9 files changed, 194 insertions, 25 deletions
diff --git a/infra-healthcheck/README.md b/infra-healthcheck/README.md
index ba873af..231ff88 100644
--- a/infra-healthcheck/README.md
+++ b/infra-healthcheck/README.md
@@ -12,6 +12,8 @@ It includes 2 tests:
   are up&running
 * onap-helm: list the helm charts. The success criteria is all the helm charts
   are completed.
+* nodeport_ingress: check that we have a 1:1 corresdpondance between nodeports
+  and ingress (run only when the env variable DEPLOY_SCENARIO includes ingress)
 
 ## Usage
 
@@ -21,7 +23,7 @@ Mandatory:
 
 * The kubernetes configuration: usually hosted on the.kube/config of your
   jumphost. It corresponds the kubernetes credentials and are needed to perform
-  the different operations. This file shall be copied in /config/.kube/config in
+  the different operations. This file shall be copied in /root/.kube/config in
   the docker.
 
 Optional:
@@ -35,9 +37,9 @@ Optional:
 You can run this docker by typing:
 
 ```
-docker run -v <the kube config>:/config/.kube/config -v
+docker run -v <the kube config>:/root/.kube/config -v
 <result directory>:/var/lib/xtesting/results
-registry.gitlab.com/orange-opensource/lfn/onap/integration/xtesting:latest
+registry.gitlab.com/orange-opensource/lfn/onap/integration/xtesting/infra-healthcheck:latest
 ```
 
 Options:
@@ -46,9 +48,9 @@ Options:
   specify the -r option in the command line. Please note that in this case, you
   must precise some env variables.
 
-environement variables:
+environment variables:
 
-* Mandatory:
+* Mandatory (if you want to report the results in the database):
   * TEST_DB_URL: the url of the target Database with the env variable .
   * NODE_NAME: the name of your test environement. It must be declared in the
     test database (e.g. windriver-SB00)
@@ -58,22 +60,26 @@ environement variables:
   * BUILD_TAG: a unique tag of your CI system. It can be usefull to get all the
     tests of one CI run. It uses the regex (dai|week)ly-(.+?)-[0-9]* to find the
     version (e.g. daily-elalto-123456789).
+  * DEPLOY_SCENARIO: your scenario deployment. ingress test run only if the
+    scenario includes 'ingress'
 
 The command becomes:
 
 ```
-docker run -v <the kube config>:/config/.kube/config -v
+docker run -v <the kube config>:/root/.kube/config -v
 <result directory>:/var/lib/xtesting/results registry.gitlab.com/orange-opensour
-ce/lfn/onap/integration/xtesting:latest /bin/bash -c "run_tests -r -t all
+ce/lfn/onap/integration/xtesting/infra-healthcheck:latest:latest /bin/bash -c "
+run_tests -r -t all
 ```
 
 ### Output
 
 ```
-+------------+-------------+-------------------+----------+--------+
-| TEST CASE  | PROJECT     | TIER              | DURATION | RESULT |
-+------------+-------------+-------------------+----------+--------+
-| onap-k8s   | integration | infra-healthcheck | 00:06    | PASS   |
-| onap-helm  | integration | infra-healthcheck | 00:01    | PASS   |
-+------------+-------------+-------------------+----------+--------+
++------------------+-------------+-------------------+----------+--------+
+| TEST CASE        | PROJECT     | TIER              | DURATION | RESULT |
++------------------+-------------+-------------------+----------+--------+
+| onap-k8s         | integration | infra-healthcheck | 00:06    | PASS   |
+| onap-helm        | integration | infra-healthcheck | 00:01    | PASS   |
+| nodeport_ingress |  security  |  security          | 00:01    | FAIL   |
++------------------+-------------+-------------------+----------+--------+
 ```
diff --git a/infra-healthcheck/docker/Dockerfile b/infra-healthcheck/docker/Dockerfile
index 849268c..07b417b 100644
--- a/infra-healthcheck/docker/Dockerfile
+++ b/infra-healthcheck/docker/Dockerfile
@@ -3,6 +3,7 @@ FROM opnfv/xtesting
 ARG KUBERNETES_VERSION="v1.15.2"
 ARG HELM_VERSION="v2.14.1"
 ARG ONAP_TESTS_TAG=master
+ARG ONAP_TAG=master
 
 # Install kubectl
 # Note: Latest version may be found on:
@@ -10,8 +11,8 @@ ARG ONAP_TESTS_TAG=master
 
 ADD https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kubectl /usr/local/bin/kubectl
 
-COPY scripts/check_onap_k8s.sh /check_onap_k8s.sh
 COPY scripts/check_onap_helm.sh /check_onap_helm.sh
+COPY upper-constraints.txt .
 
