aboutsummaryrefslogtreecommitdiffstats
path: root/test
AgeCommit message (Collapse)AuthorFilesLines
2019-09-19k8s: Validate API server certificates and keysPawel Wieczorek3-0/+79
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.22, 1.1.25 - 1.1.26 and 1.1.28). Issue-ID: SECCOM-235 Change-Id: Ic61a796653dc868d20fe69c3ed508e7fa8ba52db Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server Certificate AuthoritiesPawel Wieczorek3-0/+55
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.21, 1.1.29 and 1.1.31). Issue-ID: SECCOM-235 Change-Id: Ia2f55f6962885a7aa878c970a406189902cfab10 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server auditing flagsPawel Wieczorek3-0/+82
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.16 - 1.1.18). Issue-ID: SECCOM-235 Change-Id: I27b63e37fc3203cf3574b9e1cdc43333041f2a36 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server auditing is enabledPawel Wieczorek3-0/+33
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.15). Issue-ID: SECCOM-235 Change-Id: Ia1d27ed7a9e439bb0abf4bd8941bdd4573a50bd5 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Group tests by flag typePawel Wieczorek1-53/+59
Issue-ID: SECCOM-235 Change-Id: I25ebd2930afec6eb259f0a678fffbf7727eb315b Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server not excluded authorization modePawel Wieczorek3-0/+20
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.19). Issue-ID: SECCOM-235 Change-Id: I00c9600fd0d351afb7141a5fa16f348eab67b12d Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-19k8s: Validate API server not excluded admission pluginsPawel Wieczorek3-0/+20
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.14). Issue-ID: SECCOM-235 Change-Id: I63c2f8a5b94bfd6c9963805aae85595e6b6ad6d7 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-18Updates for ssl sdcBrian Freeman2-8/+8
Issue-ID: INT-1265 Change-Id: I64971740c8ae9aee60a06ca1d0e5ff02ccbc9a88 Signed-off-by: Brian Freeman <bf1936@att.com>
2019-09-17Add mr-sim log to consoleecaiyanlinux1-1/+1
Change-Id: I9697360d2ee5b8e95dacdb74a9a1a025a1a45e3c Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech> Issue-ID: DCAEGEN2-1702
2019-09-17k8s: Validate API server included admission pluginsPawel Wieczorek3-1/+164
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.11 - 1.1.13, 1.1.24, 1.1.27, 1.1.33 and 1.1.36). Issue-ID: SECCOM-235 Change-Id: I920bfd42014b8458126be251648f5bf3dcd84c16 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-17k8s: Validate API server excluded admission pluginsPawel Wieczorek3-0/+53
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.1.10). However, CIS Kubernetes Benchmark v1.3.0 mismatches official documentation: Kubernetes 1.10+ already provides safe defaults from security standpoint [1] (ONAP Casablanca uses 1.11). Deprecated admission control plugin flag has also been validated since it was still available in Kubernetes provided by Rancher [2]. [1] https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use [2] https://github.com/rancher/rancher/issues/15064 Issue-ID: SECCOM-235 Change-Id: I0e8fe9f885861f155cb8265df085fa93dbdff6d2 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-17k8s: Add note on release-specific dependenciesPawel Wieczorek1-0/+2
Issue-ID: SECCOM-235 Change-Id: I35d3e3f413542c69718d17ae25f227275270c8cf Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-09-13Refactor healthcheck-k8s.pyBartek Grzybowski1-17/+23
Error reporting was improved by returning actual error message from subprocess call to 'kubectl' command. Code readability was improved by defining a dictionary of endpoint names to check and their IPs. Unsecure 'shell=True' property in Popen constructor for kubectl command in SDNC DB was removed and command string itself sanitized. Overall code readability was improved by reusing common commands in a loop. Change-Id: I19f8f71e27196bb55a9be3d58cd0885ceba3af0c Issue-ID: TEST-213 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-09-13Fix mispelled routine name in vcpe scriptsBartek Grzybowski2-2/+2
headbridge -> heatbridge Change-Id: I49cc3af80b74a9d03612625be2a35e039e6d28e1 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: DOC-549
2019-09-13Remove hardcoded SDNC pod name in vcpe scriptsBartek Grzybowski1-5/+5
Sdnc pod name is set as a property in VcpeCommon class and it should be used across the script. Also removed hardcoded public net prefix in get_pod_node_public_ip and use class property where it's assigned. Change-Id: I0308c808a764ff114fc43591aed34d9695207fe5 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: TEST-212
2019-09-13Fixed Bugs in HPA automtion scriptItohan Ukponmwan2-8/+8
