@rancher/shell 3.0.12-rc.2 → 3.0.12-rc.3

package/utils/__tests__/xccdf.test.ts

@@ -0,0 +1,391 @@
+import { generateXCCDF, generateXCCDFPerNode } from '@shell/utils/xccdf';
+
+describe('xccdf util: generateXCCDF', () => {
+  const baseReport = {
+    version: '1.0',
+    total:   2,
+    pass:    1,
+    nodes:   { master: ['node-a'], node: ['node-b'] },
+    results: [{
+      id:          '5.1',
+      description: 'RBAC and Service Accounts',
+      checks:      [{
+        id:          '5.1.1',
+        description: 'Ensure that the cluster-admin role is only used where required',
+        audit:       'kubectl get clusterrolebindings',
+        remediation: 'Identify all clusterrolebindings to the cluster-admin role',
+        scored:      true,
+        state:       'pass',
+      }, {
+        id:          '5.1.2',
+        description: 'Minimize access to secrets',
+        audit:       'kubectl get roles',
+        remediation: 'Where possible, remove get, list and watch access to Secret objects',
+        scored:      false,
+        state:       'fail',
+      }],
+    }],
+  };
+
+  it('produces an XML document with an XML header and a Benchmark root', () => {
+    const xml = generateXCCDF({ report: baseReport, benchmarkVersion: 'cis-1.7' });
+
+    expect(xml).toMatch(/^<\?xml version="1\.0" encoding="UTF-8"\?>/);
+    expect(xml).toContain('<Benchmark');
+    expect(xml).toContain('xmlns="http://checklists.nist.gov/xccdf/1.2"');
+    expect(xml).toContain('id="xccdf_compliance-operator_benchmark_kubernetes"');
+  });
+
+  it('uses the metadata title when provided, otherwise falls back to a CIS title from benchmarkVersion', () => {
+    const fallback = generateXCCDF({ report: baseReport, benchmarkVersion: 'cis-1.7' });
+
+    expect(fallback).toContain('<title>Kubernetes CIS Benchmark cis-1.7</title>');
+
+    const withTitle = generateXCCDF({
+      report:           baseReport,
+      benchmarkVersion: 'cis-1.7',
+      metadata:         { title: 'Custom Benchmark Title' },
+    });
+
+    expect(withTitle).toContain('<title>Custom Benchmark Title</title>');
+  });
+
+  it('emits one Group per result and one Rule per check', () => {
+    const xml = generateXCCDF({ report: baseReport, benchmarkVersion: 'cis-1.7' });
+
+    expect(xml).toContain('<Group id="5.1">');
+    expect(xml).toContain('id="xccdf_compliance-operator_rule_5.1.1"');
+    expect(xml).toContain('id="xccdf_compliance-operator_rule_5.1.2"');
+  });
+
+  it('maps state values to XCCDF result strings', () => {
+    const report = {
+      ...baseReport,
+      results: [{
+        id:          '1',
+        description: 'g',
+        checks:      [
+          {
+            id: 'a', description: 'a', state: 'pass' as const
+          },
+          {
+            id: 'b', description: 'b', state: 'fail' as const
+          },
+          {
+            id: 'c', description: 'c', state: 'skip' as const
+          },
+          {
+            id: 'd', description: 'd', state: 'warn' as const
+          },
+          {
+            id: 'e', description: 'e', state: 'notApplicable' as const
+          },
+        ],
+      }],
+    };
+
+    const xml = generateXCCDF({ report, benchmarkVersion: 'cis-1.7' });
+
+    expect(xml).toContain('<result>pass</result>');
+    expect(xml).toContain('<result>fail</result>');
+    expect(xml).toContain('<result>notselected</result>');
+    expect(xml).toContain('<result>informational</result>');
+    expect(xml).toContain('<result>notapplicable</result>');
+  });
+
+  it('marks scored checks with severity=medium and weight=10; unscored as low and 0', () => {
+    const xml = generateXCCDF({ report: baseReport, benchmarkVersion: 'cis-1.7' });
+
+    expect(xml).toMatch(/id="xccdf_compliance-operator_rule_5\.1\.1"[^>]*severity="medium"/);
+    expect(xml).toMatch(/id="xccdf_compliance-operator_rule_5\.1\.1"[^>]*weight="10"/);
+    expect(xml).toMatch(/id="xccdf_compliance-operator_rule_5\.1\.2"[^>]*severity="low"/);
+    expect(xml).toMatch(/id="xccdf_compliance-operator_rule_5\.1\.2"[^>]*weight="0"/);
+  });
+
+  it('computes score as pass/total*100, formatted to one decimal', () => {
+    const xml = generateXCCDF({ report: baseReport, benchmarkVersion: 'cis-1.7' });
+
+    expect(xml).toMatch(/<score[^>]*maximum="100\.0"[^>]*>50\.0<\/score>/);
+  });
+
+  it('returns score 0.0 when total is 0', () => {
+    const xml = generateXCCDF({
+      report: {
+        ...baseReport, total: 0, pass: 0, results: [],
+      },
+      benchmarkVersion: 'cis-1.7',
+    });
+
+    expect(xml).toMatch(/<score[^>]*>0\.0<\/score>/);
+  });
+
+  it('uses report.nodes for <target> elements when no clusterName is set', () => {
+    const xml = generateXCCDF({ report: baseReport, benchmarkVersion: 'cis-1.7' });
