db79e79788
The current copyright refers to a non-existent group "openstack helm authors" with often out-of-date references that are confusing when adding a new file to the repo. This change removes all references to this copyright by the non-existent group and any blank lines underneath. Change-Id: Ia035037e000f1bf95202fc07b8cd1ad0fc019094
125 lines
6.5 KiB
Bash
Executable File
125 lines
6.5 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
set -xe
|
|
# test_netpol(namespace, application, component, target_host, expected_result{fail,success})
|
|
function test_netpol {
|
|
NS=$1
|
|
APP=$2
|
|
COMPONENT=$3
|
|
HOST=$4
|
|
STATUS=$5
|
|
echo Testing connection from $APP - $COMPONENT to host $HOST with namespace $NS
|
|
POD=$(kubectl -n $NS get pod -l application=$APP,component=$COMPONENT | grep Running | cut -f 1 -d " " | head -n 1)
|
|
PID=$(sudo docker inspect --format '{{ .State.Pid }}' $(kubectl get pods --namespace $NS $POD -o jsonpath='{.status.containerStatuses[0].containerID}' | cut -c 10-21))
|
|
if [ "x${STATUS}" == "xfail" ]; then
|
|
if ! sudo nsenter -t $PID -n wget --spider --timeout=5 --tries=1 $HOST ; then
|
|
echo "Connection timed out; as expected by policy."
|
|
else
|
|
exit 1
|
|
fi
|
|
else
|
|
sudo nsenter -t $PID -n wget --spider --timeout=5 --tries=1 $HOST
|
|
fi
|
|
}
|
|
|
|
#NOTE(gagehugo): Enable the negative tests once the services policy is defined
|
|
|
|
# General Netpol Tests
|
|
# Doing negative tests
|
|
#test_netpol openstack mariadb server rabbitmq.openstack.svc.cluster.local:5672 fail
|
|
#test_netpol openstack rabbitmq-rabbitmq server memcached.openstack.svc.cluster.local:11211 fail
|
|
|
|
# Negative Keystone tests
|
|
test_netpol openstack mariadb server keystone-api.openstack.svc.cluster.local:5000 fail
|
|
test_netpol openstack mariadb ingress keystone-api.openstack.svc.cluster.local:5000 fail
|
|
test_netpol openstack memcached server keystone-api.openstack.svc.cluster.local:5000 fail
|
|
test_netpol openstack rabbitmq server keystone-api.openstack.svc.cluster.local:5000 fail
|
|
|
|
# Negative Mariadb tests
|
|
test_netpol openstack memcached server mariadb.openstack.svc.cluster.local:3306 fail
|
|
test_netpol openstack ingress server mariadb-server.openstack.svc.cluster.local:3306 fail
|
|
|
|
# Doing positive tests
|
|
|
|
# Positive Mariadb tests
|
|
test_netpol openstack keystone api mariadb.openstack.svc.cluster.local:3306 success
|
|
test_netpol openstack keystone api mariadb-server.openstack.svc.cluster.local:3306 success
|
|
test_netpol openstack mariadb ingress mariadb-server.openstack.svc.cluster.local:3306 success
|
|
|
|
test_netpol openstack keystone api rabbitmq.openstack.svc.cluster.local:5672 success
|
|
test_netpol openstack ingress server keystone-api.openstack.svc.cluster.local:5000 success
|
|
test_netpol openstack prometheus-openstack-exporter exporter keystone-api.openstack.svc.cluster.local:5000 success
|
|
|
|
if kubectl -n openstack get pod -l application=horizon | grep Running ; then
|
|
test_netpol openstack keystone api horizon.openstack.svc.cluster.local:80 fail
|
|
fi
|
|
|
|
if kubectl -n openstack get pod -l application=cinder | grep Running ; then
|
|
# Negative Cinder Tests
|
|
#test_netpol openstack keystone api cinder-api.openstack.svc.cluster.local fail
|
|
test_netpol openstack cinder api horizon.openstack.svc.cluster.local:80 fail
|
|
