summaryrefslogtreecommitdiffstats
path: root/test
AgeCommit message (Collapse)AuthorFilesLines
2019-10-01k8s: Validate controller manager flags requiring specific valuesPawel Wieczorek3-1/+60
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.3.2 - 1.3.3 and 1.3.6). Issue-ID: SECCOM-235 Change-Id: I9c2921faf40ad9445e983f2b9bd0610e556cfe15 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-10-01(WIP)Fix automation issues due to cli changeRuoyu Ying2-46/+57
Fix several changes due to cli change Issue-ID: INT-1289 Signed-off-by: Ruoyu Ying <ruoyu.ying@intel.com> Change-Id: Ib07d9be8ace77270046c8aa02f162a9ad7994370
2019-10-01Refactor setup script for preparing vCPE tools runtime envBartek Grzybowski1-12/+37
Script is now more generic and allows proper setup of vcpe scripts runtime environment on Ubuntu 16.04/18.04 and on Centos/Rhel 7.6. Change-Id: I7b7d944f5a6a7a9dc45921082f908a1f8aa185a1 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: TEST-203
2019-09-30k8s: Resolve Docker response formatting issuePawel Wieczorek2-0/+18
Checker collects information on cluster by Docker queries: $ docker ps ARGS... # Casablanca $ docker inspect ARGS... # Dublin Arrays of values are then filtered from those. They include: * opening bracket ('['), * closing bracket (']'), * new line. Additional characters affect check results if last flag (including "]\n") requires specific value. Issue-ID: SECCOM-235 Change-Id: I6838342b7e2ecdc44a47ffe02286266003e0b4d3 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-30k8s: Resolve address conflicts in virtual environmentsPawel Wieczorek3-7/+7
Running Casablanca and Dublin virtual environments at the same time led to networking issues - the same IP had been assigned to cluster nodes. Issue-ID: SECCOM-235 Change-Id: I2a59d023115326f5b132782a32190fd8f7dc1f48 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-27k8s: Validate controller manager address flagPawel Wieczorek5-1/+98
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.3.7). Issue-ID: SECCOM-235 Change-Id: Id3f4bcb9a506dae3c7c0a884ad6c704dfae2a6d8 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-27k8s: Add controller manager information collectionPawel Wieczorek4-2/+27
Issue-ID: SECCOM-235 Change-Id: Ieceb6337f935e6a5a6b94248ccf072229116510a Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-27k8s: Validate scheduler flagsPawel Wieczorek5-1/+101
Issue-ID: SECCOM-235 Change-Id: I61df142e99a7f1da335471acab88e5a47d72df15 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-27k8s: Add scheduler information collectionPawel Wieczorek4-2/+27
Issue-ID: SECCOM-235 Change-Id: I7da645737440172d3cf11f33069daa2697f83056 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-27k8s: Extract common validators for DRY codePawel Wieczorek3-205/+232
Issue-ID: SECCOM-235 Change-Id: Ic5997b67d0512bea51c3b4a4c71805987fa6f011 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-27k8s: Extract common interface to simplify developmentPawel Wieczorek5-81/+142
Common command and service name extraction is intended to limit execution to small set of allowed processes. This patch also drops unnecessary use of "Kubernetes" name because this whole subproject concerns its clusters. Issue-ID: SECCOM-235 Change-Id: I8babfeb4f24cf3baa4d236ca622c21170ab6205e Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-26k8s: Change default cluster access method choice logicPawel Wieczorek1-1/+6
Previous way of choosing it led to impractical calls, e.g. $ ./check -rke # (works fine) $ ./check -ranchercli # "Not supported." $ ./check -ranchercli -rke=false # (works fine) Disabling default cluster access method is no longer necessary. Issue-ID: SECCOM-235 Change-Id: I2b4d5bff10c5470e567351abeac0431bed3b7938 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-26k8s: Declutter checker by dividing it into smaller packagesPawel Wieczorek5-52/+64
Issue-ID: SECCOM-235 Change-Id: I7d4efd08b8c0258f2f9c33772bf1b1b02cedebfa Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-26k8s: Call correct methods for API server auditing flags validationPawel Wieczorek1-3/+3
Issue-ID: SECCOM-235 Change-Id: Ia5d75628b1c5211f378c239f84e9689d45697a04 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-26k8s: Validate API server request timeoutPawel Wieczorek3-0/+39
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.38). Issue-ID: SECCOM-235 Change-Id: Ic1f175d577c79013ddb49e02b8de69137535c964 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-26k8s: Validate API server included authorization modePawel Wieczorek3-2/+19
