Provide support for air gapped env for security

Sometimes, tested Kubernetes doesn't have direct access to Internet but
access through repository mirrors.
This patch handles this case for security test cases.

Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I699d065ee691596c4a5ccf06c22ea76ef00fe497

4 files changed, 10 insertions, 4 deletions

diff --git a/functest_kubernetes/security/kube-bench-master.yaml b/functest_kubernetes/security/kube-bench-master.yaml
index 755e2923..d1a13217 100644
--- a/functest_kubernetes/security/kube-bench-master.yaml
+++ b/functest_kubernetes/security/kube-bench-master.yaml
@@ -15,7 +15,7 @@ spec:
           effect: NoSchedule
       containers:
         - name: kube-bench
-          image: aquasec/kube-bench:0.3.1
+          image: {{ dockerhub_repo }}/aquasec/kube-bench:0.3.1
           command: ["kube-bench", "master", "--json"]
           volumeMounts:
             - name: var-lib-etcd
diff --git a/functest_kubernetes/security/kube-bench-node.yaml b/functest_kubernetes/security/kube-bench-node.yaml
index 306ad600..95929774 100644
--- a/functest_kubernetes/security/kube-bench-node.yaml
+++ b/functest_kubernetes/security/kube-bench-node.yaml
@@ -9,7 +9,7 @@ spec:
       hostPID: true
       containers:
         - name: kube-bench
-          image: aquasec/kube-bench:0.3.1
+          image: {{ dockerhub_repo }}/aquasec/kube-bench:0.3.1
           command: ["kube-bench", "node", "--json"]
           volumeMounts:
             - name: var-lib-kubelet
diff --git a/functest_kubernetes/security/kube-hunter.yaml b/functest_kubernetes/security/kube-hunter.yaml
index 6f895c01..b7d23547 100644
--- a/functest_kubernetes/security/kube-hunter.yaml
+++ b/functest_kubernetes/security/kube-hunter.yaml
@@ -7,7 +7,7 @@ spec:
     spec:
       containers:
       - name: kube-hunter
-        image: aquasec/kube-hunter:0.3.1
+        image: {{ dockerhub_repo }}/aquasec/kube-hunter:0.3.1
         command: ["python", "kube-hunter.py"]
         args: ["--pod", "--report", "json", "--statistics"]
       restartPolicy: Never
diff --git a/functest_kubernetes/security/security.py b/functest_kubernetes/security/security.py
index 378b2c22..052c0ad4 100644
--- a/functest_kubernetes/security/security.py
+++ b/functest_kubernetes/security/security.py
@@ -16,10 +16,12 @@ from __future__ import division
 import ast
 import json
 import logging
+import os
 import time
 import textwrap
 import yaml
 
+from jinja2 import Template
 from kubernetes import client
 from kubernetes import config
 from kubernetes import watch
@@ -32,6 +34,7 @@ class SecurityTesting(testcase.TestCase):
     # pylint: disable=too-many-instance-attributes
     """Run Security job"""
     watch_timeout = 1200
+    dockerhub_repo = os.getenv("MIRROR_REPO", "docker.io")
 
     __logger = logging.getLogger(__name__)
 
@@ -63,7 +66,10 @@ class SecurityTesting(testcase.TestCase):
         with open(pkg_resources.resource_filename(
                 "functest_kubernetes",
                 "security/{}.yaml".format(self.job_name))) as yfile:
-            body = yaml.safe_load(yfile)
+            template = Template(yfile.read())
+            body = yaml.safe_load(template.render(
+                dockerhub_repo=os.getenv("DOCKERHUB_REPO",
+                                         self.dockerhub_repo)))
             api_response = self.batchv1.create_namespaced_job(
                 body=body, namespace=self.namespace)
             self.__logger.info("Job %s created", api_response.metadata.name)