diff options
author | mrichomme <morgan.richomme@orange.com> | 2021-01-07 11:00:09 +0100 |
---|---|---|
committer | mrichomme <morgan.richomme@orange.com> | 2021-01-07 11:37:56 +0100 |
commit | 682b993848db69e54eb01a8745eb2cb98ed40ceb (patch) | |
tree | d9511965af7d3618ab24f1724c27a6c5d6c0820c | |
parent | 94e27de8ea2db18be2878faf38f5d74a09acfdf7 (diff) |
[SECURITY] Include cert check of the internal ports
A test dealing with the verification of the ports exposed as nodeports
is already integrated. The goal of the patch is to compelte with a test
dealing with all the internal ports retrieved from k8s on the ONAP namespace.
Unlike nodeport_check_certs, this test must be executed from inside the
cluster.
As a consequence a dependency is added in testcases.yaml
- TEST_ENVIRONMENT: 'internal_job'
In order to avoir triggerring the test when executing all the infra
tests of this xtesting dockers.
A kubernetes job consuming the image shall be created in xtesting-onap
to execute the test.
Issue-ID: INT-1818
Signed-off-by: mrichomme <morgan.richomme@orange.com>
Change-Id: I16bb55fb784bd67f8a2b59f9f895fb754da8e3d0
-rw-r--r-- | infra-healthcheck/docker/testcases.yaml | 11 | ||||
-rw-r--r-- | infra-healthcheck/infra_healthcheck/k8stest.py | 10 | ||||
-rw-r--r-- | infra-healthcheck/setup.cfg | 2 |
3 files changed, 22 insertions, 1 deletions
diff --git a/infra-healthcheck/docker/testcases.yaml b/infra-healthcheck/docker/testcases.yaml index 3710901..0cd8fe8 100644 --- a/infra-healthcheck/docker/testcases.yaml +++ b/infra-healthcheck/docker/testcases.yaml @@ -61,3 +61,14 @@ tiers: - DEPLOY_ENVIRONMENT: 'gating_component' run: name: 'onap_chart' + - + case_name: internal_check_certs + project_name: integration + criteria: 100 + blocking: false + description: >- + Check certificates associated with internal ports + dependencies: + - TEST_ENVIRONMENT: 'internal_job' + run: + name: 'internal_check_certs' diff --git a/infra-healthcheck/infra_healthcheck/k8stest.py b/infra-healthcheck/infra_healthcheck/k8stest.py index e1c4213..1d69fac 100644 --- a/infra-healthcheck/infra_healthcheck/k8stest.py +++ b/infra-healthcheck/infra_healthcheck/k8stest.py @@ -108,3 +108,13 @@ class OnapSecurityNodePortsCerts(K8sTesting): '--mode','nodeport','--namespace','onap','--dir', '/var/lib/xtesting/results/nodeport_check_certs'] self.criteria_string = ">>> Test Check certificates PASS" + +class OnapSecurityInternalPortsCerts(K8sTesting): + """Check the cerfificates for the internal ports.""" + def __init__(self, **kwargs): + super(OnapSecurityInternalPortsCerts, self).__init__(**kwargs) + os.chdir('/usr/lib/python3.8/site-packages/check_certificates') + self.cmd = ['python3', 'check_certificates_validity.py', + '--mode','internal','--namespace','onap','--dir', + '/var/lib/xtesting/results/internal_check_certs'] + self.criteria_string = ">>> Test Check certificates PASS" diff --git a/infra-healthcheck/setup.cfg b/infra-healthcheck/setup.cfg index 7730106..4eb4770 100644 --- a/infra-healthcheck/setup.cfg +++ b/infra-healthcheck/setup.cfg @@ -12,4 +12,4 @@ xtesting.testcase = onap_chart = chart_status.status:Status nodeport_ingress = infra_healthcheck.k8stest:OnapSecurityNodePortsIngress nodeport_check_certs = infra_healthcheck.k8stest:OnapSecurityNodePortsCerts - + internal_check_certs = infra_healthcheck.k8stest:OnapSecurityInternalPortsCerts |