diff options
| author |   mrichomme <morgan.richomme@orange.com> | 2020-09-01 15:37:25 +0200 |
|---|---|---|
| committer | mrichomme <morgan.richomme@orange.com> | 2020-09-03 11:25:09 +0200 |
| commit | 3d9e6522e7aa87567aa73ab389a5ddb1d4bb70a6 (patch) | |
| tree | 548687129d6bb609be6bfb07956c5b27636a7555 | |
| parent | 66eefb845990d01c0296074eabdad3a5ad86281a (diff) | |
Integrate nodeport cert verification in xtesting
this tests checks the validity of the certificates
by testing each SSL termination corresponding to node
ports retrieved from the k8s python client
It generates an html page with the list of the
SSL certficiates, it indicates
- the expiration date
- the certificate owner
A code color is provided too indicate if the cert is about
to expire
and/or is too wide (364 days max)
The integration to xtesting is the first step before
adding the test in Master daily CI
Issue-ID: INT-1570
Signed-off-by: mrichomme <morgan.richomme@orange.com>
Change-Id: Ia20fc999610d1967eb9eed9415a568b3dbdda3e7
Signed-off-by: mrichomme <morgan.richomme@orange.com>
| -rw-r--r-- | infra-healthcheck/docker/Dockerfile | 4 | ||||
| -rw-r--r-- | infra-healthcheck/docker/testcases.yaml | 9 | ||||
| -rw-r--r-- | infra-healthcheck/infra_healthcheck/k8stest.py | 14 | ||||
| -rw-r--r-- | infra-healthcheck/setup.cfg | 2 |
4 files changed, 24 insertions, 5 deletions
diff --git a/infra-healthcheck/docker/Dockerfile b/infra-healthcheck/docker/Dockerfile index 87d177c..b433387 100644 --- a/infra-healthcheck/docker/Dockerfile +++ b/infra-healthcheck/docker/Dockerfile @@ -17,7 +17,7 @@ COPY upper-constraints.txt . RUN set -x && \ apk --no-cache add --update curl ca-certificates && \ apk --no-cache add --virtual .build-deps --update \ - gcc python3-dev musl-dev && \ + gcc python3-dev musl-dev openssl-dev libffi-dev && \ chmod +x /usr/local/bin/kubectl && \ adduser kubectl -Du 2342 -h /config && \ wget https://storage.googleapis.com/kubernetes-helm/helm-${HELM_VERSION}-linux-amd64.tar.gz -O - | tar -xzO linux-amd64/helm > /usr/local/bin/helm && \ @@ -28,6 +28,8 @@ RUN set -x && \ pip3 install --no-cache-dir -r upper-constraints.txt && \ pip3 install --no-cache-dir \ git+https://gitlab.com/Orange-OpenSource/lfn/onap/integration/xtesting.git@$ONAP_TESTS_TAG#subdirectory=infra-healthcheck && \ + pip3 install --no-cache-dir \ + git+https://git.onap.org/integration.git@$ONAP_TESTS_TAG#subdirectory=test/security/check_certificates && \ apk del .build-deps COPY docker/testcases.yaml /usr/lib/python3.8/site-packages/xtesting/ci/testcases.yaml diff --git a/infra-healthcheck/docker/testcases.yaml b/infra-healthcheck/docker/testcases.yaml index 346daf5..ba035c2 100644 --- a/infra-healthcheck/docker/testcases.yaml +++ b/infra-healthcheck/docker/testcases.yaml @@ -39,3 +39,12 @@ tiers: - DEPLOY_SCENARIO: 'ingress' run: name: 'nodeport_ingress' + - + case_name: nodeport_check_certs + project_name: integration + criteria: 100 + blocking: false + description: >- + Check certificates associated with node ports + run: + name: 'nodeport_check_certs' diff --git a/infra-healthcheck/infra_healthcheck/k8stest.py b/infra-healthcheck/infra_healthcheck/k8stest.py index da1d764..a22bcda 100644 --- a/infra-healthcheck/infra_healthcheck/k8stest.py +++ b/infra-healthcheck/infra_healthcheck/k8stest.py @@ -109,8 +109,6 @@ class K8sTesting(testcase.TestCase): class OnapHelmTest(K8sTesting): """Kubernetes conformance test suite""" def __init__(self, **kwargs): - if "case_name" not in kwargs: - kwargs.get("case_name", 'onap-helm') super(OnapHelmTest, self).__init__(**kwargs) self.cmd = ['/check_onap_helm.sh'] self.criteria_string = "Nb Failed Helm Charts" @@ -119,9 +117,17 @@ class OnapHelmTest(K8sTesting): class OnapSecurityNodePortsIngress(K8sTesting): """Check that there is no NodePort without corresponding Ingress port.""" def __init__(self, **kwargs): - if "case_name" not in kwargs: - kwargs.get("case_name", 'nodeport_ingress') super(OnapSecurityNodePortsIngress, self).__init__(**kwargs) self.cmd = ['python3', '/check_for_ingress_and_nodeports.py', '--conf', '/root/.kube/config'] self.criteria_string = "NodePort without corresponding Ingress found" + +class OnapSecurityNodePortsCerts(K8sTesting): + """Check the cerfificates fot he nodeports.""" + def __init__(self, **kwargs): + super(OnapSecurityNodePortsCerts, self).__init__(**kwargs) + os.chdir('/usr/lib/python3.8/site-packages/check_certificates') + self.cmd = ['python3', 'check_certificates_validity.py', + '--mode','nodeport','--namespace','onap','--dir', + '/var/lib/xtesting/results/nodeport_check_certs'] + self.criteria_string = ">>> Test Check certificates PASS" diff --git a/infra-healthcheck/setup.cfg b/infra-healthcheck/setup.cfg index a3ec3db..4664552 100644 --- a/infra-healthcheck/setup.cfg +++ b/infra-healthcheck/setup.cfg @@ -10,3 +10,5 @@ xtesting.testcase = onap_k8s = kubernetes_status.status:Status onap_helm = infra_healthcheck.k8stest:OnapHelmTest nodeport_ingress = infra_healthcheck.k8stest:OnapSecurityNodePortsIngress + nodeport_check_certs = infra_healthcheck.k8stest:OnapSecurityNodePortsCerts + |