add unit test (#9894)

* add unit test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* revert change

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

---------

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

pkg/engine/handlers/validation/validate_pss_test.go

@@ -0,0 +1,122 @@
+package validation
+
+import (
+	"testing"
+
+	pssutils "github.com/kyverno/kyverno/pkg/pss/utils"
+	"github.com/kyverno/kyverno/pkg/utils/api"
+	imageutils "github.com/kyverno/kyverno/pkg/utils/image"
+	"github.com/stretchr/testify/assert"
+	"k8s.io/pod-security-admission/policy"
+)
+
+var testImages map[string]map[string]api.ImageInfo = map[string]map[string]api.ImageInfo{
+	"initContainers": {
+		"busybox": {
+			ImageInfo: imageutils.ImageInfo{
+				Registry:         "index.docker.io",
+				Name:             "busybox",
+				Path:             "busybox",
+				Tag:              "v1.2.3",
+				Reference:        "index.docker.io/busybox:v1.2.3",
+				ReferenceWithTag: "index.docker.io/busybox:v1.2.3",
+			},
+			Pointer: "/spec/initContainers/0/image",
+		},
+	},
+	"containers": {
+		"nginx": {
+			ImageInfo: imageutils.ImageInfo{
+				Registry:         "docker.io",
+				Name:             "nginx",
+				Path:             "nginx",
+				Tag:              "v13.4",
+				Reference:        "docker.io/nginx:v13.4",
+				ReferenceWithTag: "docker.io/nginx:v13.4",
+			},
+			Pointer: "/spec/containers/0/image",
+		},
+	},
+	"ephemeralContainers": {
+		"nginx2": {
+			ImageInfo: imageutils.ImageInfo{
+				Registry:         "docker.io",
+				Name:             "nginx2",
+				Path:             "test/nginx",
+				Tag:              "latest",
+				Reference:        "docker.io/test/nginx:latest",
+				ReferenceWithTag: "docker.io/test/nginx:latest",
+			},
+			Pointer: "/spec/ephemeralContainers/0/image",
+		},
+	},
+}
+
+var testChecks []pssutils.PSSCheckResult = []pssutils.PSSCheckResult{
+	{
+		ID: "0",
+		CheckResult: policy.CheckResult{
+			Allowed:         false,
+			ForbiddenReason: "---",
+			ForbiddenDetail: "containers \"nginx\", \"busybox\" must set securityContext.allowPrivilegeEscalation=false",
+		},
+	},
+	{
+		ID: "1",
+		CheckResult: policy.CheckResult{
+			Allowed:         false,
+			ForbiddenReason: "---",
+			ForbiddenDetail: "containers \"nginx\", \"busybox\" must set securityContext.capabilities.drop=[\"ALL\"]",
+		},
+	},
+	{
+		ID: "2",
+		CheckResult: policy.CheckResult{
+			Allowed:         false,
+			ForbiddenReason: "---",
+			ForbiddenDetail: "pod or containers \"nginx\", \"busybox\" must set securityContext.runAsNonRoot=true",
+		},
+	},
+	{
+		ID: "3",
+		CheckResult: policy.CheckResult{
+			Allowed:         false,
+			ForbiddenReason: "---",
+			ForbiddenDetail: "pod or containers \"nginx\", \"busybox\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\"",
+		},
+	},
+	{
+		ID: "4",
+		CheckResult: policy.CheckResult{
+			Allowed:         false,
+			ForbiddenReason: "---",
+			ForbiddenDetail: "pod or container \"nginx\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\"",
+		},
+	},
+	{
+		ID: "5",
+		CheckResult: policy.CheckResult{
+			Allowed:         false,
+			ForbiddenReason: "---",
+			ForbiddenDetail: "container \"nginx2\" must set securityContext.allowPrivilegeEscalation=false",
+		},
+	},
+}
+
+func Test_addImages(t *testing.T) {
+	checks := testChecks
+	imageInfos := testImages
+	updatedChecks := addImages(checks, imageInfos)
+
+	assert.Equal(t, len(checks), len(updatedChecks))
+	assert.Equal(t, []string{"docker.io/nginx:v13.4", "index.docker.io/busybox:v1.2.3"}, updatedChecks[0].Images)
+	assert.Equal(t, []string{"docker.io/nginx:v13.4", "index.docker.io/busybox:v1.2.3"}, updatedChecks[1].Images)
+	assert.Equal(t, []string{"docker.io/nginx:v13.4", "index.docker.io/busybox:v1.2.3"}, updatedChecks[2].Images)
+	assert.Equal(t, []string{"docker.io/nginx:v13.4", "index.docker.io/busybox:v1.2.3"}, updatedChecks[3].Images)
+	assert.Equal(t, []string{"docker.io/nginx:v13.4"}, updatedChecks[4].Images)
+	assert.Equal(t, []string{"docker.io/test/nginx:latest"}, updatedChecks[5].Images)
+
+	delete(imageInfos, "ephemeralContainers")
+	updatedChecks = addImages(checks, imageInfos)
+	assert.Equal(t, []string{"nginx2"}, updatedChecks[5].Images)
+}