summaryrefslogtreecommitdiffstats
path: root/kubernetes/robot/scripts/etescript
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-12-07 10:28:24 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-12-07 10:31:27 +0100
commit16bdf241133bc2b448b89b445e489cbab76fcf25 (patch)
tree22ece7a4873d3c87ecfa27cd90071e5d475aaf8d /kubernetes/robot/scripts/etescript
parent2dce7527bc6a7c88934eb07f16e2b1b568fb29a6 (diff)
[ROBOT] Reintegrate robot in main repository
Robot chart is currently in its own directory. As a lot will be done in the charts with tight coordination between "common" part and components parts, it's a lot easier to have everything in a same place for now. we're using commit 85b5af5058bbda19b557add185d917f60c2188ee from robot Issue-ID: OOM-2645 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I7c187b616d3436ed2eab7bf7e95cb6a1a90edf31
Diffstat (limited to 'kubernetes/robot/scripts/etescript')
-rw-r--r--kubernetes/robot/scripts/etescript/README1
-rwxr-xr-xkubernetes/robot/scripts/etescript/hvves-etescript.sh77
-rwxr-xr-xkubernetes/robot/scripts/etescript/security-etescript.sh57
-rwxr-xr-xkubernetes/robot/scripts/etescript/vnfsdk-etescript.sh49
4 files changed, 184 insertions, 0 deletions
diff --git a/kubernetes/robot/scripts/etescript/README b/kubernetes/robot/scripts/etescript/README
new file mode 100644
index 0000000000..380787e16e
--- /dev/null
+++ b/kubernetes/robot/scripts/etescript/README
@@ -0,0 +1 @@
+Directory contains scripts that will be run before 'ete' tests.
diff --git a/kubernetes/robot/scripts/etescript/hvves-etescript.sh b/kubernetes/robot/scripts/etescript/hvves-etescript.sh
new file mode 100755
index 0000000000..5d22c4b4fe
--- /dev/null
+++ b/kubernetes/robot/scripts/etescript/hvves-etescript.sh
@@ -0,0 +1,77 @@
+# Copyright © 2019 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#!/bin/bash
+
+#
+# Generate HV-VES SSL related certs.
+# Copy the stuff to HV-VES and Robot pods.
+#
+
+
+HVVESPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep hv-ves)
+
+
+generate_ca_key_cert () {
+ openssl genrsa -out $1/ca.key 2048
+ openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap
+}
+
+generate_server_key_csr () {
+ openssl genrsa -out $1/server.key 2048
+ openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap
+}
+
+generate_client_key_csr () {
+ openssl genrsa -out $1/client.key 2048
+ openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap
+}
+
+sign_server_and_client_cert () {
+ openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00
+ openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00
+}
+
+create_pkcs12_ca_and_server () {
+ openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass:
+ openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass:
+}
+
+copy_server_certs_to_hvves () {
+ for f in {ca.p12,server.p12}
+ do
+ kubectl cp $1/$f $2/$3:$4
+ done
+}
+
+copy_client_certs_to_robot () {
+ for f in {ca.pem,client.key,client.pem}
+ do
+ kubectl cp $1/$f $2/$3:$4
+ done
+}
+
+cleanup () {
+ rm -f $1/{ca,server,client}.???
+}
+
+
+generate_ca_key_cert "$DIR/$SCRIPTDIR"
+generate_server_key_csr "$DIR/$SCRIPTDIR"
+generate_client_key_csr "$DIR/$SCRIPTDIR"
+sign_server_and_client_cert "$DIR/$SCRIPTDIR"
+create_pkcs12_ca_and_server "$DIR/$SCRIPTDIR"
+copy_server_certs_to_hvves "$DIR/$SCRIPTDIR" "$NAMESPACE" "$HVVESPOD" "/tmp"
+copy_client_certs_to_robot "$DIR/$SCRIPTDIR" "$NAMESPACE" "$POD" "/tmp"
+cleanup "$DIR/$SCRIPTDIR"
diff --git a/kubernetes/robot/scripts/etescript/security-etescript.sh b/kubernetes/robot/scripts/etescript/security-etescript.sh
new file mode 100755
index 0000000000..1cd911ca60
--- /dev/null
+++ b/kubernetes/robot/scripts/etescript/security-etescript.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+# Copyright 2019 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Gather information on ONAP cluster required by security tests.
