Skip to content

Commit

Permalink
Workload tests adapted to cenralized result logging
Browse files Browse the repository at this point in the history 
Signed-off-by: Martin Matyas <[email protected]>
  • Loading branch information
@martin-mat
martin-mat committed Feb 28, 2024
1 parent 04c37af commit 36360db
Show file tree
Hide file tree
Showing 10 changed files with 481 additions and 865 deletions.
69 changes: 63 additions & 6 deletions embedded_files/points.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,24 +8,34 @@
neutral: 0

- name: reasonable_image_size
emoji: "⚖👀"
tags: [microservice, dynamic, workload, cert, normal]
- name: specialized_init_system
emoji: "🚀"
tags: [microservice, dynamic, workload]
- name: reasonable_startup_time
tags: [microservice, dynamic, workload, cert, normal]
- name: single_process_type
- name: single_process_type
emoji: "⚖👀"
tags: [microservice, dynamic, workload, essential, cert]
pass: 100
- name: zombie_handled
emoji: "⚖👀"
tags: [microservice, dynamic, workload, normal]
- name: service_discovery
emoji: "⚖👀"
tags: [microservice, dynamic, workload, cert, bonus]
pass: 1
fail: 0
- name: shared_database
emoji: "💾"
tags: [microservice, dynamic, workload, cert, normal]
- name: sig_term_handled
- name: sig_term_handled
emoji: "⚖👀"
tags: [microservice, dynamic, workload, normal]

- name: cni_compatible
emoji: "🔓🔑"
tags: [compatibility, dynamic, workload, cert, normal]
# - name: cni_spec
# tags: compatibility, dynamic
Expand All @@ -41,23 +51,29 @@
#- name: check_reaped
# tags: state, dynamic, configuration

- name: privileged
- name: privileged
emoji: "🔓🔑"
tags: [security, dynamic, workload]
# required: true
- name: privilege_escalation
- name: privilege_escalation
emoji: "🔓🔑"
tags: [security, dynamic, workload, cert, normal]
- name: symlink_file_system
emoji: "🔓🔑"
tags: [security, dynamic, workload, cert, normal]
- name: application_credentials
emoji: "🔓🔑"
tags: [security, dynamic, workload, cert, normal]
- name: host_network
emoji: "🔓🔑"
tags: [security, dynamic, workload, cert, normal]
#- name: shells
# tags: security, dynamic
#- name: protected_access
# tags: security, dynamic

- name: increase_decrease_capacity
- name: increase_decrease_capacity
emoji: "📦📈📉"
tags: [compatibility, dynamic, workload, essential, cert]
pass: 100
#- name: small_autoscaling
Expand All @@ -67,28 +83,36 @@
# - name: network_chaos
# tags: resilience, dynamic, workload
- name: pod_network_latency
emoji: "🗡️💀♻"
tags: [resilience, dynamic, workload, cert, bonus]
pass: 1
fail: 0
- name: pod_network_corruption
emoji: "🗡️💀♻"
tags: [resilience, dynamic, workload, cert, bonus]
pass: 1
fail: 0
- name: pod_network_duplication
emoji: "🗡️💀♻"
tags: [resilience, dynamic, workload, cert, bonus]
pass: 1
fail: 0
- name: pod_delete
emoji: "🗡️💀♻"
tags: [resilience, dynamic, workload, cert, normal]
- name: pod_io_stress
emoji: "🗡️💀♻"
tags: [resilience, dynamic, workload, cert, bonus]
pass: 1
fail: 0
- name: pod_memory_hog
emoji: "🗡️💀♻"
tags: [resilience, dynamic, workload, cert, normal]
- name: disk_fill
emoji: "🗡️💀♻"
tags: [resilience, dynamic, workload, cert, normal]
- name: pod_dns_error
emoji: "🗡️💀♻"
tags: [resilience, dynamic, workload, cert, bonus]
pass: 1
fail: 0
Expand All @@ -98,17 +122,22 @@
#- name: versioned_helm_chart
# tags: configuration, dynamic, workload
- name: versioned_tag
emoji: "🏷️"
tags: [configuration, dynamic, workload]
- name: ip_addresses
emoji: "📶🏃⏲️"
pass: 0
fail: -1
tags: [configuration, static, workload]
- name: operator_installed
emoji: "⚖️👀"
tags: [configuration, dynamic, workload, cert, bonus]
- name: liveness
emoji: "⎈🧫"
tags: [resilience, dynamic, workload, essential, cert]
pass: 100
- name: readiness
emoji: "⎈🧫"
tags: [resilience, dynamic, workload, essential, cert]
pass: 100
#- name: no_volume_with_configuration
Expand All @@ -130,10 +159,12 @@
tags: [configuration, dynamic, workload, essential, cert]
pass: 100
- name: secrets_used
emoji: "🧫"
tags: [configuration, dynamic, workload, cert, bonus]
pass: 1
fail: 0
- name: immutable_configmap
emoji: "⚖️"
tags: [configuration, dynamic, workload, cert, bonus]
pass: 1
fail: 0
Expand All @@ -150,10 +181,13 @@
# tags: observability, dynamic, workload

