Add timeout on SSL internal cert retrieval 80/112580/3
authormrichomme <morgan.richomme@orange.com>
Fri, 11 Sep 2020 20:58:09 +0000 (22:58 +0200)
committermrichomme <morgan.richomme@orange.com>
Mon, 14 Sep 2020 07:26:02 +0000 (09:26 +0200)
In case of SSL issues, the socket timeout is set to 600s by default
as we are scanning a liitle bit stupdidly - we try on all the internal
ports..it may take a long time if we cumulate the different timeouts.
Moreover a new error may occur socker.gaiaerror on internal scans

Issue-ID: INT-1570

Signed-off-by: mrichomme <morgan.richomme@orange.com>
Change-Id: Ia0e1c7bb133565d6179afa155f6c299a5e012764
Signed-off-by: mrichomme <morgan.richomme@orange.com>
test/security/check_certificates/check_certificates/check_certificates_validity.py
test/security/check_certificates/check_certificates/templates/cert-internal.html.j2 [new file with mode: 0644]

index 7447a64..87a2fa9 100644 (file)
@@ -46,6 +46,10 @@ import OpenSSL
 from datetime import datetime
 from kubernetes import client, config
 from jinja2 import Environment, FileSystemLoader, select_autoescape
+from socket import *  # pylint: disable=W0614
+
+# Set SSL timeout
+setdefaulttimeout(10)
 
 # Logger
 LOG_LEVEL = 'INFO'
@@ -257,6 +261,8 @@ def test_services(k8s_services, mode):
                 {'pod_name': test_name,
                  'pod_port': test_port,
                  'error_details': str(e)})
+        except:
+            LOGGER.error("Unknown error")
 
     # Create html summary
     jinja_env = Environment(
diff --git a/test/security/check_certificates/check_certificates/templates/cert-internal.html.j2 b/test/security/check_certificates/check_certificates/templates/cert-internal.html.j2
new file mode 100644 (file)
index 0000000..f904980
--- /dev/null
@@ -0,0 +1,129 @@
+{% extends "base.html.j2" %}
+{% block title %}ONAP Certificates expiration page{% endblock %}
+
+{% block content %}
+<h1 class="title is-1">ONAP Certificates</h1>
+<section class="section">
+ <div class="container">
+ <h3 class="subtitle">Cluster Internal Ports</h3>
+
+<table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
+  <thead>
+    <tr>
+      <th>Component</th>
+      <th>Port</th>
+      <th>Expected Expiration Date</th>
+      <th>Remaining Days</th>
+      <th>Root CA</th>
+      <th>Root CA Validity</th>
+    </tr>
+  </thead>
+  <tbody>
+    {% for cert in node_ports_list %}
+    <tr {% if cert.remaining_days < 0 %} class="has-background-danger" {%elif cert.remaining_days < 30 %}  class="has-background-warning" {%elif cert.remaining_days < 60 %} class="has-background-warning-light " {%elif cert.remaining_days > 389 %} class="has-background-warning-light" {%elif cert.remaining_days == 364 and cert.validity %} class="has-background-success-light" {% endif %}>
+         <td>{{ cert.pod_name }}</td>
+         <td>{{ cert.pod_port }}</td>
+         <td>{{ cert.expiration_date }}</td>
+         <td>{{ cert.remaining_days }}</td>
+         <td>{{ cert.issuer }}</td>
+         <td>{% if cert.validity %}
+          <span class="icon is-large has-text-success">
+            <i class="fas fa-check-square"></i>
+          </span>
+           {% else %}
+           <span class="icon is-large has-text-danger">
+             <i class="fas fa-ban"></i>
+           </span>
+            {% endif %}</td>
+    </tr>
+    {% endfor %}
+    </tbody>
+  </table>
+
+  {% if node_ports_ssl_error_list|length > 0 %}
+    <h3 class="subtitle">Cluster Internal Port SSL errors</h3>
+    <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
+      <thead>
+        <tr>
+          <th>Component</th>
+          <th>Port</th>
+          <th>Error Details</th>
+      </tr>
+      </thead>
+      <tbody>
+    {% for cert in node_ports_ssl_error_list %}
+         <td>{{ cert.pod_name }}</td>
+         <td>{{ cert.pod_port }}</td>
+         <td>{{ cert.error_details }}</td>
+    </tr>
+    {% endfor %}
+    </tbody>
+  </table>
+{% endif %}
+
+{% if node_ports_connection_error_list|length > 0 %}
+    <h3 class="subtitle">Cluster Internal Ports Connection errors</h3>
+    <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
+      <thead>
+        <tr>
+          <th>Component</th>
+          <th>Port</th>
+          <th>Error Details</th>
+        </tr>
+      </thead>
+      <tbody>
+    {% for cert in node_ports_connection_error_list %}
+         <td>{{ cert.pod_name }}</td>
+         <td>{{ cert.pod_port }}</td>
+         <td>{{ cert.error_details }}</td>
+    </tr>
+    {% endfor %}
+    </tbody>
+  </table>
+{% endif %}
+
+{% if node_ports_list_type_error_list|length > 0 %}
+    <h3 class="subtitle">Cluster Internal Ports ports Type Error</h3>
+    <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
+      <thead>
+        <tr>
+          <th>Component</th>
+          <th>Port</th>
+          <th>Error Details</th>
+        </tr>
+      </thead>
+      <tbody>
+    {% for cert in node_ports_list_type_error_list %}
+         <td>{{ cert.pod_name }}</td>
+         <td>{{ cert.pod_port }}</td>
+         <td>{{ cert.error_details }}</td>
+    </tr>
+    {% endfor %}
+    </tbody>
+  </table>
+{% endif %}
+
+{% if node_ports_reset_error_list|length > 0 %}
+  <h3 class="subtitle">Cluster Internal Ports Connections Error</h3>
+  <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
+    <thead>
+      <tr>
+        <th>Component</th>
+        <th>Port</th>
+          <th>Error Details</th>
+      </tr>
+    </thead>
+    <tbody>
+  {% for cert in node_ports_reset_error_list %}
+       <td>{{ cert.pod_name }}</td>
+       <td>{{ cert.pod_port }}</td>
+       <td>{{ cert.error_details }}</td>
+  </tr>
+  {% endfor %}
+  </tbody>
+</table>
+{% endif %}
+
+{% endblock %}
+</div>
+</section>