From 45d5c7a8853f5b25dbb9b6b8a99846d68a199468 Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek
Date: Fri, 7 Feb 2020 12:59:32 +0100
Subject: Increase verifiability of security checks
This patch introduces a series of patches that will provide tools which
will succeed current security check scripts. Its two main reasons are:
* increasing tools verifiability by providing internal tests,
* improving "expected failure" support by suppressing carefully selected
set of special cases.
Each tool will use following directory structure (generated with
"tree -a --charset=ascii" command):
.
`-- check_module
|-- Dockerfile
|-- .dockerignore
|-- .gitignore
|-- go.mod
|-- main.go
|-- Makefile
|-- README
|-- README.rst -> README
`-- submodule
|-- submodule.go
`-- submodule_test.go
This will allow using Go Modules mechanism within its limitations [1]
for "non-go-get-able modules" [2][3][4] - also in case of separating
code into several modules used by multiple "check modules", e.g.
.
|-- common
| |-- common.go
| |-- common_test.go
| `-- go.mod
`-- check_module
|-- go.mod
`-- ...
It would require migration from separate Dockerfiles to a single one
(multi-stage), though.
Provided Makefiles are intended to simplify local development
(Docker-less building) and container images preparation. READMEs clarify
utility requirements and usage - file without extension is for VCS
reference, symlink for proper syntax rendering.
[1] https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository
[2] https://github.com/golang/go/wiki/Modules#can-i-work-entirely-outside-of-vcs-on-my-local-filesystem
[3] https://github.com/golang/go/issues/26645#issuecomment-408572701
[4] https://www.dim13.org/go-get-cgit
Issue-ID: SECCOM-261
Change-Id: I48eeeda66bd5570d249e96e101e431e6bab75cb3
Signed-off-by: Pawel Wieczorek
---
test/security/sslendpoints/README | 44 +++++++++++++++++++++++++++++++++++
test/security/sslendpoints/README.rst | 1 +
2 files changed, 45 insertions(+)
create mode 100644 test/security/sslendpoints/README
create mode 120000 test/security/sslendpoints/README.rst
(limited to 'test/security')
diff --git a/test/security/sslendpoints/README b/test/security/sslendpoints/README
new file mode 100644
index 000000000..fc0e37a1b
--- /dev/null
+++ b/test/security/sslendpoints/README
@@ -0,0 +1,44 @@
+=====================
+ SSL endpoints check
+=====================
+
+Utility for checking if all of the ports exposed outside of Kubernetes cluster
+use SSL tunnels.
+
+Prerequisites
+-------------
+
+Configuration
+~~~~~~~~~~~~~
+
+Mandatory
++++++++++
+
+Optional
+++++++++
+
+Build (local)
+~~~~~~~~~~~~~
+
+Build (Docker)
+~~~~~~~~~~~~~~
+
+Test
+~~~~
+
+
+Running
+-------
+
+Command (local)
+~~~~~~~~~~~~~~~
+
+Command (Docker)
+~~~~~~~~~~~~~~~~
+
+Output
+~~~~~~
+
+
+Testing
+-------
diff --git a/test/security/sslendpoints/README.rst b/test/security/sslendpoints/README.rst
new file mode 120000
index 000000000..100b93820
--- /dev/null
+++ b/test/security/sslendpoints/README.rst
@@ -0,0 +1 @@
+README
\ No newline at end of file
--
cgit 1.2.3-korg