aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2020-02-07 12:59:32 +0100
committerBartek Grzybowski <b.grzybowski@partner.samsung.com>2020-03-25 13:08:24 +0000
commit45d5c7a8853f5b25dbb9b6b8a99846d68a199468 (patch)
tree5712db946834b9368f80206b7e49d01a52c2d0a3
parent3d0d6a9a7fc64e42c36c31ff7f371b562ec691f1 (diff)
Increase verifiability of security checks
This patch introduces a series of patches that will provide tools which will succeed current security check scripts. Its two main reasons are: * increasing tools verifiability by providing internal tests, * improving "expected failure" support by suppressing carefully selected set of special cases. Each tool will use following directory structure (generated with "tree -a --charset=ascii" command): . `-- check_module |-- Dockerfile |-- .dockerignore |-- .gitignore |-- go.mod |-- main.go |-- Makefile |-- README |-- README.rst -> README `-- submodule |-- submodule.go `-- submodule_test.go This will allow using Go Modules mechanism within its limitations [1] for "non-go-get-able modules" [2][3][4] - also in case of separating code into several modules used by multiple "check modules", e.g. . |-- common | |-- common.go | |-- common_test.go | `-- go.mod `-- check_module |-- go.mod `-- ... It would require migration from separate Dockerfiles to a single one (multi-stage), though. Provided Makefiles are intended to simplify local development (Docker-less building) and container images preparation. READMEs clarify utility requirements and usage - file without extension is for VCS reference, symlink for proper syntax rendering. [1] https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository [2] https://github.com/golang/go/wiki/Modules#can-i-work-entirely-outside-of-vcs-on-my-local-filesystem [3] https://github.com/golang/go/issues/26645#issuecomment-408572701 [4] https://www.dim13.org/go-get-cgit Issue-ID: SECCOM-261 Change-Id: I48eeeda66bd5570d249e96e101e431e6bab75cb3 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
-rw-r--r--test/security/sslendpoints/README44
l---------test/security/sslendpoints/README.rst1
2 files changed, 45 insertions, 0 deletions
diff --git a/test/security/sslendpoints/README b/test/security/sslendpoints/README
new file mode 100644
index 000000000..fc0e37a1b
--- /dev/null
+++ b/test/security/sslendpoints/README
@@ -0,0 +1,44 @@
+=====================
+ SSL endpoints check
+=====================
+
+Utility for checking if all of the ports exposed outside of Kubernetes cluster
+use SSL tunnels.
+
+Prerequisites
+-------------
+
+Configuration
+~~~~~~~~~~~~~
+
+Mandatory
++++++++++
+
+Optional
+++++++++
+
+Build (local)
+~~~~~~~~~~~~~
+
+Build (Docker)
+~~~~~~~~~~~~~~
+
+Test
+~~~~
+
+
+Running
+-------
+
+Command (local)
+~~~~~~~~~~~~~~~
+
+Command (Docker)
+~~~~~~~~~~~~~~~~
+
+Output
+~~~~~~
+
+
+Testing
+-------
diff --git a/test/security/sslendpoints/README.rst b/test/security/sslendpoints/README.rst
new file mode 120000
index 000000000..100b93820
--- /dev/null
+++ b/test/security/sslendpoints/README.rst
@@ -0,0 +1 @@
+README \ No newline at end of file