Create docker layer container for Docker Bench

Change-Id: Iefcbd481aa4993a59528feed3faa40cf279a890c
Signed-off-by: Juha Kosonen <juha.kosonen@nokia.com>

diff --git a/docker/docker/Dockerfile b/docker/docker/Dockerfile
new file mode 100644 (file)
index 0000000..82c7040
--- /dev/null
+++ b/docker/docker/Dockerfile
@@ -0,0 +1,50 @@
+##############################################################################
+# Copyright (c) 2019 AT&T, ENEA AB, Nokia and others                         #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License");            #
+# you maynot use this file except in compliance with the License.            #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+# ref: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#use-multi-stage-builds
+FROM python:3.6-alpine3.9 as build
+
+# Install dependencies
+COPY pip-requirements.txt /wheels/requirements/pip-requirements.txt
+RUN apk --no-cache add --update \
+        gcc \
+        git \
+        libc-dev \
+        libffi \
+        libffi-dev \
+        make \
+        openssl-dev
+
+# Build binaries
+WORKDIR /wheels
+RUN pip3 install wheel
+RUN pip3 wheel -r /wheels/requirements/pip-requirements.txt
+RUN git clone https://gerrit.akraino.org/r/validation /opt/akraino/validation
+RUN git clone https://github.com/docker/docker-bench-security.git /opt/akraino/docker-bench-security
+
+# Copy binaries in the final container and install requirements
+FROM python:3.6-alpine3.9
+COPY --from=build /wheels /wheels
+COPY --from=build /opt/akraino/validation /opt/akraino/validation
+COPY --from=build /opt/akraino/docker-bench-security /opt/akraino/docker-bench-security
+
+RUN pip3 install -r /wheels/requirements/pip-requirements.txt \
+                 -f /wheels && \
+     rm -rf /wheels && \
+     rm -rf /root/.cache/pip/*
+
+# Install blueval dependencies
+RUN pip install -r /opt/akraino/validation/bluval/requirements.txt

diff --git a/docker/docker/Makefile b/docker/docker/Makefile
new file mode 100644 (file)
index 0000000..a5b4099
--- /dev/null
+++ b/docker/docker/Makefile
@@ -0,0 +1,23 @@
+##############################################################################
+# Copyright (c) 2019 AT&T, ENEA AB, Nokia and others                         #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License");            #
+# you maynot use this file except in compliance with the License.            #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+.PHONY: all
+all: .push_image .push_manifest
+
+.PHONY: build
+build: .build
+
+include ../build.mk

diff --git a/docker/docker/pip-requirements.txt b/docker/docker/pip-requirements.txt
new file mode 100644 (file)
index 0000000..af1d9bf
--- /dev/null
+++ b/docker/docker/pip-requirements.txt
@@ -0,0 +1,2 @@
+robotframework
+robotframework-sshlibrary

diff --git a/tests/docker/docker_bench/docker_bench.resource b/tests/docker/docker_bench/docker_bench.resource
index f4b9336..674087f 100644 (file)
--- a/tests/docker/docker_bench/docker_bench.resource
+++ b/tests/docker/docker_bench/docker_bench.resource
@@ -26,7 +26,7 @@ Library            String
 
 *** Variables ***
 ${REPORTDIR}       ${LOG_PATH}${/}${SUITE_NAME.replace(' ','_')}
 
 *** Variables ***
 ${REPORTDIR}       ${LOG_PATH}${/}${SUITE_NAME.replace(' ','_')}

-${SRCDIR}          ./docker-bench-security
+${SRCDIR}          /opt/akraino/docker-bench-security

 ${DESTDIR}         /tmp/docker-bench-security
 ${NODEDIR}         /tmp/docker-bench-security-run
 ${SSH_OPTS}        -o StrictHostKeyChecking=no
 ${DESTDIR}         /tmp/docker-bench-security
 ${NODEDIR}         /tmp/docker-bench-security-run
 ${SSH_OPTS}        -o StrictHostKeyChecking=no


@@ -37,11 +37,6 @@ Open Connection And Log In
     Open Connection        ${HOST}
     Login With Public Key  ${USERNAME}  ${SSH_KEYFILE}
 
     Open Connection        ${HOST}
     Login With Public Key  ${USERNAME}  ${SSH_KEYFILE}
 

-Download Docker Bench Software
-    Remove Docker Bench Software
-    Run Process            git  clone
-    ...                    https://github.com/docker/docker-bench-security.git  ${SRCDIR}
-

 Upload Test Software To Nodes
     Put Directory          ${SRCDIR}  ${DESTDIR}  recursive=True
     Get Node Addresses
 Upload Test Software To Nodes
     Put Directory          ${SRCDIR}  ${DESTDIR}  recursive=True
     Get Node Addresses


@@ -66,9 +61,6 @@ Copy Test Software To All Nodes
     \   Execute Command   ssh ${SSH_OPTS} ${node} "mkdir -p ${NODEDIR}"
     \   Execute Command   scp ${SSH_OPTS} -rp ${DESTDIR}/. ${node}:${NODEDIR}
 
     \   Execute Command   ssh ${SSH_OPTS} ${node} "mkdir -p ${NODEDIR}"
     \   Execute Command   scp ${SSH_OPTS} -rp ${DESTDIR}/. ${node}:${NODEDIR}
 

-Remove Docker Bench Software
-    Remove Directory       ${SRCDIR}  recursive=True
-

 Remove Test Software From Nodes
     :FOR  ${node}  IN  @{nodes}
     \   Execute Command   ssh ${SSH_OPTS} ${node} "rm -rf ${NODEDIR}"
 Remove Test Software From Nodes
     :FOR  ${node}  IN  @{nodes}
     \   Execute Command   ssh ${SSH_OPTS} ${node} "rm -rf ${NODEDIR}"

diff --git a/tests/docker/docker_bench/docker_bench.robot b/tests/docker/docker_bench/docker_bench.robot
index 591c6cc..e0a915c 100644 (file)
--- a/tests/docker/docker_bench/docker_bench.robot
+++ b/tests/docker/docker_bench/docker_bench.robot
@@ -22,10 +22,8 @@ Documentation     Runs the Docker Bench for Security script which checks for
 ...               containers in production.
 Library           BuiltIn
 Resource          docker_bench.resource
 ...               containers in production.
 Library           BuiltIn
 Resource          docker_bench.resource

-Suite Setup       Run Keywords  Open Connection And Log In
-...                             Download Docker Bench Software
-Suite Teardown    Run Keywords  Remove Docker Bench Software
-...                             Close All Connections
+Suite Setup       Open Connection And Log In
+Suite Teardown    Close All Connections

 Test Setup        Upload Test Software To Nodes
 Test Teardown     Remove Test Software From Nodes
 
 Test Setup        Upload Test Software To Nodes
 Test Teardown     Remove Test Software From Nodes