aboutsummaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/security/sslendpoints/main.go13
-rw-r--r--test/security/sslendpoints/ports/ports.go17
-rw-r--r--test/security/sslendpoints/ports/ports_test.go118
3 files changed, 148 insertions, 0 deletions
diff --git a/test/security/sslendpoints/main.go b/test/security/sslendpoints/main.go
index 44f250940..68d11b361 100644
--- a/test/security/sslendpoints/main.go
+++ b/test/security/sslendpoints/main.go
@@ -34,6 +34,19 @@ func main() {
log.Panicf("Unable to build client: %v", err)
}
+ // get list of nodes to extract addresses for running scan
+ nodes, err := clientset.CoreV1().Nodes().List(metav1.ListOptions{})
+ if err != nil {
+ log.Panicf("Unable to get list of nodes: %v", err)
+ }
+
+ // filter out addresses for running scan
+ addresses, ok := ports.FilterIPAddresses(nodes)
+ if !ok {
+ log.Println("There are no IP addresses to run scan")
+ os.Exit(0)
+ }
+
// get list of services to extract nodeport information
services, err := clientset.CoreV1().Services("").List(metav1.ListOptions{})
if err != nil {
diff --git a/test/security/sslendpoints/ports/ports.go b/test/security/sslendpoints/ports/ports.go
index 823e07531..a80fb782c 100644
--- a/test/security/sslendpoints/ports/ports.go
+++ b/test/security/sslendpoints/ports/ports.go
@@ -16,3 +16,20 @@ func FilterNodePorts(services *v1.ServiceList) (map[uint16]string, bool) {
}
return nodeports, len(nodeports) > 0
}
+
+// FilterIPAddresses extracts IP addresses from NodeList.
+// External IP addresses take precedence over internal ones.
+func FilterIPAddresses(nodes *v1.NodeList) ([]string, bool) {
+ addresses := make([]string, 0)
+ for _, node := range nodes.Items {
+ for _, address := range node.Status.Addresses {
+ switch address.Type {
+ case "InternalIP":
+ addresses = append(addresses, address.Address)
+ case "ExternalIP":
+ addresses = append([]string{address.Address}, addresses...)
+ }
+ }
+ }
+ return addresses, len(addresses) > 0
+}
diff --git a/test/security/sslendpoints/ports/ports_test.go b/test/security/sslendpoints/ports/ports_test.go
index 1078db162..0480b71af 100644
--- a/test/security/sslendpoints/ports/ports_test.go
+++ b/test/security/sslendpoints/ports/ports_test.go
@@ -20,6 +20,12 @@ var _ = Describe("Ports", func() {
serviceR = "serviceR"
serviceL = "serviceL"
serviceZ = "serviceZ"
+
+ externalIpControl = "1.2.3.4"
+ internalIpControl = "192.168.121.100"
+ internalIpWorker = "192.168.121.200"
+ hostnameControl = "onap-control-1"
+ hostnameWorker = "onap-worker-1"
)
var (
@@ -30,6 +36,12 @@ var _ = Describe("Ports", func() {
servicesManyWithNodePort *v1.ServiceList
servicesManyWithMultipleNodePorts *v1.ServiceList
servicesManyMixedNodePorts *v1.ServiceList
+
+ nodesEmpty *v1.NodeList
+ nodesSingleWithIP *v1.NodeList
+ nodesSingleWithBothIPs *v1.NodeList
+ nodesManyWithHostnames *v1.NodeList
+ nodesManyWithMixedIPs *v1.NodeList
)
BeforeEach(func() {
@@ -148,6 +160,72 @@ var _ = Describe("Ports", func() {
},
},
}
+
