aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xtest/security/check_for_http_endpoints.sh68
-rw-r--r--version-manifest/src/main/resources/docker-manifest-staging.csv24
-rw-r--r--version-manifest/src/main/resources/java-manifest.csv62
3 files changed, 111 insertions, 43 deletions
diff --git a/test/security/check_for_http_endpoints.sh b/test/security/check_for_http_endpoints.sh
new file mode 100755
index 000000000..19be2accf
--- /dev/null
+++ b/test/security/check_for_http_endpoints.sh
@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2019 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+# Check all ports exposed outside of kubernetes cluster looking for plain http
+# endpoints.
+#
+# Dependencies:
+# nmap
+# kubectl + config
+#
+# Return value: Number of discovered http ports
+# Output: List of pods exposing http endpoints
+#
+
+if [ "$#" -lt 1 ]; then
+ echo "Usage: $0 <k8s-namespace>"
+ exit 1
+fi
+
+K8S_NAMESPACE=$1
+
+# Get both values on single call as this may get slow
+PORTS_SVCS=`kubectl get svc --namespace=$K8S_NAMESPACE -o go-template='{{range $item := .items}}{{range $port := $item.spec.ports}}{{if .nodePort}}{{.nodePort}}{{"\t"}}{{$item.metadata.name}}{{"\n"}}{{end}}{{end}}{{end}}' | column -t | sort -n`
+
+# Split port number and service name
+PORTS=`awk '{print $1}' <<<"$PORTS_SVCS"`
+SVCS=`awk '{print $2}' <<<"$PORTS_SVCS"`
+
+# Create a list in nmap-compatible format
+PORT_LIST=`tr "\\n" "," <<<"$PORTS" | sed 's/,$//'; echo ''`
+
+# Get IP addres of some cluster node
+K8S_NODE=`kubectl describe nodes \`kubectl get nodes | tail -n 1 | awk '{print $1}'\` | grep ExternalIP | awk '{print $2}'`
+
+# perform scan
+SCAN_RESULT=`nmap $K8S_NODE -sV -p $PORT_LIST 2>/dev/null | grep \tcp`
+
+# Concatenate scan result with service name
+RESULTS=`paste <(printf %s "$SVCS") <(printf %s "$SCAN_RESULT") | column -t`
+
+# Find all plain http ports
+HTTP_PORTS=`grep http <<< "$RESULTS" | grep -v ssl/http`
+
+# Count them
+N_HTTP=`wc -l <<<"$HTTP_PORTS"`
+
+if [ "$N_HTTP" -gt 0 ]; then
+ echo "$HTTP_PORTS"
+fi
+
+exit $N_HTTP
diff --git a/version-manifest/src/main/resources/docker-manifest-staging.csv b/version-manifest/src/main/resources/docker-manifest-staging.csv
index 39dcaf3a0..b1cabbcbd 100644
--- a/version-manifest/src/main/resources/docker-manifest-staging.csv
+++ b/version-manifest/src/main/resources/docker-manifest-staging.csv
@@ -20,18 +20,18 @@ onap/aai-schema-service,1.0-STAGING-latest
onap/aai-traversal,1.4-STAGING-latest
onap/aai/esr-gui,1.4.0-STAGING-latest
onap/aai/esr-server,1.4.0-STAGING-latest
-onap/admportal-sdnc-image,1.4-STAGING-latest
+onap/admportal-sdnc-image,1.5.0-STAGING-latest
onap/appc-cdt-image,1.4.3-SNAPSHOT-latest
onap/appc-image,1.5.0-SNAPSHOT-latest
onap/babel,1.4-STAGING-latest
onap/ccsdk-ansible-server-image,0.4.1-STAGING-latest
-onap/ccsdk-apps-ms-neng,0.4-STAGING-latest
-onap/ccsdk-controllerblueprints,0.4-STAGING-latest
-onap/ccsdk-dgbuilder-image,0.4-STAGING-latest
