add posture checks tests

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2025-01-31 10:31:58 +01:00 · 2024-10-08 15:50:13 +03:00 · 2024-10-08 15:50:13 +03:00 · 41acacfba5
commit 41acacfba5
parent fc7157f82f
1 changed files with 207 additions and 26 deletions
--- a/management/server/posture_checks_test.go
+++ b/management/server/posture_checks_test.go
@ -121,21 +121,37 @@ func initTestPostureChecksAccount(am *DefaultAccountManager) (*Account, error) {
 	return am.Store.GetAccount(context.Background(), account.Id)
 }

-func TestPostureCheckAccountPeerUpdate(t *testing.T) {
+func TestPostureCheckAccountPeersUpdate(t *testing.T) {
 	manager, account, peer1, peer2, peer3 := setupNetworkMapTest(t)

-	err := manager.SaveGroup(context.Background(), account.Id, userID, &group.Group{
-		ID:    "group-id",
-		Name:  "GroupA",
-		Peers: []string{peer1.ID, peer2.ID, peer3.ID},
+	err := manager.SaveGroups(context.Background(), account.Id, userID, []*group.Group{
+		{
+			ID:    "groupA",
+			Name:  "GroupA",
+			Peers: []string{peer1.ID, peer2.ID, peer3.ID},
+		},
+		{
+			ID:    "groupB",
+			Name:  "GroupB",
+			Peers: []string{},
+		},
+		{
+			ID:    "groupC",
+			Name:  "GroupC",
+			Peers: []string{},
+		},
 	})
 	assert.NoError(t, err)

+	updMsg := manager.peersUpdateManager.CreateChannel(context.Background(), peer1.ID)
+	t.Cleanup(func() {
+		manager.peersUpdateManager.CloseChannel(context.Background(), peer1.ID)
+	})
+
 	postureCheck := posture.Checks{
-		ID:          "versionCheck",
-		Name:        "Version Check",
-		Description: "NetBird Version Check",
-		AccountID:   account.Id,
+		ID:        "postureCheck",
+		Name:      "postureCheck",
+		AccountID: account.Id,
 		Checks: posture.ChecksDefinition{
 			NBVersionCheck: &posture.NBVersionCheck{
 				MinVersion: "0.28.0",
@ -143,11 +159,6 @@ func TestPostureCheckAccountPeerUpdate(t *testing.T) {
 		},
 	}

-	updMsg := manager.peersUpdateManager.CreateChannel(context.Background(), peer1.ID)
-	t.Cleanup(func() {
-		manager.peersUpdateManager.CloseChannel(context.Background(), peer1.ID)
-	})
-
 	// Saving unused posture check should not update account peers and not send peer update
 	t.Run("saving unused posture check", func(t *testing.T) {
 		done := make(chan struct{})
@ -166,14 +177,37 @@ func TestPostureCheckAccountPeerUpdate(t *testing.T) {
 		}
 	})

+	// Updating unused posture check should not update account peers and not send peer update
+	t.Run("updating unused posture check", func(t *testing.T) {
+		done := make(chan struct{})
+		go func() {
+			peerShouldNotReceiveUpdate(t, updMsg)
+			close(done)
+		}()
+
+		postureCheck.Checks = posture.ChecksDefinition{
+			NBVersionCheck: &posture.NBVersionCheck{
+				MinVersion: "0.29.0",
+			},
+		}
+		err := manager.SavePostureChecks(context.Background(), account.Id, userID, &postureCheck)
+		assert.NoError(t, err)
+
+		select {
+		case <-done:
+		case <-time.After(time.Second):
+			t.Error("timeout waiting for peerShouldNotReceiveUpdate")
+		}
+	})
+
 	policy := Policy{
-		ID:      "policy",
+		ID:      "policyA",
 		Enabled: true,
 		Rules: []*PolicyRule{
 			{
 				Enabled:       true,
-				Sources:       []string{"group-id"},
-				Destinations:  []string{"group-id"},
+				Sources:       []string{"groupA"},
+				Destinations:  []string{"groupA"},
 				Bidirectional: true,
 				Action:        PolicyTrafficActionAccept,
 			},
@ -181,15 +215,15 @@ func TestPostureCheckAccountPeerUpdate(t *testing.T) {
 		SourcePostureChecks: []string{postureCheck.ID},
 	}

-	// Adding posture check to policy should trigger update account peers and send peer update
-	t.Run("adding posture check to policy", func(t *testing.T) {
+	// Linking posture check to policy should trigger update account peers and send peer update
+	t.Run("linking posture check to policy with peers", func(t *testing.T) {
 		done := make(chan struct{})
 		go func() {
 			peerShouldReceiveUpdate(t, updMsg)
 			close(done)
 		}()

-		err := manager.SavePolicy(context.Background(), account.Id, userID, &policy)
+		err := manager.SavePolicy(context.Background(), account.Id, userID, &policy, false)
 		assert.NoError(t, err)

 		select {
@ -197,14 +231,18 @@ func TestPostureCheckAccountPeerUpdate(t *testing.T) {
 		case <-time.After(time.Second):
 			t.Error("timeout waiting for peerShouldReceiveUpdate")
 		}
-
 	})

-	// Updating used posture checks should update account peers and send peer update
-	t.Run("updating used posture check", func(t *testing.T) {
+	// Updating linked posture checks should update account peers and send peer update
+	t.Run("updating linked to posture check with peers", func(t *testing.T) {
 		postureCheck.Checks = posture.ChecksDefinition{
 			NBVersionCheck: &posture.NBVersionCheck{
-				MinVersion: "0.28.6",
+				MinVersion: "0.29.0",
+			},
+			ProcessCheck: &posture.ProcessCheck{
+				Processes: []posture.Process{
+					{LinuxPath: "/usr/bin/netbird", MacPath: "/usr/local/bin/netbird"},
+				},
 			},
 		}

