Code Review / integration.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 5ece777)
k8s: Declutter checker by dividing it into smaller packages 96/96296/1
authorPawel Wieczorek <p.wieczorek2@samsung.com>
Thu, 26 Sep 2019 10:31:56 +0000 (12:31 +0200)
committerPawel Wieczorek <p.wieczorek2@samsung.com>
Thu, 26 Sep 2019 17:02:01 +0000 (19:02 +0200)
Issue-ID: SECCOM-235
Change-Id: I7d4efd08b8c0258f2f9c33772bf1b1b02cedebfa
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
test/security/k8s/src/check/cmd/check/check.go patch | blob | history
test/security/k8s/src/check/validators/master/api/api.go [moved from test/security/k8s/src/check/validators/master/api.go with 99% similarity] patch | blob | history
test/security/k8s/src/check/validators/master/api/api_suite_test.go [moved from test/security/k8s/src/check/validators/master/master_suite_test.go with 57% similarity] patch | blob | history
test/security/k8s/src/check/validators/master/api/api_test.go [moved from test/security/k8s/src/check/validators/master/api_test.go with 99% similarity] patch | blob | history
test/security/k8s/src/check/validators/master/master.go [new file with mode: 0644] patch | blob

diff --git a/test/security/k8s/src/check/cmd/check/check.go b/test/security/k8s/src/check/cmd/check/check.go
index b10b8cb..5a29fa9 100644 (file)
--- a/test/security/k8s/src/check/cmd/check/check.go
+++ b/test/security/k8s/src/check/cmd/check/check.go
@@ -38,50 +38,5 @@ func main() {
                log.Fatal(err)
        }
 
-       log.Printf("IsBasicAuthFileAbsent: %t\n", master.IsBasicAuthFileAbsent(k8sParams))
-       log.Printf("IsTokenAuthFileAbsent: %t\n", master.IsTokenAuthFileAbsent(k8sParams))
-       log.Printf("IsInsecureAllowAnyTokenAbsent: %t\n", master.IsInsecureAllowAnyTokenAbsent(k8sParams))
-
-       log.Printf("IsAnonymousAuthDisabled: %t\n", master.IsAnonymousAuthDisabled(k8sParams))
-       log.Printf("IsInsecurePortUnbound: %t\n", master.IsInsecurePortUnbound(k8sParams))
-       log.Printf("IsProfilingDisabled: %t\n", master.IsProfilingDisabled(k8sParams))
-       log.Printf("IsRepairMalformedUpdatesDisabled: %t\n", master.IsRepairMalformedUpdatesDisabled(k8sParams))
-       log.Printf("IsServiceAccountLookupEnabled: %t\n", master.IsServiceAccountLookupEnabled(k8sParams))
-
-       log.Printf("IsKubeletHTTPSAbsentOrEnabled: %t\n", master.IsKubeletHTTPSAbsentOrEnabled(k8sParams))
-       log.Printf("IsInsecureBindAddressAbsentOrLoopback: %t\n", master.IsInsecureBindAddressAbsentOrLoopback(k8sParams))
-       log.Printf("IsSecurePortAbsentOrValid: %t\n", master.IsSecurePortAbsentOrValid(k8sParams))
-
-       log.Printf("IsAlwaysAdmitAdmissionControlPluginExcluded: %t\n", master.IsAlwaysAdmitAdmissionControlPluginExcluded(k8sParams))
-
-       log.Printf("IsAlwaysPullImagesAdmissionControlPluginIncluded: %t\n", master.IsAlwaysPullImagesAdmissionControlPluginIncluded(k8sParams))
-       log.Printf("IsDenyEscalatingExecAdmissionControlPluginIncluded: %t\n", master.IsDenyEscalatingExecAdmissionControlPluginIncluded(k8sParams))
