Code Review / integration.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: e15544d)
k8s: Drop support for Casablanca 97/100697/3
authorPawel Wieczorek <p.wieczorek2@samsung.com>
Thu, 23 Jan 2020 11:13:44 +0000 (12:13 +0100)
committerPawel Wieczorek <p.wieczorek2@samsung.com>
Wed, 29 Jan 2020 16:17:40 +0000 (17:17 +0100)
Casablanca release reached End of Life (EOL) stage on July 8th 2019 [1].

This patch also fixes comments for test fixtures.

This whole test subtree will be deleted upon migrating Aquasec
kube-bench [2] for CIS Benchmark [3] integrated by Orange [4] to ONAP
xtesting [5].

[1] https://wiki.onap.org/display/DW/Long+Term+Roadmap
[2] https://github.com/aquasecurity/kube-bench
[3] https://www.cisecurity.org/benchmark/kubernetes/
[4] https://gitlab.com/Orange-OpenSource/lfn/onap/integration/xtesting
[5] https://git.onap.org/integration/xtesting/

Issue-ID: SECCOM-235
Change-Id: Ifc7d9c775c27d4cfafdd1932809288530cffceff
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
12 files changed:
test/security/k8s/README patch | blob | history
test/security/k8s/src/check/check.go patch | blob | history
test/security/k8s/src/check/cmd/check/check.go patch | blob | history
test/security/k8s/src/check/rancher/rancher.go [deleted file] patch | blob | history
test/security/k8s/src/check/validators/master/api/api_test.go patch | blob | history
test/security/k8s/src/check/validators/master/controllermanager/controllermanager_test.go patch | blob | history
test/security/k8s/src/check/validators/master/scheduler/scheduler_test.go patch | blob | history
test/security/k8s/tools/casablanca/get_customization_scripts.sh [deleted file] patch | blob | history
test/security/k8s/tools/casablanca/get_ranchercli.sh [deleted file] patch | blob | history
test/security/k8s/tools/casablanca/imported/openstack-k8s-node.sh [deleted file] patch | blob | history
test/security/k8s/tools/casablanca/imported/openstack-rancher.sh [deleted file] patch | blob | history
test/security/k8s/vagrant/casablanca/Vagrantfile [deleted file] patch | blob | history

diff --git a/test/security/k8s/README b/test/security/k8s/README
index fdb7e4c..b9e2dd5 100644 (file)
--- a/test/security/k8s/README
+++ b/test/security/k8s/README
@@ -19,17 +19,6 @@ Build
 
 .. _go: https://golang.org/doc/install
 
-Run
----
-
-.. note:: Below applies to Rancher-based clusters (e.g. Casablanca)
-
-- `Rancher CLI`_
-- Docker_ (required to perform selected Rancher CLI calls)
-
-.. _`Rancher CLI`: https://rancher.com/docs/rancher/v1.6/en/cli
-.. _Docker: https://docs.docker.com/install
-
 Test
 ----
 
diff --git a/test/security/k8s/src/check/check.go b/test/security/k8s/src/check/check.go
index 728be18..91e9e5f 100644 (file)
--- a/test/security/k8s/src/check/check.go
+++ b/test/security/k8s/src/check/check.go
@@ -39,31 +39,3 @@ func (c Command) String() string {
        }
        return names[c]
 }
-
-// Service represents services run on Rancher-based cluster.
-type Service int
-
-const (
-       // APIService represents API server service ("kubernetes/kubernetes").
-       APIService Service = iota
-       // SchedulerService represents scheduler service ("kubernetes/scheduler").
-       SchedulerService
-       // ControllerManagerService represents controller manager service ("kubernetes/controller-manager").
-       ControllerManagerService
-       // EtcdService represents etcd service ("kubernetes/etcd").
-       EtcdService
-)
-
-func (s Service) String() string {
-       names := [...]string{
-               "kubernetes/kubernetes",
-               "kubernetes/scheduler",
-               "kubernetes/controller-manager",
-               "kubernetes/etcd",
-       }
-
-       if s < APIService || s > EtcdService {
-               return ""
-       }
-       return names[s]
-}
diff --git a/test/security/k8s/src/check/cmd/check/check.go b/test/security/k8s/src/check/cmd/check/check.go
index 98254ae..42e9903 100644 (file)
--- a/test/security/k8s/src/check/cmd/check/check.go
+++ b/test/security/k8s/src/check/cmd/check/check.go
@@ -5,32 +5,23 @@ import (
        "log"
 
        "check"
-       "check/rancher"
        "check/raw"
        "check/validators/master"
 )
 
 var (
-       ranchercli = flag.Bool("ranchercli", false, "use rancher utility for accessing cluster nodes")
-       rke        = flag.Bool("rke", false, "use RKE cluster definition and ssh for accessing cluster nodes (default)")
+       rke = flag.Bool("rke", true, "use RKE cluster definition and ssh for accessing cluster nodes (default)")
 )
 
 func main() {
        flag.Parse()
-       if *ranchercli && *rke {
+       if !(*rke) {
                log.Fatal("Not supported.")
        }
 
