From 13f4a25171b3c246c63ba943b6378ec8cc43eb95 Mon Sep 17 00:00:00 2001 From: Konstantin Date: Fri, 9 Aug 2024 15:26:09 +0200 Subject: [PATCH] cert: remove cert tag from non-essential tests (#2126) Certification was updated to count only for essential tests. This commit reflects the change in certification. Refs: #2117 Signed-off-by: Konstantin Yarovoy --- embedded_files/points.yml | 112 ++++++++++++++++----------------- spec/utils/cnf_manager_spec.cr | 11 ---- 2 files changed, 56 insertions(+), 67 deletions(-) diff --git a/embedded_files/points.yml b/embedded_files/points.yml index 4379d2a48..fdd6af797 100644 --- a/embedded_files/points.yml +++ b/embedded_files/points.yml @@ -9,32 +9,32 @@ - name: reasonable_image_size emoji: "βš–πŸ‘€" - tags: [microservice, dynamic, workload, cert, normal] + tags: [microservice, dynamic, workload, normal] - name: specialized_init_system emoji: "πŸš€" - tags: [microservice, dynamic, workload, essential, cert] + tags: [microservice, dynamic, workload, cert, essential] pass: 100 - name: reasonable_startup_time - tags: [microservice, dynamic, workload, cert, normal] + tags: [microservice, dynamic, workload, normal] - name: single_process_type emoji: "βš–πŸ‘€" - tags: [microservice, dynamic, workload, essential, cert] + tags: [microservice, dynamic, workload, cert, essential] pass: 100 - name: zombie_handled emoji: "βš–πŸ‘€" - tags: [microservice, dynamic, workload, essential, cert] + tags: [microservice, dynamic, workload, cert, essential] pass: 100 - name: service_discovery emoji: "βš–πŸ‘€" - tags: [microservice, dynamic, workload, cert, bonus] + tags: [microservice, dynamic, workload, bonus] pass: 1 fail: 0 - name: shared_database emoji: "πŸ’Ύ" - tags: [microservice, dynamic, workload, cert, normal] + tags: [microservice, dynamic, workload, normal] - name: sig_term_handled emoji: "βš–πŸ‘€" - tags: [microservice, dynamic, workload, essential, cert] + tags: [microservice, dynamic, workload, cert, essential] pass: 100 - name: cni_compatible emoji: "πŸ”“πŸ”‘" @@ -55,16 +55,16 @@ - name: privilege_escalation emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, cert, normal] + tags: [security, dynamic, workload, normal] - name: symlink_file_system emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, cert, normal] + tags: [security, dynamic, workload, normal] - name: application_credentials emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, cert, normal] + tags: [security, dynamic, workload, normal] - name: host_network emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, cert, normal] + tags: [security, dynamic, workload, normal] #- name: shells # tags: security, dynamic #- name: protected_access @@ -72,7 +72,7 @@ - name: increase_decrease_capacity emoji: "πŸ“¦πŸ“ˆπŸ“‰" - tags: [compatibility, dynamic, workload, essential, cert] + tags: [compatibility, dynamic, workload, cert, essential] pass: 100 #- name: small_autoscaling # tags: compatibility, dynamic, workload @@ -82,33 +82,33 @@ # tags: resilience, dynamic, workload - name: pod_network_latency emoji: "πŸ—‘οΈπŸ’€β™»" - tags: [resilience, dynamic, workload, cert, bonus] + tags: [resilience, dynamic, workload, bonus] pass: 1 fail: 0 - name: pod_network_corruption emoji: "πŸ—‘οΈπŸ’€β™»" - tags: [resilience, dynamic, workload, cert, bonus] + tags: [resilience, dynamic, workload, bonus] pass: 1 fail: 0 - name: pod_network_duplication emoji: "πŸ—‘οΈπŸ’€β™»" - tags: [resilience, dynamic, workload, cert, bonus] + tags: [resilience, dynamic, workload, bonus] pass: 1 fail: 0 - name: pod_delete emoji: "πŸ—‘οΈπŸ’€β™»" - tags: [resilience, dynamic, workload, cert, normal] + tags: [resilience, dynamic, workload, normal] - name: pod_io_stress emoji: "πŸ—‘οΈπŸ’€β™»" - tags: [resilience, dynamic, workload, cert, bonus] + tags: [resilience, dynamic, workload, bonus] pass: 1 fail: 0 - name: pod_memory_hog emoji: "πŸ—‘οΈπŸ’€β™»" - tags: [resilience, dynamic, workload, cert, normal] + tags: [resilience, dynamic, workload, normal] - name: disk_fill emoji: "πŸ—‘οΈπŸ’€β™»" - tags: [resilience, dynamic, workload, cert, normal] + tags: [resilience, dynamic, workload, normal] - name: pod_dns_error emoji: "πŸ—‘οΈπŸ’€β™»" tags: [resilience, dynamic, workload] @@ -127,14 +127,14 @@ tags: [configuration, static, workload] - name: operator_installed emoji: "βš–οΈπŸ‘€" - tags: [configuration, dynamic, workload, cert, bonus] + tags: [configuration, dynamic, workload, bonus] - name: liveness emoji: "⎈🧫" - tags: [resilience, dynamic, workload, essential, cert] + tags: [resilience, dynamic, workload, cert, essential] pass: 100 - name: readiness emoji: "⎈🧫" - tags: [resilience, dynamic, workload, essential, cert] + tags: [resilience, dynamic, workload, cert, essential] pass: 100 #- name: no_volume_with_configuration # tags: configuration, dynamic @@ -145,23 +145,23 @@ - name: rolling_version_change tags: [compatibility, dynamic, workload] - name: rollback - tags: [compatibility, dynamic, workload, cert, normal] + tags: [compatibility, dynamic, workload, normal] - name: nodeport_not_used - tags: [configuration, dynamic, workload, cert, normal] + tags: [configuration, dynamic, workload, normal] - name: hostport_not_used - tags: [configuration, dynamic, workload, essential, cert] + tags: [configuration, dynamic, workload, cert, essential] pass: 100 - name: hardcoded_ip_addresses_in_k8s_runtime_configuration - tags: [configuration, dynamic, workload, essential, cert] + tags: [configuration, dynamic, workload, cert, essential] pass: 100 - name: secrets_used emoji: "🧫" - tags: [configuration, dynamic, workload, cert, bonus] + tags: [configuration, dynamic, workload, bonus] pass: 1 fail: 0 - name: immutable_configmap emoji: "βš–οΈ" - tags: [configuration, dynamic, workload, cert, bonus] + tags: [configuration, dynamic, workload, bonus] pass: 1 fail: 0 @@ -178,13 +178,13 @@ - name: helm_deploy emoji: "βš™πŸ› οΈβ¬†β˜" - tags: [compatibility, dynamic, workload, cert, normal] + tags: [compatibility, dynamic, workload, normal] - name: helm_chart_valid emoji: "βŽˆπŸ“β˜‘" - tags: [compatibility, dynamic, workload, cert, normal] + tags: [compatibility, dynamic, workload, normal] - name: helm_chart_published emoji: "βŽˆπŸ“¦πŸŒ" - tags: [compatibility, dynamic, workload, cert, normal] + tags: [compatibility, dynamic, workload, normal] # - name: chaos_network_loss # tags: resilience, dynamic, workload @@ -195,12 +195,12 @@ - name: no_local_volume_configuration emoji: "πŸ’Ύ" - tags: [state, dynamic, workload, cert, bonus] + tags: [state, dynamic, workload, bonus] pass: 1 fail: 0 - name: elastic_volumes emoji: "🧫" - tags: [state, dynamic, workload, cert, bonus] + tags: [state, dynamic, workload, bonus] pass: 1 fail: 0 - name: database_persistence @@ -211,7 +211,7 @@ fail: -1 - name: node_drain emoji: "πŸ—‘οΈπŸ’€β™»" - tags: [state, dynamic, workload, essential, cert] + tags: [state, dynamic, workload, cert, essential] pass: 100 #- name: hardware_and_scheduling @@ -256,25 +256,25 @@ - name: service_account_mapping emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, cert, normal] + tags: [security, dynamic, workload, normal] - name: privileged_containers emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, essential, cert] + tags: [security, dynamic, workload, cert, essential] pass: 100 - name: non_root_containers emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, essential, cert] + tags: [security, dynamic, workload, cert, essential] pass: 100 - name: host_pid_ipc_privileges emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, cert, normal] + tags: [security, dynamic, workload, normal] - name: linux_hardening emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, cert, bonus] + tags: [security, dynamic, workload, bonus] pass: 1 fail: 0 @@ -290,51 +290,51 @@ - name: immutable_file_systems emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, cert, bonus] + tags: [security, dynamic, workload, bonus] pass: 1 fail: 0 - name: hostpath_mounts emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, essential, cert] + tags: [security, dynamic, workload, cert, essential] pass: 100 - name: ingress_egress_blocked emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, cert, bonus] + tags: [security, dynamic, workload, bonus] pass: 1 fail: 0 - name: insecure_capabilities emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, cert, normal] + tags: [security, dynamic, workload, normal] - name: sysctls emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, cert, normal] + tags: [security, dynamic, workload, normal] - name: log_output emoji: "πŸ“Άβ˜ οΈ" - tags: [observability, dynamic, workload, essential, cert] + tags: [observability, dynamic, workload, cert, essential] pass: 100 - name: prometheus_traffic emoji: "πŸ“Άβ˜ οΈ" - tags: [observability, dynamic, workload, cert, bonus] + tags: [observability, dynamic, workload, bonus] pass: 1 fail: 0 - name: open_metrics emoji: "πŸ“Άβ˜ οΈ" - tags: [observability, dynamic, workload, cert, bonus] + tags: [observability, dynamic, workload, bonus] pass: 1 fail: 0 - name: routed_logs emoji: "πŸ“Άβ˜ οΈ" - tags: [observability, dynamic, workload, cert, bonus] + tags: [observability, dynamic, workload, bonus] pass: 1 fail: 0 - name: tracing emoji: "βŽˆπŸš€" - tags: [observability, dynamic, workload, cert, bonus] + tags: [observability, dynamic, workload, bonus] pass: 1 fail: 0 - name: alpha_k8s_apis @@ -343,12 +343,12 @@ - name: container_sock_mounts emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, essential, cert] + tags: [security, dynamic, workload, cert, essential] pass: 100 - name: require_labels emoji: "🏷️" - tags: [configuration, dynamic, workload, cert, normal] + tags: [configuration, dynamic, workload, normal] - name: helm_tiller emoji: "πŸ”“πŸ”‘" @@ -356,20 +356,20 @@ - name: external_ips emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, cert, normal] + tags: [security, dynamic, workload, normal] - name: selinux_options emoji: "πŸ”“πŸ”‘" - tags: [security, dynamic, workload, essential, cert] + tags: [security, dynamic, workload, cert, essential] pass: 100 - name: default_namespace emoji: "🏷️" - tags: [configuration, dynamic, workload, cert, normal] + tags: [configuration, dynamic, workload, normal] - name: latest_tag emoji: "🏷️" - tags: [configuration, dynamic, workload, essential, cert] + tags: [configuration, dynamic, workload, cert, essential] pass: 100 - name: smf_upf_heartbeat diff --git a/spec/utils/cnf_manager_spec.cr b/spec/utils/cnf_manager_spec.cr index 57c48a16f..f787a54b0 100644 --- a/spec/utils/cnf_manager_spec.cr +++ b/spec/utils/cnf_manager_spec.cr @@ -392,17 +392,6 @@ describe "SampleUtils" do CNFManager.sample_cleanup(config_file: "sample-cnfs/sample-generic-cnf", verbose: true) end - it "bonus tests should not be includded in the maximum points when a failure occurs", tags: ["cnf-config"] do - begin - # fails because doesn't have a service - result = ShellCmd.run_testsuite("cnf_setup cnf-path=./sample-cnfs/sample-ndn-privileged") - result = ShellCmd.run_testsuite("cert_microservice") - (/of 6 tests passed/ =~ result[:output]).should_not be_nil - ensure - result = ShellCmd.run_testsuite("cnf_cleanup cnf-path=./sample-cnfs/sample-ndn-privileged") - end - end - it "Helm_values should be used during the installation of a cnf", tags: ["cnf-config"] do begin # fails because doesn't have a service