Add security checks

This patch adds initial security validation check. It includes JSON file
containing dictionary of acknowledged NodePorts with corresponding
services [1].

Data required to perform added security check cannot be easily obtained
from within "robot" pod (without granting it access to "kubectl" tool
and as a side effect - cluster modifications). That is why it should be
collected beforehand by the test operator and stored as a JSON file.

Added suite expects having "${ACTUAL_NODEPORTS_FILE}" variable defined.
It will attempt parsing data stored in the file pointed by the said
variable and compare it against expected NodePorts.

[1] https://docs.onap.org/en/elalto/guides/onap-developer/settingup/index.html#nodeports

Issue-ID: SECCOM-261
Change-Id: Ib8078c50e943125f8452120368891c3e3a7056bc
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>

1 files changed, 14 insertions, 0 deletions

diff --git a/robot/testsuites/security.robot b/robot/testsuites/security.robot
new file mode 100644
index 00000000..089e12ed
--- /dev/null
+++ b/robot/testsuites/security.robot
@@ -0,0 +1,14 @@
+*** Settings ***
+| Documentation | Security validation                                    |
+| ...           | This suite requires declaring ${ACTUAL_NODEPORTS_FILE} |
+| Default tags  | security                                               |
+| Library       | ONAPLibrary.JSON                                       |
+
+*** Variables ***
+| ${EXPECTED_NODEPORTS_FILE} | ../assets/security/ExpectedNodePorts.json |
+
+*** Test Cases ***
+Validate present NodePorts
+|   | ${expected_nodeports}=       | Get file               | ${EXPECTED_NODEPORTS_FILE} |
+|   | ${actual_nodeports}=         | Get file               | ${ACTUAL_NODEPORTS_FILE}   |
+|   | JSON should contain sub JSON | ${expected_node_ports} | ${actual_node_ports}       |