aboutsummaryrefslogtreecommitdiffstats
path: root/test/security/sslendpoints/ports
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2020-02-25 13:36:59 +0100
committerBartek Grzybowski <b.grzybowski@partner.samsung.com>2020-03-25 13:08:24 +0000
commit600bce340bda372151b4120d89c854f2decc3a93 (patch)
tree32b37ae282f41729665661c9eb29237e0d5e4610 /test/security/sslendpoints/ports
parent45d5c7a8853f5b25dbb9b6b8a99846d68a199468 (diff)
Add NodePorts filtering with development environment basis
This patch has not made "sslendpoints" fully compatible with "check_for_nonssl_endpoints.sh" script yet. It sets up basic development environment for Golang-based checkers, though. Tool output will be added to the README after reaching full compatibility with previous (script) version. Development environment brought by this patch is heavily based on: https://github.com/SamsungSLAV/boruta Issue-ID: SECCOM-261 Change-Id: I8f035b63bea13785c40971ede5fdbbc9b6810168 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'test/security/sslendpoints/ports')
-rw-r--r--test/security/sslendpoints/ports/ports.go18
-rw-r--r--test/security/sslendpoints/ports/ports_suite_test.go13
-rw-r--r--test/security/sslendpoints/ports/ports_test.go214
3 files changed, 245 insertions, 0 deletions
diff --git a/test/security/sslendpoints/ports/ports.go b/test/security/sslendpoints/ports/ports.go
new file mode 100644
index 000000000..823e07531
--- /dev/null
+++ b/test/security/sslendpoints/ports/ports.go
@@ -0,0 +1,18 @@
+package ports
+
+import (
+ v1 "k8s.io/api/core/v1"
+)
+
+// FilterNodePorts extracts NodePorts from ServiceList.
+func FilterNodePorts(services *v1.ServiceList) (map[uint16]string, bool) {
+ nodeports := make(map[uint16]string)
+ for _, service := range services.Items {
+ for _, port := range service.Spec.Ports {
+ if port.NodePort != 0 {
+ nodeports[uint16(port.NodePort)] = service.ObjectMeta.Name
+ }
+ }
+ }
+ return nodeports, len(nodeports) > 0
+}
diff --git a/test/security/sslendpoints/ports/ports_suite_test.go b/test/security/sslendpoints/ports/ports_suite_test.go
new file mode 100644
index 000000000..8a6431e5e
--- /dev/null
+++ b/test/security/sslendpoints/ports/ports_suite_test.go
@@ -0,0 +1,13 @@
+package ports_test
+
+import (
+ "testing"
+
+ . "github.com/onsi/ginkgo"
+ . "github.com/onsi/gomega"
+)
+
+func TestNodeports(t *testing.T) {
+ RegisterFailHandler(Fail)
+ RunSpecs(t, "Nodeports Suite")
+}
diff --git a/test/security/sslendpoints/ports/ports_test.go b/test/security/sslendpoints/ports/ports_test.go
new file mode 100644
index 000000000..1078db162
--- /dev/null
+++ b/test/security/sslendpoints/ports/ports_test.go
@@ -0,0 +1,214 @@
+package ports_test
+
+import (
+ . "github.com/onsi/ginkgo"
+ . "github.com/onsi/gomega"
+
+ v1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+ . "onap.local/sslendpoints/ports"
+)
+
+var _ = Describe("Ports", func() {
+ const (
+ notNodePort = 0
+ nodePortO = 30200
+ nodePortN = 30201
+ nodePortA = 30202
+ nodePortP = 30203
+ serviceR = "serviceR"
+ serviceL = "serviceL"
+ serviceZ = "serviceZ"
+ )
+
+ var (
+ servicesEmpty *v1.ServiceList
+ servicesSingleWithNodePort *v1.ServiceList
+ servicesSingleWithMultipleNodePorts *v1.ServiceList
+ servicesManyWithoutNodePorts *v1.ServiceList
+ servicesManyWithNodePort *v1.ServiceList
+ servicesManyWithMultipleNodePorts *v1.ServiceList
+ servicesManyMixedNodePorts *v1.ServiceList
+ )
+
+ BeforeEach(func() {
+ servicesEmpty = &v1.ServiceList{}
+ servicesSingleWithNodePort = &v1.ServiceList{
+ Items: []v1.Service{
+ v1.Service{
+ ObjectMeta: metav1.ObjectMeta{Name: serviceR},
+ Spec: v1.ServiceSpec{
+ Ports: []v1.ServicePort{
+ v1.ServicePort{NodePort: nodePortO},
+ },
+ },
+ },
+ },
+ }
+ servicesSingleWithMultipleNodePorts = &v1.ServiceList{
+ Items: []v1.Service{
+ v1.Service{
+ ObjectMeta: metav1.ObjectMeta{Name: serviceR},
+ Spec: v1.ServiceSpec{
+ Ports: []v1.ServicePort{
+ v1.ServicePort{NodePort: nodePortO},
+ v1.ServicePort{NodePort: nodePortN},
+ },
+ },
+ },
+ },
+ }
