From 600bce340bda372151b4120d89c854f2decc3a93 Mon Sep 17 00:00:00 2001 From: Pawel Wieczorek Date: Tue, 25 Feb 2020 13:36:59 +0100 Subject: Add NodePorts filtering with development environment basis This patch has not made "sslendpoints" fully compatible with "check_for_nonssl_endpoints.sh" script yet. It sets up basic development environment for Golang-based checkers, though. Tool output will be added to the README after reaching full compatibility with previous (script) version. Development environment brought by this patch is heavily based on: https://github.com/SamsungSLAV/boruta Issue-ID: SECCOM-261 Change-Id: I8f035b63bea13785c40971ede5fdbbc9b6810168 Signed-off-by: Pawel Wieczorek --- test/security/sslendpoints/.dockerignore | 5 + test/security/sslendpoints/.gitignore | 2 + test/security/sslendpoints/Dockerfile | 11 ++ test/security/sslendpoints/Makefile | 39 ++++ test/security/sslendpoints/README | 63 +++++- test/security/sslendpoints/go.mod | 15 ++ test/security/sslendpoints/go.sum | 166 ++++++++++++++++ test/security/sslendpoints/main.go | 51 +++++ test/security/sslendpoints/ports/ports.go | 18 ++ .../sslendpoints/ports/ports_suite_test.go | 13 ++ test/security/sslendpoints/ports/ports_test.go | 214 +++++++++++++++++++++ 11 files changed, 592 insertions(+), 5 deletions(-) create mode 100644 test/security/sslendpoints/.dockerignore create mode 100644 test/security/sslendpoints/.gitignore create mode 100644 test/security/sslendpoints/Dockerfile create mode 100644 test/security/sslendpoints/Makefile create mode 100644 test/security/sslendpoints/go.mod create mode 100644 test/security/sslendpoints/go.sum create mode 100644 test/security/sslendpoints/main.go create mode 100644 test/security/sslendpoints/ports/ports.go create mode 100644 test/security/sslendpoints/ports/ports_suite_test.go create mode 100644 test/security/sslendpoints/ports/ports_test.go diff --git a/test/security/sslendpoints/.dockerignore b/test/security/sslendpoints/.dockerignore new file mode 100644 index 000000000..7bc4c9048 --- /dev/null +++ b/test/security/sslendpoints/.dockerignore @@ -0,0 +1,5 @@ +.git* +.dockerignore +Dockerfile +Makefile +bin/ diff --git a/test/security/sslendpoints/.gitignore b/test/security/sslendpoints/.gitignore new file mode 100644 index 000000000..035097d0f --- /dev/null +++ b/test/security/sslendpoints/.gitignore @@ -0,0 +1,2 @@ +# No binaries should be committed. +/bin/ diff --git a/test/security/sslendpoints/Dockerfile b/test/security/sslendpoints/Dockerfile new file mode 100644 index 000000000..415101e44 --- /dev/null +++ b/test/security/sslendpoints/Dockerfile @@ -0,0 +1,11 @@ +FROM golang:1.13.8 AS build + +WORKDIR /opt/onap.local/sslendpoints +COPY . /opt/onap.local/sslendpoints +RUN go mod download +RUN CGO_ENABLED=0 go build -ldflags '-extldflags "-static"' + +FROM scratch +COPY --from=build /opt/onap.local/sslendpoints/sslendpoints /bin/sslendpoints +ENTRYPOINT ["/bin/sslendpoints"] +CMD ["--help"] diff --git a/test/security/sslendpoints/Makefile b/test/security/sslendpoints/Makefile new file mode 100644 index 000000000..2d6308826 --- /dev/null +++ b/test/security/sslendpoints/Makefile @@ -0,0 +1,39 @@ +BUILD_DIR = bin +BUILD_DOCKER_IMAGE = sslendpoints-build-img +BUILD_DOCKER_CONTAINER = sslendpoints-build +BINARIES = sslendpoints +BINARIES := $(addprefix ${BUILD_DIR}/, ${BINARIES}) + +.PHONY: all +all: docker-build + +.PHONY: clean +clean: clean-docker-build clean-build + +.PHONY: docker-build +docker-build: ${BINARIES} + docker rm "${BUILD_DOCKER_CONTAINER}" + +${BINARIES}: docker-container | ${BUILD_DIR} + docker cp "${BUILD_DOCKER_CONTAINER}:/$@" $@ + +.PHONY: docker-container +docker-container: docker-build-img + docker create --name "${BUILD_DOCKER_CONTAINER}" "${BUILD_DOCKER_IMAGE}" + +.PHONY: docker-build-img +docker-build-img: + docker build --tag "${BUILD_DOCKER_IMAGE}" . + +${BUILD_DIR}: + mkdir -p "${BUILD_DIR}" + +.PHONY: clean-docker-build +clean-docker-build: + -docker rm "${BUILD_DOCKER_CONTAINER}" + -docker rmi "${BUILD_DOCKER_IMAGE}" + +.PHONY: clean-build +clean-build: + -rm -f ${BINARIES} + -rmdir ${BUILD_DIR} diff --git a/test/security/sslendpoints/README b/test/security/sslendpoints/README index fc0e37a1b..ffedb11d1 100644 --- a/test/security/sslendpoints/README +++ b/test/security/sslendpoints/README @@ -11,21 +11,56 @@ Prerequisites Configuration ~~~~~~~~~~~~~ -Mandatory -+++++++++ - -Optional -++++++++ +``-kubeconfig`` + Optional unless ``$HOME`` is not set. Defaults to ``$HOME/.kube/config``. Build (local) ~~~~~~~~~~~~~ +- go_ (1.11+, tested on 1.13) + +.. _go: https://golang.org/doc/install + Build (Docker) ~~~~~~~~~~~~~~ +- Docker_ engine +- make (optional) + +.. _Docker: https://docs.docker.com/install + Test ~~~~ +- Ginkgo_ +- GolangCI-Lint_ (optional) + +.. _Ginkgo: https://onsi.github.io/ginkgo/#getting-ginkgo +.. _GolangCI-Lint: https://github.com/golangci/golangci-lint#install + +Building +-------- + +Command (local) +~~~~~~~~~~~~~~~ + +.. code-block:: shell + + $ mkdir bin + $ go build -o bin/sslendpoints + +Additional ``bin`` directory and specifying ``go build`` output are used to +declutter project and maintain compatibility with Docker-based process. Running +``go build`` without parameters will create ``sslendpoints`` binary in current +directory. + +Command (Docker) +~~~~~~~~~~~~~~~~ + +.. code-block:: shell + + $ make # or commands from corresponding "make" targets + Running ------- @@ -33,12 +68,30 @@ Running Command (local) ~~~~~~~~~~~~~~~ +.. code-block:: shell + + $ bin/sslendpoints [-kubeconfig KUBECONFIG] + Command (Docker) ~~~~~~~~~~~~~~~~ +.. code-block:: shell + + $ docker run --rm --volume $KUBECONFIG:/.kube/config \ + sslendpoints-build-img /bin/sslendpoints + + $ docker run --rm --volume $KUBECONFIG:/opt/config \ + sslendpoints-build-img /bin/sslendpoints -kubeconfig /opt/config + Output ~~~~~~ Testing ------- + +.. code-block:: shell + + $ go test ./... # basic + $ ginkgo -r # pretty + $ golangci-lint run # linters diff --git a/test/security/sslendpoints/go.mod b/test/security/sslendpoints/go.mod new file mode 100644 index 000000000..1d9905efa --- /dev/null +++ b/test/security/sslendpoints/go.mod @@ -0,0 +1,15 @@ +module onap.local/sslendpoints + +go 1.13 + +require ( + github.com/imdario/mergo v0.3.8 // indirect + github.com/onsi/ginkgo v1.10.1 + github.com/onsi/gomega v1.7.0 + golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect + golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect + k8s.io/api v0.17.3 + k8s.io/apimachinery v0.17.3 + k8s.io/client-go v0.0.0-20190819141724-e14f31a72a77 + k8s.io/utils v0.0.0-20200124190032-861946025e34 // indirect +) diff --git a/test/security/sslendpoints/go.sum b/test/security/sslendpoints/go.sum new file mode 100644 index 000000000..d0577b3e1 --- /dev/null +++ b/test/security/sslendpoints/go.sum @@ -0,0 +1,166 @@ +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/Azure/go-autorest v11.1.2+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= +github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/evanphx/json-patch v0.0.0-20190203023257-5858425f7550/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= +github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= +github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= +github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= +github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I= +github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/google/btree v0.0.0-20160524151835-7d79101e329e/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= +github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= +github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d h1:7XGaL1e6bYS1yIonGp9761ExpPPV1ui0SAC59Yube9k= +github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/gophercloud/gophercloud v0.0.0-20190126172459-c818fa66e4c8/go.mod h1:3WdhXV3rUYy9p6AUW8d94kr+HS62Y4VL9mBnFxsD8q4= +github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.8 h1:CGgOkSJeqMRmt0D9XLWExdT4m4F1vd3FV3VPt+0VxkQ= +github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok= +github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo= +github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME= +github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190812203447-cdfb69ac37fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI= +golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456 h1:ng0gs1AKnRRuEMZoTLLlbOd+C17zUDepwGQBb/n+JVg= +golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/time v0.0.0-20161028155119-f51c12702a4d/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +k8s.io/api v0.0.0-20190819141258-3544db3b9e44/go.mod h1:AOxZTnaXR/xiarlQL0JUfwQPxjmKDvVYoRp58cA7lUo= +k8s.io/api v0.17.3 h1:XAm3PZp3wnEdzekNkcmj/9Y1zdmQYJ1I4GKSBBZ8aG0= +k8s.io/api v0.17.3/go.mod h1:YZ0OTkuw7ipbe305fMpIdf3GLXZKRigjtZaV5gzC2J0= +k8s.io/apimachinery v0.0.0-20190817020851-f2f3a405f61d/go.mod h1:3jediapYqJ2w1BFw7lAZPCx7scubsTfosqHkhXCWJKw= +k8s.io/apimachinery v0.17.3 h1:f+uZV6rm4/tHE7xXgLyToprg6xWairaClGVkm2t8omg= +k8s.io/apimachinery v0.17.3/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g= +k8s.io/client-go v0.0.0-20190819141724-e14f31a72a77 h1:w1BoabVnPpPqQCY3sHK4qVwa12Lk8ip1pKMR1C+qbdo= +k8s.io/client-go v0.0.0-20190819141724-e14f31a72a77/go.mod h1:DmkJD5UDP87MVqUQ5VJ6Tj9Oen8WzXPhk3la4qpyG4g= +k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= +k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= +k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc= +k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= +k8s.io/utils v0.0.0-20190221042446-c2654d5206da/go.mod h1:8k8uAuAQ0rXslZKaEWd0c3oVhZz7sSzSiPnVZayjIX0= +k8s.io/utils v0.0.0-20200124190032-861946025e34 h1:HjlUD6M0K3P8nRXmr2B9o4F9dUy9TCj/aEpReeyi6+k= +k8s.io/utils v0.0.0-20200124190032-861946025e34/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= +sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= +sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= +sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= diff --git a/test/security/sslendpoints/main.go b/test/security/sslendpoints/main.go new file mode 100644 index 000000000..44f250940 --- /dev/null +++ b/test/security/sslendpoints/main.go @@ -0,0 +1,51 @@ +package main + +import ( + "flag" + "log" + "os" + "path/filepath" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" + + "onap.local/sslendpoints/ports" +) + +func main() { + var kubeconfig *string + if home := os.Getenv("HOME"); home != "" { + kubeconfig = flag.String("kubeconfig", filepath.Join(home, ".kube", "config"), "(optional) absolute path to the kubeconfig file") + } else { + kubeconfig = flag.String("kubeconfig", "", "absolute path to the kubeconfig file") + } + flag.Parse() + + // use the current context in kubeconfig + config, err := clientcmd.BuildConfigFromFlags("", *kubeconfig) + if err != nil { + log.Panicf("Unable to build cluster config: %v", err) + } + + // create the clientset + clientset, err := kubernetes.NewForConfig(config) + if err != nil { + log.Panicf("Unable to build client: %v", err) + } + + // get list of services to extract nodeport information + services, err := clientset.CoreV1().Services("").List(metav1.ListOptions{}) + if err != nil { + log.Panicf("Unable to get list of services: %v", err) + } + + // filter out nodeports with corresponding services from service list + nodeports, ok := ports.FilterNodePorts(services) + if !ok { + log.Println("There are no NodePorts in the cluster") + os.Exit(0) + } + log.Printf("There are %d NodePorts in the cluster\n", len(nodeports)) + os.Exit(len(nodeports)) +} diff --git a/test/security/sslendpoints/ports/ports.go b/test/security/sslendpoints/ports/ports.go new file mode 100644 index 000000000..823e07531 --- /dev/null +++ b/test/security/sslendpoints/ports/ports.go @@ -0,0 +1,18 @@ +package ports + +import ( + v1 "k8s.io/api/core/v1" +) + +// FilterNodePorts extracts NodePorts from ServiceList. +func FilterNodePorts(services *v1.ServiceList) (map[uint16]string, bool) { + nodeports := make(map[uint16]string) + for _, service := range services.Items { + for _, port := range service.Spec.Ports { + if port.NodePort != 0 { + nodeports[uint16(port.NodePort)] = service.ObjectMeta.Name + } + } + } + return nodeports, len(nodeports) > 0 +} diff --git a/test/security/sslendpoints/ports/ports_suite_test.go b/test/security/sslendpoints/ports/ports_suite_test.go new file mode 100644 index 000000000..8a6431e5e --- /dev/null +++ b/test/security/sslendpoints/ports/ports_suite_test.go @@ -0,0 +1,13 @@ +package ports_test + +import ( + "testing" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +func TestNodeports(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Nodeports Suite") +} diff --git a/test/security/sslendpoints/ports/ports_test.go b/test/security/sslendpoints/ports/ports_test.go new file mode 100644 index 000000000..1078db162 --- /dev/null +++ b/test/security/sslendpoints/ports/ports_test.go @@ -0,0 +1,214 @@ +package ports_test + +import ( + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + . "onap.local/sslendpoints/ports" +) + +var _ = Describe("Ports", func() { + const ( + notNodePort = 0 + nodePortO = 30200 + nodePortN = 30201 + nodePortA = 30202 + nodePortP = 30203 + serviceR = "serviceR" + serviceL = "serviceL" + serviceZ = "serviceZ" + ) + + var ( + servicesEmpty *v1.ServiceList + servicesSingleWithNodePort *v1.ServiceList + servicesSingleWithMultipleNodePorts *v1.ServiceList + servicesManyWithoutNodePorts *v1.ServiceList + servicesManyWithNodePort *v1.ServiceList + servicesManyWithMultipleNodePorts *v1.ServiceList + servicesManyMixedNodePorts *v1.ServiceList + ) + + BeforeEach(func() { + servicesEmpty = &v1.ServiceList{} + servicesSingleWithNodePort = &v1.ServiceList{ + Items: []v1.Service{ + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceR}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortO}, + }, + }, + }, + }, + } + servicesSingleWithMultipleNodePorts = &v1.ServiceList{ + Items: []v1.Service{ + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceR}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortO}, + v1.ServicePort{NodePort: nodePortN}, + }, + }, + }, + }, + } + servicesManyWithoutNodePorts = &v1.ServiceList{ + Items: []v1.Service{ + v1.Service{ + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: notNodePort}, + }, + }, + }, + v1.Service{ + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: notNodePort}, + }, + }, + }, + }, + } + servicesManyWithNodePort = &v1.ServiceList{ + Items: []v1.Service{ + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceR}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortO}, + }, + }, + }, + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceL}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortN}, + }, + }, + }, + }, + } + servicesManyWithMultipleNodePorts = &v1.ServiceList{ + Items: []v1.Service{ + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceR}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortO}, + v1.ServicePort{NodePort: nodePortN}, + }, + }, + }, + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceL}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortA}, + v1.ServicePort{NodePort: nodePortP}, + }, + }, + }, + }, + } + servicesManyMixedNodePorts = &v1.ServiceList{ + Items: []v1.Service{ + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceR}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: notNodePort}, + }, + }, + }, + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceL}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortO}, + }, + }, + }, + v1.Service{ + ObjectMeta: metav1.ObjectMeta{Name: serviceZ}, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{ + v1.ServicePort{NodePort: nodePortN}, + v1.ServicePort{NodePort: nodePortA}, + }, + }, + }, + }, + } + }) + + Describe("NodePorts extraction", func() { + Context("With empty service list", func() { + It("should report no NodePorts", func() { + nodeports, ok := FilterNodePorts(servicesEmpty) + Expect(ok).To(BeFalse()) + Expect(nodeports).To(BeEmpty()) + }) + }) + Context("With service using single NodePort", func() { + It("should report single NodePort", func() { + expected := map[uint16]string{nodePortO: serviceR} + nodeports, ok := FilterNodePorts(servicesSingleWithNodePort) + Expect(ok).To(BeTrue()) + Expect(nodeports).To(Equal(expected)) + }) + }) + Context("With service using multiple NodePorts", func() { + It("should report all NodePorts", func() { + expected := map[uint16]string{nodePortO: serviceR, nodePortN: serviceR} + nodeports, ok := FilterNodePorts(servicesSingleWithMultipleNodePorts) + Expect(ok).To(BeTrue()) + Expect(nodeports).To(Equal(expected)) + }) + }) + Context("With many services using no NodePorts", func() { + It("should report no NodePorts", func() { + nodeports, ok := FilterNodePorts(servicesManyWithoutNodePorts) + Expect(ok).To(BeFalse()) + Expect(nodeports).To(BeEmpty()) + }) + }) + Context("With services using single NodePort", func() { + It("should report all NodePorts", func() { + expected := map[uint16]string{nodePortO: serviceR, nodePortN: serviceL} + nodeports, ok := FilterNodePorts(servicesManyWithNodePort) + Expect(ok).To(BeTrue()) + Expect(nodeports).To(Equal(expected)) + }) + }) + Context("With services using multiple NodePorts", func() { + It("should report all NodePorts", func() { + expected := map[uint16]string{ + nodePortO: serviceR, nodePortN: serviceR, + nodePortA: serviceL, nodePortP: serviceL, + } + nodeports, ok := FilterNodePorts(servicesManyWithMultipleNodePorts) + Expect(ok).To(BeTrue()) + Expect(nodeports).To(Equal(expected)) + }) + }) + Context("With mixed services", func() { + It("should report all NodePorts", func() { + expected := map[uint16]string{ + nodePortO: serviceL, nodePortN: serviceZ, nodePortA: serviceZ, + } + nodeports, ok := FilterNodePorts(servicesManyMixedNodePorts) + Expect(ok).To(BeTrue()) + Expect(nodeports).To(Equal(expected)) + }) + }) + }) +}) -- cgit 1.2.3-korg