From a592221cd4fc59fabcc475c744b7344ca5fc831d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Nov 2023 11:47:48 -0600 Subject: [PATCH 01/62] Bump github.com/onsi/ginkgo/v2 from 2.13.0 to 2.13.1 (#1610) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.13.0 to 2.13.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.13.0...v2.13.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 24 ++++++++++++------------ 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index a5fe1ad6f..3b0ebd31e 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require k8s.io/client-go v0.28.3 require ( github.com/kelseyhightower/envconfig v1.4.0 github.com/mittwald/go-helm-client v0.12.3 - github.com/onsi/ginkgo/v2 v2.13.0 + github.com/onsi/ginkgo/v2 v2.13.1 github.com/openshift/api v0.0.1 github.com/openshift/client-go v0.0.1 github.com/operator-framework/api v0.19.0 @@ -82,7 +82,7 @@ require ( github.com/google/btree v1.1.2 // indirect github.com/google/cel-go v0.16.1 // indirect github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/go-cmp v0.5.9 // indirect + github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-containerregistry v0.15.2 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect @@ -167,12 +167,12 @@ require ( golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea // indirect golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.10.0 // indirect - golang.org/x/sync v0.3.0 // indirect + golang.org/x/sync v0.4.0 // indirect golang.org/x/sys v0.14.0 // indirect golang.org/x/term v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.12.0 // indirect + golang.org/x/tools v0.14.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index fdb06e209..e2f262e41 100644 --- a/go.sum +++ b/go.sum @@ -278,8 +278,8 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE= github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -457,10 +457,10 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= -github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= -github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= -github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= +github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU= +github.com/onsi/ginkgo/v2 v2.13.1/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= +github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= +github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= @@ -684,8 +684,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= +golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -746,8 +746,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= +golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -871,8 +871,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss= -golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= +golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= +golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 11a816b8e230b0ce038f2c959d84dc497cc23deb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Nov 2023 21:10:03 +0200 Subject: [PATCH 02/62] Bump github.com/test-network-function/privileged-daemonset (#1612) Bumps [github.com/test-network-function/privileged-daemonset](https://github.com/test-network-function/privileged-daemonset) from 1.0.14 to 1.0.15. - [Release notes](https://github.com/test-network-function/privileged-daemonset/releases) - [Commits](https://github.com/test-network-function/privileged-daemonset/compare/v1.0.14...v1.0.15) --- updated-dependencies: - dependency-name: github.com/test-network-function/privileged-daemonset dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3b0ebd31e..81c69f0d9 100644 --- a/go.mod +++ b/go.mod @@ -218,7 +218,7 @@ require ( github.com/redhat-openshift-ecosystem/openshift-preflight v0.0.0-20231018165107-f04b78186455 github.com/robert-nix/ansihtml v1.0.1 github.com/test-network-function/oct v0.0.3 - github.com/test-network-function/privileged-daemonset v1.0.14 + github.com/test-network-function/privileged-daemonset v1.0.15 gopkg.in/yaml.v3 v3.0.1 gotest.tools/v3 v3.5.1 k8s.io/kubectl v0.28.3 diff --git a/go.sum b/go.sum