- name: helm_deploy
emoji: "⚙🛠️⬆☁"
tags: [compatibility, dynamic, workload, cert, normal]
- name: helm_chart_valid
emoji: "⎈📝☑"
tags: [compatibility, dynamic, workload, cert, normal]
- name: helm_chart_published
emoji: "⎈📦🌐"
tags: [compatibility, dynamic, workload, cert, normal]

# - name: chaos_network_loss
Expand All @@ -164,21 +198,26 @@
# tags: resilience, dynamic, workload

- name: volume_hostpath_not_found
emoji: "💾"
tags: [state, dynamic, workload]
- name: no_local_volume_configuration
emoji: "💾"
tags: [state, dynamic, workload, cert, bonus]
pass: 1
fail: 0
- name: elastic_volumes
- name: elastic_volumes
emoji: "🧫"
tags: [state, dynamic, workload, cert, bonus]
pass: 1
fail: 0
- name: database_persistence
emoji: "🧫"
tags: [state, dynamic, workload]
pass5: 5
pass3: 3
fail: -1
- name: node_drain
emoji: "🗡️💀♻"
tags: [state, dynamic, workload, essential, cert]
pass: 100

Expand Down Expand Up @@ -207,46 +246,57 @@
tags: ["platform", "platform:security", "dynamic"]

- name: service_account_mapping
emoji: "🔓🔑"
tags: [security, dynamic, workload, cert, normal]

- name: privileged_containers
emoji: "🔓🔑"
tags: [security, dynamic, workload, essential, cert]
pass: 100

- name: non_root_containers
emoji: "🔓🔑"
tags: [security, dynamic, workload, essential, cert]
pass: 100

- name: host_pid_ipc_privileges
emoji: "🔓🔑"
tags: [security, dynamic, workload, cert, normal]

- name: linux_hardening
emoji: "🔓🔑"
tags: [security, dynamic, workload, cert, bonus]
pass: 1
fail: 0

- name: resource_policies
emoji: "🔓🔑"
tags: [security, dynamic, workload, cert, essential]
pass: 100

- name: immutable_file_systems
emoji: "🔓🔑"
tags: [security, dynamic, workload, cert, bonus]
pass: 1
fail: 0

- name: hostpath_mounts
emoji: "🔓🔑"
tags: [security, dynamic, workload, essential, cert]
pass: 100

- name: ingress_egress_blocked
emoji: "🔓🔑"
tags: [security, dynamic, workload, cert, bonus]
pass: 1
fail: 0

- name: insecure_capabilities
emoji: "🔓🔑"
tags: [security, dynamic, workload, cert, normal]

- name: sysctls
emoji: "🔓🔑"
tags: [security, dynamic, workload, cert, normal]

- name: log_output
Expand Down Expand Up @@ -274,29 +324,36 @@
pass: 1
fail: 0
- name: alpha_k8s_apis
emoji: "⭕🔍"
tags: [configuration, dynamic, workload]

- name: container_sock_mounts
emoji: "🔓🔑"
tags: [security, dynamic, workload, essential, cert]
pass: 100

- name: require_labels
emoji: "🏷️"
tags: [configuration, dynamic, workload, cert, normal]

- name: helm_tiller
tags: ["platform", "platform:security", "dynamic"]

- name: external_ips
emoji: "🔓🔑"
tags: [security, dynamic, workload, cert, normal]

