diff options
author | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2019-10-07 17:00:49 +0200 |
---|---|---|
committer | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2020-01-29 17:14:53 +0100 |
commit | f649f22f8e4ec272fff3d806f8e4ba9b82ec7b4d (patch) | |
tree | bc796efda6b6a01582cb83396d4949e040d99e6f | |
parent | e5766d0eaa2441cbd1d52c8082442a689b752874 (diff) |
k8s: Mock etcd information collection
Rancher does not provide information on etcd as container arguments.
Its collection requires implementation of a new information extraction
method.
RKE does not include etcd process name in container arguments.
Issue-ID: SECCOM-235
Change-Id: I7576474fb2848962360771d2850aeb3f3869790a
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
-rw-r--r-- | test/security/k8s/src/check/check.go | 12 | ||||
-rw-r--r-- | test/security/k8s/src/check/cmd/check/check.go | 10 | ||||
-rw-r--r-- | test/security/k8s/src/check/errors.go | 10 | ||||
-rw-r--r-- | test/security/k8s/src/check/rancher/rancher.go | 6 | ||||
-rw-r--r-- | test/security/k8s/src/check/raw/raw.go | 6 |
5 files changed, 42 insertions, 2 deletions
diff --git a/test/security/k8s/src/check/check.go b/test/security/k8s/src/check/check.go index cf412c112..728be18ff 100644 --- a/test/security/k8s/src/check/check.go +++ b/test/security/k8s/src/check/check.go @@ -8,6 +8,8 @@ type Informer interface { GetSchedulerParams() ([]string, error) // GetControllerManagerParams returns controller manager parameters. GetControllerManagerParams() ([]string, error) + // GetEtcdParams returns etcd parameters. + GetEtcdParams() ([]string, error) } // Command represents commands run on cluster. @@ -20,6 +22,8 @@ const ( SchedulerProcess // ControllerManagerProcess represents controller manager command ("kube-controller-manager"). ControllerManagerProcess + // EtcdProcess represents controller manager service ("etcd"). + EtcdProcess ) func (c Command) String() string { @@ -27,9 +31,10 @@ func (c Command) String() string { "kube-apiserver", "kube-scheduler", "kube-controller-manager", + "etcd", } - if c < APIProcess || c > ControllerManagerProcess { + if c < APIProcess || c > EtcdProcess { return "exit" } return names[c] @@ -45,6 +50,8 @@ const ( SchedulerService // ControllerManagerService represents controller manager service ("kubernetes/controller-manager"). ControllerManagerService + // EtcdService represents etcd service ("kubernetes/etcd"). + EtcdService ) func (s Service) String() string { @@ -52,9 +59,10 @@ func (s Service) String() string { "kubernetes/kubernetes", "kubernetes/scheduler", "kubernetes/controller-manager", + "kubernetes/etcd", } - if s < APIService || s > ControllerManagerService { + if s < APIService || s > EtcdService { return "" } return names[s] diff --git a/test/security/k8s/src/check/cmd/check/check.go b/test/security/k8s/src/check/cmd/check/check.go index d7176170a..98254aef9 100644 --- a/test/security/k8s/src/check/cmd/check/check.go +++ b/test/security/k8s/src/check/cmd/check/check.go @@ -54,4 +54,14 @@ func main() { log.Fatal(err) } master.CheckControllerManager(controllerManagerParams) + + _, err = info.GetEtcdParams() + if err != nil { + switch err { + case check.ErrNotImplemented: + log.Print(err) // Fail softly. + default: + log.Fatal(err) + } + } } diff --git a/test/security/k8s/src/check/errors.go b/test/security/k8s/src/check/errors.go new file mode 100644 index 000000000..d657c1827 --- /dev/null +++ b/test/security/k8s/src/check/errors.go @@ -0,0 +1,10 @@ +package check + +import ( + "errors" +) + +var ( + // ErrNotImplemented is returned when function is not implemented yet. + ErrNotImplemented = errors.New("function not implemented") +) diff --git a/test/security/k8s/src/check/rancher/rancher.go b/test/security/k8s/src/check/rancher/rancher.go index b5e382221..2cf2fbe69 100644 --- a/test/security/k8s/src/check/rancher/rancher.go +++ b/test/security/k8s/src/check/rancher/rancher.go @@ -46,6 +46,12 @@ func (r *Rancher) GetControllerManagerParams() ([]string, error) { return getProcessParams(check.ControllerManagerProcess, check.ControllerManagerService) } +// GetEtcdParams returns parameters of running etcd. +// It queries only cluster nodes with "controlplane" role. +func (r *Rancher) GetEtcdParams() ([]string, error) { + return []string{}, check.ErrNotImplemented +} + func getProcessParams(process check.Command, service check.Service) ([]string, error) { hosts, err := listHosts() if err != nil { diff --git a/test/security/k8s/src/check/raw/raw.go b/test/security/k8s/src/check/raw/raw.go index 555115950..eea5c01d2 100644 --- a/test/security/k8s/src/check/raw/raw.go +++ b/test/security/k8s/src/check/raw/raw.go @@ -46,6 +46,12 @@ func (r *Raw) GetControllerManagerParams() ([]string, error) { return getProcessParams(check.ControllerManagerProcess) } +// GetEtcdParams returns parameters of running etcd. +// It queries only cluster nodes with "controlplane" role. +func (r *Raw) GetEtcdParams() ([]string, error) { + return []string{}, check.ErrNotImplemented +} + func getProcessParams(process check.Command) ([]string, error) { nodes, err := config.GetNodesInfo() if err != nil { |