Summary
The tests/ directory exists but is completely empty. No integration or end-to-end tests exist.
What's Needed
Design and implement a test framework that can:
Test Types
- Smoke tests: Deploy micromize, verify it starts and loads gadgets
- Gadget behavior tests: Verify each gadget correctly blocks/audits:
fs-restrict: Execute a binary from a restricted path, verify it's blockedcap-restrict: Attempt a restricted capability operation, verify it's blockedptrace-restrict: Attempt ptrace, verify it's blocked
- Audit mode tests: Same operations in audit mode, verify events are logged but not blocked
- Exclusion tests: Verify excluded containers are not affected
Infrastructure Options
- Kind cluster for Kubernetes-based testing
- Docker-based for standalone testing
- Use Go test framework with
testing.T
- Consider BPF test tools or BPF_PROG_TEST_RUN
CI Integration
- These tests require privileged access and specific kernel versions
- Consider a separate CI workflow with self-hosted runners or VM-based runners
Files
tests/ (currently empty)gadgets/*/program.bpf.c
Summary
The
tests/directory exists but is completely empty. No integration or end-to-end tests exist.What's Needed
Design and implement a test framework that can:
Test Types
fs-restrict: Execute a binary from a restricted path, verify it's blockedcap-restrict: Attempt a restricted capability operation, verify it's blockedptrace-restrict: Attempt ptrace, verify it's blockedInfrastructure Options
testing.TCI Integration
Files
tests/(currently empty)gadgets/*/program.bpf.c