index e2f262e41..e782d694f 100644 --- a/go.sum +++ b/go.sum @@ -575,8 +575,8 @@ github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/test-network-function/oct v0.0.3 h1:jcVf+LVhN7FhKXjSqNUG1hsH6FrNwD9I/i6xowEZhB4= github.com/test-network-function/oct v0.0.3/go.mod h1:Sz+lcJPXHge6VVs7bPtz9s0q8wcrMeQ4WA2PUGCyeok= -github.com/test-network-function/privileged-daemonset v1.0.14 h1:BiED8lOeuCoqkEjb5WQfe99ZZrJ/TqjNv33hNHOqcnA= -github.com/test-network-function/privileged-daemonset v1.0.14/go.mod h1:L+lRm5/0pwyU4DRERq94+cuYujYWhiGmY8F6VejQrvM= +github.com/test-network-function/privileged-daemonset v1.0.15 h1:Jgjf3sa4d9OuhZRTj3oLhaaGV7PtQLVeLK/LSd9YgdE= +github.com/test-network-function/privileged-daemonset v1.0.15/go.mod h1:rDiFimleKbW2E501cNgHMYCrR52+w5Sg0a6trF2HZTo= github.com/test-network-function/test-network-function-claim v1.0.30 h1:Pi0H1utIQ6WXmzD7+R2F/YYHmchEyT6LiAf6WEZm0J0= github.com/test-network-function/test-network-function-claim v1.0.30/go.mod h1:qu/HJnmC5SzCsxS2mULGCdv5SWwjoMGlgQpjUOtQiEs= github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= From ba41000751c4624c515e05ef079b354b0849bfe3 Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Mon, 13 Nov 2023 15:24:18 -0600 Subject: [PATCH 03/62] Temporarily disable QE parallel flag for nightlies (#1617) --- .github/workflows/qe-ocp-413.yaml | 2 +- .github/workflows/qe-ocp-414.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/qe-ocp-413.yaml b/.github/workflows/qe-ocp-413.yaml index 152b186b9..51af128bd 100644 --- a/.github/workflows/qe-ocp-413.yaml +++ b/.github/workflows/qe-ocp-413.yaml @@ -63,7 +63,7 @@ jobs: # Setup is complete. Time to run the QE tests. - name: Run the tests - run: FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features + run: FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=false ENABLE_FLAKY_RETRY=true make test-features working-directory: cnfcert-tests-verification - name: (if on main and upstream) Send chat msg to dev team if failed to run QE tests diff --git a/.github/workflows/qe-ocp-414.yaml b/.github/workflows/qe-ocp-414.yaml index eed2acbba..44f5cbf28 100644 --- a/.github/workflows/qe-ocp-414.yaml +++ b/.github/workflows/qe-ocp-414.yaml @@ -63,7 +63,7 @@ jobs: # Setup is complete. Time to run the QE tests. - name: Run the tests - run: FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features + run: FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=false ENABLE_FLAKY_RETRY=true make test-features working-directory: cnfcert-tests-verification - name: (if on main and upstream) Send chat msg to dev team if failed to run QE tests From a88f7940b907e8a85b1ac01ac9d7f6a58bd24c71 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Nov 2023 23:58:30 +0200 Subject: [PATCH 04/62] Bump github.com/test-network-function/test-network-function-claim (#1611) Bumps [github.com/test-network-function/test-network-function-claim](https://github.com/test-network-function/test-network-function-claim) from 1.0.30 to 1.0.31. - [Release notes](https://github.com/test-network-function/test-network-function-claim/releases) - [Commits](https://github.com/test-network-function/test-network-function-claim/compare/v1.0.30...v1.0.31) --- updated-dependencies: - dependency-name: github.com/test-network-function/test-network-function-claim dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: David Rabkin --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 81c69f0d9..201cdade9 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.0 github.com/stretchr/testify v1.8.4 - github.com/test-network-function/test-network-function-claim v1.0.30 + github.com/test-network-function/test-network-function-claim v1.0.31 github.com/xeipuuv/gojsonschema v1.2.