 RUN set -x && \
     apk --no-cache add --update curl ca-certificates && \
@@ -20,12 +21,16 @@ RUN set -x && \
     chmod +x /usr/local/bin/kubectl && \
     adduser kubectl -Du 2342 -h /config && \
     wget https://storage.googleapis.com/kubernetes-helm/helm-${HELM_VERSION}-linux-amd64.tar.gz -O - | tar -xzO linux-amd64/helm > /usr/local/bin/helm && \
+    wget -O /check_for_ingress_and_nodeports.py https://git.onap.org/integration/plain/test/security/check_for_ingress_and_nodeports.py?h=$ONAP_TAG &&\
     chmod +x /usr/local/bin/helm && \
     chmod +x /check_onap_*.sh && \
     pip3 install --upgrade pip && \
+    pip3 install --no-cache-dir -r upper-constraints.txt && \
     pip3 install --no-cache-dir \
         git+https://gitlab.com/Orange-OpenSource/lfn/onap/integration/xtesting.git@$ONAP_TESTS_TAG#subdirectory=infra-healthcheck && \
     apk del .build-deps
 
 COPY docker/testcases.yaml /usr/lib/python3.8/site-packages/xtesting/ci/testcases.yaml
+COPY docker/logging.ini /usr/lib/python3.8/site-packages/xtesting/ci/logging.ini
+COPY docker/logging.debug.ini /usr/lib/python3.8/site-packages/xtesting/ci/logging.debug.ini
 CMD ["run_tests", "-t", "all"]
diff --git a/infra-healthcheck/docker/logging.debug.ini b/infra-healthcheck/docker/logging.debug.ini
new file mode 100644
index 0000000..8b2644f
--- /dev/null
+++ b/infra-healthcheck/docker/logging.debug.ini
@@ -0,0 +1,70 @@
+[loggers]
+keys=root,xtesting,ci,core,warnings,kubernetes_status,infra_healthcheck
+
+[handlers]
+keys=console,wconsole,file,dfile
+
+[formatters]
+keys=standard
+
+[logger_root]
+level=NOTSET
+handlers=dfile
+
+[logger_xtesting]
+level=NOTSET
+handlers=file
+qualname=xtesting
+
+[logger_ci]
+level=NOTSET
+handlers=console
+qualname=xtesting.ci
+
+[logger_core]
+level=NOTSET
+handlers=console
+qualname=xtesting.core
+
+[logger_warnings]
+level=NOTSET
+handlers=file,console
+qualname=py.warnings
+
+[logger_kubernetes_status]
+level=NOTSET
+handlers=wconsole,file
+qualname=kubernetes_status
+
+[logger_infra_healthcheck]
+level=NOTSET
+handlers=wconsole,file
+qualname=infra_healthcheck
+
+[handler_console]
+class=StreamHandler
+level=INFO
+formatter=standard
+args=(sys.stdout,)
+
+[handler_wconsole]
+class=StreamHandler
+level=WARN
+formatter=standard
+args=(sys.stdout,)
+
+[handler_file]
+class=FileHandler
+level=DEBUG
+formatter=standard
+args=("/var/lib/xtesting/results/xtesting.log",)
+
+[handler_dfile]
+class=FileHandler
+level=DEBUG
+formatter=standard
+args=("/var/lib/xtesting/results/xtesting.debug.log",)
+
+[formatter_standard]
+format=%(asctime)s - %(name)s - %(levelname)s - %(message)s
+datefmt=
diff --git a/infra-healthcheck/docker/logging.ini b/infra-healthcheck/docker/logging.ini
new file mode 100644
index 0000000..bdf651a
--- /dev/null
+++ b/infra-healthcheck/docker/logging.ini
@@ -0,0 +1,70 @@
+[loggers]
+keys=root,xtesting,ci,core,warnings,kubernetes_status,infra_healthcheck
+
+[handlers]
+keys=console,wconsole,file,null
+
+[formatters]
+keys=standard
+
+[logger_root]
+level=NOTSET
+handlers=null
+
+[logger_xtesting]
+level=NOTSET
+handlers=file
+qualname=xtesting
+
+[logger_ci]
+level=NOTSET
+handlers=console
+qualname=xtesting.ci
+
+[logger_core]
+level=NOTSET
+handlers=console
+qualname=xtesting.core
+
+[logger_warnings]
+level=NOTSET
+handlers=file,console
+qualname=py.warnings
+
+[logger_kubernetes_status]
+level=NOTSET
+handlers=wconsole,file
+qualname=kubernetes_status
+
+[logger_infra_healthcheck]
+level=NOTSET
+handlers=wconsole,file
+qualname=infra_healthcheck
+
+[handler_null]
+class=NullHandler
+level=NOTSET
+formatter=standard
+args=()
+
+[handler_console]
+class=StreamHandler
+level=INFO
+formatter=standard
+args=(sys.stdout,)
+
+[handler_wconsole]
+class=StreamHandler
+level=WARN
+formatter=standard
+args=(sys.stdout,)
+
+[handler_file]
+class=FileHandler
+level=DEBUG
+formatter=standard
+args=("/var/lib/xtesting/results/xtesting.log",)
+
+[formatter_standard]
+format=%(asctime)s - %(name)s - %(levelname)s - %(message)s
+datefmt=
diff --git a/infra-healthcheck/docker/testcases.yaml b/infra-healthcheck/docker/testcases.yaml
index fb30c85..346daf5 100644
--- a/infra-healthcheck/docker/testcases.yaml
+++ b/infra-healthcheck/docker/testcases.yaml
@@ -27,3 +27,15 @@ tiers:
                     DEPLOYED status
                 run:
                     name: 'onap_helm'
+            -
+                case_name: nodeport_ingress
+                project_name: security
+                criteria: 100
+                blocking: false
+                description: >-
+                    Check that there is no NodePort without corresponding
+                    Ingress port
+                dependencies:
+                    - DEPLOY_SCENARIO: 'ingress'
+                run:
+                    name: 'nodeport_ingress'
diff --git a/infra-healthcheck/infra_healthcheck/k8stest.py b/infra-healthcheck/infra_healthcheck/k8stest.py
index 8bb7dde..f8d618f 100644
--- a/infra-healthcheck/infra_healthcheck/k8stest.py
+++ b/infra-healthcheck/infra_healthcheck/k8stest.py
@@ -101,16 +101,6 @@ class K8sTesting(testcase.TestCase):
         return res
 
