test: k8s integration tests (#4423)

Signed-off-by: chenk <hen.keinan@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

.github/workflows/test.yaml

@@ -84,6 +84,26 @@ jobs:
       - name: Run integration tests
         run: mage test:integration
 
+  k8s-integration:
+    name: K8s Integration Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: go.mod
+
+      - name: Install tools
+        uses: aquaproj/aqua-installer@v2.1.1
+        with:
+          aqua_version: v1.25.0
+
+      - name: Run k8s integration tests
+        run: mage test:k8s
+
   module-test:
     name: Module Integration Test
     runs-on: ubuntu-latest

integration/integration_test.go

@@ -1,4 +1,4 @@
-//go:build integration || vm_integration || module_integration
+//go:build integration || vm_integration || module_integration || k8s_integration
 
 package integration
 

integration/k8s_test.go

@@ -0,0 +1,70 @@
+//go:build k8s_integration
+
+package integration
+
+import (
+	"encoding/json"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/samber/lo"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/aquasecurity/trivy/pkg/k8s/report"
+	"github.com/aquasecurity/trivy/pkg/types"
+)
+
+// Note: the test required k8s (kind) cluster installed.
+// "mage test:k8s" will run this test.
+
+func TestK8s(t *testing.T) {
+	// Set up the output file
+	outputFile := filepath.Join(t.TempDir(), "output.json")
+
+	osArgs := []string{
+		"k8s",
+		"cluster",
+		"--report",
+		"summary",
+		"-q",
+		"--timeout",
+		"5m0s",
+		"--format",
+		"json",
+		"--components",
+		"workload",
+		"--context",
+		"kind-kind-test",
+		"--output",
+		outputFile,
+	}
+
+	// Run Trivy
+	err := execute(osArgs)
+	require.NoError(t, err)
+
+	var got report.ConsolidatedReport
+	f, err := os.Open(outputFile)
+	require.NoError(t, err)
+	defer f.Close()
+
+	err = json.NewDecoder(f).Decode(&got)
+	require.NoError(t, err)
+
+	// Flatten findings
+	results := lo.FlatMap(got.Findings, func(resource report.Resource, _ int) []types.Result {
+		return resource.Results
+	})
+
+	// Has vulnerabilities
+	assert.True(t, lo.SomeBy(results, func(r types.Result) bool {
+		return len(r.Vulnerabilities) > 0
+	}))
+
+	// Has misconfigurations
+	assert.True(t, lo.SomeBy(results, func(r types.Result) bool {
+		return len(r.Misconfigurations) > 0
+	}))
+}

integration/testdata/fixtures/k8s/test_nginx.yaml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80

magefiles/magefile.go

@@ -84,6 +84,11 @@ func (Tool) EasyJSON() error {
 	return sh.Run("go", "install", "github.com/mailru/easyjson/...@v0.7.7")
 }
 
+// Kind installs kind cluster
+func (Tool) Kind() error {
+	return sh.RunWithV(ENV, "go", "install", "sigs.k8s.io/kind@v0.19.0")
+}
+
 // Goyacc installs goyacc
 func (Tool) Goyacc() error {
 	if exists(filepath.Join(GOBIN, "goyacc")) {
@@ -237,6 +242,24 @@ func (t Test) Integration() error {
 	return sh.RunWithV(ENV, "go", "test", "-v", "-tags=integration", "./integration/...", "./pkg/fanal/test/integration/...")
 }
 
+// K8s runs k8s integration tests
+func (t Test) K8s() error {
+	mg.Deps(Tool{}.Kind)
+
+	err := sh.RunWithV(ENV, "kind", "create", "cluster", "--name", "kind-test")
+	if err != nil {
+		return err
+	}
+	defer func() {
+		_ = sh.RunWithV(ENV, "kind", "delete", "cluster", "--name", "kind-test")
+	}()
+	err = sh.RunWithV(ENV, "kubectl", "apply", "-f", "./integration/testdata/fixtures/k8s/test_nginx.yaml")
+	if err != nil {
+		return err
+	}
+	return sh.RunWithV(ENV, "go", "test", "-v", "-tags=k8s_integration", "./integration/...")
+}
+
 // Module runs Wasm integration tests
 func (t Test) Module() error {
 	mg.Deps(t.FixtureContainerImages, t.GenerateExampleModules)