policytest

package
v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 29, 2026 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var AllPolicyTests = &RegisteredPolicyTests{}

Functions

func DumpResults 

func DumpResults(out io.Writer, ptNames []string, results []*Result)

func RegisterPolicyTestAtInit 

func RegisterPolicyTestAtInit(t *T)

RegisterPolicyTestAtInit registers a policytest at init, so it does not synchronize access to the global slice

Types

type ActionCounts 

type ActionCounts struct {
	Post           *uint64
	Signal         *uint64
	Override       *uint64
	NotifyEnforcer *uint64
	Set            *uint64
}

type Builder 

type Builder struct {
	// contains filtered or unexported fields
}

Builder offers an ergonomic way to build policy tests (using method chaining)

func NewBuilder 

func NewBuilder(name string) *Builder

func (*Builder) AddScenario 

func (b *Builder) AddScenario(fn func(c *Conf) *Scenario) *Builder

Add a scenario to the builder

func (*Builder) RegisterAtInit 

func (b *Builder) RegisterAtInit() any

RegisterAtInit registers the policy at initilization time (i.e., in init or in top-level global declaration) NB: return something so that we can use this in a var top-level declaration

func (*Builder) WithLabels 

func (b *Builder) WithLabels(labels ...string) *Builder

func (*Builder) WithParameter 

func (b *Builder) WithParameter(p Parameter) *Builder

func (*Builder) WithPolicyTemplate 

func (b *Builder) WithPolicyTemplate(tmpl string) *Builder

WithPolicyTemplate adds a policy to a policy test using a text template.

In the template, the following functions are supported

  • testBinary: generate a test binary path from the binary name (Conf.TestBinary())

func (*Builder) WithSkip 

func (b *Builder) WithSkip(fn func(*SkipInfo) string) *Builder

type CmdTrigger 

type CmdTrigger struct {
	Bin  string
	Args []string
}

CmdTrigger simply wraps a exec.CommandContext().Run() into a Trigger

func NewCmdTrigger 

func NewCmdTrigger(bin string, args ...string) *CmdTrigger

func (*CmdTrigger) ExpectExitCode 

func (c *CmdTrigger) ExpectExitCode(val int) *ExecTester

func (*CmdTrigger) ExpectSignal 

func (c *CmdTrigger) ExpectSignal(sig syscall.Signal) *ExecTester

func (*CmdTrigger) Trigger 

func (c *CmdTrigger) Trigger(ctx context.Context) error

type Conf 

type Conf struct {
	// Test Binaries directory
	BinsDir string
	// Agent GRPC address
	GrpcAddr string

	// configuration for the current test
	TestConf *TestConf

	// Path to save the generated policy
	DumpPolicyPath string
}

Conf is the runtime configuration for a sequence of policy tests

func (*Conf) TestBinary 

func (c *Conf) TestBinary(s string) string

type ExecTestError 

type ExecTestError struct {
	// contains filtered or unexported fields
}

ExecTestError will be returned if the command did not exit as expected. That is, either via the expected signal or with the expected error code

func NewExecTestErr 

func NewExecTestErr(format string, args ...any) *ExecTestError

func (*ExecTestError) Error 

func (e *ExecTestError) Error() string

type ExecTester 

type ExecTester struct {
	CmdTrigger
	// Execution should either terminate normally (with an exit code) or by a signal
	// only one of those should be not nill
	ExpectedExitCode *int
	ExpectedSignal   *syscall.Signal
}

func (*ExecTester) Trigger 

func (et *ExecTester) Trigger(ctx context.Context) error

type Label 

type Label string

type LocalRunner 

type LocalRunner struct {
	// contains filtered or unexported fields
}

func NewLocalRunner 

func NewLocalRunner(
	ctx context.Context,
	log *slog.Logger,
	cnf *Conf,
) (*LocalRunner, error)

NewLocalRunner creates a new local runner

For event testing, the local runner uses three goroutines:

  • receive (runRecv)
  • forward (runFwd)
  • check (runCheck)

receive blocks on the event stream and passes all events to the forward goroutine. forward either drops receieved events, or forwards them to the check goroutine check runs the EventChecker that is part of the test.

