Fixed component test

Signed-off-by: Afek Berger <[email protected]>
kubescape · Nov 17, 2024 · def694f · def694f
1 parent b14a3b2
commit def694f
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 5 deletions.
diff --git a/.github/workflows/component-tests.yaml b/.github/workflows/component-tests.yaml
@@ -52,6 +52,7 @@ jobs:
           Test_11_EndpointTest,
           Test_12_MergingProfilesTest,
           Test_13_MergingNetworkNeighborhoodTest,
+          Test_14_RulePoliciesTest,
         ]
     steps:
       - name: Checkout code
@@ -97,9 +98,13 @@ jobs:
       - name: Run test
         run: |
           cd tests && go test -v ./... -run ${{ matrix.test }} --timeout=20m --tags=component
-      - name: Print storage logs
+      - name: Print node agent & storage logs
         if: always()
         run: |
+          echo "Node agent logs"
+          kubectl logs $(kubectl get pods -n kubescape -o name | grep node-agent) -n kubescape -c node-agent
+          echo "-----------------------------------------"
+          echo "Storage logs"
           kubectl logs $(kubectl get pods -n kubescape -o name | grep storage) -n kubescape
 
       # - name: Upload plot images 

diff --git a/pkg/ruleengine/v1/helpers.go b/pkg/ruleengine/v1/helpers.go
@@ -7,6 +7,8 @@ import (
 	"slices"
 	"strings"
 
+	"github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/node-agent/pkg/objectcache"
 
 	tracerexectype "github.com/inspektor-gadget/inspektor-gadget/pkg/gadgets/trace/exec/types"
@@ -168,9 +170,11 @@ func isAllowed(event *eventtypes.Event, objCache objectcache.ObjectCache, proces
 
 	if policy, ok := appProfile.PolicyByRuleId[ruleId]; ok {
 		if policy.AllowedContainer || slices.Contains(policy.AllowedProcesses, process) {
+			logger.L().Debug("process is allowed by policy", helpers.String("ruleID", ruleId), helpers.String("process", process))
 			return true, nil
 		}
 	}
 
+	logger.L().Debug("process is not allowed by policy", helpers.String("ruleID", ruleId), helpers.String("process", process))
 	return false, nil
 }
diff --git a/pkg/ruleengine/v1/r1010_symlink_created_over_sensitive_file.go b/pkg/ruleengine/v1/r1010_symlink_created_over_sensitive_file.go
@@ -79,7 +79,10 @@ func (rule *R1010SymlinkCreatedOverSensitiveFile) DeleteRule() {
 }
 
 func (rule *R1010SymlinkCreatedOverSensitiveFile) ProcessEvent(eventType utils.EventType, event utils.K8sEvent, objCache objectcache.ObjectCache) ruleengine.RuleFailure {
+	logger.L().Debug("Processing event", helpers.String("ruleID", rule.ID()), helpers.String("eventType", string(eventType)))
+
 	if !rule.EvaluateRule(eventType, event, objCache.K8sObjectCache()) {
+		logger.L().Debug("Event does not match rule", helpers.String("ruleID", rule.ID()), helpers.String("eventType", string(eventType)))
 		return nil
 	}
 

diff --git a/pkg/ruleengine/v1/r1012_hardlink_created_over_sensitive_file.go b/pkg/ruleengine/v1/r1012_hardlink_created_over_sensitive_file.go
@@ -78,8 +78,9 @@ func (rule *R1012HardlinkCreatedOverSensitiveFile) DeleteRule() {
 }
 
 func (rule *R1012HardlinkCreatedOverSensitiveFile) ProcessEvent(eventType utils.EventType, event utils.K8sEvent, objCache objectcache.ObjectCache) ruleengine.RuleFailure {
-
+	logger.L().Debug("Processing event", helpers.String("ruleID", rule.ID()), helpers.String("eventType", string(eventType)))
 	if !rule.EvaluateRule(eventType, event, objCache.K8sObjectCache()) {
+		logger.L().Debug("Event does not match rule", helpers.String("ruleID", rule.ID()), helpers.String("eventType", string(eventType)))
 		return nil
 	}
 

diff --git a/tests/component_test.go b/tests/component_test.go
@@ -1170,7 +1170,8 @@ func Test_14_RulePoliciesTest(t *testing.T) {
 
 	fmt.Println("After completed")
 
-	time.Sleep(30 * time.Second)
+	// wait for cache
+	time.Sleep(120 * time.Second)
 
 	// generate hardlink alert
 	_, _, err = endpointTraffic.ExecIntoPod([]string{"ln", "/etc/shadow", "/tmp/a"}, "")
@@ -1183,14 +1184,15 @@ func Test_14_RulePoliciesTest(t *testing.T) {
 	assert.NoError(t, err)
 
 	// Wait for the alert to be signaled
-	time.Sleep(30 * time.Second)
+	time.Sleep(60 * time.Second)
 
 	alerts, err := testutils.GetAlerts(endpointTraffic.Namespace)
 	if err != nil {
 		t.Errorf("Error getting alerts: %v", err)
 	}
 
-	assert.Equal(t, 1, len(alerts), "Expected 1 alert to be generated, but got %d alerts", len(alerts))
+	testutils.AssertContains(t, alerts, "Hardlink Created Over Sensitive File", "ln", "endpoint-traffic")
+	testutils.AssertNotContains(t, alerts, "Symlink Created Over Sensitive File", "ln", "endpoint-traffic")
 }
 
 func ptr(i int32) *int32 {