-onap/ccsdk-odl-fluorine-alpine-image,0.4-STAGING-latest
-onap/ccsdk-odl-fluorine-ubuntu-image,0.4-STAGING-latest
-onap/ccsdk-odlsli-alpine-image,0.4-STAGING-latest
-onap/ccsdk-odlsli-image,0.4-STAGING-latest
+onap/ccsdk-apps-ms-neng,0.4.1-STAGING-latest
+onap/ccsdk-controllerblueprints,0.4.1-STAGING-latest
+onap/ccsdk-dgbuilder-image,0.4.1-STAGING-latest
+onap/ccsdk-odl-fluorine-alpine-image,0.4.1-STAGING-latest
+onap/ccsdk-odl-fluorine-ubuntu-image,0.4.1-STAGING-latest
+onap/ccsdk-odlsli-alpine-image,0.4.1-STAGING-latest
+onap/ccsdk-odlsli-image,0.4.1-STAGING-latest
onap/champ,1.4-STAGING-latest
onap/clamp,3.0-STAGING-latest
onap/clamp-dashboard-kibana,3.0-STAGING-latest
@@ -120,10 +120,10 @@ onap/sdc-init-elasticsearch,1.4-STAGING-latest
onap/sdc-kibana,1.4-STAGING-latest
onap/sdc-onboard-backend,1.4-STAGING-latest
onap/sdc-onboard-cassandra-init,1.4-STAGING-latest
-onap/sdnc-ansible-server-image,1.5-STAGING-latest
-onap/sdnc-dmaap-listener-image,1.5-STAGING-latest
-onap/sdnc-image,1.5-STAGING-latest
-onap/sdnc-ueb-listener-image,1.5-STAGING-latest
+onap/sdnc-ansible-server-image,1.5.0-STAGING-latest
+onap/sdnc-dmaap-listener-image,1.5.0-STAGING-latest
+onap/sdnc-image,1.5.0-STAGING-latest
+onap/sdnc-ueb-listener-image,1.5.0-STAGING-latest
onap/search-data-service,1.4-STAGING-latest
onap/service-decomposition,1.4.2
onap/sniroemulator,1.0.0
diff --git a/version-manifest/src/main/resources/java-manifest.csv b/version-manifest/src/main/resources/java-manifest.csv
index 89aef5dbe..e16c066a7 100644
--- a/version-manifest/src/main/resources/java-manifest.csv
+++ b/version-manifest/src/main/resources/java-manifest.csv
@@ -126,34 +126,34 @@ org.onap.appc.client,client-lib,1.4.4
org.onap.appc.client,client-simulator,1.4.4
org.onap.appc.client,code-generator,1.4.4
org.onap.appc.plugins,dg-loader-provider,1.4.4
-org.onap.ccsdk.parent,binding-parent,1.2.1-SNAPSHOT
-org.onap.ccsdk.parent,bundle-parent,1.2.1-SNAPSHOT
-org.onap.ccsdk.parent,feature-repo-parent,1.2.1-SNAPSHOT
-org.onap.ccsdk.parent,karaf4-parent,1.2.1-SNAPSHOT
-org.onap.ccsdk.parent,mdsal-it-parent,1.2.1-SNAPSHOT
-org.onap.ccsdk.parent,odlparent,1.2.1-SNAPSHOT
-org.onap.ccsdk.parent,odlparent-lite,1.2.1-SNAPSHOT
-org.onap.ccsdk.parent,single-feature-parent,1.2.1-SNAPSHOT
-org.onap.ccsdk.sli.adaptors,aai-service-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.adaptors,mdsal-resource-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.adaptors,resource-assignment-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.adaptors,sql-resource-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.core,dblib-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.core,filters-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.core,sli-common,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.core,sli-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.core,sli-recording,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.core,sliPluginUtils-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