From 30e199a70b32a6256c2a148eec870800ef1fbefc Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek <p.wieczorek2@samsung.com>
Date: Thu, 16 Jul 2020 16:15:06 +0200
Subject: Import upstream component version inspection tool

This patch adds utility to check versions of binaries available in
Docker containers run on Kubernetes cluster. It has been contributed by:
kkkk-k <kkkk.k@samsung.com>

Several minor changes were made to comply with ONAP CI linter rules.

Issue-ID: INT-1571
Change-Id: Id0e4b557212dec1bf8d2bac580968d69e2cf5595
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
---
 test/security/check_versions/env/Vagrantfile       |  35 +++++++
 .../env/configuration/namespaces.yaml              |  45 +++++++++
 .../env/configuration/terminated.yaml              |  17 ++++
 .../check_versions/env/configuration/versions.yaml | 112 +++++++++++++++++++++
 .../check_versions/env/requirements-dev.txt        |   9 ++
 test/security/check_versions/env/requirements.txt  |   6 ++
 6 files changed, 224 insertions(+)
 create mode 100644 test/security/check_versions/env/Vagrantfile
 create mode 100644 test/security/check_versions/env/configuration/namespaces.yaml
 create mode 100644 test/security/check_versions/env/configuration/terminated.yaml
 create mode 100644 test/security/check_versions/env/configuration/versions.yaml
 create mode 100644 test/security/check_versions/env/requirements-dev.txt
 create mode 100644 test/security/check_versions/env/requirements.txt

(limited to 'test/security/check_versions/env')

diff --git a/test/security/check_versions/env/Vagrantfile b/test/security/check_versions/env/Vagrantfile
new file mode 100644
index 000000000..28abbc504
--- /dev/null
+++ b/test/security/check_versions/env/Vagrantfile
@@ -0,0 +1,35 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+	
+	config.vm.provider :libvirt do |libvirt|
+		libvirt.default_prefix = "k8s_bin_versions_inspector";
+		libvirt.driver         = "kvm";
+		libvirt.cpus           = 6;
+		libvirt.memory         = 12288;
+	end
+	
+	config.vm.box = "generic/ubuntu1804";
+	config.vm.hostname = "k8s-bin-versions-inspector";
+	config.vm.synced_folder ".",  "/vagrant", disabled: true;
+	config.vm.synced_folder "..", "/home/vagrant/k8s_bin_versions_inspector", type: :sshfs;
+	
+	config.vm.provision "shell", inline: <<-end
+		export DEBIAN_FRONTEND=noninteractive &&\
+		apt-get update &&\
+		apt-get upgrade -y &&\
+		apt-get dist-upgrade -y &&\
+		apt-get install -y python3 python3-pip snap git vim net-tools htop &&\
+		pip3 install --system -r /home/vagrant/k8s_bin_versions_inspector/env/requirements-dev.txt &&\
+		snap install --classic microk8s &&\
+		usermod -a -G microk8s vagrant
+	end
+	config.vm.provision :reload;
+	config.vm.provision "shell", privileged: false, inline: <<-end
+		microk8s reset &&\
+		microk8s config > /home/vagrant/.kube/config &&\
+		microk8s kubectl apply -f /home/vagrant/k8s_bin_versions_inspector/env/configuration
+	end
+end
+
diff --git a/test/security/check_versions/env/configuration/namespaces.yaml b/test/security/check_versions/env/configuration/namespaces.yaml
new file mode 100644
index 000000000..f300cc7da
--- /dev/null
+++ b/test/security/check_versions/env/configuration/namespaces.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ingress-nginx
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kbvi-test-ingress-nginx
+  namespace: ingress-nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kbvi-test-ingress-nginx
+  template:
+    metadata:
+      labels:
+        app: kbvi-test-ingress-nginx
+    spec:
+      containers:
+      - name: echo-server
+        image: jmalloc/echo-server
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kbvi-test-kube-system
+  namespace: kube-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kbvi-test-kube-system
+  template:
+    metadata:
+      labels:
+        app: kbvi-test-kube-system
+    spec:
+      containers:
+      - name: echo-server
+        image: jmalloc/echo-server
diff --git a/test/security/check_versions/env/configuration/terminated.yaml b/test/security/check_versions/env/configuration/terminated.yaml
new file mode 100644
index 000000000..dd6ce829d
--- /dev/null
+++ b/test/security/check_versions/env/configuration/terminated.yaml
@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kbvi-test-terminated
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kbvi-test-terminated
+  template:
+    metadata:
+      labels:
+        app: kbvi-test-terminated
+    spec:
+      containers:
+      - name: python
+        image: python
diff --git a/test/security/check_versions/env/configuration/versions.yaml b/test/security/check_versions/env/configuration/versions.yaml
new file mode 100644
index 000000000..75b7f7b85
--- /dev/null
+++ b/test/security/check_versions/env/configuration/versions.yaml
@@ -0,0 +1,112 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kbvi-test-python-jupyter
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kbvi-test-python-jupyter
+  template:
+    metadata:
+      labels:
+        app: kbvi-test-python-jupyter
+    spec:
+      containers:
+      - name: jupyter
+        image: jupyter/base-notebook
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kbvi-test-python-jupyter-old
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kbvi-test-python-jupyter-old
+  template:
+    metadata:
+      labels:
+        app: kbvi-test-python-jupyter-old
+    spec:
+      containers:
+      - name: jupyter-old
+        image: jupyter/base-notebook:ff922f8f533a
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kbvi-test-python-stderr-filebeat
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kbvi-test-python-stderr-filebeat
+  template:
+    metadata:
+      labels:
+        app: kbvi-test-python-stderr-filebeat
+    spec:
+      containers:
+      - name: filebeat
+        image: docker.elastic.co/beats/filebeat:5.5.0
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kbvi-test-java-keycloak
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kbvi-test-java-keycloak
+  template:
+    metadata:
+      labels:
+        app: kbvi-test-java-keycloak
+    spec:
+      containers:
+      - name: keycloak
+        image: jboss/keycloak
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kbvi-test-java-keycloak-old
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kbvi-test-java-keycloak-old
+  template:
+    metadata:
+      labels:
+        app: kbvi-test-java-keycloak-old
+    spec:
+      containers:
+      - name: keycloak-old
+        image: jboss/keycloak:8.0.0
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kbvi-test-java-keycloak-very-old
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kbvi-test-java-keycloak-very-old
+  template:
+    metadata:
+      labels:
+        app: kbvi-test-java-keycloak-very-old
+    spec:
+      containers:
+      - name: keycloak-very-old
+        image: jboss/keycloak:2.0.0.Final
diff --git a/test/security/check_versions/env/requirements-dev.txt b/test/security/check_versions/env/requirements-dev.txt
new file mode 100644
index 000000000..1ced42c04
--- /dev/null
+++ b/test/security/check_versions/env/requirements-dev.txt
@@ -0,0 +1,9 @@
+cerberus
+dataclasses
+kubernetes
+pyyaml
+tabulate
+black
+pylint
+pytest
+
diff --git a/test/security/check_versions/env/requirements.txt b/test/security/check_versions/env/requirements.txt
new file mode 100644
index 000000000..e81358f72
--- /dev/null
+++ b/test/security/check_versions/env/requirements.txt
@@ -0,0 +1,6 @@
+cerberus
+dataclasses
+kubernetes
+pyyaml
+tabulate
+
-- 
cgit 1.2.3-korg