Signed-off-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com> Issue-ID: INT-1137 Change-Id: I89fefb02d7d58453d490499716c581cb66895b59
2019-09-12Better specifying parts supposed to be changedMichal Ptacek1-11/+33
Following params are needed minimum required to be changed or cross-checked when vCPE is tried in different lab Change-Id: I911acc682560c9a727d2e14ae1d4a22206d6e6f8 Issue-ID: TEST-208 Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
2019-09-12Improve external_net_addr property description in vCPE scriptsBartek Grzybowski1-0/+4
Change-Id: Ie06109bb5c62d4132a5db8c6cfeb9d4c297d05a5 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: TEST-208
2019-09-10Fix the error of hpa when create nsyangyan1-6/+6
Change-Id: I6000c83a3a265a185dad8ac8ff90388df88850dd Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-10Update healthcheck-k8s script synopsis in vCPE manualBartek Grzybowski1-5/+4
This reflects changes made in regard of input parameters done in Change-Id: Ib6e2875f351f095bd64acd706a6060e169c54e79 Also contains minor fix for 'namespace' and 'environment' vars usage which are unused otherwise. Change-Id: Ie479400dfa0d61c89a256d4aafb2c2d184f9b935 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: INT-1213
2019-09-09Fix a bug in DFC CSITecaiyanlinux1-1/+4
when mounting a shared volume, the uid:gid is changed automaticlly which could cause potential unstable. Change-Id: If6279489ba0ba3d24fdd6893e02d9babf29d7925 Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
2019-09-09Updated README files and adaptation of consul/cbs configmaximesson54-582/+582
Change-Id: I81494f56978a3d0ff06ec0d66968f33f08114103 Issue-ID: DCAEGEN2-1719 Signed-off-by: maximesson <maxime.bonneau@est.tech>
2019-09-09Fix the bug of cli command error when onboard nsyangyan2-1/+3
Change-Id: I832a1cbbbf8b882089f941033fdc2acefce7e387 Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-09Fix bug of cli command error when onboard vnfyangyan2-2/+4
Change-Id: I25ca6c5a2cdf6eaca44cdcdb3f94e55c6bad899a Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-09Fix invalid string error of vnf onboardyangyan1-1/+1
Change-Id: I1f0077554db7d37ed33c45cbc68d8fb554339539 Issue-ID: INT-1239 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
2019-09-06SNDC preload change (http to https, 30202 to 30267)Rene_Robert1-1/+1
Issue-ID: DOC-542 Signed-off-by: Rene_Robert <rene.robert@orange.com> Change-Id: Ice1fc5853d9ad31e79ea8e941a8b053589b80a30
2019-08-30Integrating DfC to use TLS sidecar containerecaiyanlinux15-113/+115
Change-Id: I111bc5596346db70923645dcfe79af3e639c978c Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
2019-08-29Add tls-init-container to simulatorecaiyanlinux29-173/+236
1.replace dr-sim/dr-redir-sim cert/key 2.update mr-sim, make it support https 3.update ftpes cert/key Change-Id: I7bbde98f352d1e7d7c8775acf3d8af89a6ef7bdc Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
2019-08-27Add comment about how to get cluster-ipsonggongjun1-0/+1
Issue-ID: INT-1227 Signed-off-by: songgongjun <gongjun.song@intel.com> Change-Id: I40a261079330ca00b9eb15d431fb3b7ae4c319cb
2019-08-20Making environment name configurable in vcpe healthcheckMichal Ptacek1-11/+26
Improving handling of arguments in healthcheck-k8s.py, making environment name configurable. Issue-ID: INT-1213 Change-Id: Ib6e2875f351f095bd64acd706a6060e169c54e79 Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
2019-08-15Simulator integration for CSIT of generalized DfCTamasBakai8-19/+43
Issue-ID: DCAEGEN2-1719 Change-Id: I963cfaef30bc4e85d76fecddd310f091e8c00bd0 Signed-off-by: TamasBakai <tamas.bakai@est.tech>
2019-08-14Add onboarding package for pnf simwsliwka8-3/+265
Issue-ID: INT-1134 Signed-off-by: wsliwka <wojciech.sliwka@nokia.com> Change-Id: I4a23e51b5e46f04d0299b1bb997f572ec828e616
2019-08-07k8s: Add Makefile targets for testingPawel Wieczorek2-3/+19
Issue-ID: SECCOM-235 Change-Id: I6ac5f3c160f1cd1d8faac90576ab943d4ed213a5 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-08-07k8s: Add Makefile targets for external dependenciesPawel Wieczorek2-4/+20
Building "check" binary now requires several external dependencies. To minimize setup effort, convenience make targets were provided. Issue-ID: SECCOM-235 Change-Id: Iec74c0652a5ed3a90d4504216b00ef20bdb7e81f Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-08-07k8s: Add support for RKE-deployed clustersPawel Wieczorek3-1/+232
RKE is used as a Kubernetes cluster deployment method from ONAP Dublin release. RKE cluster definition is used to get access to necessary information. Issue-ID: SECCOM-235 Change-Id: I588598011ea746b5f7ba327a48f1cea605e56d31 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-08-07k8s: Add test cases for Dublin API serverPawel Wieczorek1-0/+56
