diff options
| author |   mrichomme <morgan.richomme@orange.com> | 2020-09-11 22:58:09 +0200 |
|---|---|---|
| committer | mrichomme <morgan.richomme@orange.com> | 2020-09-14 09:26:02 +0200 |
| commit | edbe50b80ce489b5ef9f30c9cd72f2dbcf2032d9 (patch) | |
| tree | 014aecf337533430f1ed4a01c243453462911f3a /test/security/check_certificates | |
| parent | 332e011ef9b2f1bef1c60a3d83b137c8bb3df008 (diff) | |
Add timeout on SSL internal cert retrieval
In case of SSL issues, the socket timeout is set to 600s by default
as we are scanning a liitle bit stupdidly - we try on all the internal
ports..it may take a long time if we cumulate the different timeouts.
Moreover a new error may occur socker.gaiaerror on internal scans
Issue-ID: INT-1570
Signed-off-by: mrichomme <morgan.richomme@orange.com>
Change-Id: Ia0e1c7bb133565d6179afa155f6c299a5e012764
Signed-off-by: mrichomme <morgan.richomme@orange.com>
Diffstat (limited to 'test/security/check_certificates')
| -rw-r--r-- | test/security/check_certificates/check_certificates/check_certificates_validity.py | 6 | ||||
| -rw-r--r-- | test/security/check_certificates/check_certificates/templates/cert-internal.html.j2 | 129 |
2 files changed, 135 insertions, 0 deletions
diff --git a/test/security/check_certificates/check_certificates/check_certificates_validity.py b/test/security/check_certificates/check_certificates/check_certificates_validity.py index 7447a64be..87a2fa932 100644 --- a/test/security/check_certificates/check_certificates/check_certificates_validity.py +++ b/test/security/check_certificates/check_certificates/check_certificates_validity.py @@ -46,6 +46,10 @@ import OpenSSL from datetime import datetime from kubernetes import client, config from jinja2 import Environment, FileSystemLoader, select_autoescape +from socket import * # pylint: disable=W0614 + +# Set SSL timeout +setdefaulttimeout(10) # Logger LOG_LEVEL = 'INFO' @@ -257,6 +261,8 @@ def test_services(k8s_services, mode): {'pod_name': test_name, 'pod_port': test_port, 'error_details': str(e)}) + except: + LOGGER.error("Unknown error") # Create html summary jinja_env = Environment( diff --git a/test/security/check_certificates/check_certificates/templates/cert-internal.html.j2 b/test/security/check_certificates/check_certificates/templates/cert-internal.html.j2 new file mode 100644 index 000000000..f9049807a --- /dev/null +++ b/test/security/check_certificates/check_certificates/templates/cert-internal.html.j2 @@ -0,0 +1,129 @@ +{% extends "base.html.j2" %} +{% block title %}ONAP Certificates expiration page{% endblock %} + +{% block content %} +<h1 class="title is-1">ONAP Certificates</h1> +<section class="section"> + <div class="container"> + <h3 class="subtitle">Cluster Internal Ports</h3> + +<table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth"> + <thead> + <tr> + <th>Component</th> + <th>Port</th> + <th>Expected Expiration Date</th> + <th>Remaining Days</th> + <th>Root CA</th> + <th>Root CA Validity</th> + </tr> + </thead> + <tbody> + {% for cert in node_ports_list %} + <tr {% if cert.remaining_days < 0 %} class="has-background-danger" {%elif cert.remaining_days < 30 %} class="has-background-warning" {%elif cert.remaining_days < 60 %} class="has-background-warning-light " {%elif cert.remaining_days > 389 %} class="has-background-warning-light" {%elif cert.remaining_days == 364 and cert.validity %} class="has-background-success-light" {% endif %}> + <td>{{ cert.pod_name }}</td> + <td>{{ cert.pod_port }}</td> + <td>{{ cert.expiration_date }}</td> + <td>{{ cert.remaining_days }}</td> + <td>{{ cert.issuer }}</td> + <td>{% if cert.validity %} + <span class="icon is-large has-text-success"> + <i class="fas fa-check-square"></i> + </span> + {% else %} + <span class="icon is-large has-text-danger"> + <i class="fas fa-ban"></i> + </span> + {% endif %}</td> + </tr> + {% endfor %} + </tbody> + </table> + + {% if node_ports_ssl_error_list|length > 0 %} + <h3 class="subtitle">Cluster Internal Port SSL errors</h3> + <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth"> + <thead> + <tr> + <th>Component</th> + <th>Port</th> + <th>Error Details</th> + </tr> + </thead> + <tbody> + {% for cert in node_ports_ssl_error_list %} + <td>{{ cert.pod_name }}</td> + <td>{{ cert.pod_port }}</td> + <td>{{ cert.error_details }}</td> + </tr> + {% endfor %} + </tbody> + </table> +{% endif %} + +{% if node_ports_connection_error_list|length > 0 %} + <h3 class="subtitle">Cluster Internal Ports Connection errors</h3> + <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth"> + <thead> + <tr> + <th>Component</th> + <th>Port</th> + <th>Error Details</th> + </tr> + </thead> + <tbody> + {% for cert in node_ports_connection_error_list %} + <td>{{ cert.pod_name }}</td> + <td>{{ cert.pod_port }}</td> + <td>{{ cert.error_details }}</td> + </tr> + {% endfor %} + </tbody> + </table> +{% endif %} + +{% if node_ports_list_type_error_list|length > 0 %} + <h3 class="subtitle">Cluster Internal Ports ports Type Error</h3> + <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth"> + <thead> + <tr> + <th>Component</th> + <th>Port</th> + <th>Error Details</th> + </tr> + </thead> + <tbody> + {% for cert in node_ports_list_type_error_list %} + <td>{{ cert.pod_name }}</td> + <td>{{ cert.pod_port }}</td> + <td>{{ cert.error_details }}</td> + </tr> + {% endfor %} + </tbody> + </table> +{% endif %} + +{% if node_ports_reset_error_list|length > 0 %} + <h3 class="subtitle">Cluster Internal Ports Connections Error</h3> + <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth"> + <thead> + <tr> + <th>Component</th> + <th>Port</th> + <th>Error Details</th> + </tr> + </thead> + <tbody> + {% for cert in node_ports_reset_error_list %} + <td>{{ cert.pod_name }}</td> + <td>{{ cert.pod_port }}</td> + <td>{{ cert.error_details }}</td> + </tr> + {% endfor %} + </tbody> +</table> +{% endif %} + +{% endblock %} +</div> +</section> |