.core,sliapi-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.core,utils-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.northbound,asdcApi-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.northbound,dataChange-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.northbound,dmaap-listener,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.northbound,lcm-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.northbound,ueb-listener,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.plugins,fabric-discovery-plugin-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.plugins,properties-node-provider,0.4.2-SNAPSHOT
-org.onap.ccsdk.sli.plugins,restapi-call-node-provider,0.4.2-SNAPSHOT
+org.onap.ccsdk.parent,binding-parent,1.2.1
+org.onap.ccsdk.parent,bundle-parent,1.2.1
+org.onap.ccsdk.parent,feature-repo-parent,1.2.1
+org.onap.ccsdk.parent,karaf4-parent,1.2.1
+org.onap.ccsdk.parent,mdsal-it-parent,1.2.1
+org.onap.ccsdk.parent,odlparent,1.2.1
+org.onap.ccsdk.parent,odlparent-lite,1.2.1
+org.onap.ccsdk.parent,single-feature-parent,1.2.1
+org.onap.ccsdk.sli.adaptors,aai-service-provider,0.4.1
+org.onap.ccsdk.sli.adaptors,mdsal-resource-provider,0.4.1
+org.onap.ccsdk.sli.adaptors,resource-assignment-provider,0.4.1
+org.onap.ccsdk.sli.adaptors,sql-resource-provider,0.4.1
+org.onap.ccsdk.sli.core,dblib-provider,0.4.1
+org.onap.ccsdk.sli.core,filters-provider,0.4.1
+org.onap.ccsdk.sli.core,sli-common,0.4.1
+org.onap.ccsdk.sli.core,sli-provider,0.4.1
+org.onap.ccsdk.sli.core,sli-recording,0.4.1
+org.onap.ccsdk.sli.core,sliPluginUtils-provider,0.4.1
+org.onap.ccsdk.sli.core,sliapi-provider,0.4.1
+org.onap.ccsdk.sli.core,utils-provider,0.4.1
+org.onap.ccsdk.sli.northbound,asdcApi-provider,0.4.1
+org.onap.ccsdk.sli.northbound,dataChange-provider,0.4.1
+org.onap.ccsdk.sli.northbound,dmaap-listener,0.4.1
+org.onap.ccsdk.sli.northbound,lcm-provider,0.4.1
+org.onap.ccsdk.sli.northbound,ueb-listener,0.4.1
+org.onap.ccsdk.sli.plugins,fabric-discovery-plugin-provider,0.4.1
+org.onap.ccsdk.sli.plugins,properties-node-provider,0.4.1
+org.onap.ccsdk.sli.plugins,restapi-call-node-provider,0.4.1
org.onap.ccsdk.storage.pgaas,pgaas,1.0.0
org.onap.ccsdk.utils,utils,1.0.0
org.onap.clamp.clds.clamp,clamp,3.0.3
@@ -243,9 +243,9 @@ org.onap.sdc.jtosca,jtosca,1.4.5
org.onap.sdc.sdc-distribution-client,sdc-distribution-client,1.3.0
org.onap.sdc.sdc-titan-cassandra,sdc-titan-cassandra,1.2.0
org.onap.sdc.sdc-tosca,sdc-tosca,1.4.6
-org.onap.sdnc.northbound,generic-resource-api.provider,1.5.0-SNAPSHOT
-org.onap.sdnc.northbound,vnfapi-provider,1.5.0-SNAPSHOT
-org.onap.sdnc.northbound,vnftools-provider,1.5.0-SNAPSHOT
+org.onap.sdnc.northbound,generic-resource-api.provider,1.5.0
+org.onap.sdnc.northbound,vnfapi-provider,1.5.0
+org.onap.sdnc.northbound,vnftools-provider,1.5.0
org.onap.usecase-ui.server,usecase-ui-server,1.2.1
org.onap.vfc.gvnfm.vnflcm.lcm,vfc-gvnfm-vnflcm-lcm,1.2.2
org.onap.vfc.gvnfm.vnfmgr.mgr,vfc-gvnfm-vnfmgr-mgr,1.2.1