Add security checks
This patch adds initial security validation check. It includes JSON file
containing dictionary of acknowledged NodePorts with corresponding
services [1].
Data required to perform added security check cannot be easily obtained
from within "robot" pod (without granting it access to "kubectl" tool
and as a side effect - cluster modifications). That is why it should be
collected beforehand by the test operator and stored as a JSON file.
Added suite expects having "${ACTUAL_NODEPORTS_FILE}" variable defined.
It will attempt parsing data stored in the file pointed by the said
variable and compare it against expected NodePorts.
[1] https://docs.onap.org/en/elalto/guides/onap-developer/settingup/index.html#nodeports
Issue-ID: SECCOM-261
Change-Id: Ib8078c50e943125f8452120368891c3e3a7056bc
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
diff --git a/robot/testsuites/security.robot b/robot/testsuites/security.robot
new file mode 100644
index 0000000..089e12e
--- /dev/null
+++ b/robot/testsuites/security.robot
@@ -0,0 +1,14 @@
+*** Settings ***
+| Documentation | Security validation |
+| ... | This suite requires declaring ${ACTUAL_NODEPORTS_FILE} |
+| Default tags | security |
+| Library | ONAPLibrary.JSON |
+
+*** Variables ***
+| ${EXPECTED_NODEPORTS_FILE} | ../assets/security/ExpectedNodePorts.json |
+
+*** Test Cases ***
+Validate present NodePorts
+| | ${expected_nodeports}= | Get file | ${EXPECTED_NODEPORTS_FILE} |
+| | ${actual_nodeports}= | Get file | ${ACTUAL_NODEPORTS_FILE} |
+| | JSON should contain sub JSON | ${expected_node_ports} | ${actual_node_ports} |