From: Ioakeim Samaras Date: Tue, 9 Jul 2019 06:42:47 +0000 (+0000) Subject: Merge "[UI] UI enhancements" X-Git-Tag: 2.0.0~58 X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=validation.git;a=commitdiff_plain;h=b40ded325740684f73b7b2da7c86fb37cebb4cfb;hp=b39e27ede8238ef63440810a8327b927c4c43ac0 Merge "[UI] UI enhancements" --- diff --git a/.coafile b/.coafile index 5096c4b..206fc17 100644 --- a/.coafile +++ b/.coafile @@ -1,5 +1,6 @@ [all] ignore = .tox/**, + .py35/**, .git/**, .gitignore, .gitreview, diff --git a/.gitignore b/.gitignore index 2d802ce..2e45b8c 100644 --- a/.gitignore +++ b/.gitignore @@ -42,12 +42,12 @@ bin/ .project .idea *~ -pmd-bin-6.15.0* +pmd-bin-* +.vscode .* !/.gitignore !/.coafile !/ui/src/main/webapp/.eslintrc - # git submodule patching mechanism local artifacts .submodules_* diff --git a/bluval/bluval-dummy.yaml b/bluval/bluval-dummy.yaml index 11e8fc2..4b5fa76 100644 --- a/bluval/bluval-dummy.yaml +++ b/bluval/bluval-dummy.yaml @@ -25,14 +25,18 @@ blueprint: hardware: &hardware_dummy - name: bios_version - # something that can be evaluated to true or false - condition: true + # To skip this test case keep it as True + skip: "True" what: bios_version - # true or false, default is false - show_stopper: false + # True or False, default is False + show_stopper: "False" - name: hp_baremetal what: hp_baremetal + # To skip this test case keep it as False + skip: "False" + # True or False, default is False + show_stopper: "False" os: &os_base - name: cyclictest diff --git a/bluval/bluval.py b/bluval/bluval.py index 7855816..1580a40 100644 --- a/bluval/bluval.py +++ b/bluval/bluval.py @@ -21,13 +21,31 @@ testcase import subprocess from pathlib import Path +import sys +import traceback import click import yaml +class BluvalError(Exception): + """Base class for exceptions in this module.""" + pass + + +class ShowStopperError(Exception): + """Showstopper test case failed""" + pass + + def run_testcase(testcase): """Runs a single testcase """ - show_stopper = testcase.get('show_stopper', False) + name = testcase.get('name') + skip = testcase.get('skip', "False") + if skip.lower() == "true": + # skip is mentioned and true. + print('Skipping {}'.format(name)) + return + show_stopper = testcase.get('show_stopper', "False") what = testcase.get('what') mypath = Path(__file__).absolute() results_path = mypath.parents[2].joinpath("results/"+testcase.get('layer')+"/"+what) @@ -42,19 +60,16 @@ def run_testcase(testcase): # run the test args = ["robot", "-V", str(variables_file), "-d", str(results_path), str(test_path)] - print('Executing testcase {}'.format(testcase['name'])) - print(' show_stopper {}'.format(show_stopper)) + print('Executing testcase {}'.format(name)) + print('show_stopper {}'.format(show_stopper)) print('Invoking {}'.format(args)) try: status = subprocess.call(args, shell=False) - if status != 0 and show_stopper: - print('Show stopper testcase failed') - return status + if status != 0 and show_stopper.lower() == "true": + raise ShowStopperError(name) except OSError: - print('Error while executing {}'.format(args)) - return -1 - return status - + #print('Error while executing {}'.format(args)) + raise BluvalError(OSError) def validate_layer(blueprint, layer): """validates a layer by validating all testcases under that layer @@ -69,20 +84,56 @@ def validate_blueprint(yaml_loc, layer): """Parse yaml file and validates given layer. If no layer given all layers validated """ - with open(yaml_loc) as yaml_file: + with open(str(yaml_loc)) as yaml_file: yamldoc = yaml.safe_load(yaml_file) blueprint = yamldoc['blueprint'] - if layer is None: + if layer is None or layer == "all": for each_layer in blueprint['layers']: validate_layer(blueprint, each_layer) else: validate_layer(blueprint, layer) +def invoke_docker(bluprint, layer): + """Start docker container for given layer + """ + cmd = ("docker run" + " -v $HOME/.ssh:/root/.ssh" + " -v $HOME/.kube/config:/root/.kube/config" + " -v $VALIDATION_HOME/tests/variables.yaml:" + "/opt/akraino/validation/tests/variables.yaml" + " -v $AKRAINO_HOME/results:/opt/akraino/results" + " akraino/validation:{0}-latest" + " bin/sh -c" + " 'cd /opt/akraino/validation " + "&& python bluval/bluval.py -l {0} {1}'").format(layer, bluprint) + args = [cmd] + try: + print('Invoking {}'.format(args)) + subprocess.call(args, shell=True) + except OSError: + #print('Error while executing {}'.format(args)) + raise BluvalError(OSError) + + +def invoke_dockers(yaml_loc, layer, blueprint_name): + """Parses yaml file and starts docker container for one/all layers + """ + with open(str(yaml_loc)) as yaml_file: + yamldoc = yaml.safe_load(yaml_file) + blueprint = yamldoc['blueprint'] + if layer is None or layer == "all": + for each_layer in blueprint['layers']: + invoke_docker(blueprint_name, each_layer) + else: + invoke_docker(blueprint_name, layer) + + @click.command() @click.argument('blueprint') @click.option('--layer', '-l') -def main(blueprint, layer): +@click.option('--delegate', '-d', is_flag=True) +def main(blueprint, layer, delegate): """Takes blueprint name and optional layer. Validates inputs