feat: add unit tests for pkg

pkg/binding/binding_test.go

@@ -0,0 +1,86 @@
+package binding
+
+import (
+	"encoding/json"
+	"testing"
+
+	jpbinding "github.com/jmespath-community/go-jmespath/pkg/binding"
+	"github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1"
+	"gotest.tools/assert"
+)
+
+var (
+	context = `
+	[
+		{
+			"name": "tag",
+			"variable": "latest"
+		},
+		{
+			"name": "tag",
+			"variable": "(concat(':', $tag))"
+		}
+	]
+	`
+
+	contextFromResource = `
+	[
+		{
+			"name": "containerName",
+			"variable": "(spec.containers[*].name | [0])"
+		}
+	]
+	`
+
+	resource = `
+	{
+		"apiVersion": "v1",
+		"kind": "Pod",
+		"metadata": {
+			"name": "webserver"
+		},
+		"spec": {
+			"containers": [
+				{
+					"name": "webserver-3",
+					"image": "nginx:latest",
+					"ports": [
+						{
+							"containerPort": 80
+						}
+					]
+				}
+			]
+		}
+	}
+	`
+)
+
+func Test_NewContextBindings(t *testing.T) {
+	var ctxEntry []v1alpha1.ContextEntry
+	err := json.Unmarshal([]byte(context), &ctxEntry)
+	assert.NilError(t, err)
+
+	bindings := jpbinding.NewBindings()
+	bindings = NewContextBindings(bindings, nil, ctxEntry...)
+
+	b, err := bindings.Get("$tag")
+	assert.NilError(t, err)
+	val, err := b.Value()
+	assert.NilError(t, err)
+	assert.Equal(t, val.(string), ":latest")
+
+	var res interface{}
+	err = json.Unmarshal([]byte(resource), &res)
+	assert.NilError(t, err)
+	err = json.Unmarshal([]byte(contextFromResource), &ctxEntry)
+	assert.NilError(t, err)
+
+	bindings = NewContextBindings(bindings, res, ctxEntry...)
+
+	b, err = bindings.Get("$containerName")
+	assert.NilError(t, err)
+	containerName, err := b.Value()
+	assert.NilError(t, err)
+	assert.Equal(t, containerName.(string), "webserver-3")
+}

pkg/commands/scan/output.go

@@ -40,6 +40,7 @@ func (t *jsonOutput) responses(responses ...jsonengine.Response) {
 	}
 }
 
+// newOutput returns an interface to print output in various output formats (text, json)
 func newOutput(out io.Writer, format string) output {
 	if format == "json" {
 		return &jsonOutput{out: out}

pkg/commands/scan/output_test.go

@@ -0,0 +1,52 @@
+package scan
+
+import (
+	"bytes"
+	"errors"
+	"strings"
+	"testing"
+
+	jsonengine "github.com/kyverno/kyverno-json/pkg/json-engine"
+	"github.com/kyverno/kyverno-json/pkg/matching"
+	"gotest.tools/assert"
+)
+
+var resp = jsonengine.Response{
+	Policies: []jsonengine.PolicyResponse{
+		{
+			Rules: []jsonengine.RuleResponse{
+				{
+					Identifier: "test-identifier",
+					Error:      errors.New("test-error"),
+					Violations: matching.Results{
+						{
+							Message: "test-message",
+						},
+					},
+				},
+			},
+		},
+	},
+}
+
+func Test_OutputJSON(t *testing.T) {
+	var buff bytes.Buffer
+	out := newOutput(&buff, "json")
+
+	out.responses(resp)
+	output := buff.String()
+	assert.Assert(t, strings.Contains(output, "test-error"))
+	assert.Assert(t, strings.Contains(output, "test-message"))
+	assert.Assert(t, strings.Contains(output, "test-identifier"))
+}
+
+func Test_OutputText(t *testing.T) {
+	var buff bytes.Buffer
+	out := newOutput(&buff, "text")
+
+	out.println(resp)
+	output := buff.String()
+	assert.Assert(t, strings.Contains(output, "test-error"))
+	assert.Assert(t, strings.Contains(output, "test-message"))
+	assert.Assert(t, strings.Contains(output, "test-identifier"))
+}

pkg/engine/assert/expression_test.go

@@ -67,6 +67,15 @@ func Test_parseExpressionRegex(t *testing.T) {
 			statement:   "test",
 			engine:      "jp",
 		},
+	}, {
+		name: "foreach simple field",
+		in:   "(jp:test)",
+		want: &expression{
+			foreach:     false,
+			foreachName: "",
+			statement:   "test",
+			engine:      "jp",
+		},
 	}, {
 		name: "foreach nested field",
 		in:   "~.(test.test)",

