From 16bdf241133bc2b448b89b445e489cbab76fcf25 Mon Sep 17 00:00:00 2001
From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Mon, 7 Dec 2020 10:28:24 +0100
Subject: [ROBOT] Reintegrate robot in main repository

Robot chart is currently in its own directory. As a lot will be done in
the charts with tight coordination between "common" part and components
parts, it's a lot easier to have everything in a same place for now.

we're using commit 85b5af5058bbda19b557add185d917f60c2188ee from robot

Issue-ID: OOM-2645
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I7c187b616d3436ed2eab7bf7e95cb6a1a90edf31
---
 kubernetes/robot/scripts/demoscript/README         |  1 +
 kubernetes/robot/scripts/etescript/README          |  1 +
 .../robot/scripts/etescript/hvves-etescript.sh     | 77 ++++++++++++++++++++++
 .../robot/scripts/etescript/security-etescript.sh  | 57 ++++++++++++++++
 .../robot/scripts/etescript/vnfsdk-etescript.sh    | 49 ++++++++++++++
 kubernetes/robot/scripts/helmscript/README         |  1 +
 6 files changed, 186 insertions(+)
 create mode 100644 kubernetes/robot/scripts/demoscript/README
 create mode 100644 kubernetes/robot/scripts/etescript/README
 create mode 100755 kubernetes/robot/scripts/etescript/hvves-etescript.sh
 create mode 100755 kubernetes/robot/scripts/etescript/security-etescript.sh
 create mode 100755 kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
 create mode 100644 kubernetes/robot/scripts/helmscript/README

(limited to 'kubernetes/robot/scripts')