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.32). It also fixes wrong documentation comment for similar validator (1.1.19). Issue-ID: SECCOM-235 Change-Id: I00cb8a458871b091b16fe60fc0087b7972aa3b6b Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-26k8s: Validate API server crypto ciphers in usePawel Wieczorek3-0/+31
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.30). It also covers its duplicate (1.1.39). Issue-ID: SECCOM-235 Change-Id: I0f3031c080cf225e7c2c03e65dd0bfc780326307 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-25Fix hashbang in vCPE Python scriptsBartek Grzybowski12-13/+15
Change-Id: Id2b7ec151e1a006a5a85b8544e478fd9cf282715 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: TEST-220
2019-09-25Automate vCPE closed loop policy pushingBartek Grzybowski4-10/+105
Added a library routine to set up CL policy in an idempotent fashion. Description of CL pushing related manual step was removed from documentation. Change-Id: I1fad5d71481252ce803dd58c6ccbbcfa0a4d246f Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: INT-1267
2019-09-24add terminate and del function to hpy_automation scriptsyangyan1-0/+24
Change-Id: Ie669261bde3723d892706d3d767c08b325afc3e0 Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-20fix the typo error of hpy_automation scriptsyangyan1-2/+2
Change-Id: I27b43d63042bdb46f1ff362335a26bf6726674a0 Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-20SDNC SSL port, BRG category, DEBUGBrian Freeman2-7/+9
Issue-ID: INT-1265 Change-Id: I4ea7bf282b7d8aad58645784317dea9edf373cff Signed-off-by: Brian Freeman <bf1936@att.com>
2019-09-19k8s: Validate API server certificates and keysPawel Wieczorek3-0/+79
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.22, 1.1.25 - 1.1.26 and 1.1.28). Issue-ID: SECCOM-235 Change-Id: Ic61a796653dc868d20fe69c3ed508e7fa8ba52db Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server Certificate AuthoritiesPawel Wieczorek3-0/+55
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.21, 1.1.29 and 1.1.31). Issue-ID: SECCOM-235 Change-Id: Ia2f55f6962885a7aa878c970a406189902cfab10 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server auditing flagsPawel Wieczorek3-0/+82
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.16 - 1.1.18). Issue-ID: SECCOM-235 Change-Id: I27b63e37fc3203cf3574b9e1cdc43333041f2a36 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server auditing is enabledPawel Wieczorek3-0/+33
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.15). Issue-ID: SECCOM-235 Change-Id: Ia1d27ed7a9e439bb0abf4bd8941bdd4573a50bd5 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Group tests by flag typePawel Wieczorek1-53/+59
Issue-ID: SECCOM-235 Change-Id: I25ebd2930afec6eb259f0a678fffbf7727eb315b Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server not excluded authorization modePawel Wieczorek3-0/+20
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.19). Issue-ID: SECCOM-235 Change-Id: I00c9600fd0d351afb7141a5fa16f348eab67b12d Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server not excluded admission pluginsPawel Wieczorek3-0/+20
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.14). Issue-ID: SECCOM-235 Change-Id: I63c2f8a5b94bfd6c9963805aae85595e6b6ad6d7 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-18Updates for ssl sdcBrian Freeman2-8/+8
Issue-ID: INT-1265 Change-Id: I64971740c8ae9aee60a06ca1d0e5ff02ccbc9a88 Signed-off-by: Brian Freeman <bf1936@att.com>
2019-09-17Add mr-sim log to consoleecaiyanlinux1-1/+1
Change-Id: I9697360d2ee5b8e95dacdb74a9a1a025a1a45e3c Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech> Issue-ID: DCAEGEN2-1702
2019-09-17k8s: Validate API server included admission pluginsPawel Wieczorek3-1/+164
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.11 - 1.1.13, 1.1.24, 1.1.27, 1.1.33 and 1.1.36). Issue-ID: SECCOM-235 Change-Id: I920bfd42014b8458126be251648f5bf3dcd84c16 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-17k8s: Validate API server excluded admission pluginsPawel Wieczorek3-0/+53
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.10). However, CIS Kubernetes Benchmark v1.3.0 mismatches official documentation: Kubernetes 1.10+ already provides safe defaults from security standpoint [1] (ONAP Casablanca uses 1.11). Deprecated admission control plugin flag has also been validated since it was still available in Kubernetes provided by Rancher [2]. [1] https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use [2] https://github.com/rancher/rancher/issues/15064 Issue-ID: SECCOM-235 Change-Id: I0e8fe9f885861f155cb8265df085fa93dbdff6d2 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-17k8s: Add note on release-specific dependenciesPawel Wieczorek1-0/+2