-       // Use default cluster access method if none was declared explicitly.
-       if !(*ranchercli || *rke) {
-               *rke = true
-       }
-
        var info check.Informer
 
        switch {
-       case *ranchercli:
-               info = &rancher.Rancher{}
        case *rke:
                info = &raw.Raw{}
        default:
diff --git a/test/security/k8s/src/check/rancher/rancher.go b/test/security/k8s/src/check/rancher/rancher.go
deleted file mode 100644 (file)
index 2cf2fbe..0000000
--- a/test/security/k8s/src/check/rancher/rancher.go
+++ /dev/null
@@ -1,124 +0,0 @@
-// Package rancher wraps Rancher commands necessary for K8s inspection.
-package rancher
-
-import (
-       "bytes"
-       "fmt"
-       "os/exec"
-
-       "check"
-)
-
-const (
-       bin                      = "rancher"
-       paramHost                = "--host"
-       cmdHosts                 = "hosts"
-       cmdHostsParams           = "--quiet"
-       cmdDocker                = "docker"
-       cmdDockerCmdPs           = "ps"
-       cmdDockerCmdPsParams     = "--no-trunc"
-       cmdDockerCmdPsFilter     = "--filter"
-       cmdDockerCmdPsFilterArgs = "label=io.rancher.stack_service.name="
-       cmdDockerCmdPsFormat     = "--format"
-       cmdDockerCmdPsFormatArgs = "{{.Command}}"
-)
-
-// Rancher implements Informer interface.
-type Rancher struct {
-       check.Informer
-}
-
-// GetAPIParams returns parameters of running Kubernetes API server.
-// It queries default environment set in configuration file.
-func (r *Rancher) GetAPIParams() ([]string, error) {
-       return getProcessParams(check.APIProcess, check.APIService)
-}
-
-// GetSchedulerParams returns parameters of running Kubernetes scheduler.
-// It queries default environment set in configuration file.
-func (r *Rancher) GetSchedulerParams() ([]string, error) {
-       return getProcessParams(check.SchedulerProcess, check.SchedulerService)
-}
-
-// GetControllerManagerParams returns parameters of running Kubernetes scheduler.
-// It queries default environment set in configuration file.
-func (r *Rancher) GetControllerManagerParams() ([]string, error) {
-       return getProcessParams(check.ControllerManagerProcess, check.ControllerManagerService)
-}
-
-// GetEtcdParams returns parameters of running etcd.
-// It queries only cluster nodes with "controlplane" role.
-func (r *Rancher) GetEtcdParams() ([]string, error) {
-       return []string{}, check.ErrNotImplemented
-}
-
-func getProcessParams(process check.Command, service check.Service) ([]string, error) {
-       hosts, err := listHosts()
-       if err != nil {
-               return []string{}, err
-       }
-
-       for _, host := range hosts {
-               cmd, err := getPsCmdOutput(host, service)
-               if err != nil {
-                       return []string{}, err
-               }
-
-               cmd = trimOutput(cmd) // TODO: improve `docker ps` query format.
-               if len(cmd) > 0 {
-                       i := bytes.Index(cmd, []byte(process.String()))
-                       if i == -1 {
-                               return []string{}, fmt.Errorf("missing %s command", process)
-                       }
-                       return btos(cmd[i+len(process.String()):]), nil
-               }
-       }
-       return []string{}, nil
-}
-
-// listHosts lists IDs of active hosts.
-// It queries default environment set in configuration file.
-func listHosts() ([]string, error) {
-       cmd := exec.Command(bin, cmdHosts, cmdHostsParams)
-       out, err := cmd.Output()
-       if err != nil {
-               return nil, err
-       }
-       return btos(out), nil
-}
-
-// getPsCmdOutput returns running Kubernetes service command with its parameters.
-// It queries default environment set in configuration file.
-func getPsCmdOutput(host string, service check.Service) ([]byte, error) {
-       // Following is equivalent to:
-       // $ rancher --host $HOST \
-       //   docker ps --no-trunc \
-       //   --filter "label=io.rancher.stack_service.name=$SERVICE" \
-       //   --format "{{.Command}}"
-       cmd := exec.Command(bin, paramHost, host,
-               cmdDocker, cmdDockerCmdPs, cmdDockerCmdPsParams,
-               cmdDockerCmdPsFilter, cmdDockerCmdPsFilterArgs+service.String(),
-               cmdDockerCmdPsFormat, cmdDockerCmdPsFormatArgs)
-       out, err := cmd.Output()
-       if err != nil {
-               return nil, err
-       }
-       return out, nil
-}
-
-// trimOutput removes trailing new line and brackets from output.
-func trimOutput(b []byte) []byte {
-       b = bytes.TrimSpace(b)
-       b = bytes.TrimPrefix(b, []byte("["))
-       b = bytes.TrimSuffix(b, []byte("]"))
-       return b
-}
-
-// btos converts slice of bytes to slice of strings split by white space characters.
-func btos(in []byte) []string {
-       var out []string
-       for _, b := range bytes.Fields(in) {
-               out = append(out, string(b))
-       }
-       return out
-}
diff --git a/test/security/k8s/src/check/validators/master/api/api_test.go b/test/security/k8s/src/check/validators/master/api/api_test.go
index 4ba5070..01fe9b1 100644 (file)
--- a/test/security/k8s/src/check/validators/master/api/api_test.go
+++ b/test/security/k8s/src/check/validators/master/api/api_test.go
@@ -45,39 +45,7 @@ var _ = Describe("Api", func() {
                                "TLS_RSA_WITH_AES_128_GCM_SHA256",
                }
 
