aboutsummaryrefslogtreecommitdiffstats
path: root/functest_kubernetes/security
AgeCommit message (Collapse)AuthorFilesLines
2020-09-23Stop hardcoding ims- as generate_nameCédric Ollivier1-1/+8
Change-Id: I3ea22a4050ff1eb609cffb61edc41c49fab44366 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit 3a3bd294ea8101c22896d8601fe2723861f73124)
2020-09-14Don't run disruptive hunter checksCédric Ollivier1-1/+1
Change-Id: I52cb8303950269946774546cf8e413166c70a33c Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit 4fa706f4b37d655f2239ad9381df8041e0701142)
2020-09-13Split kube-bench master and nodeCédric Ollivier3-16/+45
The former deployment asked for all-in-one. Change-Id: I12e470cec9e82b82c6f3ea5ff2431087f5deb9be Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit bced94b6fe24c7e939fb22834deb77477e4a9bb9)
2020-09-13self.details must be a dictCédric Ollivier1-2/+2
Change-Id: I4f65a9eeb7eda471371668db9abfa49e2875c5b0 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit b866c73d70079fdb52e5fc999f49a32d2af82349)
2020-09-12Improve kube_bench outputCédric Ollivier2-0/+20
It also fills self.details. Change-Id: Ie73215ebcbd34de9d457fd364de4ab9cbdf64319 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit 823b3a005ace9372a080421b2ae19152505201e4)
2020-09-12Enhance kube-hunter result postprocessingCédric Ollivier2-4/+64
It fills self.details and checks if the test case passes according to criteria (severity = high by default) Change-Id: Ib20779b4b5dca078c65b546c8703bc99856c6f41 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit 4f197110710e9f148eae4533792e8e7e2d72f053)
2020-08-14Pin latest versions from security toolsCédric Ollivier2-2/+3
It selects kube-bench and kube-hunter 0.3.1. Change-Id: Icb85f3d0d88056370500ec827ef77c215740e5e4 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit 6b8384b57a0bfc200c15ed9ded71544c33a27e81)
2020-08-13Make K8s security tests namespace awareCédric Ollivier1-15/+28
It now creates a namespace to allow running the test cases twice in parallel. It also overprotects clean operations to force a full delete. Change-Id: Ie0becd8ea9126328e7280591bacc0d88e14dd031 Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit 8e2a7dbee8f134dbe9022683d40e2328e5e50fe6)
2020-07-07Override the right log filesCédric Ollivier1-0/+3
Else Xtesting publishes the default xtesting.log [1] [1] https://build.opnfv.org/ci/job/functest-kubernetes-opnfv-functest-kubernetes-security-latest-kube_hunter-run/2/console Change-Id: I0b9b9eda04762771d4e10f0d124b4d5f2975a4da Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit 36039d940f473d7385d918375390e804b626bad2)
2020-07-04Fix former pep8 issuesCédric Ollivier1-0/+1
It's allowed by the newer version Change-Id: Ief4cb2f0cce8da8af6e0bee275772f0940f56d5a Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit 6493a5acf8a3724f7c00fc971542d25b42a36e4c)
2020-07-01Add security docker for functest-kubernetesmrichomme4-0/+186
run kube-hunter and kube-bench cases dealing with security in kubernetes (check vulnerabilities) [1][2] It's the first step only printing the output. [1]: https://github.com/aquasecurity/kube-bench [2]: https://github.com/aquasecurity/kube-hunter Co-Authored-By: Cédric Ollivier <cedric.ollivier@orange.com> Change-Id: I3bd9bda80046ef7a0c494d51dfb0b8cbfea02bb0 Signed-off-by: mrichomme <morgan.richomme@orange.com> (cherry picked from commit 98d9f93337ab514fa9aafc1cd1e87473de68b364) (cherry picked from commit 0626f54b8686134515eab3b9014c5b538405d84f) (cherry picked from commit a7191389900b58f50e428af47e6819f30ba07d8f)