diff --git a/kubernetes/robot/scripts/demoscript/README b/kubernetes/robot/scripts/demoscript/README
new file mode 100644
index 0000000000..aad63f4b24
--- /dev/null
+++ b/kubernetes/robot/scripts/demoscript/README
@@ -0,0 +1 @@
+Directory contains scripts that will be run before 'demo' tests.
diff --git a/kubernetes/robot/scripts/etescript/README b/kubernetes/robot/scripts/etescript/README
new file mode 100644
index 0000000000..380787e16e
--- /dev/null
+++ b/kubernetes/robot/scripts/etescript/README
@@ -0,0 +1 @@
+Directory contains scripts that will be run before 'ete' tests.
diff --git a/kubernetes/robot/scripts/etescript/hvves-etescript.sh b/kubernetes/robot/scripts/etescript/hvves-etescript.sh
new file mode 100755
index 0000000000..5d22c4b4fe
--- /dev/null
+++ b/kubernetes/robot/scripts/etescript/hvves-etescript.sh
@@ -0,0 +1,77 @@
+# Copyright © 2019 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#!/bin/bash
+
+#
+# Generate HV-VES SSL related certs.
+# Copy the stuff to HV-VES and Robot pods.
+#
+
+
+HVVESPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep hv-ves)
+
+
+generate_ca_key_cert () {
+	openssl genrsa -out $1/ca.key 2048
+	openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap
+}
+
+generate_server_key_csr () {
+	openssl genrsa -out $1/server.key 2048
+	openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap
+}
+
+generate_client_key_csr () {
+	openssl genrsa -out $1/client.key 2048
+	openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap
+}
+
+sign_server_and_client_cert () {
+	openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00
+	openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00
+}
+
+create_pkcs12_ca_and_server () {
+	openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass:
+	openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass:
+}
+
+copy_server_certs_to_hvves () {
+	for f in {ca.p12,server.p12}
+	do
+		kubectl cp $1/$f $2/$3:$4
+	done
+}
+
+copy_client_certs_to_robot () {
+	for f in {ca.pem,client.key,client.pem}
+	do
+                kubectl cp $1/$f $2/$3:$4
+        done
+}
+
+cleanup () {
+	rm -f $1/{ca,server,client}.???
+}
+
+
+generate_ca_key_cert "$DIR/$SCRIPTDIR"
+generate_server_key_csr "$DIR/$SCRIPTDIR"
+generate_client_key_csr "$DIR/$SCRIPTDIR"
+sign_server_and_client_cert "$DIR/$SCRIPTDIR"
+create_pkcs12_ca_and_server "$DIR/$SCRIPTDIR"
+copy_server_certs_to_hvves "$DIR/$SCRIPTDIR" "$NAMESPACE" "$HVVESPOD" "/tmp"
+copy_client_certs_to_robot "$DIR/$SCRIPTDIR" "$NAMESPACE" "$POD" "/tmp"
+cleanup "$DIR/$SCRIPTDIR"
diff --git a/kubernetes/robot/scripts/etescript/security-etescript.sh b/kubernetes/robot/scripts/etescript/security-etescript.sh
new file mode 100755
index 0000000000..1cd911ca60
--- /dev/null
+++ b/kubernetes/robot/scripts/etescript/security-etescript.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+# Copyright 2019 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Gather information on ONAP cluster required by security tests.
+# Copy results to Robot pod.
+#
+
+
+TMPDIR='/tmp'
+TMPTPL='onap_security'
+CSV2JSON='import csv; import json; import sys; print(json.dumps({i[0]: i[1] for i in csv.reader(sys.stdin)}))'
+FILTER="$(tr -d [:space:] <<TEMPLATE
+{{range .items}}
+	{{range.spec.ports}}
+		{{if .nodePort}}
+			{{.nodePort}}{{','}}{{.name}}{{'\n'}}
+		{{end}}
+	{{end}}
+{{end}}
+TEMPLATE)"
+
+
+setup () {
+	export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)"
+}
+
+create_actual_nodeport_json () {
+	kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE"
+}
+
+copy_actual_nodeport_json_to_robot () {
+	kubectl cp "$1" "$2/$3:$4"
+}
+
+cleanup () {
+	rm "$NODEPORTS_FILE"
+}
+
+
+setup
+create_actual_nodeport_json
+copy_actual_nodeport_json_to_robot "$NODEPORTS_FILE" "$NAMESPACE" "$POD" "$TMPDIR"
+cleanup
diff --git a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
new file mode 100755
index 0000000000..f1d39691bf
--- /dev/null
+++ b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
@@ -0,0 +1,49 @@
+# SPDX-License-Identifier: Apache-2.0
+
+#!/bin/bash
+
+#
+# Create root certificate CA (Certificate Authority) and its private key.
+# Create the package certificate issued by CA
+# Copy the stuff to SDC ONBOARDING and Robot pods.
+#
+
+
+
+SDCVALID=sdc-valid
+SDCINVALID=sdc-invalid
+ROBOTPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep robot )
+SDCONBOARDINGPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep sdc-onboarding-be | grep -v cassandra)
+
+generate_ca_key_cert_and_package_cert_issued_by_CA () {
+        openssl req -batch -new -nodes -x509 -days 36500 -keyout rootCA-private-robot-$1.key -out rootCA-robot-$1.cert
+        openssl req -batch -new -nodes -keyout package-private-robot-$1.key -out package-robot-$1.csr
+        openssl x509 -req -CA rootCA-robot-$1.cert -CAkey rootCA-private-robot-$1.key -CAcreateserial -in package-robot-$1.csr -out package-robot-$1.cert
+}
+
+
+copy_root_cert_to_sdc_onboarding () {
+        kubectl cp $1/rootCA-robot-$5.cert $2/$3:$4
+}
+
+copy_package_certs_to_robot () {
+        for f in package-robot-$5.cert package-private-robot-$5.key
+        do
+                kubectl cp $1/$f $2/$3:$4
+        done
+}
+
+mkdir "$DIR/$SCRIPTDIR/tmp"
+cd "$DIR/$SCRIPTDIR/tmp"
+if [[ -f rootCA-robot-$SDCVALID.cert  &&  -f package-robot-$SDCVALID.cert  &&  -f package-robot-$SDCINVALID.cert  &&  -f package-private-robot-$SDCVALID.key  &&  -f package-private-robot-$SDCINVALID.key ]]; then
+        echo "All files are present";
+else
+        generate_ca_key_cert_and_package_cert_issued_by_CA $SDCVALID
+        generate_ca_key_cert_and_package_cert_issued_by_CA $SDCINVALID
+
+fi
+cd ../../..
+copy_root_cert_to_sdc_onboarding "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$SDCONBOARDINGPOD" "/var/lib/jetty/cert" $SDCVALID
+copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCVALID
+copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCINVALID
+
diff --git a/kubernetes/robot/scripts/helmscript/README b/kubernetes/robot/scripts/helmscript/README
new file mode 100644
index 0000000000..7666bf5f02
--- /dev/null
+++ b/kubernetes/robot/scripts/helmscript/README
@@ -0,0 +1 @@
+Directory contains scripts that will be run before 'eteHelm' tests.
-- 
cgit 1.2.3-korg