@ -224,7 +262,7 @@ func TestPostureCheckAccountPeerUpdate(t *testing.T) {
 		}
 	})

-	// Saving unchanged posture check should trigger account peers update and not send peer update
+	// Saving unchanged posture check should not trigger account peers update and not send peer update
 	// since there is no change in the network map
 	t.Run("saving unchanged posture check", func(t *testing.T) {
 		done := make(chan struct{})
@ -253,7 +291,150 @@ func TestPostureCheckAccountPeerUpdate(t *testing.T) {

 		policy.SourcePostureChecks = []string{}

-		err := manager.SavePolicy(context.Background(), account.Id, userID, &policy)
+		err := manager.SavePolicy(context.Background(), account.Id, userID, &policy, true)
+		assert.NoError(t, err)
+
+		select {
+		case <-done:
+		case <-time.After(time.Second):
+			t.Error("timeout waiting for peerShouldReceiveUpdate")
+		}
+	})
+
+	// Deleting unused posture check should not trigger account peers update and not send peer update
+	t.Run("deleting unused posture check", func(t *testing.T) {
+		done := make(chan struct{})
+		go func() {
+			peerShouldNotReceiveUpdate(t, updMsg)
+			close(done)
+		}()
+
+		err := manager.DeletePostureChecks(context.Background(), account.Id, "postureCheck", userID)
+		assert.NoError(t, err)
+
+		select {
+		case <-done:
+		case <-time.After(time.Second):
+			t.Error("timeout waiting for peerShouldNotReceiveUpdate")
+		}
+	})
+
+	err = manager.SavePostureChecks(context.Background(), account.Id, userID, &postureCheck)
+	assert.NoError(t, err)
+
+	// Updating linked posture check to policy with no peers should not trigger account peers update and not send peer update
+	t.Run("updating linked posture check to policy with no peers", func(t *testing.T) {
+		policy = Policy{
+			ID:      "policyB",
+			Enabled: true,
+			Rules: []*PolicyRule{
+				{
+					Enabled:       true,
+					Sources:       []string{"groupB"},
+					Destinations:  []string{"groupC"},
+					Bidirectional: true,
+					Action:        PolicyTrafficActionAccept,
+				},
+			},
+			SourcePostureChecks: []string{postureCheck.ID},
+		}
+		err = manager.SavePolicy(context.Background(), account.Id, userID, &policy, false)
+		assert.NoError(t, err)
+
+		done := make(chan struct{})
+		go func() {
+			peerShouldNotReceiveUpdate(t, updMsg)
+			close(done)
+		}()
+
+		postureCheck.Checks = posture.ChecksDefinition{
+			NBVersionCheck: &posture.NBVersionCheck{
+				MinVersion: "0.29.0",
+			},
+		}
+		err := manager.SavePostureChecks(context.Background(), account.Id, userID, &postureCheck)
+		assert.NoError(t, err)
+
+		select {
+		case <-done:
+		case <-time.After(time.Second):
+			t.Error("timeout waiting for peerShouldNotReceiveUpdate")
+		}
+	})
+
+	// Updating linked posture check to policy where destination has peers but source does not
+	// should trigger account peers update and send peer update
+	t.Run("updating linked posture check to policy where destination has peers but source does not", func(t *testing.T) {
+		policy = Policy{
+			ID:      "policyB",
+			Enabled: true,
+			Rules: []*PolicyRule{
+				{
+					Enabled:       true,
+					Sources:       []string{"groupB"},
+					Destinations:  []string{"groupA"},
+					Bidirectional: true,
+					Action:        PolicyTrafficActionAccept,
+				},
+			},
+			SourcePostureChecks: []string{postureCheck.ID},
+		}
+		err = manager.SavePolicy(context.Background(), account.Id, userID, &policy, true)
+		assert.NoError(t, err)
+
+		done := make(chan struct{})
+		go func() {
+			peerShouldReceiveUpdate(t, updMsg)
+			close(done)
+		}()
+
+		postureCheck.Checks = posture.ChecksDefinition{
+			NBVersionCheck: &posture.NBVersionCheck{
+				MinVersion: "0.29.0",
+			},
+		}
+		err := manager.SavePostureChecks(context.Background(), account.Id, userID, &postureCheck)
+		assert.NoError(t, err)
+
+		select {
+		case <-done:
+		case <-time.After(time.Second):
+			t.Error("timeout waiting for peerShouldReceiveUpdate")
+		}
+	})
+
+	// Updating linked posture check to policy where source has peers but destination does not,
+	// should trigger account peers update and send peer update
+	t.Run("updating linked posture check to policy where source has peers but destination does not", func(t *testing.T) {
+		policy = Policy{
+			ID:      "policyB",
+			Enabled: true,
+			Rules: []*PolicyRule{
+				{
+					Enabled:       true,
+					Sources:       []string{"groupA"},
+					Destinations:  []string{"groupB"},
+					Bidirectional: true,
+					Action:        PolicyTrafficActionAccept,
+				},
+			},
+			SourcePostureChecks: []string{postureCheck.ID},
+		}
+		err = manager.SavePolicy(context.Background(), account.Id, userID, &policy, true)
+		assert.NoError(t, err)
+
+		done := make(chan struct{})
+		go func() {
+			peerShouldReceiveUpdate(t, updMsg)
+			close(done)
+		}()
+
+		postureCheck.Checks = posture.ChecksDefinition{
+			NBVersionCheck: &posture.NBVersionCheck{
+				MinVersion: "0.29.0",
+			},
+		}
+		err := manager.SavePostureChecks(context.Background(), account.Id, userID, &postureCheck)
 		assert.NoError(t, err)

 		select {