diff options
| author |   Pawel Wieczorek <p.wieczorek2@samsung.com> | 2020-02-25 13:36:59 +0100 |
|---|---|---|
| committer |   Bartek Grzybowski <b.grzybowski@partner.samsung.com> | 2020-03-25 13:08:24 +0000 |
| commit | 600bce340bda372151b4120d89c854f2decc3a93 (patch) | |
| tree | 32b37ae282f41729665661c9eb29237e0d5e4610 /test/security/sslendpoints/ports | |
| parent | 45d5c7a8853f5b25dbb9b6b8a99846d68a199468 (diff) | |
Add NodePorts filtering with development environment basis
This patch has not made "sslendpoints" fully compatible with
"check_for_nonssl_endpoints.sh" script yet. It sets up basic development
environment for Golang-based checkers, though.
Tool output will be added to the README after reaching full
compatibility with previous (script) version.
Development environment brought by this patch is heavily based on:
https://github.com/SamsungSLAV/boruta
Issue-ID: SECCOM-261
Change-Id: I8f035b63bea13785c40971ede5fdbbc9b6810168
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'test/security/sslendpoints/ports')
| -rw-r--r-- | test/security/sslendpoints/ports/ports.go | 18 | ||||
| -rw-r--r-- | test/security/sslendpoints/ports/ports_suite_test.go | 13 | ||||
| -rw-r--r-- | test/security/sslendpoints/ports/ports_test.go | 214 |
3 files changed, 245 insertions, 0 deletions
diff --git a/test/security/sslendpoints/ports/ports.go b/test/security/sslendpoints/ports/ports.go new file mode 100644 index 000000000..823e07531 --- /dev/null +++ b/test/security/sslendpoints/ports/ports.go @@ -0,0 +1,18 @@ +package ports + +import ( + v1 "k8s.io/api/core/v1" +) + +// FilterNodePorts extracts NodePorts from ServiceList. +func FilterNodePorts(services *v1.ServiceList) (map[uint16]string, bool) { + nodeports := make(map[uint16]string) + for _, service := range services.Items { + for _, port := range service.Spec.Ports { + if port.NodePort != 0 { + nodeports[uint16(port.NodePort)] = service.ObjectMeta.Name + } + } + } + return nodeports, len(nodeports) > 0 +} diff --git a/test/security/sslendpoints/ports/ports_suite_test.go b/test/security/sslendpoints/ports/ports_suite_test.go new file mode 100644 index 000000000..8a6431e5e --- /dev/null +++ b/test/security/sslendpoints/ports/ports_suite_test.go @@ -0,0 +1,13 @@ +package ports_test + +import ( + "testing" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +func TestNodeports(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Nodeports Suite") +} diff --git a/test/security/sslendpoints/ports/ports_test.go b/test/security/sslendpoints/ports/ports_test.go new file mode 100644 index 000000000..1078db162 --- /dev/null +++ b/test/security/sslendpoints/ports/ports_test.go @@ -0,0 +1,214 @@ +package ports_test + +import ( + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + . "onap.local/sslendpoints/ports" +) + +var _ = Describe("Ports", func() { + const ( + notNodePort = 0 + nodePortO = 30200 + nodePortN = 30201 + nodePortA = 30202 + nodePortP = 30203 + serviceR = "serviceR" + serviceL = "serviceL" + serviceZ = "serviceZ" + ) + + var ( + servicesEmpty *v1.ServiceList + servicesSingleWithNodePort *v1.ServiceList + servicesSingleWithMultipleNodePorts *v1.ServiceList + servicesManyWithoutNodePorts *v1.ServiceList + servicesManyWithNodePort *v1.ServiceList + servicesManyWithMultipleNodePorts *v1.ServiceList + servicesManyMixedNodePorts *v1.ServiceList + ) + + BeforeEach(func() { + servicesEmpty = &v1.ServiceList{} + servicesSingleWithNodePort = &v1.ServiceList{ + Items: []v1.Service{ + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceR}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortO}, + }, + }, + }, + }, + } + servicesSingleWithMultipleNodePorts = &v1.ServiceList{ + Items: []v1.Service{ + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceR}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortO}, + v1.ServicePort{NodePort: nodePortN}, + }, + }, + }, + }, + } + servicesManyWithoutNodePorts = &v1.ServiceList{ + Items: []v1.Service{ + v1.Service{ + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: notNodePort}, + }, + }, + }, + v1.Service{ + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: notNodePort}, + }, + }, + }, + }, + } + servicesManyWithNodePort = &v1.ServiceList{ + Items: []v1.Service{ + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceR}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortO}, + }, + }, + }, + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceL}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortN}, + }, + }, + }, + }, + } + servicesManyWithMultipleNodePorts = &v1.ServiceList{ + Items: []v1.Service{ + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceR}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortO}, + v1.ServicePort{NodePort: nodePortN}, + }, + }, + }, + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceL}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortA}, + v1.ServicePort{NodePort: nodePortP}, + }, + }, + }, + }, + } + servicesManyMixedNodePorts = &v1.ServiceList{ + Items: []v1.Service{ + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceR}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: notNodePort}, + }, + }, + }, + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceL}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortO}, + }, + }, + }, + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceZ}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortN}, + v1.ServicePort{NodePort: nodePortA}, + }, + }, + }, + }, + } + }) + + Describe("NodePorts extraction", func() { + Context("With empty service list", func() { + It("should report no NodePorts", func() { + nodeports, ok := FilterNodePorts(servicesEmpty) + Expect(ok).To(BeFalse()) + Expect(nodeports).To(BeEmpty()) + }) + }) + Context("With service using single NodePort", func() { + It("should report single NodePort", func() { + expected := map[uint16]string{nodePortO: serviceR} + nodeports, ok := FilterNodePorts(servicesSingleWithNodePort) + Expect(ok).To(BeTrue()) + Expect(nodeports).To(Equal(expected)) + }) + }) + Context("With service using multiple NodePorts", func() { + It("should report all NodePorts", func() { + expected := map[uint16]string{nodePortO: serviceR, nodePortN: serviceR} + nodeports, ok := FilterNodePorts(servicesSingleWithMultipleNodePorts) + Expect(ok).To(BeTrue()) + Expect(nodeports).To(Equal(expected)) + }) + }) + Context("With many services using no NodePorts", func() { + It("should report no NodePorts", func() { + nodeports, ok := FilterNodePorts(servicesManyWithoutNodePorts) + Expect(ok).To(BeFalse()) + Expect(nodeports).To(BeEmpty()) + }) + }) + Context("With services using single NodePort", func() { + It("should report all NodePorts", func() { + expected := map[uint16]string{nodePortO: serviceR, nodePortN: serviceL} + nodeports, ok := FilterNodePorts(servicesManyWithNodePort) + Expect(ok).To(BeTrue()) + Expect(nodeports).To(Equal(expected)) + }) + }) + Context("With services using multiple NodePorts", func() { + It("should report all NodePorts", func() { + expected := map[uint16]string{ + nodePortO: serviceR, nodePortN: serviceR, + nodePortA: serviceL, nodePortP: serviceL, + } + nodeports, ok := FilterNodePorts(servicesManyWithMultipleNodePorts) + Expect(ok).To(BeTrue()) + Expect(nodeports).To(Equal(expected)) + }) + }) + Context("With mixed services", func() { + It("should report all NodePorts", func() { + expected := map[uint16]string{ + nodePortO: serviceL, nodePortN: serviceZ, nodePortA: serviceZ, + } + nodeports, ok := FilterNodePorts(servicesManyMixedNodePorts) + Expect(ok).To(BeTrue()) + Expect(nodeports).To(Equal(expected)) + }) + }) + }) +}) |