+
+    expect(xml).toContain('<target>node-a</target>');
+    expect(xml).toContain('<target>node-b</target>');
+  });
+
+  it('clusterName argument overrides metadata.clusterName and node-derived targets', () => {
+    const xml = generateXCCDF({
+      report:           baseReport,
+      benchmarkVersion: 'cis-1.7',
+      metadata:         { clusterName: 'from-metadata' },
+      clusterName:      'from-arg',
+    });
+
+    expect(xml).toContain('<target>from-arg</target>');
+    expect(xml).not.toContain('<target>from-metadata</target>');
+    expect(xml).not.toContain('<target>node-a</target>');
+  });
+
+  it('falls back to "not-applicable" for missing target addresses and target facts', () => {
+    const xml = generateXCCDF({ report: baseReport, benchmarkVersion: 'cis-1.7' });
+
+    expect(xml).toContain('<target-address>not-applicable</target-address>');
+    expect(xml).toContain('<fact name="not-applicable" type="string">not-applicable</fact>');
+  });
+
+  it('emits a single placeholder Group when results is empty', () => {
+    const xml = generateXCCDF({
+      report: {
+        version: '1.0', total: 0, pass: 0, results: [],
+      },
+      benchmarkVersion: 'cis-1.7',
+    });
+
+    expect(xml).toContain('<Group id="not-applicable">');
+  });
+
+  it('uses STIG metadata to override rule id, version, severity, fix, check system, and CCI idents', () => {
+    const xml = generateXCCDF({
+      report: {
+        ...baseReport,
+        results: [{
+          id:          'g1',
+          description: 'g',
+          checks:      [{
+            id: 'V-254553-TLS-apiserver', description: 'STIG check', scored: true, state: 'pass',
+          }],
+        }],
+      },
+      benchmarkVersion: 'rke2-stig-1.31',
+      stigChecks:       {
+        'V-254553': {
+          ruleId: 'SV-254553r1016525_rule', version: 'SV-254553r1016525_rule', severity: 'high', fixId: 'F-254553', checkId: 'C-254553', cci: ['CCI-000366'],
+        },
+      },
+    });
+
+    expect(xml).toContain('idref="SV-254553r1016525_rule_TLS-apiserver"');
+    expect(xml).toContain('severity="high"');
+    expect(xml).toContain('<ident system="http://cyber.mil/cci">CCI-000366</ident>');
+    expect(xml).toContain('fixref="F-254553"');
+    expect(xml).toContain('<check system="C-254553">');
+  });
+
+  it('preserves the operator-style rule id when there is no STIG metadata', () => {
+    const xml = generateXCCDF({
+      report:           baseReport,
+      benchmarkVersion: 'cis-1.7',
+    });
+
+    expect(xml).toContain('id="xccdf_compliance-operator_rule_5.1.1"');
+  });
+});
+
+describe('xccdf util: generateXCCDFPerNode', () => {
+  const multiNodeReport = {
+    version: '1.0',
+    total:   3,
+    pass:    1,
+    nodes:   { master: ['m-1'], node: ['w-1', 'w-2'] },
+    results: [{
+      id:          '1.1',
+      description: 'Master Node Configuration',
+      checks:      [{
+        id:          '1.1.1',
+        description: 'master check',
+        scored:      true,
+        state:       'pass' as const,
+      }],
+    }, {
+      id:          '4.1',
+      description: 'Worker Node Configuration',
+      checks:      [{
+        id:          '4.1.1',
+        description: 'mixed check',
+        scored:      true,
+        state:       'mixed' as const,
+        nodes:       ['w-2'],
+      }, {
+        id:          '4.1.2',
+        description: 'failing check',
+        scored:      false,
+        state:       'fail' as const,
+      }],
+    }],
+  };
+
+  it('emits a single <target> equal to the hostname', () => {
+    const xml = generateXCCDFPerNode({
+      report: multiNodeReport, benchmarkVersion: 'cis-1.7', hostname: 'w-1', role: 'node',
+    });
+
+    expect(xml).toContain('<target>w-1</target>');
+    expect(xml).not.toContain('<target>w-2</target>');
+    expect(xml).not.toContain('<target>m-1</target>');
+  });
+
+  it('assigns each per-node document a TestResult id suffixed with the hostname so co-loaded files do not collide', () => {
+    const a = generateXCCDFPerNode({
+      report: multiNodeReport, benchmarkVersion: 'cis-1.7', hostname: 'w-1', role: 'node',
+    });
+    const b = generateXCCDFPerNode({
+      report: multiNodeReport, benchmarkVersion: 'cis-1.7', hostname: 'w-2', role: 'node',
+    });
+
+    expect(a).toContain('<TestResult id="xccdf_compliance-operator_testresult_1_w-1"');
+    expect(b).toContain('<TestResult id="xccdf_compliance-operator_testresult_1_w-2"');
+    expect(a).not.toContain('id="xccdf_compliance-operator_testresult_1_w-2"');
+  });
+
+  it('emits every rule from the cluster report regardless of role', () => {
+    const workerXml = generateXCCDFPerNode({
+      report: multiNodeReport, benchmarkVersion: 'cis-1.7', hostname: 'w-1', role: 'node',
