Enable vuls and lynis tests in CI
[ci-management.git] / jjb / shell / run_bluval.sh
1 #!/bin/bash
2 ##############################################################################
3 # Copyright (c) 2019 ENEA and others.
4 # valentin.radulescu@enea.com
5 # All rights reserved. This program and the accompanying materials
6 # are made available under the terms of the Apache License, Version 2.0
7 # which accompanies this distribution, and is available at
8 # http://www.apache.org/licenses/LICENSE-2.0
9 ##############################################################################
10 set -e
11 set -o errexit
12 set -o pipefail
13 export PATH=$PATH:/home/jenkins/.local/bin
14
15 cwd=$(pwd)
16 current_user=$(whoami)
17 is_optional="false"
18
19 info ()  {
20     logger -s -t "run_blu_val.info" "$*"
21 }
22
23 has_substring() {
24     [[ $1 =~ $2 ]]
25 }
26
27 change_res_owner() {
28 # change owner of results created by root in container
29     if [ -d "$results_dir" ]
30     then
31         sudo chown -R "$current_user" "$results_dir"
32     fi
33 }
34
35 usage() {
36     echo "usage: $0" >&2
37     echo "[-n <blueprint_name>">&2
38     echo "[-b <blueprint_yaml> blueprint definition">&2
39     echo "[-k <k8s_config_dir> k8s config dir">&2
40     echo "[-j <cluster_master_ip> cluster master IP">&2
41     echo "[-u <ssh_user> ssh user">&2
42     echo "[-s <ssh_key>] path to ssh key">&2
43     echo "[-c <custmom_var_file> ] path to variables yaml file">&2
44     echo "[-l <layer> ] blueprint layer">&2
45     echo "[-o ] run optional tests">&2
46     echo "[-v <version> ] version">&2
47 }
48
49 verify_connectivity() {
50     local ip=$1
51     info "Verifying connectivity to $ip..."
52     for i in $(seq 0 10); do
53         if ping -c 1 -W 1 "$ip" > /dev/null; then
54             info "$ip is reachable!"
55             return 0
56         fi
57         sleep 1
58     done
59     error "Can not talk to $ip."
60 }
61
62 error () {
63     logger -s -t "run_blu_val.error" "$*"
64     exit 1
65 }
66
67 # Get options from shell
68 while getopts "j:k:u:s:b:l:r:n:ov:" optchar; do
69     case "${optchar}" in
70         j) cluster_master_ip=${OPTARG} ;;
71         k) k8s_config_dir=${OPTARG} ;;
72         s) ssh_key=${OPTARG} ;;
73         b) blueprint_yaml=${OPTARG} ;;
74         l) blueprint_layer=${OPTARG} ;;
75         n) blueprint_name=${OPTARG} ;;
76         u) sh_user=${OPTARG} ;;
77         o) is_optional="true"  ;;
78         v) version=${OPTARG} ;;
79         *) echo "Non-option argument: '-${OPTARG}'" >&2
80            usage
81            exit 2
82            ;;
83     esac
84 done
85
86 # Blueprint name is mandatory
87 blueprint_name=${blueprint_name:-$BLUEPRINT}
88 if [ -z "$blueprint_name" ]
89 then
90     usage
91     error "Please specify blueprint name. "
92 fi
93
94 # Use cwd/kube for k8s config
95 input="$cwd/kube"
96
97 # Initialize ssh key used
98 ssh_key=${ssh_key:-$CLUSTER_SSH_KEY}
99 # K8s config directory
100 k8s_config_dir=${k8s_config_dir:-$input}
101 mkdir -p "$k8s_config_dir"
102
103 # Testing configuration
104 version=${version:-$VERSION}
105 results_dir=$cwd/results
106 cluster_master_ip=${cluster_master_ip:-$CLUSTER_MASTER_IP}
107 ssh_user=${sh_user:-$CLUSTER_SSH_USER}
108 blueprint_layer=${blueprint_layer:-$LAYER}
109
110 if [ "$blueprint_layer" == "k8s" ]
111 then
112     if [ -z "$cluster_master_ip" ]
113     then
114         usage
115         error "Please provide valid IP address to access the k8s cluster."
116     fi
117     verify_connectivity "${cluster_master_ip}"
118     if [[ -n $CLUSTER_SSH_PASSWORD ]]
119     then
120         sshpass -p "${CLUSTER_SSH_PASSWORD}" scp -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -r\
121              "${ssh_user}@${cluster_master_ip}:~/.kube/*" "$k8s_config_dir"
122     else
123         scp -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -i"$ssh_key" -r\
124             "${ssh_user}"@"${cluster_master_ip}":~/.kube/* "$k8s_config_dir"
125     fi
126 fi
127
128 if [[ -n $blueprint_yaml ]]
129 then
130     cp "$blueprint_yaml" ./bluval/
131 fi
132
133 volumes_path="$cwd/bluval/volumes.yaml"
134 # update information in volumes yaml
135 sed -i \
136     -e "/ssh_key_dir/{n; s@local: ''@local: '$cwd/ssh_key_dir'@}" \
137     -e "/kube_config_dir/{n; s@local: ''@local: '$k8s_config_dir'@}" \
138     -e "/custom_variables_file/{n; s@local: ''@local: '$cwd/tests/variables.yaml'@}" \
139     -e "/blueprint_dir/{n; s@local: ''@local: '$cwd/bluval/'@}" \
140     -e "/results_dir/{n; s@local: ''@local: '$results_dir'@}" \
141     "$volumes_path"
142
143 # create ssh_key_dir
144 mkdir -p $cwd/ssh_key_dir
145
146 # copy ssh_key in ssh_key_dir
147 cp $ssh_key $cwd/ssh_key_dir/id_rsa
148
149 variables_path="$cwd/tests/variables.yaml"
150 # update information in variables yaml
151 sed -i \
152     -e "s@host: [0-9]*.[0-9]*.[0-9]*.[0-9]*@host: $cluster_master_ip@" \
153     -e "s@username: [A-Za-z0-9_]* @username: $ssh_user@" \
154     "$variables_path"
155
156 if [[ -n $blueprint_layer ]]
157 then
158     options="-l$blueprint_layer"
159 fi
160 if [ "$is_optional" == "true" ] || [ "$OPTIONAL" == "yes" ]
161 then
162     options+=" -o"
163 fi
164
165 printf 'ok / PASS /\nerror / FAIL /\n' > ./bluval/rules.txt
166
167 set +e
168 # even if the script fails we need to change the owner of results
169 # shellcheck disable=SC2086
170 python3 bluval/blucon.py $options "$blueprint_name"
171
172 if [ $? -ne 0 ]; then
173     change_res_owner
174     error "Bluval validation FAIL "
175 fi
176 set -e
177
178 change_res_owner
179 if has_substring "$NODE_NAME" "snd-"
180 then
181     echo "In sandbox the logs are not pushed"
182 else
183     TIMESTAMP=$(date +'%Y%m%d-%H%M%S')
184     NEXUS_URL=https://nexus.akraino.org/
185     NEXUS_PATH="${LAB_SILO}/bluval_results/${blueprint_name}/${VERSION}/${TIMESTAMP}"
186     BUILD_URL="${JENKINS_HOSTNAME}/job/${JOB_NAME}/${BUILD_NUMBER}/"
187     zip -r results.zip ./results
188     lftools deploy nexus-zip "$NEXUS_URL" logs "$NEXUS_PATH" results.zip
189     rm results.zip
190 fi
191
192 rm -f ~/.netrc
193