-               // kubeApiServerCasablanca was obtained from virtual environment for testing
-               // (introduced in Change-Id: I57f9f3caac0e8b391e9ed480f6bebba98e006882).
-               kubeApiServerCasablanca = []string{
-                       "--storage-backend=etcd2",
-                       "--storage-media-type=application/json",
-                       "--service-cluster-ip-range=10.43.0.0/16",
-                       "--etcd-servers=https://etcd.kubernetes.rancher.internal:2379",
-                       "--insecure-bind-address=0.0.0.0",
-                       "--insecure-port=0",
-                       "--cloud-provider=rancher",
-                       "--allow-privileged=true",
-                       "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount," +
-                               "PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,ResourceQuota",
-                       "--client-ca-file=/etc/kubernetes/ssl/ca.pem",
-                       "--tls-cert-file=/etc/kubernetes/ssl/cert.pem",
-                       "--tls-private-key-file=/etc/kubernetes/ssl/key.pem",
-                       "--kubelet-client-certificate=/etc/kubernetes/ssl/cert.pem",
-                       "--kubelet-client-key=/etc/kubernetes/ssl/key.pem",
-                       "--runtime-config=batch/v2alpha1",
-                       "--anonymous-auth=false",
-                       "--authentication-token-webhook-config-file=/etc/kubernetes/authconfig",
-                       "--runtime-config=authentication.k8s.io/v1beta1=true",
-                       "--external-hostname=kubernetes.kubernetes.rancher.internal",
-                       "--etcd-cafile=/etc/kubernetes/etcd/ca.pem",
-                       "--etcd-certfile=/etc/kubernetes/etcd/cert.pem",
-                       "--etcd-keyfile=/etc/kubernetes/etcd/key.pem",
-                       "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," +
-                               "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305," +
-                               "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384," +
-                               "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
-               }
-
-               // kubeApiServerCasablanca was obtained from virtual environment for testing
+               // kubeApiServerDublin was obtained from virtual environment for testing
                // (introduced in Change-Id: I54ada5fade3b984dedd1715f20579e3ce901faa3).
                kubeApiServerDublin = []string{
                        "--requestheader-group-headers=X-Remote-Group",
@@ -130,7 +98,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not absent on insecure cluster", []string{"--insecure-allow-any-token"}, false),
                        Entry("Should be absent on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be absent on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be absent on Dublin cluster", kubeApiServerDublin, true),
                )
 
@@ -140,7 +107,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not set on insecure cluster", []string{}, false),
                        Entry("Should be set to false on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be set to false on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be set to false on Dublin cluster", kubeApiServerDublin, true),
                )
 
@@ -150,7 +116,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not set on insecure cluster", []string{}, false),
                        Entry("Is explicitly enabled on insecure cluster", []string{"--profiling=true"}, false),
-                       Entry("Is not set on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Should be set to false on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                        Entry("Should be set to false on Dublin cluster", kubeApiServerDublin, true),
                )
@@ -161,7 +126,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is explicitly disabled on insecure cluster", []string{"--kubelet-https=false"}, false),
                        Entry("Should be absent or set to true on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be absent or set to true on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be absent or set to true on Dublin cluster", kubeApiServerDublin, true),
                )
 
@@ -171,7 +135,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not set on insecure cluster", []string{}, false),
                        Entry("Is explicitly enabled on insecure cluster", []string{"--repair-malformed-updates=true"}, false),
-                       Entry("Is not set on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Should be set to false on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                        Entry("Should be set to false on Dublin cluster", kubeApiServerDublin, true),
                )
@@ -182,7 +145,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not set on insecure cluster", []string{}, false),
                        Entry("Is explicitly disabled on insecure cluster", []string{"--service-account-lookup=false"}, false),
-                       Entry("Is not set on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Should be set to true on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                        Entry("Should be set to true on Dublin cluster", kubeApiServerDublin, true),
                )
@@ -195,7 +157,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not absent on insecure cluster", []string{"--basic-auth-file=/path/to/file"}, false),
                        Entry("Should be absent on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be absent on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be absent on Dublin cluster", kubeApiServerDublin, true),
                )
 
