From 30e199a70b32a6256c2a148eec870800ef1fbefc Mon Sep 17 00:00:00 2001 From: Pawel Wieczorek Date: Thu, 16 Jul 2020 16:15:06 +0200 Subject: Import upstream component version inspection tool This patch adds utility to check versions of binaries available in Docker containers run on Kubernetes cluster. It has been contributed by: kkkk-k Several minor changes were made to comply with ONAP CI linter rules. Issue-ID: INT-1571 Change-Id: Id0e4b557212dec1bf8d2bac580968d69e2cf5595 Signed-off-by: Pawel Wieczorek --- test/security/check_versions/README.md | 105 +++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 test/security/check_versions/README.md (limited to 'test/security/check_versions/README.md') diff --git a/test/security/check_versions/README.md b/test/security/check_versions/README.md new file mode 100644 index 000000000..3934ca77a --- /dev/null +++ b/test/security/check_versions/README.md @@ -0,0 +1,105 @@ +# Kubernetes Binaries Versions Inspector + +**Kubernetes Binaries Versions Inspector** (`k8s_bin_versions_inspector`) is a +python module for verifying versions of CPython and OpenJDK binaries installed +in the kubernetes cluster containers. + +## Commands + +### Creating environment + +All development and testing process, should be done in prepared virtual machine, +that is containing development environment for this project. Vagrant plugins, +that are required to start virtual machine: `vagrant-libvirt`, `vagrant-reload`, +`vagrant-sshfs`. + +```bash +cd env +vagrant up +vagrant ssh +``` + +### Install dependencies + +To install dependencies for normal usage of script, run this command. + +```bash +pip3 install -r env/requirements.txt +``` + +### Code formatting + +```bash +black src tests +``` + +### Code static analysis + +```bash +pylint -d C0330 src +``` + +### Automatic tests + +To running the automated tests is required to have properly configured +kubernetes cluster, which is in the virtual machine, that is containing +development environment. + +```bash +PYTHONPATH=src pytest -vv -s tests +``` + +### Removing caches + +```bash +find -name __pycache__ -exec rm -Rf {} + +find -name .pytest_cache -exec rm -Rf {} + +``` + +## Acceptable format + +Example of the acceptable file format: + +```yaml +python: + - 3.6.9 + - 3.7.3 +java: + - 11.0.7 +``` + +## Paths research + +Commands to research for the paths +of the software binaries in multiple docker images: + +```bash +docker run --entrypoint /bin/sh python:buster -c "which python" +docker run --entrypoint /bin/sh python:alpine -c "which python" +docker run --entrypoint /bin/sh python:slim -c "which python" +docker run --entrypoint /bin/sh python:2-buster -c "which python" +docker run --entrypoint /bin/sh python:2-alpine -c "which python" +docker run --entrypoint /bin/sh python:2-slim -c "which python" +docker run --entrypoint /bin/sh ubuntu:bionic -c "apt-get update && apt-get install -y python && which python" +docker run --entrypoint /bin/sh ubuntu:bionic -c "apt-get update && apt-get install -y python3 && which python3" +docker run --entrypoint /bin/sh openjdk -c "type java" +``` + +## Todo + +List of features, that should be implemented: + +- Complete license and copyrights variables. +- Find a way, to safe searching of the container files from Kubernetes API. +- Parallelization of executing binaries on the single container. +- Parallelization of versions determination in multiple containers. +- Support for determination the old versions of OpenJDK (attribute `-version`). +- Deleting namespace from cluster in development environment (for example, + during cluster reset), cause hanging in namespace terminating state. +- Find a nicer way to extracting exit code from execution result. + +## Links + +- +- +- -- cgit 1.2.3-korg