Add "expected failure" support to non-SSL NodePort scanner

This patch makes scanner compatible with its shell predecessor. The same
"expected failure" list format is used i.e.

 # Comment line; will be ignored
 SERVICE1 NODEPORT1
 SERVICE2 NODEPORT2

Single space character is used as a field separator.

Issue-ID: SECCOM-261
Change-Id: Ieedd4e98a83ffe242c695133fdf7342e17efa9a2
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>

1 files changed, 13 insertions, 1 deletions

diff --git a/test/security/sslendpoints/README b/test/security/sslendpoints/README
index bf39f0148..ba21b12ea 100644
--- a/test/security/sslendpoints/README
+++ b/test/security/sslendpoints/README
@@ -14,6 +14,11 @@ Configuration
 ``-kubeconfig``
   Optional unless ``$HOME`` is not set. Defaults to ``$HOME/.kube/config``.
 
+``-xfail``
+  Optional list of services with corresponding NodePorts which do not use SSL
+  tunnels. These ports are known as "expected failures" and will not be
+  checked.
+
 Build (local)
 ~~~~~~~~~~~~~
 
@@ -70,7 +75,7 @@ Command (local)
 
 .. code-block:: shell
 
-    $ bin/sslendpoints [-kubeconfig KUBECONFIG]
+    $ bin/sslendpoints [-kubeconfig KUBECONFIG] [-xfail XFAIL]
 
 Command (Docker)
 ~~~~~~~~~~~~~~~~
@@ -83,6 +88,13 @@ Command (Docker)
     $ docker run --rm --volume $KUBECONFIG:/opt/config \
         sslendpoints-build-img /bin/sslendpoints -kubeconfig /opt/config
 
+    $ docker run --rm \
+        --volume $KUBECONFIG:/opt/config \
+        --volume $XFAIL:/opt/xfail \
+        sslendpoints-build-img /bin/sslendpoints \
+            -kubeconfig /opt/config
+            -xfail /opt/xfail
+
 Output
 ~~~~~~