+ servicesManyWithoutNodePorts = &v1.ServiceList{
+ Items: []v1.Service{
+ v1.Service{
+ Spec: v1.ServiceSpec{
+ Ports: []v1.ServicePort{
+ v1.ServicePort{NodePort: notNodePort},
+ },
+ },
+ },
+ v1.Service{
+ Spec: v1.ServiceSpec{
+ Ports: []v1.ServicePort{
+ v1.ServicePort{NodePort: notNodePort},
+ },
+ },
+ },
+ },
+ }
+ servicesManyWithNodePort = &v1.ServiceList{
+ Items: []v1.Service{
+ v1.Service{
+ ObjectMeta: metav1.ObjectMeta{Name: serviceR},
+ Spec: v1.ServiceSpec{
+ Ports: []v1.ServicePort{
+ v1.ServicePort{NodePort: nodePortO},
+ },
+ },
+ },
+ v1.Service{
+ ObjectMeta: metav1.ObjectMeta{Name: serviceL},
+ Spec: v1.ServiceSpec{
+ Ports: []v1.ServicePort{
+ v1.ServicePort{NodePort: nodePortN},
+ },
+ },
+ },
+ },
+ }
+ servicesManyWithMultipleNodePorts = &v1.ServiceList{
+ Items: []v1.Service{
+ v1.Service{
+ ObjectMeta: metav1.ObjectMeta{Name: serviceR},
+ Spec: v1.ServiceSpec{
+ Ports: []v1.ServicePort{
+ v1.ServicePort{NodePort: nodePortO},
+ v1.ServicePort{NodePort: nodePortN},
+ },
+ },
+ },
+ v1.Service{
+ ObjectMeta: metav1.ObjectMeta{Name: serviceL},
+ Spec: v1.ServiceSpec{
+ Ports: []v1.ServicePort{
+ v1.ServicePort{NodePort: nodePortA},
+ v1.ServicePort{NodePort: nodePortP},
+ },
+ },
+ },
+ },
+ }
+ servicesManyMixedNodePorts = &v1.ServiceList{
+ Items: []v1.Service{
+ v1.Service{
+ ObjectMeta: metav1.ObjectMeta{Name: serviceR},
+ Spec: v1.ServiceSpec{
+ Ports: []v1.ServicePort{
+ v1.ServicePort{NodePort: notNodePort},
+ },
+ },
+ },
+ v1.Service{
+ ObjectMeta: metav1.ObjectMeta{Name: serviceL},
+ Spec: v1.ServiceSpec{
+ Ports: []v1.ServicePort{
+ v1.ServicePort{NodePort: nodePortO},
+ },
+ },
+ },
+ v1.Service{
+ ObjectMeta: metav1.ObjectMeta{Name: serviceZ},
+ Spec: v1.ServiceSpec{
+ Ports: []v1.ServicePort{
+ v1.ServicePort{NodePort: nodePortN},
+ v1.ServicePort{NodePort: nodePortA},
+ },
+ },
+ },
+ },
+ }
+ })
+
+ Describe("NodePorts extraction", func() {
+ Context("With empty service list", func() {
+ It("should report no NodePorts", func() {
+ nodeports, ok := FilterNodePorts(servicesEmpty)
+ Expect(ok).To(BeFalse())
+ Expect(nodeports).To(BeEmpty())
+ })
+ })
+ Context("With service using single NodePort", func() {
+ It("should report single NodePort", func() {
+ expected := map[uint16]string{nodePortO: serviceR}
+ nodeports, ok := FilterNodePorts(servicesSingleWithNodePort)
+ Expect(ok).To(BeTrue())
+ Expect(nodeports).To(Equal(expected))
+ })
+ })
+ Context("With service using multiple NodePorts", func() {
+ It("should report all NodePorts", func() {
+ expected := map[uint16]string{nodePortO: serviceR, nodePortN: serviceR}
+ nodeports, ok := FilterNodePorts(servicesSingleWithMultipleNodePorts)
+ Expect(ok).To(BeTrue())
+ Expect(nodeports).To(Equal(expected))
+ })
+ })
+ Context("With many services using no NodePorts", func() {
+ It("should report no NodePorts", func() {
+ nodeports, ok := FilterNodePorts(servicesManyWithoutNodePorts)
+ Expect(ok).To(BeFalse())
+ Expect(nodeports).To(BeEmpty())
+ })
+ })
+ Context("With services using single NodePort", func() {
+ It("should report all NodePorts", func() {
+ expected := map[uint16]string{nodePortO: serviceR, nodePortN: serviceL}
+ nodeports, ok := FilterNodePorts(servicesManyWithNodePort)
+ Expect(ok).To(BeTrue())
+ Expect(nodeports).To(Equal(expected))
+ })
+ })
+ Context("With services using multiple NodePorts", func() {
+ It("should report all NodePorts", func() {
+ expected := map[uint16]string{
+ nodePortO: serviceR, nodePortN: serviceR,
+ nodePortA: serviceL, nodePortP: serviceL,
+ }
+ nodeports, ok := FilterNodePorts(servicesManyWithMultipleNodePorts)
+ Expect(ok).To(BeTrue())
+ Expect(nodeports).To(Equal(expected))
+ })
+ })
+ Context("With mixed services", func() {
+ It("should report all NodePorts", func() {
+ expected := map[uint16]string{
+ nodePortO: serviceL, nodePortN: serviceZ, nodePortA: serviceZ,
+ }
+ nodeports, ok := FilterNodePorts(servicesManyMixedNodePorts)
+ Expect(ok).To(BeTrue())
+ Expect(nodeports).To(Equal(expected))
+ })
+ })
+ })
+})