@@ -205,7 +166,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not absent on insecure cluster", []string{"--token-auth-file=/path/to/file"}, false),
                        Entry("Should be absent on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be absent on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be absent on Dublin cluster", kubeApiServerDublin, true),
                )
 
@@ -215,7 +175,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is absent on insecure cluster", []string{}, false),
                        Entry("Is empty on insecure cluster", []string{"--audit-log-path="}, false),
-                       Entry("Is absent on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Is absent on Dublin cluster", kubeApiServerDublin, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                )
@@ -226,7 +185,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is absent on insecure cluster", []string{}, false),
                        Entry("Is empty on insecure cluster", []string{"--kubelet-certificate-authority="}, false),
-                       Entry("Is absent on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Is absent on Dublin cluster", kubeApiServerDublin, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                )
@@ -238,7 +196,6 @@ var _ = Describe("Api", func() {
                        Entry("Is absent on insecure cluster", []string{}, false),
                        Entry("Is empty on insecure cluster", []string{"--client-ca-file="}, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be present on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
                )
 
@@ -249,7 +206,6 @@ var _ = Describe("Api", func() {
                        Entry("Is absent on insecure cluster", []string{}, false),
                        Entry("Is empty on insecure cluster", []string{"-etcd-cafile="}, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be present on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
                )
 
@@ -259,7 +215,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is absent on insecure cluster", []string{}, false),
                        Entry("Is empty on insecure cluster", []string{"--service-account-key-file="}, false),
-                       Entry("Is absent on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                        Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
                )
@@ -271,7 +226,6 @@ var _ = Describe("Api", func() {
                        Entry("Is absent on insecure cluster", []string{}, false),
                        Entry("Is empty on insecure cluster", []string{"--kubelet-client-certificate= --kubelet-client-key="}, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be present on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
                )
 
@@ -282,7 +236,6 @@ var _ = Describe("Api", func() {
                        Entry("Is absent on insecure cluster", []string{}, false),
                        Entry("Is empty on insecure cluster", []string{"--etcd-certfile= --etcd-keyfile="}, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be present on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
                )
 
@@ -293,7 +246,6 @@ var _ = Describe("Api", func() {
                        Entry("Is absent on insecure cluster", []string{}, false),
                        Entry("Is empty on insecure cluster", []string{"--tls-cert-file= --tls-private-key-file="}, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be present on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
                )
        })
@@ -304,7 +256,6 @@ var _ = Describe("Api", func() {
                                Expect(IsInsecureBindAddressAbsentOrLoopback(params)).To(Equal(expected))
                        },
                        Entry("Is not absent on insecure cluster", []string{"--insecure-bind-address=1.2.3.4"}, false),
-                       Entry("Is not absent nor set to loopback on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Should be absent or set to loopback on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                        Entry("Should be absent or set to loopback on Dublin cluster", kubeApiServerDublin, true),
                )
@@ -316,7 +267,6 @@ var _ = Describe("Api", func() {
                        Entry("Is not set on insecure cluster", []string{}, false),
                        Entry("Is explicitly enabled on insecure cluster", []string{"--insecure-port=1234"}, false),
                        Entry("Should be set to 0 on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be set to 0 on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be set to 0 on Dublin cluster", kubeApiServerDublin, true),
                )
 
@@ -326,7 +276,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is explicitly disabled on insecure cluster", []string{"--secure-port=0"}, false),
                        Entry("Should be absent or set to valid port on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be absent or set to valid port on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be absent or set to valid port on Dublin cluster", kubeApiServerDublin, true),
                )
        })
@@ -339,7 +288,6 @@ var _ = Describe("Api", func() {
                        Entry("Is absent on insecure cluster", []string{}, false),
                        Entry("Is empty on insecure cluster", []string{"--audit-log-maxage="}, false),
                        Entry("Is insufficient on insecure cluster", []string{"--audit-log-maxage=5"}, false),
-                       Entry("Is absent on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Is absent on Dublin cluster", kubeApiServerDublin, false),
                        Entry("Should be set appropriately on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                )
@@ -351,7 +299,6 @@ var _ = Describe("Api", func() {
                        Entry("Is absent on insecure cluster", []string{}, false),
                        Entry("Is empty on insecure cluster", []string{"--audit-log-maxbackup="}, false),
                        Entry("Is insufficient on insecure cluster", []string{"--audit-log-maxbackup=2"}, false),
-                       Entry("Is absent on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Is absent on Dublin cluster", kubeApiServerDublin, false),
                        Entry("Should be set appropriately on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                )
@@ -363,7 +310,6 @@ var _ = Describe("Api", func() {
                        Entry("Is absent on insecure cluster", []string{}, false),
                        Entry("Is empty on insecure cluster", []string{"--audit-log-maxsize="}, false),
                        Entry("Is insufficient on insecure cluster", []string{"--audit-log-maxsize=5"}, false),
-                       Entry("Is absent on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Is absent on Dublin cluster", kubeApiServerDublin, false),
                        Entry("Should be set appropriately on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                )
@@ -375,7 +321,6 @@ var _ = Describe("Api", func() {
                        Entry("Is empty on insecure cluster", []string{"--request-timeout="}, false),
                        Entry("Is too high on insecure cluster", []string{"--request-timeout=600"}, false),
                        Entry("Should be set only if needed on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be set only if needed on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be set only if needed on Dublin cluster", kubeApiServerDublin, true),
                )
        })
@@ -388,7 +333,6 @@ var _ = Describe("Api", func() {
                        Entry("Is not absent on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar,AlwaysAdmit,Baz,Quuz"}, false),
                        Entry("Is not absent on insecure deprecated cluster", []string{"--admission-control=Foo,Bar,AlwaysAdmit,Baz,Quuz"}, false),
                        Entry("Should be absent on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be absent on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be absent on Dublin cluster", kubeApiServerDublin, true),
                )
 