+    });
+    const masterXml = generateXCCDFPerNode({
+      report: multiNodeReport, benchmarkVersion: 'cis-1.7', hostname: 'm-1', role: 'master',
+    });
+
+    [workerXml, masterXml].forEach((xml) => {
+      expect(xml).toContain('xccdf_compliance-operator_rule_1.1.1');
+      expect(xml).toContain('xccdf_compliance-operator_rule_4.1.1');
+      expect(xml).toContain('xccdf_compliance-operator_rule_4.1.2');
+    });
+  });
+
+  it('maps mixed-state checks to fail for dissenting hosts and pass for the rest', () => {
+    const dissenter = generateXCCDFPerNode({
+      report: multiNodeReport, benchmarkVersion: 'cis-1.7', hostname: 'w-2', role: 'node',
+    });
+    const compliant = generateXCCDFPerNode({
+      report: multiNodeReport, benchmarkVersion: 'cis-1.7', hostname: 'w-1', role: 'node',
+    });
+
+    expect(dissenter).toMatch(/idref="xccdf_compliance-operator_rule_4\.1\.1"[\s\S]*?<result>fail<\/result>/);
+    expect(compliant).toMatch(/idref="xccdf_compliance-operator_rule_4\.1\.1"[\s\S]*?<result>pass<\/result>/);
+  });
+
+  it('treats mixed-state checks with no dissent list as pass for all nodes', () => {
+    const report = {
+      ...multiNodeReport,
+      results: [{
+        id:          '4.1',
+        description: 'g',
+        checks:      [{
+          id: '4.1.9', description: 'm', state: 'mixed' as const,
+        }],
+      }],
+    };
+    const xml = generateXCCDFPerNode({
+      report, benchmarkVersion: 'cis-1.7', hostname: 'w-1', role: 'node',
+    });
+
+    expect(xml).toMatch(/idref="xccdf_compliance-operator_rule_4\.1\.9"[\s\S]*?<result>pass<\/result>/);
+  });
+
+  it('recomputes pass count per node while preserving cluster total as the scoring denominator', () => {
+    const report = {
+      version: '1.0',
+      total:   2,
+      pass:    1,
+      nodes:   { node: ['w-1', 'w-2'] },
+      results: [{
+        id:          '1',
+        description: 'g',
+        checks:      [
+          {
+            id: 'a', description: 'a', state: 'pass' as const
+          },
+          {
+            id: 'b', description: 'b', state: 'mixed' as const, nodes: ['w-2'],
+          },
+        ],
+      }],
+    };
+    const compliant = generateXCCDFPerNode({
+      report, benchmarkVersion: 'cis-1.7', hostname: 'w-1', role: 'node',
+    });
+    const dissenter = generateXCCDFPerNode({
+      report, benchmarkVersion: 'cis-1.7', hostname: 'w-2', role: 'node',
+    });
+
+    expect(compliant).toMatch(/<score[^>]*>100\.0<\/score>/);
+    expect(dissenter).toMatch(/<score[^>]*>50\.0<\/score>/);
+  });
+
+  it('preserves full rule metadata (title, fixtext, idents, check) from the cluster report', () => {
+    const report = {
+      version: '1.0',
+      total:   1,
+      pass:    1,
+      nodes:   { node: ['w-1'] },
+      results: [{
+        id:          'V-254554',
+        description: 'controller manager group',
+        checks:      [{
+          id:          'V-254554',
+          description: 'use-service-account-credentials',
+          audit:       '/bin/ps -fC kube-controller-manager',
+          remediation: 'set use-service-account-credentials=true',
+          scored:      true,
+          state:       'pass' as const,
+        }],
+      }],
+    };
+    const xml = generateXCCDFPerNode({
+      report, benchmarkVersion: 'rke2-stig-1.31-rgs', hostname: 'w-1', role: 'node',
+    });
+
+    expect(xml).toContain('<Group id="V-254554">');
+    expect(xml).toContain('<check-content>/bin/ps -fC kube-controller-manager</check-content>');
+    expect(xml).toContain('set use-service-account-credentials=true');
+  });
+
+  it('passes through non-mixed states unchanged', () => {
+    const report = {
+      ...multiNodeReport,
+      results: [{
+        id:          '4.1',
+        description: 'g',
+        checks:      [
+          {
+            id: 'a', description: 'a', state: 'pass' as const
+          },
+          {
+            id: 'b', description: 'b', state: 'fail' as const
+          },
+          {
+            id: 'c', description: 'c', state: 'skip' as const
+          },
+          {
+            id: 'd', description: 'd', state: 'warn' as const
+          },
+          {
+            id: 'e', description: 'e', state: 'notApplicable' as const
+          },
+        ],
+      }],
+    };
+    const xml = generateXCCDFPerNode({
+      report, benchmarkVersion: 'cis-1.7', hostname: 'w-1', role: 'node',
+    });
+
+    expect(xml).toContain('<result>pass</result>');
+    expect(xml).toContain('<result>fail</result>');
+    expect(xml).toContain('<result>notselected</result>');
+    expect(xml).toContain('<result>informational</result>');
+    expect(xml).toContain('<result>notapplicable</result>');
+  });
+});

