19377500035

Committed 14 Nov 2025 09:01PM UTC coverage: 80.078% (-0.2%) from 80.29%

Build # 19377500035

Build Type

Pull #22890

github

Committed by

web-flow

Commit Message

Merge 90397d509 into 42e1ebd41

Pull Request Pull Request #22890: Updated all python subsystem constraints to 3.14

Run Details

4 of 5 new or added lines in 5 files covered. (80.0%)

214 existing lines in 14 files now uncovered.

77661 of 96982 relevant lines covered (80.08%)

3.36 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

97.06

/src/python/pants/backend/helm/lint/trivy/trivy_integration_test.py

# Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
# Licensed under the Apache License, Version 2.0 (see LICENSE).
from textwrap import dedent

import pytest

import pants.backend.helm.dependency_inference.chart
import pants.backend.helm.dependency_inference.deployment
import pants.backend.helm.util_rules.chart
import pants.backend.helm.util_rules.tool
import pants.backend.tools.trivy.rules
from pants.backend.helm.lint.trivy.rules import (
    TrivyLintHelmChartRequest,
    TrivyLintHelmDeploymentRequest,
)
from pants.backend.helm.lint.trivy.rules import rules as trivy_helm_rules
from pants.backend.helm.target_types import (
    HelmChartFieldSet,
    HelmChartTarget,
    HelmDeploymentFieldSet,
    HelmDeploymentTarget,
)
from pants.backend.helm.testutil import (
    HELM_CHART_FILE,
    HELM_TEMPLATE_HELPERS_FILE,
    HELM_VALUES_FILE,
    K8S_SERVICE_TEMPLATE,
)
from pants.backend.helm.util_rules import post_renderer
from pants.backend.tools.semgrep.rules import PartitionMetadata
from pants.backend.tools.trivy.testutil import assert_trivy_output, trivy_config
from pants.core.goals import package
from pants.core.goals.lint import LintResult
from pants.engine.internals.native_engine import Address
from pants.engine.rules import QueryRule
from pants.testutil.rule_runner import RuleRunner

K8S_POD_TEMPLATE = """
---
apiVersion: v1
kind: Pod
metadata:
  name: privileged-pod
  labels:
    app: test-app
spec:
  containers:
  - name: test-container
    image: nginx:latest
    securityContext:
      privileged: true
      capabilities:
        add: ["ALL"] # Explicitly add all capabilities
        drop: {{ .Values.drop }}     # Parametrisation allows us to fix this in the deployment
"""


@pytest.fixture
def rule_runner() -> RuleRunner:
    rule_runner = RuleRunner(
        target_types=[HelmChartTarget, HelmDeploymentTarget],
        rules=[
            # Trivy rules
            *pants.backend.tools.trivy.rules.rules(),
            *trivy_helm_rules(),
            # Helm rules
            *pants.backend.helm.dependency_inference.deployment.rules(),
            *post_renderer.rules(),
            *pants.backend.helm.util_rules.chart.rules(),
            *pants.backend.helm.util_rules.tool.rules(),
            # Core rules
            *package.rules(),
            # Query
            QueryRule(LintResult, (TrivyLintHelmChartRequest.Batch,)),
            QueryRule(LintResult, (TrivyLintHelmDeploymentRequest.Batch,)),
        ],
    )

    rule_runner.write_files(
        {
            "src/mychart/BUILD": dedent(
                """
            helm_chart(name="mychart"),
            helm_deployment(
                name="mydeployment",
                chart=":mychart",
                values={
                    "drop": "[ALL]"
                }
            ),
        """
            ),
            "src/mychart/Chart.yaml": HELM_CHART_FILE,
            "src/mychart/values.yaml": HELM_VALUES_FILE,
            "src/mychart/templates/_helpers.tpl": HELM_TEMPLATE_HELPERS_FILE,
            "src/mychart/templates/service.yaml": K8S_SERVICE_TEMPLATE,
            "src/mychart/templates/pod.yaml": K8S_POD_TEMPLATE,
            "trivy.yaml": trivy_config,
        }
    )
    rule_runner.set_options(("--helm-infer-external-docker-images=['nginx:latest']",))

    return rule_runner


def test_trivy_lint_chart(rule_runner: RuleRunner) -> None:
    tgt = rule_runner.get_target(Address("src/mychart", target_name="mychart"))

    result = rule_runner.request(
        LintResult,
        [
            TrivyLintHelmChartRequest.Batch(
                "helm", (HelmChartFieldSet.create(tgt),), PartitionMetadata
            )
        ],
    )

    assert_trivy_output(result, 1, "mychart/templates/pod.yaml", "config", 16)


def test_trivy_lint_deployment(rule_runner: RuleRunner) -> None:
    tgt = rule_runner.get_target(Address("src/mychart", target_name="mydeployment"))

    result = rule_runner.request(
        LintResult,
        [
            TrivyLintHelmDeploymentRequest.Batch(
                "helm", (HelmDeploymentFieldSet.create(tgt),), PartitionMetadata
            )
        ],
    )

    assert_trivy_output(result, 1, "mychart/templates/pod.yaml", "config", 15)