@@ -398,7 +342,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
                        Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
-                       Entry("Is not present on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Is not present on Dublin cluster", kubeApiServerDublin, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                )
@@ -409,7 +352,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
                        Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
-                       Entry("Is not present on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Is not present on Dublin cluster", kubeApiServerDublin, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                )
@@ -420,7 +362,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
                        Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
-                       Entry("Is not present on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Is not present on Dublin cluster", kubeApiServerDublin, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                )
@@ -431,7 +372,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
                        Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
-                       Entry("Is not present on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Is not present on Dublin cluster", kubeApiServerDublin, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                )
@@ -443,7 +383,6 @@ var _ = Describe("Api", func() {
                        Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
                        Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should be present on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
                )
 
@@ -453,7 +392,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
                        Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
-                       Entry("Is not present on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                        Entry("Should be present on Dublin cluster", kubeApiServerDublin, true),
                )
@@ -464,7 +402,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not present on insecure cluster", []string{"--enable-admission-plugins=Foo,Bar"}, false),
                        Entry("Is not present on insecure deprecated cluster", []string{"--admission-control=Foo,Bar"}, false),
-                       Entry("Is not present on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Is not present on Dublin cluster", kubeApiServerDublin, false),
                        Entry("Should be present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                )
@@ -475,7 +412,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is explicitly disabled on insecure cluster", []string{"--disable-admission-plugins=Foo,Bar,NamespaceLifecycle,Baz,Quuz"}, false),
                        Entry("Should not be disabled on CIS-compliant cluster", kubeApiServerCISCompliant, true),
-                       Entry("Should not be disabled on Casablanca cluster", kubeApiServerCasablanca, true),
                        Entry("Should not be disabled on Dublin cluster", kubeApiServerDublin, true),
                )
 
@@ -485,7 +421,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not explicitly disabled on insecure cluster", []string{}, false),
                        Entry("Is not absent on insecure cluster", []string{"--authorization-mode=Foo,Bar,AlwaysAllow,Baz,Quuz"}, false),
-                       Entry("Is not explicitly disabled on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Should be absent on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                        Entry("Should be absent on Dublin cluster", kubeApiServerDublin, true),
                )
@@ -496,7 +431,6 @@ var _ = Describe("Api", func() {
                        },
                        Entry("Is not explicitly enabled on insecure cluster", []string{}, false),
                        Entry("Is not present on insecure cluster", []string{"--authorization-mode=Foo,Bar"}, false),
-                       Entry("Is not explicitly enabled on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Should present on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                        Entry("Should present on Dublin cluster", kubeApiServerDublin, true),
                )
@@ -510,7 +444,6 @@ var _ = Describe("Api", func() {
                        Entry("Is absent on insecure cluster", []string{}, false),
                        Entry("Is empty on insecure cluster", []string{"--tls-cipher-suites="}, false),
                        Entry("Is incomplete on insecure cluster", []string{"--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}, false),
-                       Entry("Is incomplete on Casablanca cluster", kubeApiServerCasablanca, false),
                        Entry("Is incomplete on Dublin cluster", kubeApiServerDublin, false),
                        Entry("Should be complete on CIS-compliant cluster", kubeApiServerCISCompliant, true),
                )
diff --git a/test/security/k8s/src/check/validators/master/controllermanager/controllermanager_test.go b/test/security/k8s/src/check/validators/master/controllermanager/controllermanager_test.go
index fcd337a..05e3cae 100644 (file)
--- a/test/security/k8s/src/check/validators/master/controllermanager/controllermanager_test.go
+++ b/test/security/k8s/src/check/validators/master/controllermanager/controllermanager_test.go
@@ -21,19 +21,7 @@ var _ = Describe("Controllermanager", func() {
                        "--root-ca-file=/etc/kubernetes/ssl/kube-ca.pem",
                }
 
