k8s: Mock etcd information collection
Rancher does not provide information on etcd as container arguments.
Its collection requires implementation of a new information extraction
method.
RKE does not include etcd process name in container arguments.
Issue-ID: SECCOM-235
Change-Id: I7576474fb2848962360771d2850aeb3f3869790a
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
diff --git a/test/security/k8s/src/check/check.go b/test/security/k8s/src/check/check.go
index cf412c1..728be18 100644
--- a/test/security/k8s/src/check/check.go
+++ b/test/security/k8s/src/check/check.go
@@ -8,6 +8,8 @@
GetSchedulerParams() ([]string, error)
// GetControllerManagerParams returns controller manager parameters.
GetControllerManagerParams() ([]string, error)
+ // GetEtcdParams returns etcd parameters.
+ GetEtcdParams() ([]string, error)
}
// Command represents commands run on cluster.
@@ -20,6 +22,8 @@
SchedulerProcess
// ControllerManagerProcess represents controller manager command ("kube-controller-manager").
ControllerManagerProcess
+ // EtcdProcess represents controller manager service ("etcd").
+ EtcdProcess
)
func (c Command) String() string {
@@ -27,9 +31,10 @@
"kube-apiserver",
"kube-scheduler",
"kube-controller-manager",
+ "etcd",
}
- if c < APIProcess || c > ControllerManagerProcess {
+ if c < APIProcess || c > EtcdProcess {
return "exit"
}
return names[c]
@@ -45,6 +50,8 @@
SchedulerService
// ControllerManagerService represents controller manager service ("kubernetes/controller-manager").
ControllerManagerService
+ // EtcdService represents etcd service ("kubernetes/etcd").
+ EtcdService
)
func (s Service) String() string {
@@ -52,9 +59,10 @@
"kubernetes/kubernetes",
"kubernetes/scheduler",
"kubernetes/controller-manager",
+ "kubernetes/etcd",
}
- if s < APIService || s > ControllerManagerService {
+ if s < APIService || s > EtcdService {
return ""
}
return names[s]
diff --git a/test/security/k8s/src/check/cmd/check/check.go b/test/security/k8s/src/check/cmd/check/check.go
index d717617..98254ae 100644
--- a/test/security/k8s/src/check/cmd/check/check.go
+++ b/test/security/k8s/src/check/cmd/check/check.go
@@ -54,4 +54,14 @@
log.Fatal(err)
}
master.CheckControllerManager(controllerManagerParams)
+
+ _, err = info.GetEtcdParams()
+ if err != nil {
+ switch err {
+ case check.ErrNotImplemented:
+ log.Print(err) // Fail softly.
+ default:
+ log.Fatal(err)
+ }
+ }
}
diff --git a/test/security/k8s/src/check/errors.go b/test/security/k8s/src/check/errors.go
new file mode 100644
index 0000000..d657c18
--- /dev/null
+++ b/test/security/k8s/src/check/errors.go
@@ -0,0 +1,10 @@
+package check
+
+import (
+ "errors"
+)
+
+var (
+ // ErrNotImplemented is returned when function is not implemented yet.
+ ErrNotImplemented = errors.New("function not implemented")
+)
diff --git a/test/security/k8s/src/check/rancher/rancher.go b/test/security/k8s/src/check/rancher/rancher.go
index b5e3822..2cf2fbe 100644
--- a/test/security/k8s/src/check/rancher/rancher.go
+++ b/test/security/k8s/src/check/rancher/rancher.go
@@ -46,6 +46,12 @@
return getProcessParams(check.ControllerManagerProcess, check.ControllerManagerService)
}
+// GetEtcdParams returns parameters of running etcd.
+// It queries only cluster nodes with "controlplane" role.
+func (r *Rancher) GetEtcdParams() ([]string, error) {
+ return []string{}, check.ErrNotImplemented
+}
+
func getProcessParams(process check.Command, service check.Service) ([]string, error) {
hosts, err := listHosts()
if err != nil {
diff --git a/test/security/k8s/src/check/raw/raw.go b/test/security/k8s/src/check/raw/raw.go
index 5551159..eea5c01 100644
--- a/test/security/k8s/src/check/raw/raw.go
+++ b/test/security/k8s/src/check/raw/raw.go
@@ -46,6 +46,12 @@
return getProcessParams(check.ControllerManagerProcess)
}
+// GetEtcdParams returns parameters of running etcd.
+// It queries only cluster nodes with "controlplane" role.
+func (r *Raw) GetEtcdParams() ([]string, error) {
+ return []string{}, check.ErrNotImplemented
+}
+
func getProcessParams(process check.Command) ([]string, error) {
nodes, err := config.GetNodesInfo()
if err != nil {