[BUG] `service_account_mapping` test does not fail if the CNF includes an auto-mounted service account.

Question

[BUG] `service_account_mapping` test does not fail if the CNF includes an auto-mounted service account.

Opened this issue 2 months ago · 2 comments

HashNuke commented 2 months ago

Describe the bug

service_account_mapping should fail if the CNF includes an auto-mounted service account.

Possible cause

When the resources for the CNF are collected, the Service Accounts are not collected.

CNFManager in the testsuite uses this helper function - Helm.all_workload_resources
- https://github.com/cnf-testsuite/helm/blob/46b0c7f75a4bb6aac8318dc2c37daa875903ee2f/helm.cr#L160
The above function in turns uses KubectlClient::WORKLOAD_RESOURCES, which does not have Service Accounts listed.
- https://github.com/cnf-testsuite/kubectl_client/blob/8d68ba21aec7a74058a3cd8c829e7dab36b79e1b/kubectl_client.cr#L10

KubectlClient::WORKLOAD_RESOURCES needs to be updated to include service accounts.

To reproduce

./cnf-testsuite cnf_setup cnf-config=./sample-cnfs/sample-service-accounts/cnf-testsuite.yml
./cnf-testsuite service_account_mapping

The test should fail, but it instead passes.

This output was from upgraded kubescape version from another branch. But that shouldn't matter, it looks like the bug should be present in the main branch too.

Answer 1 · 2024-04-25T08:31:45.000Z

This is fixed in #2004 to help the build pass.

Answer 2 · 2024-04-25T08:32:30.000Z

The dependency kubectl_client had to be fixed. Will open a PR for that soon.