Generate a test report using the auto-testing framework

[nam-jaehyun]

• The standout output of the auto-testing framework

[INFO] Starting KubeArmor
customresourcedefinition.apiextensions.k8s.io/kubearmorhostpolicies.security.accuknox.com configured
customresourcedefinition.apiextensions.k8s.io/kubearmorpolicies.security.accuknox.com configured
[INFO] Started KubeArmor
[INFO] Applying multiubuntu
namespace/multiubuntu created
deployment.apps/ubuntu-1-deployment created
deployment.apps/ubuntu-2-deployment created
deployment.apps/ubuntu-3-deployment created
deployment.apps/ubuntu-4-deployment created
deployment.apps/ubuntu-5-deployment created
[INFO] Applied multiubuntu
[INFO] Wait for initialization
[INFO] Started to run testcases
[INFO] Testing multiubuntu_test_1
[INFO] Applying ksp-group-1-proc-path-block.yaml into multiubuntu
kubearmorpolicy.security.accuknox.com/ksp-group-1-proc-path-block created
[INFO] Applied ksp-group-1-proc-path-block.yaml into multiubuntu
[INFO] Running "sleep 1"
bash: /bin/sleep: Permission denied
command terminated with exit code 126
[INFO] Block action, and the command should be failed
[INFO] Finding the corresponding log
{"updatedTime":"2021-04-02T06:38:17.614031Z","hostName":"ubuntu20","namespaceName":"multiubuntu","podName":"ubuntu-1-deployment-5fd94b7b9b-2dx7r","containerID":"7f9acb81e2e71356a8636fc7c0b9d878886f18bbb8380038bdb0680e8bbec6c4","containerName":"k8s_ubuntu-1-container_ubuntu-1-deployment-5fd94b7b9b-2dx7r_multiubuntu_f55cbf02-3dd6-4f96-91c0-42da4c6a3415_0","hostPid":1504451,"ppid":1504448,"pid":99,"uid":0,"policyName":"ksp-group-1-proc-path-block","severity":"5","type":"PolicyMatched","source":"bash","operation":"Process","resource":"/bin/sleep","data":"requested=x denied=x","action":"Block","result":"Permission denied"}
[INFO] Found the log from logs
[INFO] Running "sleep 1"
bash: /bin/sleep: Permission denied
command terminated with exit code 126
[INFO] Block action, and the command should be failed
[INFO] Finding the corresponding log
{"updatedTime":"2021-04-02T06:38:20.865766Z","hostName":"ubuntu20","namespaceName":"multiubuntu","podName":"ubuntu-3-deployment-6fd9f97488-xrd8l","containerID":"10187dcb19128a060e66ddb7111063c04f2a42950c1cd8305a62982925fee352","containerName":"k8s_ubuntu-3-container_ubuntu-3-deployment-6fd9f97488-xrd8l_multiubuntu_f84a5754-448a-4d3d-83e3-b6070d7c9da8_0","hostPid":1504540,"ppid":1504537,"pid":100,"uid":0,"policyName":"ksp-group-1-proc-path-block","severity":"5","type":"PolicyMatched","source":"bash","operation":"Process","resource":"/bin/sleep","data":"requested=x denied=x","action":"Block","result":"Permission denied"}
[INFO] Found the log from logs
[PASS] Passed multiubuntu_test_1
[INFO] Deleting ksp-group-1-proc-path-block.yaml from multiubuntu
kubearmorpolicy.security.accuknox.com "ksp-group-1-proc-path-block" deleted
[INFO] Deleted ksp-group-1-proc-path-block.yaml from multiubuntu
[PASS] Successfully tested multiubuntu_test_1
...
[INFO] Testing multiubuntu_test_9
[INFO] Applying ksp-ubuntu-4-file-path-readonly-allow.yaml into multiubuntu
kubearmorpolicy.security.accuknox.com/ksp-ubuntu-4-file-path-readonly-allow created
[INFO] Applied ksp-ubuntu-4-file-path-readonly-allow.yaml into multiubuntu
[INFO] Running "echo test >> /secret.txt"
[INFO] Allow action, and the command should be passed
[INFO] Finding the corresponding log
[INFO] Found no log from logs
[INFO] Running "echo test >> /credentials/password"
bash: /credentials/password: Permission denied
command terminated with exit code 1
[INFO] Allow action, but the command should be failed
[INFO] Finding the corresponding log
{"updatedTime":"2021-04-02T06:39:27.349034Z","hostName":"ubuntu20","namespaceName":"multiubuntu","podName":"ubuntu-4-deployment-67b7fcfcc9-mwszs","containerID":"eff732a8a92546c223898ae3b4bacb7ed79e253296702b09941cbf54fd070cf6","containerName":"k8s_ubuntu-4-container_ubuntu-4-deployment-67b7fcfcc9-mwszs_multiubuntu_1c4e2165-6a8f-49fb-81b7-87357ba0e3ae_0","hostPid":1506254,"ppid":1506248,"pid":110,"uid":0,"policyName":"ksp-ubuntu-4-file-path-readonly-allow","severity":"10","type":"PolicyMatched","source":"/bin/bash -c echo test \u003e\u003e /credentials/password","operation":"File","resource":"/credentials/password","data":"requested=ac denied=ac","action":"Allow","result":"Permission denied"}
[INFO] Found the log from logs
[PASS] Passed multiubuntu_test_9
[INFO] Deleting ksp-ubuntu-4-file-path-readonly-allow.yaml from multiubuntu
kubearmorpolicy.security.accuknox.com "ksp-ubuntu-4-file-path-readonly-allow" deleted
[INFO] Deleted ksp-ubuntu-4-file-path-readonly-allow.yaml from multiubuntu
[PASS] Successfully tested multiubuntu_test_9
[INFO] Deleting multiubuntu
namespace "multiubuntu" deleted
deployment.apps "ubuntu-1-deployment" deleted
deployment.apps "ubuntu-2-deployment" deleted
deployment.apps "ubuntu-3-deployment" deleted
deployment.apps "ubuntu-4-deployment" deleted
deployment.apps "ubuntu-5-deployment" deleted
[INFO] Deleted multiubuntu
[INFO] Stopping KubeArmor
[INFO] Stopped KubeArmor
[PASS] Successfully tested KubeArmor

