From: mrichomme <morgan.richomme@orange.com>
Date: Thu, 7 Jan 2021 10:00:09 +0000 (+0100)
Subject: [SECURITY] Include cert check of the internal ports
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=682b993848db69e54eb01a8745eb2cb98ed40ceb;p=integration%2Fxtesting.git

[SECURITY] Include cert check of the internal ports

A test dealing with the verification of the ports exposed as nodeports
is already integrated. The goal of the patch is to compelte with a test
dealing with all the internal ports retrieved from k8s on the ONAP namespace.

Unlike nodeport_check_certs, this test must be executed from inside the
cluster.
As a consequence a dependency is added in testcases.yaml
- TEST_ENVIRONMENT: 'internal_job'

In order to avoir triggerring the test when executing all the infra
tests of this xtesting dockers.
A kubernetes job consuming the image shall be created in xtesting-onap
to execute the test.

Issue-ID: INT-1818

Signed-off-by: mrichomme <morgan.richomme@orange.com>
Change-Id: I16bb55fb784bd67f8a2b59f9f895fb754da8e3d0
---

diff --git a/infra-healthcheck/docker/testcases.yaml b/infra-healthcheck/docker/testcases.yaml
index 3710901..0cd8fe8 100644
--- a/infra-healthcheck/docker/testcases.yaml
+++ b/infra-healthcheck/docker/testcases.yaml
@@ -61,3 +61,14 @@ tiers:
                     - DEPLOY_ENVIRONMENT: 'gating_component'
                 run:
                     name: 'onap_chart'
+            -
+                case_name: internal_check_certs
+                project_name: integration
+                criteria: 100
+                blocking: false
+                description: >-
+                    Check certificates associated with internal ports
+                dependencies:
+                    - TEST_ENVIRONMENT: 'internal_job'
+                run:
+                    name: 'internal_check_certs'
diff --git a/infra-healthcheck/infra_healthcheck/k8stest.py b/infra-healthcheck/infra_healthcheck/k8stest.py
index e1c4213..1d69fac 100644
--- a/infra-healthcheck/infra_healthcheck/k8stest.py
+++ b/infra-healthcheck/infra_healthcheck/k8stest.py
@@ -108,3 +108,13 @@ class OnapSecurityNodePortsCerts(K8sTesting):
                     '--mode','nodeport','--namespace','onap','--dir',
                     '/var/lib/xtesting/results/nodeport_check_certs']
         self.criteria_string = ">>> Test Check certificates PASS"
+
+class OnapSecurityInternalPortsCerts(K8sTesting):
+    """Check the cerfificates for the internal ports."""
+    def __init__(self, **kwargs):
+        super(OnapSecurityInternalPortsCerts, self).__init__(**kwargs)
+        os.chdir('/usr/lib/python3.8/site-packages/check_certificates')
+        self.cmd = ['python3', 'check_certificates_validity.py',
+                    '--mode','internal','--namespace','onap','--dir',
+                    '/var/lib/xtesting/results/internal_check_certs']
+        self.criteria_string = ">>> Test Check certificates PASS"
diff --git a/infra-healthcheck/setup.cfg b/infra-healthcheck/setup.cfg
index 7730106..4eb4770 100644
--- a/infra-healthcheck/setup.cfg
+++ b/infra-healthcheck/setup.cfg
@@ -12,4 +12,4 @@ xtesting.testcase =
     onap_chart = chart_status.status:Status
     nodeport_ingress = infra_healthcheck.k8stest:OnapSecurityNodePortsIngress
     nodeport_check_certs = infra_healthcheck.k8stest:OnapSecurityNodePortsCerts
-
+    internal_check_certs = infra_healthcheck.k8stest:OnapSecurityInternalPortsCerts