package/utils/chart.js

@@ -1,6 +1,9 @@
 import semver from 'semver';
 import { compare } from '@shell/utils/version';
 import { compatibleVersionsFor } from '@shell/store/catalog';
+import {
+  CHART, REPO, REPO_TYPE, VERSION, DEPRECATED
+} from '@shell/config/query-params';
 
 /**
  * Compares two chart versions using SemVer logic, with special handling for Rancher's "up" build metadata.
@@ -80,3 +83,36 @@ export function getLatestCompatibleVersion(chart, workerOSs, showPrerelease) {
 
   return (compatible.length ? compatible[0] : chart.versions[0]) || {};
 }
+
+/**
+ * Builds the route URL for the standalone chart readme page.
+ *
+ * The helper maps chart context into query params so the readme page can fetch
+ * version info directly (instead of relying on local/session storage transfer).
+ */
+export function getStandaloneReadmeUrl(router, {
+  cluster,
+  repoType,
+  repoName,
+  chartName,
+  versionName,
+  deprecated,
+  showAppReadme = true,
+  hideReadmeFirstTitle = true,
+} = {}) {
+  const { href } = router.resolve({
+    name:   'readme',
+    params: { cluster },
+    query:  {
+      [REPO_TYPE]:          repoType,
+      [REPO]:               repoName,
+      [CHART]:              chartName,
+      [VERSION]:            versionName,
+      [DEPRECATED]:         deprecated,
+      showAppReadme:        String(showAppReadme),
+      hideReadmeFirstTitle: String(hideReadmeFirstTitle),
+    }
+  });
+
+  return href;
+}

package/utils/fleet.ts

@@ -33,6 +33,13 @@ function conditionIsTrue(conditions: Condition[] | undefined, type: string): boo
 }
 
 class Application {
+  /**
+   * gitrepos/helmops are already restricted to clusters in their own namespace
+   *
+   * this empty selector means all applicable clusters will be selected
+   */
+  includeAllWorkgroupRule = { clusterSelector: { matchExpressions: [] } }
+
   excludeHarvesterRule = {
     clusterSelector: {
       matchExpressions: [{
@@ -45,7 +52,7 @@ class Application {
     },
   };
 
