test: update compliance reconcile tests

pkg/compliance/clustercompliancereport_test.go

@@ -98,12 +98,17 @@ var _ = ginkgo.Describe("cluster compliance report", func() {
 			Expect(res.RequeueAfter > 0).To(BeTrue())
 		})
 
-		ginkgo.It("check compliance compliance report status is updated following to change occur with cis-bench report", func() {
+		ginkgo.It("check compliance compliance report status is updated following to changes occur with cis-bench and config-audit report", func() {
 			// update cis-benchmark report with failed tests and compare update compliance report
-			var cisBench v1alpha1.CISKubeBenchReport
-			err = loadResource("./testdata/fixture/cisBenchmarkReportUpdate.json", &cisBench)
+			var updatedCisBench v1alpha1.CISKubeBenchReport
+			err = loadResource("./testdata/fixture/cisBenchmarkReportUpdate.json", &updatedCisBench)
 			Expect(err).ToNot(HaveOccurred())
-			err = client.Update(context.Background(), &cisBench)
+			var caUpdated v1alpha1.ConfigAuditReport
+			err = loadResource("./testdata/fixture/configAuditReportUpdate.json", &caUpdated)
+			Expect(err).ToNot(HaveOccurred())
+			err = client.Update(context.Background(), &updatedCisBench)
+			Expect(err).ToNot(HaveOccurred())
+			err = client.Update(context.Background(), &caUpdated)
 			Expect(err).ToNot(HaveOccurred())
 			// wait for next cron interval
 			time.Sleep(4 * time.Second)
@@ -126,7 +131,7 @@ var _ = ginkgo.Describe("cluster compliance report", func() {
 		})
 	})
 
-	ginkgo.Context("reconcile compliance spec report without cis-bench anc audit-config data and validate compliance reports data", func() {
+	ginkgo.Context("reconcile compliance spec report without cis-bench and audit-config data and validate compliance reports data", func() {
 		var clusterComplianceSpec v1alpha1.ClusterComplianceReport
 		err := loadResource("./testdata/fixture/clusterComplianceSpec.json", &clusterComplianceSpec)
 		// create new client

pkg/compliance/testdata/fixture/clusterComplianceReportUpdate.json

@@ -485,8 +485,8 @@
   "status": {
     "updateTimestamp": "2022-03-09T08:52:44Z",
     "summary": {
-      "passCount": 1,
-      "failCount": 5
+      "passCount": 2,
+      "failCount": 4
     },
     "controlCheck": [
       {
@@ -661,8 +661,8 @@
         "id": "1.1",
         "name": "Immutable container file systems",
         "description": "Check that container root file system is immutable",
-        "passTotal": 0,
-        "failTotal": 3,
+        "passTotal": 1,
+        "failTotal": 2,
         "severity": "LOW"
       },
       {

pkg/compliance/testdata/fixture/configAuditReportUpdate.json

@@ -0,0 +1,119 @@
+{
+  "apiVersion": "aquasecurity.github.io/v1alpha1",
+  "kind": "ConfigAuditReport",
+  "metadata": {
+    "creationTimestamp": "2022-02-24T09:13:26Z",
+    "generation": 1,
+    "labels": {
+      "plugin-config-hash": "78bf5dccc5",
+      "resource-spec-hash": "65c6f56fd9",
+      "starboard.resource.kind": "Pod",
+      "starboard.resource.name": "rss-site",
+      "starboard.resource.namespace": "default"
+    },
+    "name": "pod-rss-site",
+    "namespace": "default",
+    "ownerReferences": [
+      {
+        "apiVersion": "v1",
+        "blockOwnerDeletion": false,
+        "controller": true,
+        "kind": "Pod",
+        "name": "rss-site",
+        "uid": "5cbf85d2-09f5-458a-9499-c65e71ff7610"
+      }
+    ],
+    "resourceVersion": "1153705",
+    "uid": "88a1ddd4-1f13-4222-9649-034f1a251458"
+  },
+  "report": {
+    "checks": [
+      {
+        "category": "Security",
+        "checkID": "KSV014",
+        "messages": [
+          "Container 'front-end' of Pod 'rss-site' should set 'securityContext.readOnlyRootFilesystem' to true"
+        ],
+        "severity": "danger",
+        "success": true
+      },
+      {
+        "category": "Security",
+        "checkID": "KSV014",
+        "messages": [
+          "Container 'rss-reader' of Pod 'rss-site' should set 'securityContext.readOnlyRootFilesystem' to true"
+        ],
+        "severity": "danger",
+        "success": false
+      },
+      {
+        "category": "Security",
+        "checkID": "KSV013",
+        "messages": [
+          "Container 'front-end' of Pod 'rss-site' should specify an image tag"
+        ],
+        "severity": "danger",
+        "success": false
+      },
+      {
+        "category": "Security",
+        "checkID": "KSV013",
+        "messages": [
+          "Container 'rss-reader' of Pod 'rss-site' should specify an image tag"
+        ],
+        "severity": "danger",
+        "success": false
+      }
+    ],
+    "containerChecks": {},
+    "podChecks": [
+      {
+        "category": "Security",
+        "checkID": "KSV014",
+        "messages": [
+          "Container 'front-end' of Pod 'rss-site' should set 'securityContext.readOnlyRootFilesystem' to true"
+        ],
+        "severity": "danger",
+        "success": false
+      },
+      {
+        "category": "Security",
+        "checkID": "KSV014",
+        "messages": [
+          "Container 'rss-reader' of Pod 'rss-site' should set 'securityContext.readOnlyRootFilesystem' to true"
+        ],
+        "severity": "danger",
+        "success": false
+      },
+      {
+        "category": "Security",
+        "checkID": "KSV013",
+        "messages": [
+          "Container 'front-end' of Pod 'rss-site' should specify an image tag"
+        ],
+        "severity": "danger",
+        "success": false
+      },
+      {
+        "category": "Security",
+        "checkID": "KSV013",
+        "messages": [
+          "Container 'rss-reader' of Pod 'rss-site' should specify an image tag"
+        ],
+        "severity": "danger",
+        "success": false
+      }
+    ],
+    "scanner": {
+      "name": "Conftest",
+      "vendor": "Open Policy Agent",
+      "version": "v0.28.2"
+    },
+    "summary": {
+      "dangerCount": 4,
+      "passCount": 0,
+      "warningCount": 0
+    },
+    "updateTimestamp": "2022-02-24T09:13:26Z"
+  }
+}