From 0c3b23c3a3f48f1fbc2e59e76245a847de53ab92 Mon Sep 17 00:00:00 2001
From: "Sridhar K. N. Rao" <sridhar.rao@spirent.com>
Date: Sun, 18 Apr 2021 13:39:40 +0530
Subject: [WIP]: Openstack Security Check

This patch adds openstack security checking.
This is based on https://docs.openstack.org/security-guide/checklist.html

Support reading configuration from default file and environment

Added reference security.conf

Update the Documentation. Update index to include security

Fix bug reported by Parth, and another.

JIRA: CIRV-49

Signed-off-by: Sridhar K. N. Rao <sridhar.rao@spirent.com>
Change-Id: I72579a861409c3aaf464f44f0cdc24dc33cd4345
---
 sdv/docker/sdvsecurity/nfvsec/utils/k8sclient.py | 58 ++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 sdv/docker/sdvsecurity/nfvsec/utils/k8sclient.py

(limited to 'sdv/docker/sdvsecurity/nfvsec/utils/k8sclient.py')

diff --git a/sdv/docker/sdvsecurity/nfvsec/utils/k8sclient.py b/sdv/docker/sdvsecurity/nfvsec/utils/k8sclient.py
new file mode 100644
index 0000000..b1eba5a
--- /dev/null
+++ b/sdv/docker/sdvsecurity/nfvsec/utils/k8sclient.py
@@ -0,0 +1,58 @@
+"""
+Kubernetes cluster api helper functions
+"""
+
+
+import time
+
+from kubernetes import client, config
+from kubernetes.client import Configuration
+from kubernetes.client.api import core_v1_api
+from kubernetes.client.rest import ApiException
+from kubernetes.stream import stream
+
+from kubernetes.stream import stream
+import logging
+from conf import settings    # pylint: disable=import-error
+
+
+class K8sClient():
+    """
+    Class for controlling the pod through PAPI
+    """
+
+    def __init__(self):
+        """
+        Initialisation function.
+        """
+        self._logger = logging.getLogger(__name__)
+        config.load_kube_config(settings.getValue('K8S_CONFIG_FILEPATH'))
+        self.api = client.CoreV1Api()
+
+    def get_pod(self, namespace, name):
+        """
+        Returns json details any one pod with matching label
+
+        :param namespace: namespace to use
+        :param namespace: name of the pod (Longest possible).
+        :return: pod details
+        """
+        api_response = self.api.list_namespaced_pod(namespace)
+        for pod in api_response.items:
+            #print(pod.metadata.name)
+            if pod.metadata.name.startswith(name):
+                return pod
+        return None
+
+
+    def execute(self, pod, cmd):
+        """
+        Executes `cmd` inside `pod` and returns response
+        :param pod: pod object
+        :param cmd: command to execute inside pod
+        :return: response from pod
+        """
+        response = stream(self.api.connect_get_namespaced_pod_exec,
+                        pod.metadata.name, pod.metadata.namespace, command=cmd,
+                        stderr=True, stdin=False, stdout=True, tty=False)
+        return response
-- 
cgit 1.2.3-korg