• Generated report file

< KubeArmor Test Report >

Date: 2021-04-02 06:37:11 UTC

== Testcases ==

Testcase: multiubuntu_test_1 (command #1)
Policy: ksp-group-1-proc-path-block.yaml
Action: Block
Pod: ubuntu-1-deployment
Command: sleep 1
Result: failed (expected) / failed (actual)
Log:
{"updatedTime":"2021-04-02T06:38:17.614031Z","hostName":"ubuntu20","namespaceName":"multiubuntu","podName":"ubuntu-1-deployment-5fd94b7b9b-2dx7r","containerID":"7f9acb81e2e71356a8636fc7c0b9d878886f18bbb8380038bdb0680e8bbec6c4","containerName":"k8s_ubuntu-1-container_ubuntu-1-deployment-5fd94b7b9b-2dx7r_multiubuntu_f55cbf02-3dd6-4f96-91c0-42da4c6a3415_0","hostPid":1504451,"ppid":1504448,"pid":99,"uid":0,"policyName":"ksp-group-1-proc-path-block","severity":"5","type":"PolicyMatched","source":"bash","operation":"Process","resource":"/bin/sleep","data":"requested=x denied=x","action":"Block","result":"Permission denied"}

Testcase: multiubuntu_test_1 (command #2)
Policy: ksp-group-1-proc-path-block.yaml
Action: Block
Pod: ubuntu-3-deployment
Command: sleep 1
Result: failed (expected) / failed (actual)
Log:
{"updatedTime":"2021-04-02T06:38:20.865766Z","hostName":"ubuntu20","namespaceName":"multiubuntu","podName":"ubuntu-3-deployment-6fd9f97488-xrd8l","containerID":"10187dcb19128a060e66ddb7111063c04f2a42950c1cd8305a62982925fee352","containerName":"k8s_ubuntu-3-container_ubuntu-3-deployment-6fd9f97488-xrd8l_multiubuntu_f84a5754-448a-4d3d-83e3-b6070d7c9da8_0","hostPid":1504540,"ppid":1504537,"pid":100,"uid":0,"policyName":"ksp-group-1-proc-path-block","severity":"5","type":"PolicyMatched","source":"bash","operation":"Process","resource":"/bin/sleep","data":"requested=x denied=x","action":"Block","result":"Permission denied"}

...

Testcase: multiubuntu_test_9 (command #1)
Policy: ksp-ubuntu-4-file-path-readonly-allow.yaml
Action: Allow
Pod: ubuntu-4-deployment
Command: echo test >> /secret.txt
Result: passed (expected) / passed (actual)
Log:

Testcase: multiubuntu_test_9 (command #2)
Policy: ksp-ubuntu-4-file-path-readonly-allow.yaml
Action: Allow
Pod: ubuntu-4-deployment
Command: echo test >> /credentials/password
Result: failed (expected) / failed (actual)
Log:
{"updatedTime":"2021-04-02T06:39:27.349034Z","hostName":"ubuntu20","namespaceName":"multiubuntu","podName":"ubuntu-4-deployment-67b7fcfcc9-mwszs","containerID":"eff732a8a92546c223898ae3b4bacb7ed79e253296702b09941cbf54fd070cf6","containerName":"k8s_ubuntu-4-container_ubuntu-4-deployment-67b7fcfcc9-mwszs_multiubuntu_1c4e2165-6a8f-49fb-81b7-87357ba0e3ae_0","hostPid":1506254,"ppid":1506248,"pid":110,"uid":0,"policyName":"ksp-ubuntu-4-file-path-readonly-allow","severity":"10","type":"PolicyMatched","source":"/bin/bash -c echo test \u003e\u003e /credentials/password","operation":"File","resource":"/credentials/password","data":"requested=ac denied=ac","action":"Allow","result":"Permission denied"}

== Summary ==

Passed testcases: 8/9

multiubuntu_test_1
multiubuntu_test_2
multiubuntu_test_3
multiubuntu_test_4
multiubuntu_test_5
multiubuntu_test_7
multiubuntu_test_8
multiubuntu_test_9

Failed testcases: 1/9

multiubuntu_test_6