1	# Copyright 2024 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
3	from textwrap import dedent	1✔
4
5	import pytest	1✔
6
7	import pants.backend.helm.dependency_inference.chart	1✔
8	import pants.backend.helm.dependency_inference.deployment	1✔
9	import pants.backend.helm.util_rules.chart	1✔
10	import pants.backend.helm.util_rules.tool	1✔
11	import pants.backend.tools.trivy.rules	1✔
12	from pants.backend.helm.lint.trivy.rules import (	1✔
13	TrivyLintHelmChartRequest,
14	TrivyLintHelmDeploymentRequest,
15	)
16	from pants.backend.helm.lint.trivy.rules import rules as trivy_helm_rules	1✔
17	from pants.backend.helm.target_types import (	1✔
18	HelmChartFieldSet,
19	HelmChartTarget,
20	HelmDeploymentFieldSet,
21	HelmDeploymentTarget,
22	)
23	from pants.backend.helm.testutil import (	1✔
24	HELM_CHART_FILE,
25	HELM_TEMPLATE_HELPERS_FILE,
26	HELM_VALUES_FILE,
27	K8S_SERVICE_TEMPLATE,
28	)
29	from pants.backend.helm.util_rules import post_renderer	1✔
30	from pants.backend.tools.semgrep.rules import PartitionMetadata	1✔
31	from pants.backend.tools.trivy.testutil import assert_trivy_output, trivy_config	1✔
32	from pants.core.goals import package	1✔
33	from pants.core.goals.lint import LintResult	1✔
34	from pants.engine.internals.native_engine import Address	1✔
35	from pants.engine.rules import QueryRule	1✔
36	from pants.testutil.rule_runner import RuleRunner	1✔
37
38	K8S_POD_TEMPLATE = """	1✔
39	---
40	apiVersion: v1
41	kind: Pod
42	metadata:
43	name: privileged-pod
44	labels:
45	app: test-app
46	spec:
47	containers:
48	- name: test-container
49	image: nginx:latest
50	securityContext:
51	privileged: true
52	capabilities:
53	add: ["ALL"] # Explicitly add all capabilities
54	drop: {{ .Values.drop }} # Parametrisation allows us to fix this in the deployment
55	"""
56
57
58	@pytest.fixture	1✔
59	def rule_runner() -> RuleRunner:	1✔
60	rule_runner = RuleRunner(	1✔
61	target_types=[HelmChartTarget, HelmDeploymentTarget],
62	rules=[
63	# Trivy rules
64	*pants.backend.tools.trivy.rules.rules(),
65	*trivy_helm_rules(),
66	# Helm rules
67	*pants.backend.helm.dependency_inference.deployment.rules(),
68	*post_renderer.rules(),
69	*pants.backend.helm.util_rules.chart.rules(),
70	*pants.backend.helm.util_rules.tool.rules(),
71	# Core rules
72	*package.rules(),
73	# Query
74	QueryRule(LintResult, (TrivyLintHelmChartRequest.Batch,)),
75	QueryRule(LintResult, (TrivyLintHelmDeploymentRequest.Batch,)),
76	],
77	)
78
79	rule_runner.write_files(	1✔
80	{
81	"src/mychart/BUILD": dedent(
82	"""
83	helm_chart(name="mychart"),
84	helm_deployment(
85	name="mydeployment",
86	chart=":mychart",
87	values={
88	"drop": "[ALL]"
89	}
90	),
91	"""
92	),
93	"src/mychart/Chart.yaml": HELM_CHART_FILE,
94	"src/mychart/values.yaml": HELM_VALUES_FILE,
95	"src/mychart/templates/_helpers.tpl": HELM_TEMPLATE_HELPERS_FILE,
96	"src/mychart/templates/service.yaml": K8S_SERVICE_TEMPLATE,
97	"src/mychart/templates/pod.yaml": K8S_POD_TEMPLATE,
98	"trivy.yaml": trivy_config,
99	}
100	)
101	rule_runner.set_options(("--helm-infer-external-docker-images=['nginx:latest']",))	1✔
102
103	return rule_runner	1✔
104
105
106	def test_trivy_lint_chart(rule_runner: RuleRunner) -> None:	1✔
107	tgt = rule_runner.get_target(Address("src/mychart", target_name="mychart"))	1✔
108
109	result = rule_runner.request(	1✔
110	LintResult,
111	[
112	TrivyLintHelmChartRequest.Batch(
113	"helm", (HelmChartFieldSet.create(tgt),), PartitionMetadata
114	)
115	],
116	)
117
118	assert_trivy_output(result, 1, "mychart/templates/pod.yaml", "config", 16)	1✔
119
120
121	def test_trivy_lint_deployment(rule_runner: RuleRunner) -> None:	1✔
122	tgt = rule_runner.get_target(Address("src/mychart", target_name="mydeployment"))	1✔
123
124	result = rule_runner.request(	1✔
125	LintResult,
126	[
127	TrivyLintHelmDeploymentRequest.Batch(
128	"helm", (HelmDeploymentFieldSet.create(tgt),), PartitionMetadata
129	)
130	],
131	)
132
UNCOV 133	assert_trivy_output(result, 1, "mychart/templates/pod.yaml", "config", 15)	×

pantsbuild / pants / 19377500035

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous