From edbe50b80ce489b5ef9f30c9cd72f2dbcf2032d9 Mon Sep 17 00:00:00 2001 From: mrichomme Date: Fri, 11 Sep 2020 22:58:09 +0200 Subject: Add timeout on SSL internal cert retrieval In case of SSL issues, the socket timeout is set to 600s by default as we are scanning a liitle bit stupdidly - we try on all the internal ports..it may take a long time if we cumulate the different timeouts. Moreover a new error may occur socker.gaiaerror on internal scans Issue-ID: INT-1570 Signed-off-by: mrichomme Change-Id: Ia0e1c7bb133565d6179afa155f6c299a5e012764 Signed-off-by: mrichomme --- .../check_certificates_validity.py | 6 + .../templates/cert-internal.html.j2 | 129 +++++++++++++++++++++ 2 files changed, 135 insertions(+) create mode 100644 test/security/check_certificates/check_certificates/templates/cert-internal.html.j2 (limited to 'test/security/check_certificates') diff --git a/test/security/check_certificates/check_certificates/check_certificates_validity.py b/test/security/check_certificates/check_certificates/check_certificates_validity.py index 7447a64be..87a2fa932 100644 --- a/test/security/check_certificates/check_certificates/check_certificates_validity.py +++ b/test/security/check_certificates/check_certificates/check_certificates_validity.py @@ -46,6 +46,10 @@ import OpenSSL from datetime import datetime from kubernetes import client, config from jinja2 import Environment, FileSystemLoader, select_autoescape +from socket import * # pylint: disable=W0614 + +# Set SSL timeout +setdefaulttimeout(10) # Logger LOG_LEVEL = 'INFO' @@ -257,6 +261,8 @@ def test_services(k8s_services, mode): {'pod_name': test_name, 'pod_port': test_port, 'error_details': str(e)}) + except: + LOGGER.error("Unknown error") # Create html summary jinja_env = Environment( diff --git a/test/security/check_certificates/check_certificates/templates/cert-internal.html.j2 b/test/security/check_certificates/check_certificates/templates/cert-internal.html.j2 new file mode 100644 index 000000000..f9049807a --- /dev/null +++ b/test/security/check_certificates/check_certificates/templates/cert-internal.html.j2 @@ -0,0 +1,129 @@ +{% extends "base.html.j2" %} +{% block title %}ONAP Certificates expiration page{% endblock %} + +{% block content %} +

ONAP Certificates

+
+
+

Cluster Internal Ports

+ + + + + + + + + + + + + + {% for cert in node_ports_list %} + 389 %} class="has-background-warning-light" {%elif cert.remaining_days == 364 and cert.validity %} class="has-background-success-light" {% endif %}> + + + + + + + + {% endfor %} + +
ComponentPortExpected Expiration DateRemaining DaysRoot CARoot CA Validity
{{ cert.pod_name }}{{ cert.pod_port }}{{ cert.expiration_date }}{{ cert.remaining_days }}{{ cert.issuer }}{% if cert.validity %} + + + + {% else %} + + + + {% endif %}
+ + {% if node_ports_ssl_error_list|length > 0 %} +

Cluster Internal Port SSL errors

+ + + + + + + + + + {% for cert in node_ports_ssl_error_list %} + + + + + {% endfor %} + +
ComponentPortError Details
{{ cert.pod_name }}{{ cert.pod_port }}{{ cert.error_details }}
+{% endif %} + +{% if node_ports_connection_error_list|length > 0 %} +

Cluster Internal Ports Connection errors

+ + + + + + + + + + {% for cert in node_ports_connection_error_list %} + + + + + {% endfor %} + +
ComponentPortError Details
{{ cert.pod_name }}{{ cert.pod_port }}{{ cert.error_details }}
+{% endif %} + +{% if node_ports_list_type_error_list|length > 0 %} +

Cluster Internal Ports ports Type Error

+ + + + + + + + + + {% for cert in node_ports_list_type_error_list %} + + + + + {% endfor %} + +
ComponentPortError Details
{{ cert.pod_name }}{{ cert.pod_port }}{{ cert.error_details }}
+{% endif %} + +{% if node_ports_reset_error_list|length > 0 %} +

Cluster Internal Ports Connections Error

+ + + + + + + + + + {% for cert in node_ports_reset_error_list %} + + + + + {% endfor %} + +
ComponentPortError Details
{{ cert.pod_name }}{{ cert.pod_port }}{{ cert.error_details }}
+{% endif %} + +{% endblock %} +
+
-- cgit 1.2.3-korg