-               // kubeControllerManagerCasablanca was obtained from virtual environment for testing
-               // (introduced in Change-Id: I57f9f3caac0e8b391e9ed480f6bebba98e006882).
-               kubeControllerManagerCasablanca = []string{
-                       "--kubeconfig=/etc/kubernetes/ssl/kubeconfig",
-                       "--address=0.0.0.0",
-                       "--root-ca-file=/etc/kubernetes/ssl/ca.pem",
-                       "--service-account-private-key-file=/etc/kubernetes/ssl/key.pem",
-                       "--allow-untagged-cloud",
-                       "--cloud-provider=rancher",
-                       "--horizontal-pod-autoscaler-use-rest-clients=false",
-               }
-
-               // kubeControllerManagerCasablanca was obtained from virtual environment for testing
+               // kubeControllerManagerDublin was obtained from virtual environment for testing
                // (introduced in Change-Id: I54ada5fade3b984dedd1715f20579e3ce901faa3).
                kubeControllerManagerDublin = []string{
                        "--kubeconfig=/etc/kubernetes/ssl/kubecfg-kube-controller-manager.yaml",
@@ -64,7 +52,6 @@ var _ = Describe("Controllermanager", func() {
                        },
                        Entry("Is not set on insecure cluster", []string{}, false),
                        Entry("Is explicitly enabled on insecure cluster", []string{"--profiling=true"}, false),
-                       Entry("Is not set on Casablanca cluster", kubeControllerManagerCasablanca, false),
                        Entry("Should be set to false on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
                        Entry("Should be set to false on Dublin cluster", kubeControllerManagerDublin, true),
                )
@@ -75,7 +62,6 @@ var _ = Describe("Controllermanager", func() {
                        },
                        Entry("Is not set on insecure cluster", []string{}, false),
                        Entry("Is explicitly disabled on insecure cluster", []string{"--use-service-account-credentials=false"}, false),
-                       Entry("Is not set on Casablanca cluster", kubeControllerManagerCasablanca, false),
                        Entry("Should be set to true on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
                        Entry("Should be set to true on Dublin cluster", kubeControllerManagerDublin, true),
                )
@@ -89,7 +75,6 @@ var _ = Describe("Controllermanager", func() {
                        Entry("Is absent on insecure cluster", []string{""}, false),
                        Entry("Is empty on insecure cluster", []string{"--service-account-private-key-file="}, false),
                        Entry("Should be explicitly set on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
-                       Entry("Should be explicitly set on Casablanca cluster", kubeControllerManagerCasablanca, true),
                        Entry("Should be explicitly set on Dublin cluster", kubeControllerManagerDublin, true),
                )
 
@@ -100,7 +85,6 @@ var _ = Describe("Controllermanager", func() {
                        Entry("Is absent on insecure cluster", []string{""}, false),
                        Entry("Is empty on insecure cluster", []string{"--root-ca-file="}, false),
                        Entry("Should be explicitly set on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
-                       Entry("Should be explicitly set on Casablanca cluster", kubeControllerManagerCasablanca, true),
                        Entry("Should be explicitly set on Dublin cluster", kubeControllerManagerDublin, true),
                )
        })
@@ -111,7 +95,6 @@ var _ = Describe("Controllermanager", func() {
                                Expect(IsInsecureBindAddressAbsentOrLoopback(params)).To(Equal(expected))
                        },
                        Entry("Is not absent on insecure cluster", []string{"--address=1.2.3.4"}, false),
-                       Entry("Is not absent nor set to loopback on Casablanca cluster", kubeControllerManagerCasablanca, false),
                        Entry("Is not absent nor set to loopback on Dublin cluster", kubeControllerManagerDublin, false),
                        Entry("Should be absent or set to loopback on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
                )
@@ -124,7 +107,6 @@ var _ = Describe("Controllermanager", func() {
                        },
                        Entry("Is absent on insecure cluster", []string{""}, false),
                        Entry("Is empty on insecure cluster", []string{"--terminated-pod-gc-threshold="}, false),
-                       Entry("Is absent on Casablanca cluster", kubeControllerManagerCasablanca, false),
                        Entry("Should be explicitly set on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
                        Entry("Should be explicitly set on Dublin cluster", kubeControllerManagerDublin, true),
                )
@@ -137,7 +119,6 @@ var _ = Describe("Controllermanager", func() {
                        },
                        Entry("Is not enabled on insecure cluster", []string{"--feature-gates=Foo=Bar,Baz=Quuz"}, false),
                        Entry("Is explicitly disabled on insecure cluster", []string{"--feature-gates=Foo=Bar,RotateKubeletServerCertificate=false,Baz=Quuz"}, false),
-                       Entry("Is not enabled on Casablanca cluster", kubeControllerManagerCasablanca, false),
                        Entry("Is not enabled on Dublin cluster", kubeControllerManagerDublin, false),
                        Entry("Should be enabled on CIS-compliant cluster", kubeControllerManagerCISCompliant, true),
                )
diff --git a/test/security/k8s/src/check/validators/master/scheduler/scheduler_test.go b/test/security/k8s/src/check/validators/master/scheduler/scheduler_test.go
index 4166a58..7fb13b8 100644 (file)
--- a/test/security/k8s/src/check/validators/master/scheduler/scheduler_test.go
+++ b/test/security/k8s/src/check/validators/master/scheduler/scheduler_test.go
@@ -16,14 +16,7 @@ var _ = Describe("Scheduler", func() {
                        "--profiling=false",
                }
 
