test: add integration test cases for PV and PVC

Author: afdesk

tests/itest/helper/helper.go

@@ -379,6 +379,26 @@ func (h *Helper) HasConfigAuditReportOwnedBy(ctx context.Context, obj client.Obj
 	}
 }
 
+func (h *Helper) HasClusterConfigAuditReportOwnedBy(ctx context.Context, obj client.Object) func() (bool, error) {
+	return func() (bool, error) {
+		gvk, err := apiutil.GVKForObject(obj, h.scheme)
+		if err != nil {
+			return false, err
+		}
+		var reportsList v1alpha1.ClusterConfigAuditReportList
+		err = h.kubeClient.List(ctx, &reportsList, client.MatchingLabels{
+			trivyoperator.LabelResourceKind:      gvk.Kind,
+			trivyoperator.LabelResourceName:      obj.GetName(),
+			trivyoperator.LabelResourceNamespace: obj.GetNamespace(),
+		})
+		if err != nil {
+			return false, err
+		}
+
+		return len(reportsList.Items) == 1 && reportsList.Items[0].DeletionTimestamp == nil, nil
+	}
+}
+
 func (h *Helper) HasScanJobPodOwnedBy(ctx context.Context, obj client.Object) func() (bool, error) {
 	return func() (bool, error) {
 		gvk, err := apiutil.GVKForObject(obj, h.scheme)

tests/itest/trivy-operator/behavior/behavior.go

@@ -8,6 +8,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/rand"
@@ -456,6 +457,79 @@ func ConfigurationCheckerBehavior(inputs *Inputs) func() {
 			})
 
 		})
+
+		Context("When PersistentVolume is created", func() {
+
+			var ctx context.Context
+			var pv *corev1.PersistentVolume
+
+			BeforeEach(func() {
+				ctx = context.Background()
+				pv = &corev1.PersistentVolume{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "pv-" + rand.String(5),
+					},
+					Spec: corev1.PersistentVolumeSpec{
+						Capacity: corev1.ResourceList{
+							corev1.ResourceStorage: resource.MustParse("1Gi"),
+						},
+						AccessModes:                   []corev1.PersistentVolumeAccessMode{corev1.ReadWriteOnce},
+						PersistentVolumeReclaimPolicy: corev1.PersistentVolumeReclaimDelete,
+						PersistentVolumeSource: corev1.PersistentVolumeSource{
+							HostPath: &corev1.HostPathVolumeSource{Path: "/tmp"},
+						},
+					},
+				}
+
+				err := inputs.Create(ctx, pv)
+				Expect(err).ToNot(HaveOccurred())
+			})
+
+			It("Should create ClusterConfigAuditReport", func() {
+				Eventually(inputs.HasClusterConfigAuditReportOwnedBy(ctx, pv), inputs.AssertTimeout).Should(BeTrue())
+			})
+
+			AfterEach(func() {
+				err := inputs.Delete(ctx, pv)
+				Expect(err).ToNot(HaveOccurred())
+			})
+		})
+
+		Context("When PersistentVolumeClaim is created", func() {
+
+			var ctx context.Context
+			var pvc *corev1.PersistentVolumeClaim
+
+			BeforeEach(func() {
+				ctx = context.Background()
+				qty := resource.MustParse("1Gi")
+				pvc = &corev1.PersistentVolumeClaim{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: inputs.PrimaryNamespace,
+						Name:      "pvc-" + rand.String(5),
+					},
+					Spec: corev1.PersistentVolumeClaimSpec{
+						AccessModes: []corev1.PersistentVolumeAccessMode{corev1.ReadWriteOnce},
+						Resources: corev1.VolumeResourceRequirements{
+							Requests: corev1.ResourceList{
+								corev1.ResourceStorage: qty,
+							},
+						},
+					},
+				}
+				err := inputs.Create(ctx, pvc)
+				Expect(err).ToNot(HaveOccurred())
+			})
+
+			It("Should create ConfigAuditReport", func() {
+				Eventually(inputs.HasConfigAuditReportOwnedBy(ctx, pvc), inputs.AssertTimeout).Should(BeTrue())
+			})
+
+			AfterEach(func() {
+				err := inputs.Delete(ctx, pvc)
+				Expect(err).ToNot(HaveOccurred())
+			})
+		})
 	}
 }
 

tests/itest/trivy-operator/suite_test.go

@@ -2,10 +2,12 @@ package trivy_operator
 
 import (
 	"context"
+	"strings"
 	"testing"
 	"time"
 
 	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -66,6 +68,26 @@ var _ = BeforeSuite(func() {
 	})
 	Expect(err).ToNot(HaveOccurred())
 
+	installMode, operatorNamespace, _, err := operatorConfig.ResolveInstallMode()
+	Expect(err).ToNot(HaveOccurred(), "install mode: %s", installMode)
+
+	pluginCM := &corev1.ConfigMap{}
+	pluginCM.Namespace = operatorNamespace
+	pluginCM.Name = trivyoperator.GetPluginConfigMapName("Trivy")
+	_ = kubeClient.Delete(context.Background(), pluginCM)
+	pluginCM = &corev1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: operatorNamespace,
+			Name:      trivyoperator.GetPluginConfigMapName("Trivy"),
+		},
+		Data: map[string]string{
+			"trivy.useBuiltinRegoPolicies":    "true",
+			"trivy.supportedConfigAuditKinds": "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota,PersistentVolume,PersistentVolumeClaim",
+		},
+	}
+	_ = kubeClient.Create(context.Background(), pluginCM)
+	_ = kubeClient.Update(context.Background(), pluginCM)
+
 	inputs = behavior.Inputs{
 		AssertTimeout:         5 * time.Minute,
 		PollingInterval:       5 * time.Second,
@@ -90,6 +112,12 @@ func ApplyTestConfiguration(operatorConfig *etc.Config) {
 	// Default is 0. Set to 30 seconds for testing scan job TTL behavior.
 	scanJobTTL := 30 * time.Second
 	operatorConfig.ScanJobTTL = &scanJobTTL
+
+	if operatorConfig.TargetWorkloads == "" {
+		operatorConfig.TargetWorkloads = "Pod,ReplicaSet,ReplicationController,StatefulSet,DaemonSet,CronJob,Job,PersistentVolume,PersistentVolumeClaim"
+	} else if !strings.Contains(operatorConfig.TargetWorkloads, "PersistentVolumeClaim") {
+		operatorConfig.TargetWorkloads += ",PersistentVolumeClaim"
+	}
 }
 
 var _ = AfterSuite(func() {