 
-class OnapK8sTest(K8sTesting):
-    """Kubernetes smoke test suite"""
-    def __init__(self, **kwargs):
-        if "case_name" not in kwargs:
-            kwargs.get("case_name", 'onap-k8s')
-        super(OnapK8sTest, self).__init__(**kwargs)
-        self.cmd = ['/check_onap_k8s.sh']
-        self.criteria_string = "Nb Failed Pods"
-
-
 class OnapHelmTest(K8sTesting):
     """Kubernetes conformance test suite"""
     def __init__(self, **kwargs):
@@ -119,3 +109,14 @@ class OnapHelmTest(K8sTesting):
         super(OnapHelmTest, self).__init__(**kwargs)
         self.cmd = ['/check_onap_helm.sh']
         self.criteria_string = "Nb Failed Helm Charts"
+
+
+class OnapSecurityNodePortsIngress(K8sTesting):
+    """Check that there is no NodePort without corresponding Ingress port."""
+    def __init__(self, **kwargs):
+        if "case_name" not in kwargs:
+            kwargs.get("case_name", 'nodeport_ingress')
+        super(OnapSecurityNodePortsIngress, self).__init__(**kwargs)
+        self.cmd = ['python3', '/check_for_ingress_and_nodeports.py',
+                    '--conf', '/root/.kube/config']
+        self.error_string = "NodePort without corresponding Ingress found"
diff --git a/infra-healthcheck/requirements.txt b/infra-healthcheck/requirements.txt
index aed40a6..91babf8 100644
--- a/infra-healthcheck/requirements.txt
+++ b/infra-healthcheck/requirements.txt
@@ -9,3 +9,6 @@ pylint>=2.1 # GPLv2
 yamllint
 bashate # Apache-2.0
 xtesting
+kubernetes # Apache-2.0
+colorama # BSD
+kubernetes_status
diff --git a/infra-healthcheck/setup.cfg b/infra-healthcheck/setup.cfg
index 2cccb82..a3ec3db 100644
--- a/infra-healthcheck/setup.cfg
+++ b/infra-healthcheck/setup.cfg
@@ -7,5 +7,6 @@ packages = infra_healthcheck
 
 [entry_points]
 xtesting.testcase =
-    onap_k8s = infra_healthcheck.k8stest:OnapK8sTest
+    onap_k8s = kubernetes_status.status:Status
     onap_helm = infra_healthcheck.k8stest:OnapHelmTest
+    nodeport_ingress = infra_healthcheck.k8stest:OnapSecurityNodePortsIngress
diff --git a/infra-healthcheck/upper-constraints.txt b/infra-healthcheck/upper-constraints.txt
new file mode 100644
index 0000000..d37d29d
--- /dev/null
+++ b/infra-healthcheck/upper-constraints.txt
@@ -0,0 +1 @@
+git+https://gitlab.com/Orange-OpenSource/lfn/tools/kubernetes-status.git#egg=kubernetes_status