and derives yaml location from blueprint name. Invokes validate on blue print. """ @@ -90,8 +141,22 @@ def main(blueprint, layer): yaml_loc = mypath.parents[0].joinpath('bluval-{}.yaml'.format(blueprint)) if layer is not None: layer = layer.lower() - validate_blueprint(yaml_loc, layer) - + try: + if delegate is not None: + invoke_dockers(yaml_loc, layer, blueprint) + else: + validate_blueprint(yaml_loc, layer) + except ShowStopperError as err: + print('ShowStopperError:', err) + except BluvalError as err: + print('Unexpected BluvalError', err) + raise + except: + print("Exception in user code:") + print("-"*60) + traceback.print_exc(file=sys.stdout) + print("-"*60) + raise if __name__ == "__main__": # pylint: disable=no-value-for-parameter diff --git a/tests/security/docker/docker_bench.resource b/tests/security/docker/docker_bench.resource new file mode 100644 index 0000000..f4b9336 --- /dev/null +++ b/tests/security/docker/docker_bench.resource @@ -0,0 +1,75 @@ +############################################################################## +# Copyright (c) 2019 AT&T Intellectual Property. # +# Copyright (c) 2019 Nokia. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you maynot use this file except in compliance with the License. # +# # +# You may obtain a copy of the License at # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################## + + +*** Settings *** +Library BuiltIn +Library OperatingSystem +Library Process +Library SSHLibrary +Library String + + +*** Variables *** +${REPORTDIR} ${LOG_PATH}${/}${SUITE_NAME.replace(' ','_')} +${SRCDIR} ./docker-bench-security +${DESTDIR} /tmp/docker-bench-security +${NODEDIR} /tmp/docker-bench-security-run +${SSH_OPTS} -o StrictHostKeyChecking=no + + +*** Keywords *** +Open Connection And Log In + Open Connection ${HOST} + Login With Public Key ${USERNAME} ${SSH_KEYFILE} + +Download Docker Bench Software + Remove Docker Bench Software + Run Process git clone + ... https://github.com/docker/docker-bench-security.git ${SRCDIR} + +Upload Test Software To Nodes + Put Directory ${SRCDIR} ${DESTDIR} recursive=True + Get Node Addresses + Copy Test Software To All Nodes + +Run Test Software On Nodes + :FOR ${node} IN @{nodes} + \ Execute Command ssh ${SSH_OPTS} ${node} "cd ${NODEDIR}; sudo ./docker-bench-security.sh -b -l bench.log" + \ Execute Command scp ${SSH_OPTS} ${node}:${NODEDIR}/bench.log ${DESTDIR}/docker-bench-${node}.log + \ Execute Command scp ${SSH_OPTS} ${node}:${NODEDIR}/bench.log.json ${DESTDIR}/docker-bench-${node}.json + \ SSHLibrary.Get File ${DESTDIR}/docker-bench-${node}.log ${REPORTDIR}/ + \ SSHLibrary.Get File ${DESTDIR}/docker-bench-${node}.json ${REPORTDIR}/ + +Get Node Addresses + ${stdout}= Execute Command + ... kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address'} + @{nodes}= Split String ${stdout} + Set Test Variable @{nodes} + +Copy Test Software To All Nodes + :FOR ${node} IN @{nodes} + \ Execute Command ssh ${SSH_OPTS} ${node} "mkdir -p ${NODEDIR}" + \ Execute Command scp ${SSH_OPTS} -rp ${DESTDIR}/. ${node}:${NODEDIR} + +Remove Docker Bench Software + Remove Directory ${SRCDIR} recursive=True + +Remove Test Software From Nodes + :FOR ${node} IN @{nodes} + \ Execute Command ssh ${SSH_OPTS} ${node} "rm -rf ${NODEDIR}" + Execute Command rm -rf ${DESTDIR} diff --git a/e2e/e2e.sh b/tests/security/docker/docker_bench.robot similarity index 64% rename from e2e/e2e.sh rename to tests/security/docker/docker_bench.robot index 5d7c186..591c6cc 100644 --- a/e2e/e2e.sh +++ b/tests/security/docker/docker_bench.robot @@ -15,16 +15,21 @@ # limitations under the License. # ############################################################################## -#!/bin/bash -# -echo "`date +%H:%M:%S` : Starting Kubetest build" -cd /root/go/src/k8s.io/kubernetes || exit -pwd -kubetest --build -echo "Build completed" -export KUBECONFIG=/etc/kubernetes/config -kubectl proxy --port=8080 & -echo "`date +%H:%M:%S` : Start Kubetest" -kubetest --provider=local --test --test_args="--minStartupPods=3 --ginkgo.focus=Secrets" --check-version-skew=false -echo "`date +%H:%M:%S` : Kubetest finished" +*** Settings *** +Documentation Runs the Docker Bench for Security script which checks for +... dozens of common best-practices around deploying Docker +... containers in production. +Library BuiltIn +Resource docker_bench.resource +Suite Setup Run Keywords Open Connection And Log In +... Download Docker Bench Software +Suite Teardown Run Keywords Remove Docker Bench Software +... Close All Connections +Test Setup Upload Test Software To Nodes +Test Teardown Remove Test Software From Nodes + + +*** Test Cases *** +Security Check By Docker Bench + Run Test Software On Nodes diff --git a/tests/variables.yaml b/tests/variables.yaml index baa1d92..42d6425 100644 --- a/tests/variables.yaml +++ b/tests/variables.yaml @@ -27,6 +27,7 @@ host: aknode109 # cluster's master host address username: mm747b # user credentials home: /home/mm747b # Public keys location +ssh_keyfile: ~/.ssh/id_rsa # Identity file for authentication ### Input variables for bios_version_dell.robot sysinfo: PowerEdge R740xd