nil {
 				return fmt.Errorf("failed to generate report: %w", err)

diff --git a/pkg/compliance/clustercompliancereport_test.go b/pkg/compliance/clustercompliancereport_test.go
@@ -35,7 +35,8 @@ func loadResource(filePath string, resource interface{}) error {
 
 var _ = ginkgo.Describe("cluster compliance report", func() {
 	config := etc.Config{
-		Namespace: "starboard-operator",
+		Namespace:                         "starboard-operator",
+		ClusterComplianceFailEntriesLimit: 1,
 	}
 	logger := log.Log.WithName("operator")
 
@@ -60,7 +61,7 @@ var _ = ginkgo.Describe("cluster compliance report", func() {
 		).Build()
 
 		// create compliance controller
-		instance := ClusterComplianceReportReconciler{Logger: logger, Config: config, Client: client, Mgr: NewMgr(client, logger), Clock: ext.NewSystemClock()}
+		instance := ClusterComplianceReportReconciler{Logger: logger, Client: client, Mgr: NewMgr(client, logger, config), Clock: ext.NewSystemClock()}
 
 		// trigger compliance report generation
 		_, err = instance.generateComplianceReport(context.TODO(), types.NamespacedName{Namespace: "", Name: "nsa"})
@@ -151,7 +152,7 @@ var _ = ginkgo.Describe("cluster compliance report", func() {
 		// create new client
 		clientWithComplianceSpecOnly := fake.NewClientBuilder().WithScheme(starboard.NewScheme()).WithObjects(&clusterComplianceSpec).Build()
 		// create compliance controller
-		complianceControllerInstance := ClusterComplianceReportReconciler{Logger: logger, Config: config, Client: clientWithComplianceSpecOnly, Mgr: NewMgr(clientWithComplianceSpecOnly, logger), Clock: ext.NewSystemClock()}
+		complianceControllerInstance := ClusterComplianceReportReconciler{Logger: logger, Client: clientWithComplianceSpecOnly, Mgr: NewMgr(clientWithComplianceSpecOnly, logger, config), Clock: ext.NewSystemClock()}
 		reconcileReport, err := complianceControllerInstance.generateComplianceReport(context.TODO(), types.NamespacedName{Namespace: "", Name: "nsa"})
 		Expect(err).ToNot(HaveOccurred())
 

diff --git a/pkg/compliance/io.go b/pkg/compliance/io.go
@@ -3,9 +3,10 @@ package compliance
 import (
 	"context"
 	"fmt"
-	"github.com/aquasecurity/starboard/pkg/operator/etc"
 	"strings"
 
+	"github.com/aquasecurity/starboard/pkg/operator/etc"
+
 	"github.com/aquasecurity/starboard/pkg/apis/aquasecurity/v1alpha1"
 	"github.com/aquasecurity/starboard/pkg/ext"
 	"github.com/emirpasic/gods/sets/hashset"
@@ -247,7 +248,7 @@ func (w *cm) createScanCheckResult(results []*ScannerCheckResult) []v1alpha1.Sca
 		var ctt v1alpha1.ScannerCheckResult
 		failedResultEntries := make([]v1alpha1.ResultDetails, 0)
 		for _, crd := range checkResult.Details {
-			if len(failedResultEntries) > w.config.ClusterComplianceFailEntriesLimit {
+			if len(failedResultEntries) >= w.config.ClusterComplianceFailEntriesLimit {
 				continue
 			}
 			//control check detail relevant to fail checks only

diff --git a/pkg/compliance/testdata/fixture/clusterComplianceDetailReport.json b/pkg/compliance/testdata/fixture/clusterComplianceDetailReport.json
@@ -62,12 +62,6 @@
                 "namespace": "default",
                 "msg": "Container 'front-end' of Pod 'rss-site' should set 'securityContext.readOnlyRootFilesystem' to true",
                 "status": "FAIL"
-              },
-              {
-                "name": "pod-rss-site",
-                "namespace": "default",
-                "msg": "Container 'rss-reader' of Pod 'rss-site' should set 'securityContext.readOnlyRootFilesystem' to true",
-                "status": "FAIL"
               }
             ]
           }