-       log.Printf("IsSecurityContextDenyAdmissionControlPluginIncluded: %t\n", master.IsSecurityContextDenyAdmissionControlPluginIncluded(k8sParams))
-       log.Printf("IsPodSecurityPolicyAdmissionControlPluginIncluded: %t\n", master.IsPodSecurityPolicyAdmissionControlPluginIncluded(k8sParams))
-       log.Printf("IsServiceAccountAdmissionControlPluginIncluded: %t\n", master.IsServiceAccountAdmissionControlPluginIncluded(k8sParams))
-       log.Printf("IsNodeRestrictionAdmissionControlPluginIncluded: %t\n", master.IsNodeRestrictionAdmissionControlPluginIncluded(k8sParams))
-       log.Printf("IsEventRateLimitAdmissionControlPluginIncluded: %t\n", master.IsEventRateLimitAdmissionControlPluginIncluded(k8sParams))
-
-       log.Printf("IsNamespaceLifecycleAdmissionControlPluginNotExcluded: %t\n", master.IsNamespaceLifecycleAdmissionControlPluginNotExcluded(k8sParams))
-
-       log.Printf("IsAlwaysAllowAuthorizationModeExcluded: %t\n", master.IsAlwaysAllowAuthorizationModeExcluded(k8sParams))
-       log.Printf("IsNodeAuthorizationModeIncluded: %t\n", master.IsNodeAuthorizationModeIncluded(k8sParams))
-
-       log.Printf("IsAuditLogPathSet: %t\n", master.IsAuditLogPathSet(k8sParams))
-       log.Printf("IsAuditLogMaxAgeValid: %t\n", master.IsAuditLogMaxAgeValid(k8sParams))
-       log.Printf("IsAuditLogMaxBackupValid: %t\n", master.IsAuditLogMaxBackupValid(k8sParams))
-       log.Printf("IsAuditLogMaxSizeValid: %t\n", master.IsAuditLogMaxSizeValid(k8sParams))
-
-       log.Printf("IsRequestTimeoutValid: %t\n", master.IsRequestTimeoutValid(k8sParams))
-
-       log.Printf("IsKubeletCertificateAuthoritySet: %t\n", master.IsKubeletCertificateAuthoritySet(k8sParams))
-       log.Printf("IsClientCertificateAuthoritySet: %t\n", master.IsClientCertificateAuthoritySet(k8sParams))
-       log.Printf("IsEtcdCertificateAuthoritySet: %t\n", master.IsEtcdCertificateAuthoritySet(k8sParams))
-
-       log.Printf("IsServiceAccountKeySet: %t\n", master.IsServiceAccountKeySet(k8sParams))
-       log.Printf("IsKubeletClientCertificateAndKeySet: %t\n", master.IsKubeletClientCertificateAndKeySet(k8sParams))
-       log.Printf("IsEtcdCertificateAndKeySet: %t\n", master.IsEtcdCertificateAndKeySet(k8sParams))
-       log.Printf("IsTLSCertificateAndKeySet: %t\n", master.IsTLSCertificateAndKeySet(k8sParams))
-
-       log.Printf("IsStrongCryptoCipherInUse: %t\n", master.IsStrongCryptoCipherInUse(k8sParams))
+       master.Check(k8sParams)
 }
diff --git a/test/security/k8s/src/check/validators/master/master_suite_test.go b/test/security/k8s/src/check/validators/master/api/api_suite_test.go
similarity index 57%
rename from test/security/k8s/src/check/validators/master/master_suite_test.go
rename to test/security/k8s/src/check/validators/master/api/api_suite_test.go
index 5c957d8..28066f9 100644 (file)
--- a/test/security/k8s/src/check/validators/master/master_suite_test.go
+++ b/test/security/k8s/src/check/validators/master/api/api_suite_test.go
@@ -1,4 +1,4 @@
-package master_test
+package api_test
 
