diff options
| author |   Pawel Wieczorek <p.wieczorek2@samsung.com> | 2020-02-07 12:59:32 +0100 |
|---|---|---|
| committer |   Bartek Grzybowski <b.grzybowski@partner.samsung.com> | 2020-03-25 13:08:24 +0000 |
| commit | 45d5c7a8853f5b25dbb9b6b8a99846d68a199468 (patch) | |
| tree | 5712db946834b9368f80206b7e49d01a52c2d0a3 /test/security | |
| parent | 3d0d6a9a7fc64e42c36c31ff7f371b562ec691f1 (diff) | |
Increase verifiability of security checks
This patch introduces a series of patches that will provide tools which
will succeed current security check scripts. Its two main reasons are:
* increasing tools verifiability by providing internal tests,
* improving "expected failure" support by suppressing carefully selected
set of special cases.
Each tool will use following directory structure (generated with
"tree -a --charset=ascii" command):
.
`-- check_module
|-- Dockerfile
|-- .dockerignore
|-- .gitignore
|-- go.mod
|-- main.go
|-- Makefile
|-- README
|-- README.rst -> README
`-- submodule
|-- submodule.go
`-- submodule_test.go
This will allow using Go Modules mechanism within its limitations [1]
for "non-go-get-able modules" [2][3][4] - also in case of separating
code into several modules used by multiple "check modules", e.g.
.
|-- common
| |-- common.go
| |-- common_test.go
| `-- go.mod
`-- check_module
|-- go.mod
`-- ...
It would require migration from separate Dockerfiles to a single one
(multi-stage), though.
Provided Makefiles are intended to simplify local development
(Docker-less building) and container images preparation. READMEs clarify
utility requirements and usage - file without extension is for VCS
reference, symlink for proper syntax rendering.
[1] https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository
[2] https://github.com/golang/go/wiki/Modules#can-i-work-entirely-outside-of-vcs-on-my-local-filesystem
[3] https://github.com/golang/go/issues/26645#issuecomment-408572701
[4] https://www.dim13.org/go-get-cgit
Issue-ID: SECCOM-261
Change-Id: I48eeeda66bd5570d249e96e101e431e6bab75cb3
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'test/security')
| -rw-r--r-- | test/security/sslendpoints/README | 44 | ||||
| l--------- | test/security/sslendpoints/README.rst | 1 |
2 files changed, 45 insertions, 0 deletions
diff --git a/test/security/sslendpoints/README b/test/security/sslendpoints/README new file mode 100644 index 000000000..fc0e37a1b --- /dev/null +++ b/test/security/sslendpoints/README @@ -0,0 +1,44 @@ +===================== + SSL endpoints check +===================== + +Utility for checking if all of the ports exposed outside of Kubernetes cluster +use SSL tunnels. + +Prerequisites +------------- + +Configuration +~~~~~~~~~~~~~ + +Mandatory ++++++++++ + +Optional +++++++++ + +Build (local) +~~~~~~~~~~~~~ + +Build (Docker) +~~~~~~~~~~~~~~ + +Test +~~~~ + + +Running +------- + +Command (local) +~~~~~~~~~~~~~~~ + +Command (Docker) +~~~~~~~~~~~~~~~~ + +Output +~~~~~~ + + +Testing +------- diff --git a/test/security/sslendpoints/README.rst b/test/security/sslendpoints/README.rst new file mode 120000 index 000000000..100b93820 --- /dev/null +++ b/test/security/sslendpoints/README.rst @@ -0,0 +1 @@ +README
\ No newline at end of file |