- name: selinux_options
emoji: "🔓🔑"
tags: [security, dynamic, workload, essential, cert]
pass: 100

- name: default_namespace
emoji: "🏷️"
tags: [configuration, dynamic, workload, cert, normal]

- name: latest_tag
emoji: "🏷️"
tags: [configuration, dynamic, workload, essential, cert]
pass: 100

Expand Down
2 changes: 1 addition & 1 deletion src/tasks/utils/points.cr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -556,7 +556,7 @@ module CNFManager
Log.debug { "task #{task} emoji: #{md["emoji"]?}" }
resp = md["emoji"]
else
resp = [] of String
resp = ""
end
end

Expand Down
36 changes: 11 additions & 25 deletions src/tasks/workload/5g_validator.cr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,7 @@ end
desc "Test if a 5G core is valid"
task "smf_upf_core_validator" do |t, args|
#todo change to 5g_core_validator
CNFManager::Task.task_runner(args) do |args, config|
task_start_time = Time.utc
testsuite_task = "smf_upf_core_validator"
Log.for(testsuite_task).info { "Starting test" }
CNFManager::Task.task_runner(args, task: t) do |args, config|

# todo add other resilience and compatiblity tests

Expand All @@ -33,19 +30,15 @@ end

desc "Test if a 5G core has SMF/UPF heartbeat"
task "smf_upf_heartbeat" do |t, args|
CNFManager::Task.task_runner(args) do |args, config|
task_start_time = Time.utc
testsuite_task = "smf_upf_heartbeat"
Log.for(testsuite_task).info { "Starting test" }
Log.for(testsuite_task).info { "named args: #{args.named}" }
CNFManager::Task.task_runner(args, task: t) do |args, config|
Log.for(t.name).info { "named args: #{args.named}" }
baseline_count : Int32 | Float64 | String | Nil
if args.named["baseline_count"]?
baseline_count = args.named["baseline_count"].to_i
else
baseline_count = nil
end

Log.debug { "cnf_config: #{config}" }
suci_found : Bool | Nil
smf = config.cnf_config[:smf_label]?
upf = config.cnf_config[:upf_label]?
Expand Down Expand Up @@ -133,24 +126,18 @@ task "smf_upf_heartbeat" do |t, args|
end

#todo move this to validator code code
if heartbeat_found
resp = upsert_passed_task(testsuite_task,"✔️ PASSED: Chaos service degradation is less than 50%.", task_start_time)
if heartbeat_found
CNFManager::TestcaseResult.new(CNFManager::ResultStatus::Passed, "Chaos service degradation is less than 50%")
else
resp = upsert_failed_task(testsuite_task, "✖️ FAILED: Chaos service degradation is more than 50%.", task_start_time)
CNFManager::TestcaseResult.new(CNFManager::ResultStatus::Failed, "Chaos service degradation is more than 50%")
end
resp
end
end

#todo move to 5g test files
desc "Test if a 5G core supports SUCI Concealment"
task "suci_enabled" do |_, args|
CNFManager::Task.task_runner(args) do |args, config|
task_start_time = Time.utc
testsuite_task = "suci_enabled"
Log.for(testsuite_task).info { "Starting test" }

Log.debug { "cnf_config: #{config}" }
task "suci_enabled" do |t, args|
CNFManager::Task.task_runner(args, task: t) do |args, config|
suci_found : Bool | Nil
core = config.cnf_config[:amf_label]?
Log.info { "core: #{core}" }
Expand Down Expand Up @@ -192,12 +179,11 @@ task "suci_enabled" do |_, args|
end


if suci_found
resp = upsert_passed_task(testsuite_task,"✔️ PASSED: Core uses SUCI 5g authentication", task_start_time)
if suci_found
CNFManager::TestcaseResult.new(CNFManager::ResultStatus::Passed, "Core uses SUCI 5g authentication")
else
resp = upsert_failed_task(testsuite_task, "✖️ FAILED: Core does not use SUCI 5g authentication", task_start_time)
CNFManager::TestcaseResult.new(CNFManager::ResultStatus::Failed, "Core does not use SUCI 5g authentication")
end
resp
ensure
Helm.delete("ueransim")
ClusterTools.uninstall
Expand Down
Loading

0 comments on commit 36360db

Please sign in to comment.