diff options
author | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2020-08-07 11:53:39 +0200 |
---|---|---|
committer | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2020-08-28 15:51:33 +0200 |
commit | 66eefb845990d01c0296074eabdad3a5ad86281a (patch) | |
tree | 545106229cb08e857ef3e6b302c63c07b7d18a73 /security/scripts | |
parent | 6cfab47316074ff18faf94d25432ea320b280e04 (diff) |
Add SECCOM-recommended version check in security tests
Issue-ID: INT-1571
Change-Id: Icd215ad5b49dcbf34eb46b973676f5141b589f83
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'security/scripts')
-rw-r--r-- | security/scripts/check_versions.sh | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/security/scripts/check_versions.sh b/security/scripts/check_versions.sh new file mode 100644 index 0000000..aadc58e --- /dev/null +++ b/security/scripts/check_versions.sh @@ -0,0 +1,92 @@ +#!/usr/bin/env bash + +usage() { + cat <<EOF +Usage: $(basename $0) <k8s-namespace> [-r <recommended versions file>] + -r: recommended versions file +EOF + exit ${1:-0} +} + +if [ "$#" -lt 1 ]; then + usage 1 +fi + +K8S_NAMESPACE=$1 +VERSIONS=$(mktemp versions_XXXXXX) + +### getopts +while : +do + case $2 in + -h|--help|help) usage ;; + -r) RECOMMENDED_VERSIONS_FILE_PATH=$3;shift ;; + -*) usage 1 ;; + *) break ;; + esac +done + +get_recommendation() { + local component="$1" + local recommendations="${RECOMMENDED_VERSIONS_FILE_PATH:-recommended_versions.yaml}" + + yq read "$recommendations" "${component}.recommended_versions" | sed 's/^- //' # removes YAML list prefix +} + +check_python3_version() { + local recommended_versions="${1:-$(get_recommendation python3)}" + local versions="${2:-$VERSIONS}" + + local unrecommended="$(cat $versions)" # to be filtered out according to recommendations + for rver in $recommended_versions; do + unrecommended="$(jq --arg rver "$rver" \ + '.[] | select(.versions.python[]!=$rver) | "\(.pod) \(.container) \(.versions.python[])"' \ + <(echo "$unrecommended") \ + | tr -d '"' \ + | sort -u)" + done + + echo "$unrecommended" +} + +check_java11_version() { + local recommended_versions="${1:-$(get_recommendation java11)}" + local versions="${2:-$VERSIONS}" + + local unrecommended="$(cat $versions)" # to be filtered out according to recommendations + for rver in $recommended_versions; do + unrecommended="$(jq --arg rver "$rver" \ + '.[] | select(.versions.java[]!=$rver) | "\(.pod) \(.container) \(.versions.java[])"' \ + <(echo "$unrecommended") \ + | tr -d '"' \ + | sort -u)" + done + + echo "$unrecommended" +} + +echo "------------------------------------------------------------------------" +echo "-------------------- ONAP Security tests ----------------------------" +echo "-------------------- Test components versions in pods ---------------" +echo "------------------------------------------------------------------------" + +code=0 + +# get the components versions list +python3 /check_versions/k8s_bin_versions_inspector.py \ + -i -c /root/.kube/config -f json \ + -s "metadata.namespace==$K8S_NAMESPACE" > "$VERSIONS" + +unrecommended_python="$(check_python3_version)" +unrecommended_java="$(check_java11_version)" + +if [ -z "$unrecommended_python" -a -z "$unrecommended_java" ]; then + echo "Test PASS: All components available in recommended versions only" +else + code=1 + echo "Test FAIL: Components other than recommended versions found" + cat <(echo POD CONTAINER PYTHON) <(echo "$unrecommended_python") | column -t -s' ' + cat <(echo POD CONTAINER JAVA) <(echo "$unrecommended_java") | column -t -s' ' +fi + +exit "$code" |