k8s: Extract common interface to simplify development

Common command and service name extraction is intended to limit
execution to small set of allowed processes.

This patch also drops unnecessary use of "Kubernetes" name because this
whole subproject concerns its clusters.

Issue-ID: SECCOM-235
Change-Id: I8babfeb4f24cf3baa4d236ca622c21170ab6205e
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>

1 files changed, 23 insertions, 13 deletions

diff --git a/test/security/k8s/src/check/rancher/rancher.go b/test/security/k8s/src/check/rancher/rancher.go
index d60b73b65..d77f15445 100644
--- a/test/security/k8s/src/check/rancher/rancher.go
+++ b/test/security/k8s/src/check/rancher/rancher.go
@@ -3,8 +3,10 @@ package rancher
 
 import (
 	"bytes"
-	"errors"
+	"fmt"
 	"os/exec"
+
+	"check"
 )
 
 const (
@@ -16,32 +18,40 @@ const (
 	cmdDockerCmdPs           = "ps"
 	cmdDockerCmdPsParams     = "--no-trunc"
 	cmdDockerCmdPsFilter     = "--filter"
-	cmdDockerCmdPsFilterArgs = "label=io.rancher.stack_service.name=kubernetes/kubernetes"
+	cmdDockerCmdPsFilterArgs = "label=io.rancher.stack_service.name="
 	cmdDockerCmdPsFormat     = "--format"
 	cmdDockerCmdPsFormatArgs = "{{.Command}}"
-	k8sProcess               = "kube-apiserver"
 )
 
-// GetK8sParams returns parameters of running Kubernetes API server.
+// Rancher implements Informer interface.
+type Rancher struct {
+	check.Informer
+}
+
+// GetAPIParams returns parameters of running Kubernetes API server.
 // It queries default environment set in configuration file.
-func GetK8sParams() ([]string, error) {
+func (r *Rancher) GetAPIParams() ([]string, error) {
+	return getProcessParams(check.APIProcess, check.APIService)
+}
+
+func getProcessParams(process check.Command, service check.Service) ([]string, error) {
 	hosts, err := listHosts()
 	if err != nil {
 		return []string{}, err
 	}
 
 	for _, host := range hosts {
-		cmd, err := getK8sCmd(host)
+		cmd, err := getPsCmdOutput(host, service)
 		if err != nil {
 			return []string{}, err
 		}
 
 		if len(cmd) > 0 {
-			i := bytes.Index(cmd, []byte(k8sProcess))
+			i := bytes.Index(cmd, []byte(process.String()))
 			if i == -1 {
-				return []string{}, errors.New("missing " + k8sProcess + " command")
+				return []string{}, fmt.Errorf("missing %s command", process)
 			}
-			return btos(cmd[i+len(k8sProcess):]), nil
+			return btos(cmd[i+len(process.String()):]), nil
 		}
 	}
 	return []string{}, nil
@@ -58,17 +68,17 @@ func listHosts() ([]string, error) {
 	return btos(out), nil
 }
 
-// getK8sCmd returns running Kubernetes API server command with its parameters.
+// getPsCmdOutput returns running Kubernetes service command with its parameters.
 // It queries default environment set in configuration file.
-func getK8sCmd(host string) ([]byte, error) {
+func getPsCmdOutput(host string, service check.Service) ([]byte, error) {
 	// Following is equivalent to:
 	// $ rancher --host $HOST \
 	//   docker ps --no-trunc \
-	//   --filter "label=io.rancher.stack_service.name=kubernetes/kubernetes" \
+	//   --filter "label=io.rancher.stack_service.name=$SERVICE" \
 	//   --format "{{.Command}}"
 	cmd := exec.Command(bin, paramHost, host,
 		cmdDocker, cmdDockerCmdPs, cmdDockerCmdPsParams,
-		cmdDockerCmdPsFilter, cmdDockerCmdPsFilterArgs,
+		cmdDockerCmdPsFilter, cmdDockerCmdPsFilterArgs+service.String(),
 		cmdDockerCmdPsFormat, cmdDockerCmdPsFormatArgs)
 	out, err := cmd.Output()
 	if err != nil {