When a new scenario starts, a new check goroutine is created and the forwarder is configured to forward events to it.

func (*LocalRunner) AddPolicy 

func (r *LocalRunner) AddPolicy(l *slog.Logger, test *T) (*PolicyHandler, error)

func (*LocalRunner) Close 

func (r *LocalRunner) Close()

func (*LocalRunner) RunScenario 

func (r *LocalRunner) RunScenario(
	l *slog.Logger, scenario *Scenario, polHandler *PolicyHandler, testConf *TestConf,
) ScenarioRes

func (*LocalRunner) RunTest 

func (r *LocalRunner) RunTest(l *slog.Logger, test *T, testConf *TestConf) *Result

RunTest runs a policy test

type Parameter 

type Parameter struct {
	Name    string
	Default any
	Help    string
}

type Policy 

type Policy string

Policies are represented as strings, because that's how they are loaded via gRPC

type PolicyHandler 

type PolicyHandler struct {
	// contains filtered or unexported fields
}

func (*PolicyHandler) Cleanup 

func (ph *PolicyHandler) Cleanup(l *slog.Logger, conf *Conf, client *cli.ClientWithContext) error

func (*PolicyHandler) Configure 

func (ph *PolicyHandler) Configure(
	l *slog.Logger, client *cli.ClientWithContext,
	enable *bool, mode *tetragon.TracingPolicyMode) error

func (*PolicyHandler) GetCounts 

func (ph *PolicyHandler) GetCounts(
	_ *slog.Logger, client *cli.ClientWithContext) (*tetragon.TracingPolicyActionCounters, error)

type RegisteredPolicyTests 

type RegisteredPolicyTests struct {
	// contains filtered or unexported fields
}

func (*RegisteredPolicyTests) DoObserverTest 

func (rpt *RegisteredPolicyTests) DoObserverTest(
	t *testing.T,
	testpolicyName string,
	params map[string]any,
)

func (*RegisteredPolicyTests) Get 

func (rpt *RegisteredPolicyTests) Get(index int) *T

func (*RegisteredPolicyTests) GetByFunction 

func (rpt *RegisteredPolicyTests) GetByFunction(fn func(t *T) bool) []*T

func (*RegisteredPolicyTests) GetByName 

func (rpt *RegisteredPolicyTests) GetByName(name string) []*T

func (*RegisteredPolicyTests) Len 

func (rpt *RegisteredPolicyTests) Len() int

type Result 

type Result struct {
	Skipped      string // if not empty, the policy was skipped and the string contains the reason
	Err          error
	ScenariosRes []ScenarioRes
}

Result of a policytest (T)

type Scenario 

type Scenario struct {
	Name                 string
	Trigger              Trigger
	EventChecker         ec.MultiEventChecker
	ActCountChecker      ActionCounts
	ExpectCheckerFailure bool
}

type ScenarioRes 

type ScenarioRes struct {
	Name            string
	TriggerErr      error
	CheckerErr      error
	ActionCountsErr error
}

func (*ScenarioRes) Err 

func (sr *ScenarioRes) Err() error

type SkipInfo 

type SkipInfo struct {
	AgentInfo *tetragoninfo.Info
}

type T 

type T struct {
	// Name returns the name of the test
	Name string
	// Labels is a set of labels for the test
	Labels []Label

	// ShouldSkip returns a non-empty string if the policy test is to be skipped.
	// In that case, the string contains the reason that the test was skipped.
	ShouldSkip func(info *SkipInfo) string

	// Policy generates a policy for this test
	Policy func(c *Conf) (Policy, error)

	Params []Parameter

	// Scenarios returns a list of scenarios to test the generated policy
	Scenarios []func(c *Conf) *Scenario
}

T defines a policy test

type TestConf 

type TestConf struct {
	MonitorMode bool
	ParamValues map[string]any
}

TestConf is the runtime configuration for a single policy test

type Trigger 

type Trigger interface {
	Trigger(ctx context.Context) error
}

Trigger is a way to trigger a policy

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.