+# Copy results to Robot pod.
+#
+
+
+TMPDIR='/tmp'
+TMPTPL='onap_security'
+CSV2JSON='import csv; import json; import sys; print(json.dumps({i[0]: i[1] for i in csv.reader(sys.stdin)}))'
+FILTER="$(tr -d [:space:] <<TEMPLATE
+{{range .items}}
+ {{range.spec.ports}}
+ {{if .nodePort}}
+ {{.nodePort}}{{','}}{{.name}}{{'\n'}}
+ {{end}}
+ {{end}}
+{{end}}
+TEMPLATE)"
+
+
+setup () {
+ export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)"
+}
+
+create_actual_nodeport_json () {
+ kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE"
+}
+
+copy_actual_nodeport_json_to_robot () {
+ kubectl cp "$1" "$2/$3:$4"
+}
+
+cleanup () {
+ rm "$NODEPORTS_FILE"
+}
+
+
+setup
+create_actual_nodeport_json
+copy_actual_nodeport_json_to_robot "$NODEPORTS_FILE" "$NAMESPACE" "$POD" "$TMPDIR"
+cleanup
diff --git a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
new file mode 100755
index 0000000000..f1d39691bf
--- /dev/null
+++ b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
@@ -0,0 +1,49 @@
+# SPDX-License-Identifier: Apache-2.0
+
+#!/bin/bash
+
+#
+# Create root certificate CA (Certificate Authority) and its private key.
+# Create the package certificate issued by CA
+# Copy the stuff to SDC ONBOARDING and Robot pods.
+#
+
+
+
+SDCVALID=sdc-valid
+SDCINVALID=sdc-invalid
+ROBOTPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep robot )
+SDCONBOARDINGPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep sdc-onboarding-be | grep -v cassandra)
+
+generate_ca_key_cert_and_package_cert_issued_by_CA () {
+ openssl req -batch -new -nodes -x509 -days 36500 -keyout rootCA-private-robot-$1.key -out rootCA-robot-$1.cert
+ openssl req -batch -new -nodes -keyout package-private-robot-$1.key -out package-robot-$1.csr
+ openssl x509 -req -CA rootCA-robot-$1.cert -CAkey rootCA-private-robot-$1.key -CAcreateserial -in package-robot-$1.csr -out package-robot-$1.cert
+}
+
+
+copy_root_cert_to_sdc_onboarding () {
+ kubectl cp $1/rootCA-robot-$5.cert $2/$3:$4
+}
+
+copy_package_certs_to_robot () {
+ for f in package-robot-$5.cert package-private-robot-$5.key
+ do
+ kubectl cp $1/$f $2/$3:$4
+ done
+}
+
+mkdir "$DIR/$SCRIPTDIR/tmp"
+cd "$DIR/$SCRIPTDIR/tmp"
+if [[ -f rootCA-robot-$SDCVALID.cert && -f package-robot-$SDCVALID.cert && -f package-robot-$SDCINVALID.cert && -f package-private-robot-$SDCVALID.key && -f package-private-robot-$SDCINVALID.key ]]; then
+ echo "All files are present";
+else
+ generate_ca_key_cert_and_package_cert_issued_by_CA $SDCVALID
+ generate_ca_key_cert_and_package_cert_issued_by_CA $SDCINVALID
+
+fi
+cd ../../..
+copy_root_cert_to_sdc_onboarding "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$SDCONBOARDINGPOD" "/var/lib/jetty/cert" $SDCVALID
+copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCVALID
+copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCINVALID
+