Add seccomp workloads list test

[kooomix]

PR Type

Tests, Enhancement

---

Description

• Added a new static method seccomp_profile_workloads_list in seccomp_tests.py for testing seccomp profiles.
• Introduced a new API endpoint API_SECCOMP_LIST and implemented get_seccomp_workloads_list method in backend_api.py.
• Defined constants for seccomp workloads statuses in statics.py.
• Created SeccompProfileList class in seccomp.py to handle seccomp profiles list testing, including methods for applying profiles and workloads, verification, and logging.
• Added deployment configurations for different seccomp profiles (missing, optimized, overly permissive) in the configurations/k8s_workloads/seccomp directory.
• Updated system_test_mapping.json to include the new test case seccomp_profile_workloads_list.

---

Changes walkthrough 📝

	Relevant files
Tests	7 files seccomp_tests.py Add seccomp profile workloads list test method                      configurations/system/tests_cases/seccomp_tests.py Added a new static method seccomp_profile_workloads_list for testing seccomp profiles. Defined expected statuses for different workloads. +22/-0    seccomp.py Add SeccompProfileList class for seccomp workloads list testing tests_scripts/helm/seccomp.py Added SeccompProfileList class for testing seccomp profiles list. Implemented methods to apply seccomp profiles and workloads. Added verification and logging methods for seccomp workloads list. +161/-1  alpine-seccomp-pod-missing.yaml Add deployment for pod with missing seccomp profile            configurations/k8s_workloads/seccomp/alpine-seccomp-pod-missing.yaml Added deployment configuration for a pod with missing seccomp profile. +18/-0    alpine-seccomp-pod-optimized.yaml Add deployment for pod with optimized seccomp profile        configurations/k8s_workloads/seccomp/alpine-seccomp-pod-optimized.yaml Added deployment configuration for a pod with an optimized seccomp profile. +23/-0    alpine-seccomp-pod-overly-permissive.yaml Add deployment for pod with overly permissive seccomp profile configurations/k8s_workloads/seccomp/alpine-seccomp-pod-overly-permissive.yaml Added deployment configuration for a pod with an overly permissive seccomp profile. +22/-0    seccomp-alpine-optimized.yaml Add seccomp profile for optimized alpine pod                          configurations/k8s_workloads/seccomp/seccomp-alpine-optimized.yaml Added seccomp profile configuration for an optimized alpine pod. +77/-0    seccomp-alpine-overly-permissive.yaml Add seccomp profile for overly permissive alpine pod          configurations/k8s_workloads/seccomp/seccomp-alpine-overly-permissive.yaml Added seccomp profile configuration for an overly permissive alpine pod. +90/-0
Enhancement	2 files backend_api.py Add API endpoint and method for seccomp workloads list      infrastructure/backend_api.py Added a new API endpoint API_SECCOMP_LIST. Implemented get_seccomp_workloads_list method to fetch seccomp workloads list. +13/-0    statics.py Define constants for seccomp workloads statuses                    systest_utils/statics.py Added constants for seccomp workloads statuses. +9/-0
Configuration changes	1 files system_test_mapping.json Update test mapping with seccomp profile workloads list    system_test_mapping.json Added a new test case seccomp_profile_workloads_list to the test mapping. +18/-1

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[codiumai-pr-agent-free]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review [1-5]	4
🧪 Relevant tests	Yes
🔒 Security concerns	No
⚡ Key issues to review	Possible Bug: The method seccomp_profile_workloads_list in seccomp_tests.py uses multiple seccomp profiles and workloads, but the handling of the optimized profile seems to assume it might also be overly permissive due to blocked syscalls being recorded. This could lead to incorrect test results or misinterpretations of the seccomp profile's effectiveness.
	Code Clarity: The method verify_seccomp_workloads_list in SeccompProfileList class is complex and involves multiple nested loops and conditions. Simplifying this method or breaking it down into smaller, more manageable parts could improve maintainability and readability.
	Error Handling: In get_seccomp_workloads_list method in backend_api.py, the exception handling is broad. It might be beneficial to handle specific exceptions or errors related to HTTP requests or JSON parsing to provide more detailed error information.

[github-actions]

Failed to generate code suggestions for PR

[codiumai-pr-agent-free]

PR Code Suggestions ✨

Category	Suggestion	Score
Best practice	Use a context manager to ensure proper resource management Consider using a context manager to ensure that resources are properly managed and released, especially when dealing with file operations or external resources. This can help prevent resource leaks and make the code more robust and easier to maintain. configurations/system/tests_cases/seccomp_tests.py [39-53] -return TestConfiguration( +with TestConfiguration( name=inspect.currentframe().f_code.co_name, seccomp_overly_permissive=join(statics.DEFAULT_SECCOMP_PATH, "seccomp-alpine-overly-permissive.yaml"), seccomp_optimized=join(statics.DEFAULT_SECCOMP_PATH, "seccomp-alpine-optimized.yaml"), workload_missing=join(statics.DEFAULT_SECCOMP_PATH, "alpine-seccomp-pod-missing.yaml"), workload_overly_permissive=join(statics.DEFAULT_SECCOMP_PATH, "alpine-seccomp-pod-overly-permissive.yaml"), workload_optimized=join(statics.DEFAULT_SECCOMP_PATH, "alpine-seccomp-pod-optimized.yaml"), expected={ "alpine-syscall-missing": {"profileStatuses": [statics.SECCOMP_STATUS_MISSING]}, "alpine-syscall-overly-permissive": {"profileStatuses": [statics.SECCOMP_STATUS_OVERLY_PERMISSIVE]}, "alpine-syscall-optimized": {"profileStatuses": [statics.SECCOMP_STATUS_OPTIMIZED, statics.SECCOMP_STATUS_MISCONFIGURED, statics.SECCOMP_STATUS_OVERLY_PERMISSIVE]}, }, - test_obj=SeccompProfileList) + test_obj=SeccompProfileList) as config: + return config Suggestion importance[1-10]: 3 Why: While using a context manager is a good practice for resource management, the current code does not seem to involve any resources that require explicit release or cleanup. The suggestion does not provide a significant improvement in this context.	3