[bitnami/kubescape] Add goss tests (#61100)

* [bitnami/kubescape] Add goss tests Signed-off-by: Miguel Ruiz <miruiz@vmware.com> * Use testfiles Signed-off-by: Miguel Ruiz <miruiz@vmware.com> * Update .vib/kubescape/vib-verify.json Co-authored-by: Carlos Rodríguez Hernández <carlosrh@vmware.com> Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com> --------- Signed-off-by: Miguel Ruiz <miruiz@vmware.com> Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com> Co-authored-by: Javier J. Salmerón-García <jsalmeron@vmware.com> Co-authored-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>
2026-03-21 15:29:05 +08:00 · 2024-02-15 17:25:06 +01:00
parent 27b7de9cee
commit 0719a55829
5 changed files with 117 additions and 0 deletions
--- a/.vib/kubescape/goss/goss.yaml
+++ b/.vib/kubescape/goss/goss.yaml
@@ -0,0 +1,15 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+gossfile:
+  # Goss tests exclusive to the current container
+  ../../kubescape/goss/kubescape.yaml: {}
+  # Load scripts from .vib/common/goss/templates
+  ../../common/goss/templates/check-app-version.yaml: {}
+  ../../common/goss/templates/check-binaries.yaml: {}
+  ../../common/goss/templates/check-broken-symlinks.yaml: {}
+  ../../common/goss/templates/check-ca-certs.yaml: {}
+  ../../common/goss/templates/check-directories.yaml: {}
+  ../../common/goss/templates/check-linked-libraries.yaml: {}
+  ../../common/goss/templates/check-sed-in-place.yaml: {}
+  ../../common/goss/templates/check-spdx.yaml: {}
--- a/.vib/kubescape/goss/kubescape.yaml
+++ b/.vib/kubescape/goss/kubescape.yaml
@@ -0,0 +1,18 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+command:
+  {{- $target := printf "/tmp/%s" (randAlpha 5) }}
+  check-scan:
+    exec: mkdir {{ $target }} && tar -xf ./kubescape/goss/testfiles/sealed-secrets.tar.gz -C {{ $target }}; kubescape scan ./kubescape/goss/testfiles/sealed-secrets.tar.gz --format=json {{ $target }}
+    exit-status: 0
+    timeout: 30000
+    stderr:
+      - "Overall compliance-score"
+  {{- $target := printf "/tmp/%s" (randAlpha 5) }}
+  check-oss-assessment:
+    exec: mkdir {{ $target }} && tar -xf ./kubescape/goss/testfiles/sealed-secrets.tar.gz -C {{ $target }}; /opt/bitnami/scripts/kubescape/entrypoint.sh oss-assessment {{ $target }}
+    exit-status: 0
+    timeout: 30000
+    stdout:
+      - "\"security\":"
--- a/.vib/kubescape/goss/testfiles/sealed-secrets.tar.gz
+++ b/.vib/kubescape/goss/testfiles/sealed-secrets.tar.gz
--- a/.vib/kubescape/goss/vars.yaml
+++ b/.vib/kubescape/goss/vars.yaml
@@ -0,0 +1,11 @@
+binaries:
+  - kubescape
+root_dir: /opt/bitnami
+directories:
+  - mode: "0775"
+    paths:
+      - /opt/bitnami/kubescape/.kubescape
+      - /opt/bitnami/kubescape/.cache
+version:
+  bin_name: kubescape
+  flag: version