summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2019-10-07 17:00:49 +0200
committerPawel Wieczorek <p.wieczorek2@samsung.com>2020-01-29 17:14:53 +0100
commitf649f22f8e4ec272fff3d806f8e4ba9b82ec7b4d (patch)
treebc796efda6b6a01582cb83396d4949e040d99e6f
parente5766d0eaa2441cbd1d52c8082442a689b752874 (diff)
k8s: Mock etcd information collection
Rancher does not provide information on etcd as container arguments. Its collection requires implementation of a new information extraction method. RKE does not include etcd process name in container arguments. Issue-ID: SECCOM-235 Change-Id: I7576474fb2848962360771d2850aeb3f3869790a Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
-rw-r--r--test/security/k8s/src/check/check.go12
-rw-r--r--test/security/k8s/src/check/cmd/check/check.go10
-rw-r--r--test/security/k8s/src/check/errors.go10
-rw-r--r--test/security/k8s/src/check/rancher/rancher.go6
-rw-r--r--test/security/k8s/src/check/raw/raw.go6
5 files changed, 42 insertions, 2 deletions
diff --git a/test/security/k8s/src/check/check.go b/test/security/k8s/src/check/check.go
index cf412c112..728be18ff 100644
--- a/test/security/k8s/src/check/check.go
+++ b/test/security/k8s/src/check/check.go
@@ -8,6 +8,8 @@ type Informer interface {
GetSchedulerParams() ([]string, error)
// GetControllerManagerParams returns controller manager parameters.
GetControllerManagerParams() ([]string, error)
+ // GetEtcdParams returns etcd parameters.
+ GetEtcdParams() ([]string, error)
}
// Command represents commands run on cluster.
@@ -20,6 +22,8 @@ const (
SchedulerProcess
// ControllerManagerProcess represents controller manager command ("kube-controller-manager").
ControllerManagerProcess
+ // EtcdProcess represents controller manager service ("etcd").
+ EtcdProcess
)
func (c Command) String() string {
@@ -27,9 +31,10 @@ func (c Command) String() string {
"kube-apiserver",
"kube-scheduler",
"kube-controller-manager",
+ "etcd",
}
- if c < APIProcess || c > ControllerManagerProcess {
+ if c < APIProcess || c > EtcdProcess {
return "exit"
}
return names[c]
@@ -45,6 +50,8 @@ const (
SchedulerService
// ControllerManagerService represents controller manager service ("kubernetes/controller-manager").
ControllerManagerService
+ // EtcdService represents etcd service ("kubernetes/etcd").
+ EtcdService
)
func (s Service) String() string {
@@ -52,9 +59,10 @@ func (s Service) String() string {
"kubernetes/kubernetes",
"kubernetes/scheduler",
"kubernetes/controller-manager",
+ "kubernetes/etcd",
}
- if s < APIService || s > ControllerManagerService {
+ if s < APIService || s > EtcdService {
return ""
}
return names[s]
diff --git a/test/security/k8s/src/check/cmd/check/check.go b/test/security/k8s/src/check/cmd/check/check.go
index d7176170a..98254aef9 100644
--- a/test/security/k8s/src/check/cmd/check/check.go
+++ b/test/security/k8s/src/check/cmd/check/check.go
@@ -54,4 +54,14 @@ func main() {
log.Fatal(err)
}
master.CheckControllerManager(controllerManagerParams)
+
+ _, err = info.GetEtcdParams()
+ if err != nil {
+ switch err {
+ case check.ErrNotImplemented:
+ log.Print(err) // Fail softly.
+ default:
+ log.Fatal(err)
+ }
+ }
}
diff --git a/test/security/k8s/src/check/errors.go b/test/security/k8s/src/check/errors.go
new file mode 100644
index 000000000..d657c1827
--- /dev/null
+++ b/test/security/k8s/src/check/errors.go
@@ -0,0 +1,10 @@
+package check
+
+import (
+ "errors"
+)
+
+var (
+ // ErrNotImplemented is returned when function is not implemented yet.
+ ErrNotImplemented = errors.New("function not implemented")
+)
diff --git a/test/security/k8s/src/check/rancher/rancher.go b/test/security/k8s/src/check/rancher/rancher.go
index b5e382221..2cf2fbe69 100644
--- a/test/security/k8s/src/check/rancher/rancher.go
+++ b/test/security/k8s/src/check/rancher/rancher.go
@@ -46,6 +46,12 @@ func (r *Rancher) GetControllerManagerParams() ([]string, error) {
return getProcessParams(check.ControllerManagerProcess, check.ControllerManagerService)
}
+// GetEtcdParams returns parameters of running etcd.
+// It queries only cluster nodes with "controlplane" role.
+func (r *Rancher) GetEtcdParams() ([]string, error) {
+ return []string{}, check.ErrNotImplemented
+}
+
func getProcessParams(process check.Command, service check.Service) ([]string, error) {
hosts, err := listHosts()
if err != nil {
diff --git a/test/security/k8s/src/check/raw/raw.go b/test/security/k8s/src/check/raw/raw.go
index 555115950..eea5c01d2 100644
--- a/test/security/k8s/src/check/raw/raw.go
+++ b/test/security/k8s/src/check/raw/raw.go
@@ -46,6 +46,12 @@ func (r *Raw) GetControllerManagerParams() ([]string, error) {
return getProcessParams(check.ControllerManagerProcess)
}
+// GetEtcdParams returns parameters of running etcd.
+// It queries only cluster nodes with "controlplane" role.
+func (r *Raw) GetEtcdParams() ([]string, error) {
+ return []string{}, check.ErrNotImplemented
+}
+
func getProcessParams(process check.Command) ([]string, error) {
nodes, err := config.GetNodesInfo()
if err != nil {