-  getTargetMode(targets: Target[], namespace: string): TargetMode {
+  getTargetMode(targets: Target[], namespace: string, areHarvesterHostsVisible: boolean): TargetMode {
     if (namespace === 'fleet-local') {
       return 'local';
     }
@@ -83,8 +90,11 @@ class Application {
       return target;
     });
 
-    // Check if targets contains only harvester rule after name normalizing
-    if (isEqual(normalized, [this.excludeHarvesterRule])) {
+    // Check if targets contains only harvester rule or no rule at all after name normalizing
+    // That means the ALL option has been selected previously
+    // one case for feature harvester-baremetal-container-workload ON
+    // and another for feature harvester-baremetal-container-workload OFF
+    if (isEqual(normalized, [this.includeAllWorkgroupRule]) || isEqual(normalized, [this.excludeHarvesterRule])) {
       mode = 'all';
     }
 

package/utils/gatekeeper/__tests__/util.test.ts

@@ -0,0 +1,174 @@
+import { findTemplateType, findAllConstraintTypes, findAllTemplates, findAllConstraints } from '../util';
+import { GATEKEEPER, SCHEMA } from '@shell/config/types';
+
+describe('gatekeeper/util.js', () => {
+  describe('findTemplateType', () => {
+    it('returns the schema id when a matching schema exists', () => {
+      const schemas = [
+        {
+          id:         'templates.gatekeeper.sh.constrainttemplate',
+          attributes: { group: 'templates.gatekeeper.sh', kind: 'ConstraintTemplate' },
+        },
+      ];
+
+      expect(findTemplateType(schemas)).toStrictEqual('templates.gatekeeper.sh.constrainttemplate');
+    });
+
+    it('returns undefined when no schemas match', () => {
+      const schemas = [
+        {
+          id:         'other.group.somekind',
+          attributes: { group: 'other.group', kind: 'SomeKind' },
+        },
+      ];
+
+      expect(findTemplateType(schemas)).toBeUndefined();
+    });
+
+    it('returns undefined for an empty schemas array', () => {
+      expect(findTemplateType([])).toBeUndefined();
+    });
+
+    it('matches only on the correct group and kind together', () => {
+      const schemas = [
+        {
+          id:         'templates.gatekeeper.sh.other',
+          attributes: { group: 'templates.gatekeeper.sh', kind: 'Other' },
+        },
+        {
+          id:         'other.group.constrainttemplate',
+          attributes: { group: 'other.group', kind: 'ConstraintTemplate' },
+        },
+      ];
+
+      expect(findTemplateType(schemas)).toBeUndefined();
+    });
+
+    it('returns undefined when schema has no attributes', () => {
+      const schemas = [{ id: 'some.id' }];
+
+      expect(findTemplateType(schemas)).toBeUndefined();
+    });
+
+    it('returns the first matching schema id when multiple matches exist', () => {
+      const schemas = [
+        {
+          id:         'first-match',
+          attributes: { group: 'templates.gatekeeper.sh', kind: 'ConstraintTemplate' },
+        },
+        {
+          id:         'second-match',
+          attributes: { group: 'templates.gatekeeper.sh', kind: 'ConstraintTemplate' },
+        },
+      ];
+
+      expect(findTemplateType(schemas)).toStrictEqual('first-match');
+    });
+
+    it('handles schemas with null attributes gracefully', () => {
+      const schemas = [
+        { id: 'null-attrs', attributes: null },
+        {
+          id:         'templates.gatekeeper.sh.constrainttemplate',
+          attributes: { group: 'templates.gatekeeper.sh', kind: 'ConstraintTemplate' },
+        },
+      ];
+
+      expect(findTemplateType(schemas)).toStrictEqual('templates.gatekeeper.sh.constrainttemplate');
+    });
+  });
+
+  describe('findAllConstraintTypes', () => {
