summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docker/Dockerfile4
-rwxr-xr-xdocker/create-user.sh17
-rw-r--r--docker/sshd_config115
-rw-r--r--helm/Chart.yaml4
-rw-r--r--helm/templates/_templates.tpl107
-rw-r--r--helm/templates/deployment.yaml43
-rw-r--r--helm/templates/service.yaml39
-rw-r--r--helm/values.yaml29
8 files changed, 358 insertions, 0 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..af3e88b
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,4 @@
+FROM danielguerra/alpine-sshd:latest
+COPY ./create-user.sh /opt/create-user.sh
+COPY ./sshd_config /etc/ssh/sshd_config
+RUN ["/opt/create-user.sh"] \ No newline at end of file
diff --git a/docker/create-user.sh b/docker/create-user.sh
new file mode 100755
index 0000000..fc4ca8d
--- /dev/null
+++ b/docker/create-user.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+mkdir -p /home/cdstest/dev /home/cdstest/bin /home/cdstest/lib /home/cdstest/etc
+cd /home/cdstest/dev
+mknod -m 666 null c 1 3
+mknod -m 666 tty c 5 0
+mknod -m 666 zero c 1 5
+mknod -m 666 random c 1 8
+cp /bin/ash /bin/ls /bin/date /home/cdstest/bin/.
+cp /lib/ld-musl-x86_64.so.1 /home/cdstest/lib/.
+adduser cdstest <<EOF
+testcds
+testcds
+EOF
+chown root:root /home/cdstest
+chmod 0755 /home/cdstest
+cp /etc/passwd /etc/group /home/cdstest/etc/. \ No newline at end of file
diff --git a/docker/sshd_config b/docker/sshd_config
new file mode 100644
index 0000000..1e51369
--- /dev/null
+++ b/docker/sshd_config
@@ -0,0 +1,115 @@
+# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options override the
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+# Feel free to re-enable these if your use case requires them.
+AllowTcpForwarding no
+GatewayPorts no
+X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem sftp /usr/lib/ssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+Match User cdstest
+ ChrootDirectory /home/cdstest
+
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
new file mode 100644
index 0000000..0cfd7c2
--- /dev/null
+++ b/helm/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+description: SSH Mock server for testing CDS ssh capabilities
+name: cds-mock-ssh
+version: 1.0.0
diff --git a/helm/templates/_templates.tpl b/helm/templates/_templates.tpl
new file mode 100644
index 0000000..3e92baf
--- /dev/null
+++ b/helm/templates/_templates.tpl
@@ -0,0 +1,107 @@
+{{/*
+# Copyright (c) 2020 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- define "common.namespace" -}}
+ {{- default .Release.Namespace .Values.nsPrefix -}}
+{{- end -}}
+
+
+{{/*
+ Expand the name of a chart.
+ The function takes from one to two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .suffix : add a suffix to the name
+*/}}
+{{- define "common.name" -}}
+ {{- $dot := default . .dot -}}
+ {{- $suffix := .suffix -}}
+ {{- default $dot.Chart.Name $dot.Values.nameOverride | trunc 63 | trimSuffix "-" -}}{{ if $suffix }}{{ print "-" $suffix }}{{ end }}
+{{- end -}}
+
+{{/*
+ The same as common.full name but based on passed dictionary instead of trying to figure
+ out chart name on its own.
+*/}}
+{{- define "common.fullnameExplicit" -}}
+ {{- $dot := .dot }}
+ {{- $name := .chartName }}
+ {{- $suffix := default "" .suffix -}}
+ {{- printf "%s-%s-%s" (include "common.release" $dot) $name $suffix | trunc 63 | trimSuffix "-" | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+ Create a default fully qualified application name.
+ Truncated at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+ Usage:
+ include "common.fullname" .
+ include "common.fullname" (dict "suffix" "mySuffix" "dot" .)
+ The function takes from one to two arguments:
+ - .dot : environment (.)
+ - .suffix : add a suffix to the fullname
+*/}}
+{{- define "common.fullname" -}}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" .suffix -}}
+ {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}}
+ {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }}
+{{- end -}}
+
+{{/*
+ Retrieve the "original" release from the component release:
+ if ONAP is deploy with "helm deploy --name toto", then cassandra components
+ will have "toto-cassandra" as release name.
+ this function would answer back "toto".
+*/}}
+{{- define "common.release" -}}
+ {{- first (regexSplit "-" .Release.Name -1) }}
+{{- end -}}
+
+{{- define "common.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+ Resolve the name of the common image repository.
+ The value for .Values.repository is used by default,
+ unless either override mechanism is used.
+
+ - .Values.global.repository : override default image repository for all images
+ - .Values.repositoryOverride : override global and default image repository on a per image basis
+*/}}
+{{- define "common.repository" -}}
+ {{if .Values.repositoryOverride }}
+ {{- printf "%s" .Values.repositoryOverride -}}
+ {{else}}
+ {{- default .Values.repository .Values.global.repository -}}
+ {{end}}
+{{- end -}}
+
+{{/*
+ Resolve the name of a chart's service.
+
+ The default will be the chart name (or .Values.nameOverride if set).
+ And the use of .Values.service.name overrides all.
+
+ - .Values.service.name: override default service (ie. chart) name
+*/}}
+{{/*
+ Expand the service name for a chart.
+*/}}
+{{- define "common.servicename" -}}
+ {{- $name := default .Chart.Name .Values.nameOverride -}}
+ {{- default $name .Values.service.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
new file mode 100644
index 0000000..700d1e5
--- /dev/null
+++ b/helm/templates/deployment.yaml
@@ -0,0 +1,43 @@
+# Copyright (c) 2020 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 0
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds | default 10 }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.ssh.internalPort }}
diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml
new file mode 100644
index 0000000..347caad
--- /dev/null
+++ b/helm/templates/service.yaml
@@ -0,0 +1,39 @@
+# Copyright (c) 2020 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.ssh.portName }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.ssh.type }}
+ ports:
+ - port: {{ .Values.service.ssh.port }}
+ protocol: TCP
+ targetPort: {{ .Values.service.ssh.internalPort }}
+ {{- if eq .Values.service.ssh.type "NodePort"}}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ {{- end}}
+ name: {{ .Values.service.ssh.portName | default "ssh" }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+
diff --git a/helm/values.yaml b/helm/values.yaml
new file mode 100644
index 0000000..3024fd3
--- /dev/null
+++ b/helm/values.yaml
@@ -0,0 +1,29 @@
+# Copyright (c) 2020 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+image: onap/sshmock:latest
+
+global:
+ name: cds-regression-sshmock
+ repository: nexus3.onap.org:10001
+ pullPolicy: Always
+ replicas: 1
+ terminationGracePeriodSeconds: 10
+
+service:
+ ssh:
+ type: ClusterIP
+ portName: cds-regression-sshmock
+ port: 22
+ internalPort: 22