diff options
| author |   Pawel Wieczorek <p.wieczorek2@samsung.com> | 2019-11-25 15:40:04 +0100 |
|---|---|---|
| committer | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2019-11-25 15:49:54 +0100 |
| commit | c3563bc93ebf7df6a4802f07123163516ebf1057 (patch) | |
| tree | 3648a83690fa9722ac7e371509c6434e7a41e31a | |
| parent | 31450dcb11d18b81098b43d0d0b7ecdb0d69e238 (diff) | |
Adjust ETE runner for security tests
This patch adds gathering data which cannot be easily obtained from
within "robot" pod (without granting it access to "kubectl" tool and as
a side effect - cluster modifications).
It introduces dependency to python3 on operator's machine (to convert
"kubectl" tool filtered output to JSON).
Issue-ID: SECCOM-261
Change-Id: Ie5057f65f79337896191b51cfad1b3e06623f80b
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
| -rwxr-xr-x | ete-k8s.sh | 16 | ||||
| -rwxr-xr-x | scripts/etescript/security-etescript.sh | 57 |
2 files changed, 73 insertions, 0 deletions
@@ -50,6 +50,8 @@ if [ "$1" == "" ] || [ "$2" == "" ]; then echo "" echo " sdc-dcae-d.robot: sdc-dcae-d" echo "" + echo " security.robot: security" + echo "" echo " update_onap_page.robot: UpdateWebPage" echo "" echo " vnf-orchestration-direct-so.robot: instantiateVFWdirectso" @@ -86,4 +88,18 @@ DISPLAY_NUM=$(($GLOBAL_BUILD_NUMBER + 90)) VARIABLEFILES="-V /share/config/robot_properties.py" VARIABLES="-v GLOBAL_BUILD_NUMBER:$$" +case $2 in + security) + if [ -z "$NODEPORTS_FILE" ]; then + echo "Security tests require gathering additional information on ONAP cluster." + echo "It is unavailable from within Robot pod." + echo "" + echo "Rerun command with \"execscript\" argument, e.g." + echo "$ $0 onap security execscript" + exit + fi + VARIABLES="${VARIABLES} -v ACTUAL_NODEPORTS_FILE:${NODEPORTS_FILE}" + ;; +esac + kubectl --namespace $NAMESPACE exec ${POD} -- ${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} ${TAGS} --display $DISPLAY_NUM diff --git a/scripts/etescript/security-etescript.sh b/scripts/etescript/security-etescript.sh new file mode 100755 index 0000000..1cd911c --- /dev/null +++ b/scripts/etescript/security-etescript.sh @@ -0,0 +1,57 @@ +#!/usr/bin/env bash + +# Copyright 2019 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Gather information on ONAP cluster required by security tests. +# Copy results to Robot pod. +# + + +TMPDIR='/tmp' +TMPTPL='onap_security' +CSV2JSON='import csv; import json; import sys; print(json.dumps({i[0]: i[1] for i in csv.reader(sys.stdin)}))' +FILTER="$(tr -d [:space:] <<TEMPLATE +{{range .items}} + {{range.spec.ports}} + {{if .nodePort}} + {{.nodePort}}{{','}}{{.name}}{{'\n'}} + {{end}} + {{end}} +{{end}} +TEMPLATE)" + + +setup () { + export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)" +} + +create_actual_nodeport_json () { + kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE" +} + +copy_actual_nodeport_json_to_robot () { + kubectl cp "$1" "$2/$3:$4" +} + +cleanup () { + rm "$NODEPORTS_FILE" +} + + +setup +create_actual_nodeport_json +copy_actual_nodeport_json_to_robot "$NODEPORTS_FILE" "$NAMESPACE" "$POD" "$TMPDIR" +cleanup |