test: verify pod spec exists in metadata payload

Author: talik077

test/fixtures/pod-spec.json

@@ -0,0 +1,114 @@
+{
+  "containers": [
+    {
+      "env": [
+        {
+          "name": "SNYK_INTEGRATION_ID",
+          "valueFrom": {
+            "secretKeyRef": {
+              "key": "integrationId",
+              "name": "snyk-monitor"
+            }
+          }
+        },
+        {
+          "name": "SNYK_NAMESPACE"
+        },
+        {
+          "name": "SNYK_INTEGRATION_API"
+        },
+        {
+          "name": "SNYK_CLUSTER_NAME",
+          "value": "Production cluster"
+        },
+        {
+          "name": "SNYK_STATIC_ANALYSIS",
+          "value": "true"
+        }
+      ],
+      "image": "snyk/kubernetes-monitor:1.8.5",
+      "imagePullPolicy": "Always",
+      "name": "snyk-monitor",
+      "resources": {
+        "limits": {
+          "cpu": "1",
+          "memory": "2Gi"
+        },
+        "requests": {
+          "cpu": "250m",
+          "memory": "400Mi"
+        }
+      },
+      "terminationMessagePath": "/dev/termination-log",
+      "terminationMessagePolicy": "File",
+      "volumeMounts": [
+        {
+          "mountPath": "/root/.docker",
+          "name": "docker-config",
+          "readOnly": true
+        },
+        {
+          "mountPath": "/snyk-monitor",
+          "name": "temporary-storage"
+        },
+        {
+          "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount",
+          "name": "snyk-monitor-token-ncps2",
+          "readOnly": true
+        }
+      ]
+    }
+  ],
+  "dnsPolicy": "ClusterFirst",
+  "enableServiceLinks": true,
+  "nodeName": "gke-test-node-123456",
+  "priority": 0,
+  "restartPolicy": "Always",
+  "schedulerName": "default-scheduler",
+  "securityContext": {},
+  "serviceAccount": "snyk-monitor",
+  "serviceAccountName": "snyk-monitor",
+  "terminationGracePeriodSeconds": 30,
+  "tolerations": [
+    {
+      "effect": "NoExecute",
+      "key": "node.kubernetes.io/not-ready",
+      "operator": "Exists",
+      "tolerationSeconds": 300
+    },
+    {
+      "effect": "NoExecute",
+      "key": "node.kubernetes.io/unreachable",
+      "operator": "Exists",
+      "tolerationSeconds": 300
+    }
+  ],
+  "volumes": [
+    {
+      "name": "docker-config",
+      "secret": {
+        "defaultMode": 420,
+        "items": [
+          {
+            "key": "dockercfg.json",
+            "path": "config.json"
+          }
+        ],
+        "secretName": "snyk-monitor"
+      }
+    },
+    {
+      "emptyDir": {
+        "sizeLimit": "50Gi"
+      },
+      "name": "temporary-storage"
+    },
+    {
+      "name": "snyk-monitor-token-test",
+      "secret": {
+        "defaultMode": 420,
+        "secretName": "snyk-monitor-token-test"
+      }
+    }
+  ]
+}

test/integration/kubernetes.test.ts

@@ -87,7 +87,8 @@ tap.test('snyk-monitor sends data to homebase', async (t) => {
 
   const metaValidator: WorkloadMetadataValidator = (workloadInfo) => {
     return workloadInfo !== undefined && 'revision' in workloadInfo && 'labels' in workloadInfo &&
-      'specLabels' in workloadInfo && 'annotations' in workloadInfo && 'specAnnotations' in workloadInfo;
+      'specLabels' in workloadInfo && 'annotations' in workloadInfo && 'specAnnotations' in workloadInfo &&
+      'podSpec' in workloadInfo;
   };
 
   // We don't want to spam Homebase with requests; do it infrequently

test/unit/transmitter-payload.test.ts

@@ -3,6 +3,7 @@ import * as tap from 'tap';
 import imageScanner = require('../../src/kube-scanner/image-scanner');
 import payload = require('../../src/transmitter/payload');
 import transmitterTypes = require('../../src/transmitter/types');
+const podSpecFixture = require('../fixtures/pod-spec.json');
 
 tap.test('constructHomebaseDepGraphPayloads breaks when workloadMetadata is missing items', async (t) => {
   const scannedImages: imageScanner.IScanResult[] = [
@@ -33,6 +34,7 @@ tap.test('constructHomebaseDepGraphPayloads breaks when workloadMetadata is miss
       imageId: 'does this matter?',
       cluster: 'grapefruit',
       revision: undefined,
+      podSpec: podSpecFixture,
     },
   ];
 
@@ -64,6 +66,7 @@ tap.test('constructHomebaseDepGraphPayloads happy flow', async (t) => {
       imageId: 'does this matter?',
       cluster: 'grapefruit',
       revision: 1,
+      podSpec: podSpecFixture,
     },
   ];
 
@@ -92,6 +95,7 @@ tap.test('constructHomebaseWorkloadMetadataPayload happy flow', async (t) => {
     imageId: 'does this matter?',
     cluster: 'grapefruit',
     revision: 1,
+    podSpec: podSpecFixture,
   };
 
   const workloadMetadataPayload = payload.constructHomebaseWorkloadMetadataPayload(workloadWithImages);
@@ -101,6 +105,11 @@ tap.test('constructHomebaseWorkloadMetadataPayload happy flow', async (t) => {
   t.equals(workloadMetadataPayload.workloadLocator.name, 'workloadName', 'workload name present in payload');
   t.equals(workloadMetadataPayload.workloadLocator.type, 'type', 'workload type present in payload');
   t.equals(workloadMetadataPayload.workloadMetadata.revision, 1, 'revision present in metadata');
+  t.ok('podSpec' in workloadMetadataPayload.workloadMetadata, 'podSpec present in metadata');
+  t.equals(workloadMetadataPayload.workloadMetadata.podSpec.containers[0].resources!.limits!.memory!, '2Gi',
+   'memory limit present in metadata');
+  t.equals(workloadMetadataPayload.workloadMetadata.podSpec.serviceAccountName, 'snyk-monitor',
+   'service account name present in metadata');
   t.ok('annotations' in workloadMetadataPayload.workloadMetadata, 'annotations present in metadata');
   t.ok('specAnnotations' in workloadMetadataPayload.workloadMetadata, 'specAnnotations present in metadata');
   t.ok('labels' in workloadMetadataPayload.workloadMetadata, 'labels present in metadata');