Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I0336d73f8a9663ef259adfe4377ce20499844021
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
(cherry picked from commit 1bd69d63994d66582f4e7967e4a1f703dc247c69)
|
|
It allows running both security and ims testcases vs clusters
where PodSecurityConfiguration enforces "restricted" [1].
[1] https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/
Change-Id: I9eb420cbb695ec8fb002f25cfd3c96ab50118fcc
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
(cherry picked from commit 553d57ffd4ff9c3c4f319454a4d190ac7aa4cc76)
|
|
Change-Id: I3007d4545cb80b54b9858dafbfc2442b32bcbb5e
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It's the behavior expected by RA2.
Please change it via testcases.yaml if needed.
Change-Id: I84b02fa273f63ea1930bd356739243756032533d
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: I6edcfcced84d46a06933f4a5dc1702cfa90e3f9a
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: I41e9a4a95a53bf51286951db2911475a8d2dd3a9
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It mostly adds encoding in open calls and leverages f-strings.
It removes ansible-lint as it now asks for ansible, roles and collections.
Change-Id: I3ef729f44b2c721b14d19df27805938298aa2c67
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: I4e756552173247499ba882bfee4fbe8738fbae3d
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It also disabled wrong order check as it fails vs kubernetes amongst
others.
[1] https://github.com/PyCQA/pylint/issues/2175
Change-Id: I3d641c213067428848212a148d25d78051c5674f
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Sometimes, tested Kubernetes doesn't have direct access to Internet but
access through repository mirrors.
This patch handles this case for security test cases.
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I699d065ee691596c4a5ccf06c22ea76ef00fe497
|
|
Change-Id: I3ea22a4050ff1eb609cffb61edc41c49fab44366
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: I52cb8303950269946774546cf8e413166c70a33c
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
The former deployment asked for all-in-one.
Change-Id: I12e470cec9e82b82c6f3ea5ff2431087f5deb9be
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Change-Id: I4f65a9eeb7eda471371668db9abfa49e2875c5b0
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It also fills self.details.
Change-Id: Ie73215ebcbd34de9d457fd364de4ab9cbdf64319
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It fills self.details and checks if the test case passes according
to criteria (severity = high by default)
Change-Id: Ib20779b4b5dca078c65b546c8703bc99856c6f41
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It allows offline testing via xrally_kubernetes, k8s_vims, kube_bench
and kube_hunter.
Change-Id: I3084abec19f06a894d0083ecb3ed61882eddd785
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
The Kubernetes default pull policy is IfNotPresent unless the image tag
is :latest in which case the default policy is Always. IfNotPresent
causes the Kubelet to skip pulling an image if it already exists [1]
[1] https://kind.sigs.k8s.io/docs/user/quick-start/
Change-Id: I83dac6165d2bbef165ca852dd03e5b76a5356f2f
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
https://github.com/aquasecurity/kube-hunter/commit/3e06647b4c09257cb994bbdd174ee621e2af5406
Change-Id: Idf470f0161aaeb7a326a3e2a4e680445d9f00eac
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
It now creates a namespace to allow running the test cases twice in
parallel. It also overprotects clean operations to force a full delete.
Change-Id: Ie0becd8ea9126328e7280591bacc0d88e14dd031
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
Else Xtesting publishes the default xtesting.log [1]
[1] https://build.opnfv.org/ci/job/functest-kubernetes-opnfv-functest-kubernetes-security-latest-kube_hunter-run/2/console
Change-Id: I0b9b9eda04762771d4e10f0d124b4d5f2975a4da
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
|
|
run kube-hunter and kube-bench cases dealing with security in kubernetes (check
vulnerabilities) [1][2]
It's the first step only printing the output.
[1]: https://github.com/aquasecurity/kube-bench
[2]: https://github.com/aquasecurity/kube-hunter
Co-Authored-By: Cédric Ollivier <cedric.ollivier@orange.com>
Change-Id: I3bd9bda80046ef7a0c494d51dfb0b8cbfea02bb0
Signed-off-by: mrichomme <morgan.richomme@orange.com>
|