From f649f22f8e4ec272fff3d806f8e4ba9b82ec7b4d Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek <p.wieczorek2@samsung.com>
Date: Mon, 7 Oct 2019 17:00:49 +0200
Subject: k8s: Mock etcd information collection

Rancher does not provide information on etcd as container arguments.
Its collection requires implementation of a new information extraction
method.

RKE does not include etcd process name in container arguments.

Issue-ID: SECCOM-235
Change-Id: I7576474fb2848962360771d2850aeb3f3869790a
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
---
 test/security/k8s/src/check/check.go           | 12 ++++++++++--
 test/security/k8s/src/check/cmd/check/check.go | 10 ++++++++++
 test/security/k8s/src/check/errors.go          | 10 ++++++++++
 test/security/k8s/src/check/rancher/rancher.go |  6 ++++++
 test/security/k8s/src/check/raw/raw.go         |  6 ++++++
 5 files changed, 42 insertions(+), 2 deletions(-)
 create mode 100644 test/security/k8s/src/check/errors.go

(limited to 'test/security')

diff --git a/test/security/k8s/src/check/check.go b/test/security/k8s/src/check/check.go
index cf412c112..728be18ff 100644
--- a/test/security/k8s/src/check/check.go
+++ b/test/security/k8s/src/check/check.go
@@ -8,6 +8,8 @@ type Informer interface {
 	GetSchedulerParams() ([]string, error)
 	// GetControllerManagerParams returns controller manager parameters.
 	GetControllerManagerParams() ([]string, error)
+	// GetEtcdParams returns etcd parameters.
+	GetEtcdParams() ([]string, error)
 }
 
 // Command represents commands run on cluster.
@@ -20,6 +22,8 @@ const (
 	SchedulerProcess
 	// ControllerManagerProcess represents controller manager command ("kube-controller-manager").
 	ControllerManagerProcess
+	// EtcdProcess represents controller manager service ("etcd").
+	EtcdProcess
 )
 
 func (c Command) String() string {
@@ -27,9 +31,10 @@ func (c Command) String() string {
 		"kube-apiserver",
 		"kube-scheduler",
 		"kube-controller-manager",
+		"etcd",
 	}
 
-	if c < APIProcess || c > ControllerManagerProcess {
+	if c < APIProcess || c > EtcdProcess {
 		return "exit"
 	}
 	return names[c]
@@ -45,6 +50,8 @@ const (
 	SchedulerService
 	// ControllerManagerService represents controller manager service ("kubernetes/controller-manager").
 	ControllerManagerService
+	// EtcdService represents etcd service ("kubernetes/etcd").
+	EtcdService
 )
 
 func (s Service) String() string {
@@ -52,9 +59,10 @@ func (s Service) String() string {
 		"kubernetes/kubernetes",
 		"kubernetes/scheduler",
 		"kubernetes/controller-manager",
+		"kubernetes/etcd",
 	}
 
-	if s < APIService || s > ControllerManagerService {
+	if s < APIService || s > EtcdService {
 		return ""
 	}
 	return names[s]
diff --git a/test/security/k8s/src/check/cmd/check/check.go b/test/security/k8s/src/check/cmd/check/check.go
index d7176170a..98254aef9 100644
--- a/test/security/k8s/src/check/cmd/check/check.go
+++ b/test/security/k8s/src/check/cmd/check/check.go
@@ -54,4 +54,14 @@ func main() {
 		log.Fatal(err)
 	}
 	master.CheckControllerManager(controllerManagerParams)
+
+	_, err = info.GetEtcdParams()
+	if err != nil {
+		switch err {
+		case check.ErrNotImplemented:
+			log.Print(err) // Fail softly.
+		default:
+			log.Fatal(err)
+		}
+	}
 }
diff --git a/test/security/k8s/src/check/errors.go b/test/security/k8s/src/check/errors.go
new file mode 100644
index 000000000..d657c1827
--- /dev/null
+++ b/test/security/k8s/src/check/errors.go
@@ -0,0 +1,10 @@
+package check
+
+import (
+	"errors"
+)
+
+var (
+	// ErrNotImplemented is returned when function is not implemented yet.
+	ErrNotImplemented = errors.New("function not implemented")
+)
diff --git a/test/security/k8s/src/check/rancher/rancher.go b/test/security/k8s/src/check/rancher/rancher.go
index b5e382221..2cf2fbe69 100644
--- a/test/security/k8s/src/check/rancher/rancher.go
+++ b/test/security/k8s/src/check/rancher/rancher.go
@@ -46,6 +46,12 @@ func (r *Rancher) GetControllerManagerParams() ([]string, error) {
 	return getProcessParams(check.ControllerManagerProcess, check.ControllerManagerService)
 }
 
+// GetEtcdParams returns parameters of running etcd.
+// It queries only cluster nodes with "controlplane" role.
+func (r *Rancher) GetEtcdParams() ([]string, error) {
+	return []string{}, check.ErrNotImplemented
+}
+
 func getProcessParams(process check.Command, service check.Service) ([]string, error) {
 	hosts, err := listHosts()
 	if err != nil {
diff --git a/test/security/k8s/src/check/raw/raw.go b/test/security/k8s/src/check/raw/raw.go
index 555115950..eea5c01d2 100644
--- a/test/security/k8s/src/check/raw/raw.go
+++ b/test/security/k8s/src/check/raw/raw.go
@@ -46,6 +46,12 @@ func (r *Raw) GetControllerManagerParams() ([]string, error) {
 	return getProcessParams(check.ControllerManagerProcess)
 }
 
+// GetEtcdParams returns parameters of running etcd.
+// It queries only cluster nodes with "controlplane" role.
+func (r *Raw) GetEtcdParams() ([]string, error) {
+	return []string{}, check.ErrNotImplemented
+}
+
 func getProcessParams(process check.Command) ([]string, error) {
 	nodes, err := config.GetNodesInfo()
 	if err != nil {
-- 
cgit 1.2.3-korg