aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2019-11-25 15:40:04 +0100
committerPawel Wieczorek <p.wieczorek2@samsung.com>2019-11-25 15:49:54 +0100
commitc3563bc93ebf7df6a4802f07123163516ebf1057 (patch)
tree3648a83690fa9722ac7e371509c6434e7a41e31a
parent31450dcb11d18b81098b43d0d0b7ecdb0d69e238 (diff)
Adjust ETE runner for security tests
This patch adds gathering data which cannot be easily obtained from within "robot" pod (without granting it access to "kubectl" tool and as a side effect - cluster modifications). It introduces dependency to python3 on operator's machine (to convert "kubectl" tool filtered output to JSON). Issue-ID: SECCOM-261 Change-Id: Ie5057f65f79337896191b51cfad1b3e06623f80b Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
-rwxr-xr-xete-k8s.sh16
-rwxr-xr-xscripts/etescript/security-etescript.sh57
2 files changed, 73 insertions, 0 deletions
diff --git a/ete-k8s.sh b/ete-k8s.sh
index adc5f12..955a816 100755
--- a/ete-k8s.sh
+++ b/ete-k8s.sh
@@ -50,6 +50,8 @@ if [ "$1" == "" ] || [ "$2" == "" ]; then
echo ""
echo " sdc-dcae-d.robot: sdc-dcae-d"
echo ""
+ echo " security.robot: security"
+ echo ""
echo " update_onap_page.robot: UpdateWebPage"
echo ""
echo " vnf-orchestration-direct-so.robot: instantiateVFWdirectso"
@@ -86,4 +88,18 @@ DISPLAY_NUM=$(($GLOBAL_BUILD_NUMBER + 90))
VARIABLEFILES="-V /share/config/robot_properties.py"
VARIABLES="-v GLOBAL_BUILD_NUMBER:$$"
+case $2 in
+ security)
+ if [ -z "$NODEPORTS_FILE" ]; then
+ echo "Security tests require gathering additional information on ONAP cluster."
+ echo "It is unavailable from within Robot pod."
+ echo ""
+ echo "Rerun command with \"execscript\" argument, e.g."
+ echo "$ $0 onap security execscript"
+ exit
+ fi
+ VARIABLES="${VARIABLES} -v ACTUAL_NODEPORTS_FILE:${NODEPORTS_FILE}"
+ ;;
+esac
+
kubectl --namespace $NAMESPACE exec ${POD} -- ${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} ${TAGS} --display $DISPLAY_NUM
diff --git a/scripts/etescript/security-etescript.sh b/scripts/etescript/security-etescript.sh
new file mode 100755
index 0000000..1cd911c
--- /dev/null
+++ b/scripts/etescript/security-etescript.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+# Copyright 2019 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Gather information on ONAP cluster required by security tests.
+# Copy results to Robot pod.
+#
+
+
+TMPDIR='/tmp'
+TMPTPL='onap_security'
+CSV2JSON='import csv; import json; import sys; print(json.dumps({i[0]: i[1] for i in csv.reader(sys.stdin)}))'
+FILTER="$(tr -d [:space:] <<TEMPLATE
+{{range .items}}
+ {{range.spec.ports}}
+ {{if .nodePort}}
+ {{.nodePort}}{{','}}{{.name}}{{'\n'}}
+ {{end}}
+ {{end}}
+{{end}}
+TEMPLATE)"
+
+
+setup () {
+ export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)"
+}
+
+create_actual_nodeport_json () {
+ kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE"
+}
+
+copy_actual_nodeport_json_to_robot () {
+ kubectl cp "$1" "$2/$3:$4"
+}
+
+cleanup () {
+ rm "$NODEPORTS_FILE"
+}
+
+
+setup
+create_actual_nodeport_json
+copy_actual_nodeport_json_to_robot "$NODEPORTS_FILE" "$NAMESPACE" "$POD" "$TMPDIR"
+cleanup