-               // kubeSchedulerCasablanca was obtained from virtual environment for testing
-               // (introduced in Change-Id: I57f9f3caac0e8b391e9ed480f6bebba98e006882).
-               kubeSchedulerCasablanca = []string{
-                       "--kubeconfig=/etc/kubernetes/ssl/kubeconfig",
-                       "--address=0.0.0.0",
-               }
-
-               // kubeSchedulerCasablanca was obtained from virtual environment for testing
+               // kubeSchedulerDublin was obtained from virtual environment for testing
                // (introduced in Change-Id: I54ada5fade3b984dedd1715f20579e3ce901faa3).
                kubeSchedulerDublin = []string{
                        "--kubeconfig=/etc/kubernetes/ssl/kubecfg-kube-scheduler.yaml",
@@ -41,7 +34,6 @@ var _ = Describe("Scheduler", func() {
                        },
                        Entry("Is not set on insecure cluster", []string{}, false),
                        Entry("Is explicitly enabled on insecure cluster", []string{"--profiling=true"}, false),
-                       Entry("Is not set on Casablanca cluster", kubeSchedulerCasablanca, false),
                        Entry("Should be set to false on CIS-compliant cluster", kubeSchedulerCISCompliant, true),
                        Entry("Should be set to false on Dublin cluster", kubeSchedulerDublin, true),
                )
@@ -53,7 +45,6 @@ var _ = Describe("Scheduler", func() {
                                Expect(IsInsecureBindAddressAbsentOrLoopback(params)).To(Equal(expected))
                        },
                        Entry("Is not absent on insecure cluster", []string{"--address=1.2.3.4"}, false),
-                       Entry("Is not absent nor set to loopback on Casablanca cluster", kubeSchedulerCasablanca, false),
                        Entry("Is not absent nor set to loopback on Dublin cluster", kubeSchedulerDublin, false),
                        Entry("Should be absent or set to loopback on CIS-compliant cluster", kubeSchedulerCISCompliant, true),
                )
diff --git a/test/security/k8s/tools/casablanca/get_customization_scripts.sh b/test/security/k8s/tools/casablanca/get_customization_scripts.sh
deleted file mode 100755 (executable)
index 028f002..0000000
--- a/test/security/k8s/tools/casablanca/get_customization_scripts.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/bin/env bash
-
-wget \
-  'https://docs.onap.org/en/casablanca/_downloads/0b365a2342af5abd655f1724b962f5b5/openstack-rancher.sh' \
-  'https://docs.onap.org/en/casablanca/_downloads/b20b581d56982e9f15a72527a358d56b/openstack-k8s-node.sh'
diff --git a/test/security/k8s/tools/casablanca/get_ranchercli.sh b/test/security/k8s/tools/casablanca/get_ranchercli.sh
deleted file mode 100755 (executable)
index 8ffbc5f..0000000
--- a/test/security/k8s/tools/casablanca/get_ranchercli.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/usr/bin/env bash
-
-#
-# @file        test/security/k8s/tools/casablanca/get_ranchercli.sh
-# @author      Pawel Wieczorek <p.wieczorek2@samsung.com>
-# @brief       Utility for obtaining Rancher CLI tool
-#
-
-# Dependencies:
-#     wget
-#     tar
-#     coreutils
-#
-# Privileges:
-# Script expects to be run with administrative privileges for accessing /usr/local/bin
-#
-# Usage:
-# # ./get_ranchercli.sh [VERSION [ARCH [SYSTEM]]]
-#
-
-# Constants
-DEFAULT_VERSION='v0.6.12'
-DEFAULT_ARCH='amd64'
-DEFAULT_SYSTEM='linux'
-
-# Variables
-VERSION="${1:-$DEFAULT_VERSION}"
-ARCH="${2:-$DEFAULT_ARCH}"
-SYSTEM="${3:-$DEFAULT_SYSTEM}"
-
-ARCHIVE="rancher-${SYSTEM}-${ARCH}-${VERSION}.tar.gz"
-DIRECTORY="rancher-${VERSION}"
-URL="https://releases.rancher.com/cli/${VERSION}/${ARCHIVE}"
-
-
-# Prerequistes
-wget "$URL"
-tar xf "$ARCHIVE"
-
-# Installation
-mv "${DIRECTORY}/rancher" /usr/local/bin/
-
-# Cleanup
-rmdir "$DIRECTORY"
-rm "$ARCHIVE"
diff --git a/test/security/k8s/tools/casablanca/imported/openstack-k8s-node.sh b/test/security/k8s/tools/casablanca/imported/openstack-k8s-node.sh
deleted file mode 100644 (file)
index b8462aa..0000000
--- a/test/security/k8s/tools/casablanca/imported/openstack-k8s-node.sh
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/bash
-
-DOCKER_VERSION=17.03
-KUBECTL_VERSION=1.11.2
-HELM_VERSION=2.9.1
-
-# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
-sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
-sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
-service sshd restart
-echo -e "oom\noom" | passwd root
-