+ nodesEmpty = &v1.NodeList{}
+ nodesSingleWithIP = &v1.NodeList{
+ Items: []v1.Node{
+ v1.Node{
+ Status: v1.NodeStatus{
+ Addresses: []v1.NodeAddress{
+ v1.NodeAddress{Type: "InternalIP", Address: internalIpControl},
+ v1.NodeAddress{Type: "Hostname", Address: hostnameControl},
+ },
+ },
+ },
+ },
+ }
+ nodesSingleWithBothIPs = &v1.NodeList{
+ Items: []v1.Node{
+ v1.Node{
+ Status: v1.NodeStatus{
+ Addresses: []v1.NodeAddress{
+ v1.NodeAddress{Type: "ExternalIP", Address: externalIpControl},
+ v1.NodeAddress{Type: "InternalIP", Address: internalIpControl},
+ v1.NodeAddress{Type: "Hostname", Address: hostnameControl},
+ },
+ },
+ },
+ },
+ }
+ nodesManyWithHostnames = &v1.NodeList{
+ Items: []v1.Node{
+ v1.Node{
+ Status: v1.NodeStatus{
+ Addresses: []v1.NodeAddress{
+ v1.NodeAddress{Type: "Hostname", Address: hostnameControl},
+ },
+ },
+ },
+ v1.Node{
+ Status: v1.NodeStatus{
+ Addresses: []v1.NodeAddress{
+ v1.NodeAddress{Type: "Hostname", Address: hostnameWorker},
+ },
+ },
+ },
+ },
+ }
+ nodesManyWithMixedIPs = &v1.NodeList{
+ Items: []v1.Node{
+ v1.Node{
+ Status: v1.NodeStatus{
+ Addresses: []v1.NodeAddress{
+ v1.NodeAddress{Type: "ExternalIP", Address: externalIpControl},
+ v1.NodeAddress{Type: "InternalIP", Address: internalIpControl},
+ v1.NodeAddress{Type: "Hostname", Address: hostnameControl},
+ },
+ },
+ },
+ v1.Node{
+ Status: v1.NodeStatus{
+ Addresses: []v1.NodeAddress{
+ v1.NodeAddress{Type: "InternalIP", Address: internalIpWorker},
+ v1.NodeAddress{Type: "Hostname", Address: hostnameWorker},
+ },
+ },
+ },
+ },
+ }
})
Describe("NodePorts extraction", func() {
@@ -211,4 +289,44 @@ var _ = Describe("Ports", func() {
})
})
})
+
+ Describe("IP addresses extraction", func() {
+ Context("With empty node list", func() {
+ It("should report no IP addresses", func() {
+ addresses, ok := FilterIPAddresses(nodesEmpty)
+ Expect(ok).To(BeFalse())
+ Expect(addresses).To(BeEmpty())
+ })
+ })
+ Context("With nodes using only hostnames", func() {
+ It("should report no IP addresses", func() {
+ addresses, ok := FilterIPAddresses(nodesManyWithHostnames)
+ Expect(ok).To(BeFalse())
+ Expect(addresses).To(BeEmpty())
+ })
+ })
+ Context("With node using only internal IP", func() {
+ It("should report internal IP", func() {
+ expected := []string{internalIpControl}
+ addresses, ok := FilterIPAddresses(nodesSingleWithIP)
+ Expect(ok).To(BeTrue())
+ Expect(addresses).To(Equal(expected))
+ })
+ })
+ Context("With node in the cloud", func() {
+ It("should report all IPs in correct order", func() {
+ expected := []string{externalIpControl, internalIpControl}
+ addresses, ok := FilterIPAddresses(nodesSingleWithBothIPs)
+ Expect(ok).To(BeTrue())
+ Expect(addresses).To(Equal(expected))
+ })
+ })
+ Context("With nodes in the mixed cloud", func() {
+ It("should report external IP as the first one", func() {
+ addresses, ok := FilterIPAddresses(nodesManyWithMixedIPs)
+ Expect(ok).To(BeTrue())
+ Expect(addresses[0]).To(Equal(externalIpControl))
+ })
+ })
+ })
})