add a test case for protocol:all handling

Signed-off-by: rksharma95 <[email protected]>
kubearmor · Nov 25, 2024 · 8321894 · 8321894
1 parent cd488cd
commit 8321894
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 0 deletions.
diff --git a/tests/k8s_env/ksp/ksp_test.go b/tests/k8s_env/ksp/ksp_test.go
@@ -266,6 +266,32 @@ var _ = Describe("Ksp", func() {
 
 		})
 
+		It("it can block all network traffic", func() {
+
+			// Apply Policy
+			err := K8sApplyFile("multiubuntu/ksp-ubuntu-1-block-net-all.yaml")
+			Expect(err).To(BeNil())
+
+			// Start KubeArmor Logs
+			err = KarmorLogStart("policy", "multiubuntu", "Network", ub1)
+			Expect(err).To(BeNil())
+			AssertCommand(ub1, "multiubuntu", []string{"bash", "-c", "arping -c 1 127.0.0.1"},
+				MatchRegexp("arping.*Permission denied"), true,
+			)
+
+			expect := protobuf.Alert{
+				PolicyName: "ksp-ubuntu-1-block-net-all",
+				Severity:   "8",
+				Action:     "Block",
+				Result:     "Permission denied",
+			}
+
+			res, err := KarmorGetTargetAlert(5*time.Second, &expect)
+			Expect(err).To(BeNil())
+			Expect(res.Found).To(BeTrue())
+
+		})
+
 	})
 
 	Describe("Apply Capabilities Policy", func() {

diff --git a/tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-1-block-net-all.yaml b/tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-1-block-net-all.yaml
@@ -0,0 +1,15 @@
+apiVersion: security.kubearmor.com/v1
+kind: KubeArmorPolicy
+metadata:
+  name: ksp-ubuntu-1-block-net-all
+  namespace: multiubuntu
+spec:
+  severity: 8
+  selector:
+    matchLabels:
+      container: ubuntu-1
+  network:
+    matchProtocols:
+    - protocol: all
+  action:
+    Block