diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-12-07 10:28:24 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-12-07 10:31:27 +0100 |
commit | 16bdf241133bc2b448b89b445e489cbab76fcf25 (patch) | |
tree | 22ece7a4873d3c87ecfa27cd90071e5d475aaf8d /kubernetes/robot/scripts/etescript | |
parent | 2dce7527bc6a7c88934eb07f16e2b1b568fb29a6 (diff) |
[ROBOT] Reintegrate robot in main repository
Robot chart is currently in its own directory. As a lot will be done in
the charts with tight coordination between "common" part and components
parts, it's a lot easier to have everything in a same place for now.
we're using commit 85b5af5058bbda19b557add185d917f60c2188ee from robot
Issue-ID: OOM-2645
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I7c187b616d3436ed2eab7bf7e95cb6a1a90edf31
Diffstat (limited to 'kubernetes/robot/scripts/etescript')
4 files changed, 184 insertions, 0 deletions
diff --git a/kubernetes/robot/scripts/etescript/README b/kubernetes/robot/scripts/etescript/README new file mode 100644 index 0000000000..380787e16e --- /dev/null +++ b/kubernetes/robot/scripts/etescript/README @@ -0,0 +1 @@ +Directory contains scripts that will be run before 'ete' tests. diff --git a/kubernetes/robot/scripts/etescript/hvves-etescript.sh b/kubernetes/robot/scripts/etescript/hvves-etescript.sh new file mode 100755 index 0000000000..5d22c4b4fe --- /dev/null +++ b/kubernetes/robot/scripts/etescript/hvves-etescript.sh @@ -0,0 +1,77 @@ +# Copyright © 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#!/bin/bash + +# +# Generate HV-VES SSL related certs. +# Copy the stuff to HV-VES and Robot pods. +# + + +HVVESPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep hv-ves) + + +generate_ca_key_cert () { + openssl genrsa -out $1/ca.key 2048 + openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap +} + +generate_server_key_csr () { + openssl genrsa -out $1/server.key 2048 + openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap +} + +generate_client_key_csr () { + openssl genrsa -out $1/client.key 2048 + openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap +} + +sign_server_and_client_cert () { + openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00 + openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00 +} + +create_pkcs12_ca_and_server () { + openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass: + openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass: +} + +copy_server_certs_to_hvves () { + for f in {ca.p12,server.p12} + do + kubectl cp $1/$f $2/$3:$4 + done +} + +copy_client_certs_to_robot () { + for f in {ca.pem,client.key,client.pem} + do + kubectl cp $1/$f $2/$3:$4 + done +} + +cleanup () { + rm -f $1/{ca,server,client}.??? +} + + +generate_ca_key_cert "$DIR/$SCRIPTDIR" +generate_server_key_csr "$DIR/$SCRIPTDIR" +generate_client_key_csr "$DIR/$SCRIPTDIR" +sign_server_and_client_cert "$DIR/$SCRIPTDIR" +create_pkcs12_ca_and_server "$DIR/$SCRIPTDIR" +copy_server_certs_to_hvves "$DIR/$SCRIPTDIR" "$NAMESPACE" "$HVVESPOD" "/tmp" +copy_client_certs_to_robot "$DIR/$SCRIPTDIR" "$NAMESPACE" "$POD" "/tmp" +cleanup "$DIR/$SCRIPTDIR" diff --git a/kubernetes/robot/scripts/etescript/security-etescript.sh b/kubernetes/robot/scripts/etescript/security-etescript.sh new file mode 100755 index 0000000000..1cd911ca60 --- /dev/null +++ b/kubernetes/robot/scripts/etescript/security-etescript.sh @@ -0,0 +1,57 @@ +#!/usr/bin/env bash + +# Copyright 2019 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Gather information on ONAP cluster required by security tests. +# Copy results to Robot pod. +# + + +TMPDIR='/tmp' +TMPTPL='onap_security' +CSV2JSON='import csv; import json; import sys; print(json.dumps({i[0]: i[1] for i in csv.reader(sys.stdin)}))' +FILTER="$(tr -d [:space:] <<TEMPLATE +{{range .items}} + {{range.spec.ports}} + {{if .nodePort}} + {{.nodePort}}{{','}}{{.name}}{{'\n'}} + {{end}} + {{end}} +{{end}} +TEMPLATE)" + + +setup () { + export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)" +} + +create_actual_nodeport_json () { + kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE" +} + +copy_actual_nodeport_json_to_robot () { + kubectl cp "$1" "$2/$3:$4" +} + +cleanup () { + rm "$NODEPORTS_FILE" +} + + +setup +create_actual_nodeport_json +copy_actual_nodeport_json_to_robot "$NODEPORTS_FILE" "$NAMESPACE" "$POD" "$TMPDIR" +cleanup diff --git a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh new file mode 100755 index 0000000000..f1d39691bf --- /dev/null +++ b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh @@ -0,0 +1,49 @@ +# SPDX-License-Identifier: Apache-2.0 + +#!/bin/bash + +# +# Create root certificate CA (Certificate Authority) and its private key. +# Create the package certificate issued by CA +# Copy the stuff to SDC ONBOARDING and Robot pods. +# + + + +SDCVALID=sdc-valid +SDCINVALID=sdc-invalid +ROBOTPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep robot ) +SDCONBOARDINGPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep sdc-onboarding-be | grep -v cassandra) + +generate_ca_key_cert_and_package_cert_issued_by_CA () { + openssl req -batch -new -nodes -x509 -days 36500 -keyout rootCA-private-robot-$1.key -out rootCA-robot-$1.cert + openssl req -batch -new -nodes -keyout package-private-robot-$1.key -out package-robot-$1.csr + openssl x509 -req -CA rootCA-robot-$1.cert -CAkey rootCA-private-robot-$1.key -CAcreateserial -in package-robot-$1.csr -out package-robot-$1.cert +} + + +copy_root_cert_to_sdc_onboarding () { + kubectl cp $1/rootCA-robot-$5.cert $2/$3:$4 +} + +copy_package_certs_to_robot () { + for f in package-robot-$5.cert package-private-robot-$5.key + do + kubectl cp $1/$f $2/$3:$4 + done +} + +mkdir "$DIR/$SCRIPTDIR/tmp" +cd "$DIR/$SCRIPTDIR/tmp" +if [[ -f rootCA-robot-$SDCVALID.cert && -f package-robot-$SDCVALID.cert && -f package-robot-$SDCINVALID.cert && -f package-private-robot-$SDCVALID.key && -f package-private-robot-$SDCINVALID.key ]]; then + echo "All files are present"; +else + generate_ca_key_cert_and_package_cert_issued_by_CA $SDCVALID + generate_ca_key_cert_and_package_cert_issued_by_CA $SDCINVALID + +fi +cd ../../.. +copy_root_cert_to_sdc_onboarding "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$SDCONBOARDINGPOD" "/var/lib/jetty/cert" $SDCVALID +copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCVALID +copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCINVALID + |