import subprocess
from pathlib import Path
+import sys
+import traceback
import click
import yaml
+class BluvalError(Exception):
+ """Base class for exceptions in this module."""
+ pass
+
+
+class ShowStopperError(Exception):
+ """Showstopper test case failed"""
+ pass
+
+
def run_testcase(testcase):
"""Runs a single testcase
"""
- show_stopper = testcase.get('show_stopper', False)
+ name = testcase.get('name')
+ skip = testcase.get('skip', "False")
+ if skip.lower() == "true":
+ # skip is mentioned and true.
+ print('Skipping {}'.format(name))
+ return
+ show_stopper = testcase.get('show_stopper', "False")
what = testcase.get('what')
mypath = Path(__file__).absolute()
results_path = mypath.parents[2].joinpath("results/"+testcase.get('layer')+"/"+what)
# run the test
args = ["robot", "-V", str(variables_file), "-d", str(results_path), str(test_path)]
- print('Executing testcase {}'.format(testcase['name']))
- print(' show_stopper {}'.format(show_stopper))
+ print('Executing testcase {}'.format(name))
+ print('show_stopper {}'.format(show_stopper))
print('Invoking {}'.format(args))
try:
status = subprocess.call(args, shell=False)
- if status != 0 and show_stopper:
- print('Show stopper testcase failed')
- return status
+ if status != 0 and show_stopper.lower() == "true":
+ raise ShowStopperError(name)
except OSError:
- print('Error while executing {}'.format(args))
- return -1
- return status
-
+ #print('Error while executing {}'.format(args))
+ raise BluvalError(OSError)
def validate_layer(blueprint, layer):
"""validates a layer by validating all testcases under that layer
"""Parse yaml file and validates given layer. If no layer given all layers
validated
"""
- with open(yaml_loc) as yaml_file:
+ with open(str(yaml_loc)) as yaml_file:
yamldoc = yaml.safe_load(yaml_file)
blueprint = yamldoc['blueprint']
- if layer is None:
+ if layer is None or layer == "all":
for each_layer in blueprint['layers']:
validate_layer(blueprint, each_layer)
else:
validate_layer(blueprint, layer)
+def invoke_docker(bluprint, layer):
+ """Start docker container for given layer
+ """
+ cmd = ("docker run"
+ " -v $HOME/.ssh:/root/.ssh"
+ " -v $HOME/.kube/config:/root/.kube/config"
+ " -v $VALIDATION_HOME/tests/variables.yaml:"
+ "/opt/akraino/validation/tests/variables.yaml"
+ " -v $AKRAINO_HOME/results:/opt/akraino/results"
+ " akraino/validation:{0}-latest"
+ " bin/sh -c"
+ " 'cd /opt/akraino/validation "
+ "&& python bluval/bluval.py -l {0} {1}'").format(layer, bluprint)
+ args = [cmd]
+ try:
+ print('Invoking {}'.format(args))
+ subprocess.call(args, shell=True)
+ except OSError:
+ #print('Error while executing {}'.format(args))
+ raise BluvalError(OSError)
+
+
+def invoke_dockers(yaml_loc, layer, blueprint_name):
+ """Parses yaml file and starts docker container for one/all layers
+ """
+ with open(str(yaml_loc)) as yaml_file:
+ yamldoc = yaml.safe_load(yaml_file)
+ blueprint = yamldoc['blueprint']
+ if layer is None or layer == "all":
+ for each_layer in blueprint['layers']:
+ invoke_docker(blueprint_name, each_layer)
+ else:
+ invoke_docker(blueprint_name, layer)
+
+
@click.command()
@click.argument('blueprint')
@click.option('--layer', '-l')
-def main(blueprint, layer):
+@click.option('--delegate', '-d', is_flag=True)
+def main(blueprint, layer, delegate):
"""Takes blueprint name and optional layer. Validates inputs and derives
yaml location from blueprint name. Invokes validate on blue print.
"""
yaml_loc = mypath.parents[0].joinpath('bluval-{}.yaml'.format(blueprint))
if layer is not None:
layer = layer.lower()
- validate_blueprint(yaml_loc, layer)
-
+ try:
+ if delegate is not None:
+ invoke_dockers(yaml_loc, layer, blueprint)
+ else:
+ validate_blueprint(yaml_loc, layer)
+ except ShowStopperError as err:
+ print('ShowStopperError:', err)
+ except BluvalError as err:
+ print('Unexpected BluvalError', err)
+ raise
+ except:
+ print("Exception in user code:")
+ print("-"*60)
+ traceback.print_exc(file=sys.stdout)
+ print("-"*60)
+ raise
if __name__ == "__main__":
# pylint: disable=no-value-for-parameter
--- /dev/null
+##############################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you maynot use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+
+
+*** Settings ***
+Library BuiltIn
+Library OperatingSystem
+Library Process
+Library SSHLibrary
+Library String
+
+
+*** Variables ***
+${REPORTDIR} ${LOG_PATH}${/}${SUITE_NAME.replace(' ','_')}
+${SRCDIR} ./docker-bench-security
+${DESTDIR} /tmp/docker-bench-security
+${NODEDIR} /tmp/docker-bench-security-run
+${SSH_OPTS} -o StrictHostKeyChecking=no
+
+
+*** Keywords ***
+Open Connection And Log In
+ Open Connection ${HOST}
+ Login With Public Key ${USERNAME} ${SSH_KEYFILE}
+
+Download Docker Bench Software
+ Remove Docker Bench Software
+ Run Process git clone
+ ... https://github.com/docker/docker-bench-security.git ${SRCDIR}
+
+Upload Test Software To Nodes
+ Put Directory ${SRCDIR} ${DESTDIR} recursive=True
+ Get Node Addresses
+ Copy Test Software To All Nodes
+
+Run Test Software On Nodes
+ :FOR ${node} IN @{nodes}
+ \ Execute Command ssh ${SSH_OPTS} ${node} "cd ${NODEDIR}; sudo ./docker-bench-security.sh -b -l bench.log"
+ \ Execute Command scp ${SSH_OPTS} ${node}:${NODEDIR}/bench.log ${DESTDIR}/docker-bench-${node}.log
+ \ Execute Command scp ${SSH_OPTS} ${node}:${NODEDIR}/bench.log.json ${DESTDIR}/docker-bench-${node}.json
+ \ SSHLibrary.Get File ${DESTDIR}/docker-bench-${node}.log ${REPORTDIR}/
+ \ SSHLibrary.Get File ${DESTDIR}/docker-bench-${node}.json ${REPORTDIR}/
+
+Get Node Addresses
+ ${stdout}= Execute Command
+ ... kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address'}
+ @{nodes}= Split String ${stdout}
+ Set Test Variable @{nodes}
+
+Copy Test Software To All Nodes
+ :FOR ${node} IN @{nodes}
+ \ Execute Command ssh ${SSH_OPTS} ${node} "mkdir -p ${NODEDIR}"
+ \ Execute Command scp ${SSH_OPTS} -rp ${DESTDIR}/. ${node}:${NODEDIR}
+
+Remove Docker Bench Software
+ Remove Directory ${SRCDIR} recursive=True
+
+Remove Test Software From Nodes
+ :FOR ${node} IN @{nodes}
+ \ Execute Command ssh ${SSH_OPTS} ${node} "rm -rf ${NODEDIR}"
+ Execute Command rm -rf ${DESTDIR}
# limitations under the License. #
##############################################################################
-#!/bin/bash
-#
-echo "`date +%H:%M:%S` : Starting Kubetest build"
-cd /root/go/src/k8s.io/kubernetes || exit
-pwd
-kubetest --build
-echo "Build completed"
-export KUBECONFIG=/etc/kubernetes/config
-kubectl proxy --port=8080 &
-echo "`date +%H:%M:%S` : Start Kubetest"
-kubetest --provider=local --test --test_args="--minStartupPods=3 --ginkgo.focus=Secrets" --check-version-skew=false
-echo "`date +%H:%M:%S` : Kubetest finished"
+*** Settings ***
+Documentation Runs the Docker Bench for Security script which checks for
+... dozens of common best-practices around deploying Docker
+... containers in production.
+Library BuiltIn
+Resource docker_bench.resource
+Suite Setup Run Keywords Open Connection And Log In
+... Download Docker Bench Software
+Suite Teardown Run Keywords Remove Docker Bench Software
+... Close All Connections
+Test Setup Upload Test Software To Nodes
+Test Teardown Remove Test Software From Nodes
+
+
+*** Test Cases ***
+Security Check By Docker Bench
+ Run Test Software On Nodes