# Positive Cinder Tests
|
|
test_netpol openstack cinder api rabbitmq.openstack.svc.cluster.local:5672 success
|
|
|
|
# Positive Keystone test
|
|
test_netpol openstack cinder api keystone-api.openstack.svc.cluster.local:5000 success
|
|
|
|
# Positive Mariadb tests
|
|
test_netpol openstack cinder api mariadb.openstack.svc.cluster.local:3306 success
|
|
test_netpol openstack cinder api mariadb-server.openstack.svc.cluster.local:3306 success
|
|
else
|
|
# Negative Compute-Kit Tests
|
|
#test_netpol openstack keystone api heat-api.openstack.svc.cluster.local fail
|
|
#test_netpol openstack keystone api glance-api.openstack.svc.cluster.local fail
|
|
test_netpol openstack mariadb server glance-api.openstack.svc.cluster.local:9292 fail
|
|
test_netpol openstack memcached server glance-api.openstack.svc.cluster.local:9292 fail
|
|
test_netpol openstack keystone api glance-api.openstack.svc.cluster.local:9292 fail
|
|
# Memcached Negative Tests
|
|
test_netpol openstack mariadb server memcached.openstack.svc.cluster.local:11211 fail
|
|
test_netpol openstack rabbitmq server memcached.openstack.svc.cluster.local:11211 fail
|
|
test_netpol openstack openvswitch openvswitch-vswitchd memcached.openstack.svc.cluster.local:11211 fail
|
|
test_netpol openstack libvirt libvirt memcached.openstack.svc.cluster.local:11211 fail
|
|
# Heat Negative Tests
|
|
test_netpol openstack keystone api heat-api.openstack.svc.cluster.local:8004 fail
|
|
test_netpol openstack nova os-api heat-api.openstack.svc.cluster.local:8004 fail
|
|
test_netpol openstack neutron server heat-api.openstack.svc.cluster.local:8004 fail
|
|
test_netpol openstack glance api heat-api.openstack.svc.cluster.local:8004 fail
|
|
|
|
# Positive Compute-Kit Tests
|
|
|
|
# Positive Mariadb tests
|
|
test_netpol openstack heat api mariadb.openstack.svc.cluster.local:3306 success
|
|
test_netpol openstack glance api mariadb.openstack.svc.cluster.local:3306 success
|
|
test_netpol openstack glance api mariadb-server.openstack.svc.cluster.local:3306 success
|
|
|
|
# Positive Keystone tests
|
|
test_netpol openstack heat api keystone-api.openstack.svc.cluster.local:5000 success
|
|
test_netpol openstack glance api keystone-api.openstack.svc.cluster.local:5000 success
|
|
test_netpol openstack horizon server keystone-api.openstack.svc.cluster.local:5000 success
|
|
test_netpol openstack nova os-api keystone-api.openstack.svc.cluster.local:5000 success
|
|
test_netpol openstack nova compute keystone-api.openstack.svc.cluster.local:5000 success
|
|
test_netpol openstack neutron l3-agent keystone-api.openstack.svc.cluster.local:5000 success
|
|
test_netpol openstack ingress server glance-api.openstack.svc.cluster.local:9292 success
|
|
test_netpol openstack nova os-api glance-api.openstack.svc.cluster.local:9292 success
|
|
test_netpol openstack nova compute glance-api.openstack.svc.cluster.local:9292 success
|
|
test_netpol openstack heat api glance-api.openstack.svc.cluster.local:9292 success
|
|
test_netpol openstack horizon server glance-api.openstack.svc.cluster.local:9292 success
|
|
test_netpol openstack horizon server heat-api.openstack.svc.cluster.local:8004 success
|
|
test_netpol openstack horizon server heat-cfn.openstack.svc.cluster.local:8000 success
|
|
test_netpol openstack heat api heat-api.openstack.svc.cluster.local:8004 success
|
|
fi
|
|
|
|
echo Test Success
|