 import (
        "testing"
@@ -7,7 +7,7 @@ import (
        . "github.com/onsi/gomega"
 )
 
-func TestMaster(t *testing.T) {
+func TestApi(t *testing.T) {
        RegisterFailHandler(Fail)
-       RunSpecs(t, "Master Suite")
+       RunSpecs(t, "Api Suite")
 }
diff --git a/test/security/k8s/src/check/validators/master/api_test.go b/test/security/k8s/src/check/validators/master/api/api_test.go
similarity index 99%
rename from test/security/k8s/src/check/validators/master/api_test.go
rename to test/security/k8s/src/check/validators/master/api/api_test.go
index 0b20215..4ba5070 100644 (file)
--- a/test/security/k8s/src/check/validators/master/api_test.go
+++ b/test/security/k8s/src/check/validators/master/api/api_test.go
@@ -1,7 +1,7 @@
-package master_test
+package api_test
 
 import (
-       . "check/validators/master"
+       . "check/validators/master/api"
 
        . "github.com/onsi/ginkgo/extensions/table"
 
diff --git a/test/security/k8s/src/check/validators/master/master.go b/test/security/k8s/src/check/validators/master/master.go
new file mode 100644 (file)
index 0000000..e9dc66c
--- /dev/null
+++ b/test/security/k8s/src/check/validators/master/master.go
@@ -0,0 +1,57 @@
+package master
+
+import (
+       "log"
+
+       "check/validators/master/api"
+)
+
+// Check validates master node complies with CIS guideliness.
+func Check(k8sParams []string) {
+       log.Printf("IsBasicAuthFileAbsent: %t\n", api.IsBasicAuthFileAbsent(k8sParams))
+       log.Printf("IsTokenAuthFileAbsent: %t\n", api.IsTokenAuthFileAbsent(k8sParams))
+       log.Printf("IsInsecureAllowAnyTokenAbsent: %t\n", api.IsInsecureAllowAnyTokenAbsent(k8sParams))
+
+       log.Printf("IsAnonymousAuthDisabled: %t\n", api.IsAnonymousAuthDisabled(k8sParams))
+       log.Printf("IsInsecurePortUnbound: %t\n", api.IsInsecurePortUnbound(k8sParams))
+       log.Printf("IsProfilingDisabled: %t\n", api.IsProfilingDisabled(k8sParams))
+       log.Printf("IsRepairMalformedUpdatesDisabled: %t\n", api.IsRepairMalformedUpdatesDisabled(k8sParams))
+       log.Printf("IsServiceAccountLookupEnabled: %t\n", api.IsServiceAccountLookupEnabled(k8sParams))
+
+       log.Printf("IsKubeletHTTPSAbsentOrEnabled: %t\n", api.IsKubeletHTTPSAbsentOrEnabled(k8sParams))
+       log.Printf("IsInsecureBindAddressAbsentOrLoopback: %t\n", api.IsInsecureBindAddressAbsentOrLoopback(k8sParams))
+       log.Printf("IsSecurePortAbsentOrValid: %t\n", api.IsSecurePortAbsentOrValid(k8sParams))
+
+       log.Printf("IsAlwaysAdmitAdmissionControlPluginExcluded: %t\n", api.IsAlwaysAdmitAdmissionControlPluginExcluded(k8sParams))
+
+       log.Printf("IsAlwaysPullImagesAdmissionControlPluginIncluded: %t\n", api.IsAlwaysPullImagesAdmissionControlPluginIncluded(k8sParams))
+       log.Printf("IsDenyEscalatingExecAdmissionControlPluginIncluded: %t\n", api.IsDenyEscalatingExecAdmissionControlPluginIncluded(k8sParams))
+       log.Printf("IsSecurityContextDenyAdmissionControlPluginIncluded: %t\n", api.IsSecurityContextDenyAdmissionControlPluginIncluded(k8sParams))
+       log.Printf("IsPodSecurityPolicyAdmissionControlPluginIncluded: %t\n", api.IsPodSecurityPolicyAdmissionControlPluginIncluded(k8sParams))
+       log.Printf("IsServiceAccountAdmissionControlPluginIncluded: %t\n", api.IsServiceAccountAdmissionControlPluginIncluded(k8sParams))
+       log.Printf("IsNodeRestrictionAdmissionControlPluginIncluded: %t\n", api.IsNodeRestrictionAdmissionControlPluginIncluded(k8sParams))
+       log.Printf("IsEventRateLimitAdmissionControlPluginIncluded: %t\n", api.IsEventRateLimitAdmissionControlPluginIncluded(k8sParams))
+
+       log.Printf("IsNamespaceLifecycleAdmissionControlPluginNotExcluded: %t\n", api.IsNamespaceLifecycleAdmissionControlPluginNotExcluded(k8sParams))
+
+       log.Printf("IsAlwaysAllowAuthorizationModeExcluded: %t\n", api.IsAlwaysAllowAuthorizationModeExcluded(k8sParams))
+       log.Printf("IsNodeAuthorizationModeIncluded: %t\n", api.IsNodeAuthorizationModeIncluded(k8sParams))
+
+       log.Printf("IsAuditLogPathSet: %t\n", api.IsAuditLogPathSet(k8sParams))
+       log.Printf("IsAuditLogMaxAgeValid: %t\n", api.IsAuditLogMaxAgeValid(k8sParams))
+       log.Printf("IsAuditLogMaxBackupValid: %t\n", api.IsAuditLogMaxBackupValid(k8sParams))
+       log.Printf("IsAuditLogMaxSizeValid: %t\n", api.IsAuditLogMaxSizeValid(k8sParams))
+
+       log.Printf("IsRequestTimeoutValid: %t\n", api.IsRequestTimeoutValid(k8sParams))
+
+       log.Printf("IsKubeletCertificateAuthoritySet: %t\n", api.IsKubeletCertificateAuthoritySet(k8sParams))
+       log.Printf("IsClientCertificateAuthoritySet: %t\n", api.IsClientCertificateAuthoritySet(k8sParams))
+       log.Printf("IsEtcdCertificateAuthoritySet: %t\n", api.IsEtcdCertificateAuthoritySet(k8sParams))
+
+       log.Printf("IsServiceAccountKeySet: %t\n", api.IsServiceAccountKeySet(k8sParams))
+       log.Printf("IsKubeletClientCertificateAndKeySet: %t\n", api.IsKubeletClientCertificateAndKeySet(k8sParams))
+       log.Printf("IsEtcdCertificateAndKeySet: %t\n", api.IsEtcdCertificateAndKeySet(k8sParams))
+       log.Printf("IsTLSCertificateAndKeySet: %t\n", api.IsTLSCertificateAndKeySet(k8sParams))
+
+       log.Printf("IsStrongCryptoCipherInUse: %t\n", api.IsStrongCryptoCipherInUse(k8sParams))
+}
Integration framework, automated tools, code and scripts, best practice guidance related to cross-project Continuous System Integration Testing (CSIT), and delivery of ONAP.