-apt-get update
-curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh
-mkdir -p /etc/systemd/system/docker.service.d/
-cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
-[Service]
-ExecStart=
-ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001
-EOF
-systemctl daemon-reload
-systemctl restart docker
-apt-mark hold docker-ce
-
-IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
-HOSTNAME=`hostname`
-
-echo "$IP_ADDY $HOSTNAME" >> /etc/hosts
-
-docker login -u docker -p docker nexus3.onap.org:10001
-
-sudo apt-get install make -y
-
-sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
-sudo chmod +x ./kubectl
-sudo mv ./kubectl /usr/local/bin/kubectl
-sudo mkdir ~/.kube
-wget http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz
-sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz
-sudo mv linux-amd64/helm /usr/local/bin/helm
-
-# install nfs
-sudo apt-get install nfs-common -y
-
-
-exit 0
diff --git a/test/security/k8s/tools/casablanca/imported/openstack-rancher.sh b/test/security/k8s/tools/casablanca/imported/openstack-rancher.sh
deleted file mode 100644 (file)
index bcf542a..0000000
--- a/test/security/k8s/tools/casablanca/imported/openstack-rancher.sh
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/bin/bash
-
-DOCKER_VERSION=17.03
-RANCHER_VERSION=1.6.22
-KUBECTL_VERSION=1.11.2
-HELM_VERSION=2.9.1
-
-# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
-sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
-sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
-service sshd restart
-echo -e "oom\noom" | passwd root
-
-apt-get update
-curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh
-mkdir -p /etc/systemd/system/docker.service.d/
-cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
-[Service]
-ExecStart=
-ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001
-EOF
-systemctl daemon-reload
-systemctl restart docker
-apt-mark hold docker-ce
-
-IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
-HOSTNAME=`hostname`
-
-echo "$IP_ADDY $HOSTNAME" >> /etc/hosts
-
-docker login -u docker -p docker nexus3.onap.org:10001
-
-sudo apt-get install make -y
-
-sudo docker run -d --restart=unless-stopped -p 8080:8080 --name rancher_server rancher/server:v$RANCHER_VERSION
-sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
-sudo chmod +x ./kubectl
-sudo mv ./kubectl /usr/local/bin/kubectl
-sudo mkdir ~/.kube
-wget http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz
-sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz
-sudo mv linux-amd64/helm /usr/local/bin/helm
-
-# nfs server
-sudo apt-get install nfs-kernel-server -y
-
-sudo mkdir -p /nfs_share
-sudo chown nobody:nogroup /nfs_share/
-
-
-exit 0
diff --git a/test/security/k8s/vagrant/casablanca/Vagrantfile b/test/security/k8s/vagrant/casablanca/Vagrantfile
deleted file mode 100644 (file)
index c7e6883..0000000
--- a/test/security/k8s/vagrant/casablanca/Vagrantfile
+++ /dev/null
@@ -1,48 +0,0 @@
-# -*- mode: ruby -*-
-# -*- coding: utf-8 -*-
-
-host_ip = "192.168.121.1"
-
-rancher_port = 8080
-
-vm_memory = 2 * 1024
-vm_cpus = 1
-vm_box = "generic/ubuntu1604"
-
-cluster = [
-  { name: 'master', hostname: 'master', ip: '172.17.3.100' },
-  { name: 'worker', hostname: 'worker', ip: '172.17.3.101' }
-]
-
-Vagrant.configure('2') do |config|
-  cluster.each do |node|
-    config.vm.define node[:name] do |config|
-      config.vm.box = vm_box
-      config.vm.hostname = node[:hostname]
-
-      config.vm.provider :virtualbox do |v|
-        v.name = node[:name]
-        v.memory = vm_memory
-        v.cpus = vm_cpus
-      end
-
-      config.vm.provider :libvirt do |v|
-        v.memory = vm_memory
-        v.cpus = vm_cpus
-      end
-
-      config.vm.network :private_network, ip: node[:ip]
-      config.vm.provision :shell, inline: "echo nameserver #{host_ip} | resolvconf -a eth0.inet"
-
-      if node[:name] == 'master'
-        config.vm.network "forwarded_port", guest: rancher_port, host: rancher_port
-        config.vm.provision :shell, path: "../../tools/casablanca/imported/openstack-rancher.sh"
-        config.vm.provision :shell, path: "../../tools/casablanca/get_ranchercli.sh"
-      end
-
-      if node[:name] == 'worker'
-        config.vm.provision :shell, path: "../../tools/casablanca/imported/openstack-k8s-node.sh"
-      end
-    end
-  end
-end
Integration framework, automated tools, code and scripts, best practice guidance related to cross-project Continuous System Integration Testing (CSIT), and delivery of ONAP.