From 45d5c7a8853f5b25dbb9b6b8a99846d68a199468 Mon Sep 17 00:00:00 2001 From: Pawel Wieczorek Date: Fri, 7 Feb 2020 12:59:32 +0100 Subject: Increase verifiability of security checks This patch introduces a series of patches that will provide tools which will succeed current security check scripts. Its two main reasons are: * increasing tools verifiability by providing internal tests, * improving "expected failure" support by suppressing carefully selected set of special cases. Each tool will use following directory structure (generated with "tree -a --charset=ascii" command): . `-- check_module |-- Dockerfile |-- .dockerignore |-- .gitignore |-- go.mod |-- main.go |-- Makefile |-- README |-- README.rst -> README `-- submodule |-- submodule.go `-- submodule_test.go This will allow using Go Modules mechanism within its limitations [1] for "non-go-get-able modules" [2][3][4] - also in case of separating code into several modules used by multiple "check modules", e.g. . |-- common | |-- common.go | |-- common_test.go | `-- go.mod `-- check_module |-- go.mod `-- ... It would require migration from separate Dockerfiles to a single one (multi-stage), though. Provided Makefiles are intended to simplify local development (Docker-less building) and container images preparation. READMEs clarify utility requirements and usage - file without extension is for VCS reference, symlink for proper syntax rendering. [1] https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository [2] https://github.com/golang/go/wiki/Modules#can-i-work-entirely-outside-of-vcs-on-my-local-filesystem [3] https://github.com/golang/go/issues/26645#issuecomment-408572701 [4] https://www.dim13.org/go-get-cgit Issue-ID: SECCOM-261 Change-Id: I48eeeda66bd5570d249e96e101e431e6bab75cb3 Signed-off-by: Pawel Wieczorek --- test/security/sslendpoints/README | 44 +++++++++++++++++++++++++++++++++++ test/security/sslendpoints/README.rst | 1 + 2 files changed, 45 insertions(+) create mode 100644 test/security/sslendpoints/README create mode 120000 test/security/sslendpoints/README.rst (limited to 'test/security') diff --git a/test/security/sslendpoints/README b/test/security/sslendpoints/README new file mode 100644 index 000000000..fc0e37a1b --- /dev/null +++ b/test/security/sslendpoints/README @@ -0,0 +1,44 @@ +===================== + SSL endpoints check +===================== + +Utility for checking if all of the ports exposed outside of Kubernetes cluster +use SSL tunnels. + +Prerequisites +------------- + +Configuration +~~~~~~~~~~~~~ + +Mandatory ++++++++++ + +Optional +++++++++ + +Build (local) +~~~~~~~~~~~~~ + +Build (Docker) +~~~~~~~~~~~~~~ + +Test +~~~~ + + +Running +------- + +Command (local) +~~~~~~~~~~~~~~~ + +Command (Docker) +~~~~~~~~~~~~~~~~ + +Output +~~~~~~ + + +Testing +------- diff --git a/test/security/sslendpoints/README.rst b/test/security/sslendpoints/README.rst new file mode 120000 index 000000000..100b93820 --- /dev/null +++ b/test/security/sslendpoints/README.rst @@ -0,0 +1 @@ +README \ No newline at end of file -- cgit 1.2.3-korg