pkg/engine/template/template_test.go

@@ -0,0 +1,70 @@
+package template
+
+import (
+	"context"
+	"encoding/json"
+	"testing"
+
+	jpbinding "github.com/jmespath-community/go-jmespath/pkg/binding"
+	"gotest.tools/assert"
+)
+
+var resourceRaw = `
+{
+	"apiVersion": "v1",
+	"kind": "Pod",
+	"metadata": {
+		"name": "webserver"
+	},
+	"spec": {
+		"containers": [
+			{
+				"name": "webserver-3",
+				"image": "nginx:latest",
+				"ports": [
+					{
+						"containerPort": 80
+					}
+				]
+			},
+			{
+				"name": "webserver-4",
+				"image": "nginx:latest",
+				"ports": [
+					{
+						"containerPort": 80
+					}
+				]
+			}
+		]
+	}
+}
+`
+
+func Test_Execute(t *testing.T) {
+	bindings := jpbinding.NewBindings()
+	bindings = bindings.Register("$allowedContainerNames", jpbinding.NewBinding(`["webserver-1", "webserver-2", "webserver-3"]`))
+	bindings = bindings.Register("$tag", jpbinding.NewBinding(`:latest`))
+
+	var payload map[string]interface{}
+	err := json.Unmarshal([]byte(resourceRaw), &payload)
+	assert.NilError(t, err)
+
+	val, err := Execute(context.Background(), "contains($allowedContainerNames, spec.containers[*].name | [0])", payload, bindings)
+	assert.NilError(t, err)
+	assert.Equal(t, val.(bool), true)
+
+	val, err = Execute(context.Background(), "spec.containers", payload, bindings)
+	assert.NilError(t, err)
+	v := val.([]interface{})
+	assert.Equal(t, len(v), 2)
+	assert.Equal(t, v[0].(map[string]interface{})["name"].(string), "webserver-3")
+
+	val, err = Execute(context.Background(), "contains($allowedContainerNames, 'bad')", payload, bindings)
+	assert.NilError(t, err)
+	assert.Equal(t, val.(bool), false)
+
+	val, err = Execute(context.Background(), "ends_with(spec.containers[*].image | [1], $tag)", payload, bindings)
+	assert.NilError(t, err)
+	assert.Equal(t, val.(bool), true)
+}

pkg/json-engine/engine_test.go

@@ -0,0 +1,122 @@
+package jsonengine
+
+import (
+	"context"
+	"encoding/json"
+	"testing"
+
+	"github.com/kyverno/kyverno-json/pkg/apis/policy/v1alpha1"
+	"gotest.tools/assert"
+)
+
+var (
+	policyRaw = `
+{
+  "apiVersion": "json.kyverno.io/v1alpha1",
+  "kind": "ValidatingPolicy",
+  "metadata": {
+    "name": "test"
+  },
+  "spec": {
+    "rules": [
+      {
+        "name": "pod-no-latest",
+        "context": [
+          {
+            "name": "tag",
+            "variable": ":latest"
+          }
+        ],
+        "match": {
+          "any": [
+            {
+              "apiVersion": "v1",
+              "kind": "Pod"
+            }
+          ]
+        },
+        "identifier": "metadata.name",
+        "assert": {
+          "all": [
+            {
+              "check": {
+                "spec": {
+                  "~foo.containers->foos": {
+                    "(at($foos, $foo).image)->foo": {
+                      "(contains($foo, ':'))": true,
+                      "(ends_with($foo, $tag))": false
+                    }
+                  }
+                }
+              }
+            },
+            {
+              "check": {
+                "spec": {
+                  "~.containers->foo": {
+                    "image": {
+                      "(contains(@, ':'))": true,
+                      "(ends_with(@, ':latest'))": false
+                    }
+                  }
+                }
+              }
+            },
+            {
+              "check": {
+                "~index.(spec.containers[*].image)->images": {
+                  "(contains(@, ':'))": true,
+                  "(ends_with(@, ':latest'))": false
+                }
+              }
+            }
+          ]
+        }
+      }
+    ]
+  }
+}
+`
+
+	payloadRaw = `
+{
+	"apiVersion": "v1",
+	"kind": "Pod",
+	"metadata": {
+		"name": "webserver"
+	},
+	"spec": {
+		"containers": [
+			{
+				"name": "webserver-3",
+				"image": "nginx:latest",
+				"ports": [
+					{
+						"containerPort": 80
+					}
+				]
+			}
+		]
+	}
+}
+`
+)
+
+func Test_JSONEngine(t *testing.T) {
+	var res interface{}
+	err := json.Unmarshal([]byte(payloadRaw), &res)
+	assert.NilError(t, err)
+
+	var pol v1alpha1.ValidatingPolicy
+	err = json.Unmarshal([]byte(policyRaw), &pol)
+	assert.NilError(t, err)
+
+	e := New()
+	resp := e.Run(context.Background(), Request{
+		Resource: res,
+		Policies: []*v1alpha1.ValidatingPolicy{
+			&pol,
+		},
+	})
+	assert.Equal(t, len(resp.Policies[0].Rules[0].Violations), 3)
+}