+    it('returns constraint type schema ids filtered by constraints.gatekeeper.sh group', () => {
+      const schemas = [
+        { id: 'constraints.gatekeeper.sh.k8srequiredlabels', attributes: { group: 'constraints.gatekeeper.sh' } },
+        { id: 'constraints.gatekeeper.sh.k8sallowedrepos', attributes: { group: 'constraints.gatekeeper.sh' } },
+        { id: 'other.group.something', attributes: { group: 'other.group' } },
+      ];
+      const store = { getters: { [`cluster/all`]: () => schemas } };
+
+      const result = findAllConstraintTypes(store);
+
+      expect(result).toStrictEqual([
+        'constraints.gatekeeper.sh.k8srequiredlabels',
+        'constraints.gatekeeper.sh.k8sallowedrepos',
+      ]);
+    });
+
+    it('returns an empty array when no constraint schemas exist', () => {
+      const store = { getters: { [`cluster/all`]: () => [] } };
+
+      expect(findAllConstraintTypes(store)).toStrictEqual([]);
+    });
+
+    it('calls store.getters["cluster/all"] with SCHEMA constant', () => {
+      const mockAll = jest.fn().mockReturnValue([]);
+      const store = { getters: { [`cluster/all`]: mockAll } };
+
+      findAllConstraintTypes(store);
+
+      expect(mockAll).toHaveBeenCalledWith(SCHEMA);
+    });
+
+    it('filters out schemas with missing or non-matching group', () => {
+      const schemas = [
+        { id: 'no-attrs' },
+        { id: 'null-group', attributes: { group: null } },
+        { id: 'constraints.gatekeeper.sh.valid', attributes: { group: 'constraints.gatekeeper.sh' } },
+      ];
+      const store = { getters: { [`cluster/all`]: () => schemas } };
+
+      const result = findAllConstraintTypes(store);
+
+      expect(result).toStrictEqual(['constraints.gatekeeper.sh.valid']);
+    });
+  });
+
+  describe('findAllTemplates', () => {
+    it('dispatches cluster/findAll with the constraint template type', async() => {
+      const expectedResult = [{ id: GATEKEEPER.CONSTRAINT_TEMPLATE }];
+      const mockDispatch = jest.fn().mockResolvedValue(expectedResult);
+      const store = { dispatch: mockDispatch };
+
+      const result = await findAllTemplates(store);
+
+      expect(mockDispatch).toHaveBeenCalledWith('cluster/findAll', { type: GATEKEEPER.CONSTRAINT_TEMPLATE });
+      expect(result).toStrictEqual(expectedResult);
+    });
+  });
+
+  describe('findAllConstraints', () => {
+    it('returns all constraint resources flattened across all constraint types', async() => {
+      const schemas = [
+        { id: 'constraints.gatekeeper.sh.type1', attributes: { group: 'constraints.gatekeeper.sh' } },
+        { id: 'constraints.gatekeeper.sh.type2', attributes: { group: 'constraints.gatekeeper.sh' } },
+      ];
+      const type1Resources = [{ id: 'r1' }, { id: 'r2' }];
+      const type2Resources = [{ id: 'r3' }];
+      const mockDispatch = jest.fn()
+        .mockResolvedValueOnce(type1Resources)
+        .mockResolvedValueOnce(type2Resources);
+      const store = {
+        getters:  { [`cluster/all`]: () => schemas },
+        dispatch: mockDispatch,
+      };
+
+      const result = await findAllConstraints(store);
+
+      expect(mockDispatch).toHaveBeenCalledWith('cluster/findAll', { type: 'constraints.gatekeeper.sh.type1', opt: { force: true } });
+      expect(mockDispatch).toHaveBeenCalledWith('cluster/findAll', { type: 'constraints.gatekeeper.sh.type2', opt: { force: true } });
+      expect(result).toStrictEqual([{ id: 'r1' }, { id: 'r2' }, { id: 'r3' }]);
+    });
+
+    it('returns an empty array when there are no constraint types', async() => {
+      const store = {
+        getters:  { [`cluster/all`]: () => [] },
+        dispatch: jest.fn(),
+      };
+
+      const result = await findAllConstraints(store);
+
+      expect(result).toStrictEqual([]);
+    });
+  });
+});