Issue-ID: SECCOM-235 Change-Id: Ie6d43b9db767f191f883a2912916bc8abf9d3ad6 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-08-07k8s: Unify order of API server test casesPawel Wieczorek1-1/+1
So far CIS-compliant configuration has been validated first unless configuration used in ONAP release did not pass given benchmark. Issue-ID: SECCOM-235 Change-Id: Ibdb523ab7ab6b8285757719721f75aca57beeb82 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-08-07Pnfsimulator-docker push configurationTomasz Golabek2-8/+4
New configuration for pnfsimulator and netconfsimulator added for docker builds. Version of maven docker plugin downgraded to 1.0.0 Single tag added to images Change-Id: Ia0e38b2c65e943614c7463d7889a7ca0b1aa0517 Issue-ID: INT-1134 Signed-off-by: Tomasz Golabek <tomasz.golabek@nokia.com>
2019-07-31k8s: Make ONAP context default for kubectlPawel Wieczorek1-1/+12
This patch uses previously added alias for kubectl context switching in case it is needed as a template for other contexts as well. Issue-ID: SECCOM-235 Change-Id: Ie92641ee3763a027cd74dd21bf4364a2d796eb1d Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-07-31k8s: Silence package manager and make it noninteractivePawel Wieczorek2-6/+20
This patch sets debconf frontend to noninteractive by including additional field in the first stanza of configuration file. Its placement has been chosen arbitrarily - both 'Config' and 'Templates' fields "are required in this first stanza" [1]. It also makes symlinking script more generic. [1] man 5 debconf.conf (provided by "debconf-doc" in Ubuntu) Issue-ID: SECCOM-235 Change-Id: If9dcc712d1ff7f527d3bc59f4c1709cffe4cbda5 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-07-31k8s: Add kubectl provisioners (downloading and setting up)Pawel Wieczorek4-3/+91
Setting up kubectl depends on presence of K8s cluster post-deployment artifacts, hence it's disabled by default. Relevant information added to post-up message. This patch also removes unneeded curly braces from "tools/dublin/get_rke.sh" script. Issue-ID: SECCOM-235 Change-Id: I917ebbda588639f0941e16c65759430a7a1e64ff Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-07-31k8s: Make operator machine destruction gracefulPawel Wieczorek1-0/+5
Issue-ID: SECCOM-235 Change-Id: I9913d9a8f525b4b9582bf821008dd567258a719c Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-07-31k8s: Add post-up message for actual cluster creationPawel Wieczorek1-0/+4
Issue-ID: SECCOM-235 Change-Id: I8f9d4362da50a8b3f2aa1baf3633d818da2ed3a5 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-07-30Issue-ID: INT-1178Rene_Robert12-1860/+4393
updated Postman collection for Dublin Signed-off-by: Rene_Robert <rene.robert@orange.com> Change-Id: I94b9180e86b96f75780854211da67d85acc90d48
2019-07-29k8s: Allow Dublin cluster creation using RKEPawel Wieczorek2-6/+75
This patch adds sample cluster.yml which is based on Dublin cluster configuration file [1]. Main difference is in avoiding repetition by using anchors and alias nodes. Actual cluster creation provisioner is disabled by default because 'control' and 'worker' nodes might not be ready yet. [1] https://docs.onap.org/en/dublin/_downloads/27934fe702048777f312d77dc30cd05a/cluster.yml Issue-ID: SECCOM-235 Change-Id: Ibba0e754ba87e334cdaa61de83e48107f91083d9 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-07-26k8s: Extract hardcoded synced folder for dotfilesPawel Wieczorek1-4/+13
Issue-ID: SECCOM-235 Change-Id: I85efb88476cb1d6bfaee44b6bcd6275477e77ba5 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-07-26k8s: Use named provisionersPawel Wieczorek1-11/+11
This not only makes testing easier, but also allows better control over VM provisioning after its creation. Issue-ID: SECCOM-235 Change-Id: I29ab3ed46976267e1043c2f61f56578f2c5d7a57 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-07-26k8s: Add simple logging to provisioning scriptsPawel Wieczorek1-1/+9
Issue-ID: SECCOM-235 Change-Id: Iaeb4b3e621f09ea14b9576126223e4df4b8682f3 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-07-26k8s: Unify provisioning scriptsPawel Wieczorek1-11/+19
This patch: * removes remaining string interpolation (for future script reuse), * makes DNS replacement provisioner always run. This way VM definition is more concise and resilient. Issue-ID: SECCOM-235 Change-Id: I382dae5e256b46577c4c8af3aa45ab4d64d1b2b9 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-07-26k8s: Remove repetition from provisioning scriptsPawel Wieczorek1-2/+7
Issue-ID: SECCOM-235 Change-Id: If286ba074ee74c43705197a30c50322d5162e6fc Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>