Issue-ID: SECCOM-235 Change-Id: I35d3e3f413542c69718d17ae25f227275270c8cf Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-13Refactor healthcheck-k8s.pyBartek Grzybowski1-17/+23
Error reporting was improved by returning actual error message from subprocess call to 'kubectl' command. Code readability was improved by defining a dictionary of endpoint names to check and their IPs. Unsecure 'shell=True' property in Popen constructor for kubectl command in SDNC DB was removed and command string itself sanitized. Overall code readability was improved by reusing common commands in a loop. Change-Id: I19f8f71e27196bb55a9be3d58cd0885ceba3af0c Issue-ID: TEST-213 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-09-13Fix mispelled routine name in vcpe scriptsBartek Grzybowski2-2/+2
headbridge -> heatbridge Change-Id: I49cc3af80b74a9d03612625be2a35e039e6d28e1 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: DOC-549
2019-09-13Remove hardcoded SDNC pod name in vcpe scriptsBartek Grzybowski1-5/+5
Sdnc pod name is set as a property in VcpeCommon class and it should be used across the script. Also removed hardcoded public net prefix in get_pod_node_public_ip and use class property where it's assigned. Change-Id: I0308c808a764ff114fc43591aed34d9695207fe5 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: TEST-212
2019-09-13Fixed Bugs in HPA automtion scriptItohan Ukponmwan2-8/+8
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com> Issue-ID: INT-1137 Change-Id: I89fefb02d7d58453d490499716c581cb66895b59
2019-09-12Better specifying parts supposed to be changedMichal Ptacek1-11/+33
Following params are needed minimum required to be changed or cross-checked when vCPE is tried in different lab Change-Id: I911acc682560c9a727d2e14ae1d4a22206d6e6f8 Issue-ID: TEST-208 Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
2019-09-12Improve external_net_addr property description in vCPE scriptsBartek Grzybowski1-0/+4
Change-Id: Ie06109bb5c62d4132a5db8c6cfeb9d4c297d05a5 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: TEST-208
2019-09-10Fix the error of hpa when create nsyangyan1-6/+6
Change-Id: I6000c83a3a265a185dad8ac8ff90388df88850dd Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-10Update healthcheck-k8s script synopsis in vCPE manualBartek Grzybowski1-5/+4
This reflects changes made in regard of input parameters done in Change-Id: Ib6e2875f351f095bd64acd706a6060e169c54e79 Also contains minor fix for 'namespace' and 'environment' vars usage which are unused otherwise. Change-Id: Ie479400dfa0d61c89a256d4aafb2c2d184f9b935 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: INT-1213
2019-09-09Fix a bug in DFC CSITecaiyanlinux1-1/+4
when mounting a shared volume, the uid:gid is changed automaticlly which could cause potential unstable. Change-Id: If6279489ba0ba3d24fdd6893e02d9babf29d7925 Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
2019-09-09Updated README files and adaptation of consul/cbs configmaximesson54-582/+582
Change-Id: I81494f56978a3d0ff06ec0d66968f33f08114103 Issue-ID: DCAEGEN2-1719 Signed-off-by: maximesson <maxime.bonneau@est.tech>
2019-09-09Fix the bug of cli command error when onboard nsyangyan2-1/+3
Change-Id: I832a1cbbbf8b882089f941033fdc2acefce7e387 Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-09Fix bug of cli command error when onboard vnfyangyan2-2/+4
Change-Id: I25ca6c5a2cdf6eaca44cdcdb3f94e55c6bad899a Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-09Fix invalid string error of vnf onboardyangyan1-1/+1
Change-Id: I1f0077554db7d37ed33c45cbc68d8fb554339539 Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-06SNDC preload change (http to https, 30202 to 30267)Rene_Robert1-1/+1
Issue-ID: DOC-542 Signed-off-by: Rene_Robert <rene.robert@orange.com> Change-Id: Ice1fc5853d9ad31e79ea8e941a8b053589b80a30
2019-08-30Integrating DfC to use TLS sidecar containerecaiyanlinux15-113/+115
Change-Id: I111bc5596346db70923645dcfe79af3e639c978c Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
2019-08-29Add tls-init-container to simulatorecaiyanlinux29-173/+236
1.replace dr-sim/dr-redir-sim cert/key 2.update mr-sim, make it support https 3.update ftpes cert/key Change-Id: I7bbde98f352d1e7d7c8775acf3d8af89a6ef7bdc Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>