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) diff --git a/go.sum b/go.sum index e782d694f..388ef03f4 100644 --- a/go.sum +++ b/go.sum @@ -577,8 +577,8 @@ github.com/test-network-function/oct v0.0.3 h1:jcVf+LVhN7FhKXjSqNUG1hsH6FrNwD9I/ github.com/test-network-function/oct v0.0.3/go.mod h1:Sz+lcJPXHge6VVs7bPtz9s0q8wcrMeQ4WA2PUGCyeok= github.com/test-network-function/privileged-daemonset v1.0.15 h1:Jgjf3sa4d9OuhZRTj3oLhaaGV7PtQLVeLK/LSd9YgdE= github.com/test-network-function/privileged-daemonset v1.0.15/go.mod h1:rDiFimleKbW2E501cNgHMYCrR52+w5Sg0a6trF2HZTo= -github.com/test-network-function/test-network-function-claim v1.0.30 h1:Pi0H1utIQ6WXmzD7+R2F/YYHmchEyT6LiAf6WEZm0J0= -github.com/test-network-function/test-network-function-claim v1.0.30/go.mod h1:qu/HJnmC5SzCsxS2mULGCdv5SWwjoMGlgQpjUOtQiEs= +github.com/test-network-function/test-network-function-claim v1.0.31 h1:Yqb9/8QPEEZO0LAIeuw65uPzDPnKSG8z/njpXAN2CJs= +github.com/test-network-function/test-network-function-claim v1.0.31/go.mod h1:itpxi9Ehhv9oNC9MiSAt52SKFtJBbQ/T1njTXspl1Hk= github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck= github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY= From 93434f775655b912cd1ac2dff386b0d30fd53561 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 14 Nov 2023 08:16:15 -0600 Subject: [PATCH 05/62] Update RHCOS to OCP version map (#1618) Co-authored-by: sebrandon1 --- .../platform/operatingsystem/files/rhcos_version_map | 1 + 1 file changed, 1 insertion(+) diff --git a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map index 61db0b362..cd650f65c 100644 --- a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map +++ b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map @@ -220,6 +220,7 @@ 4.13.19 / 413.92.202310210500-0 4.13.2 / 413.92.202305302312-0 4.13.21 / 413.92.202310210500-0 +4.13.22 / 413.92.202311061658-0 4.13.3 / 413.92.202306070210-0 4.13.4 / 413.92.202306141213-0 4.13.5 / 413.92.202307140015-0 From a8640e405ac90f9eb37430406a61977fec9c00aa Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Wed, 15 Nov 2023 12:12:54 -0600 Subject: [PATCH 06/62] Disable Go cache for self-hosted (#1626) --- .github/actions/setup/action.yml | 1 + .github/workflows/qe-hosted.yml | 14 -------------- 2 files changed, 1 insertion(+), 14 deletions(-) diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index 9a7915bc2..8edb6b6b2 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -17,6 +17,7 @@ runs: uses: actions/setup-go@v4 with: go-version: 1.21.4 + cache: false - name: Disable default go problem matcher run: echo "::remove-matcher owner=go::" diff --git a/.github/workflows/qe-hosted.yml b/.github/workflows/qe-hosted.yml index 833d8e910..be747558a 100644 --- a/.github/workflows/qe-hosted.yml +++ b/.github/workflows/qe-hosted.yml @@ -40,20 +40,6 @@ jobs: swap-storage: true continue-on-error: true - - name: Write temporary docker file - run: | - mkdir -p /home/runner/.docker - touch ${PFLT_DOCKERCONFIG} - echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG} - - - name: Set up Go 1.21 - uses: actions/setup-go@v4 - with: - go-version: 1.21.4 - - - name: Disable default go problem matcher - run: echo "::remove-matcher owner=go::" - - name: Check out code uses: actions/checkout@v4 with: From 2e0087779ecdf3217c2d3623604d129c80df76d8 Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Thu, 16 Nov 2023 08:25:36 -0600 Subject: [PATCH 07/62] Add retries to QE nightlies (#1628) --- .github/workflows/qe-hosted.yml | 8 +++++--- .github/workflows/qe-ocp-413-intrusive.yaml | 8 +++++--- .github/workflows/qe-ocp-413.yaml | 8 +++++--- .github/workflows/qe-ocp-414-intrusive.yaml | 8 +++++--- .github/workflows/qe-ocp-414.yaml | 8 +++++--- .github/workflows/qe.yaml | 10 +++++----- 6 files changed, 30 insertions(+), 20 deletions(-) diff --git a/.github/workflows/qe-hosted.yml b/.github/workflows/qe-hosted.yml index be747558a..7e5d06234 100644 --- a/.github/workflows/qe-hosted.yml +++ b/.github/workflows/qe-hosted.yml @@ -89,10 +89,12 @@ jobs: repository: ${{ env.QE_REPO }} path: cnfcert-tests-verification - # Setup is complete. Time to run the QE tests. - name: Run the tests - run: FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features - working-directory: cnfcert-tests-verification + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + max_attempts: 3 + command: cd ${GITHUB_WORKSPACE}/cnfcert-tests-verification; FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features - name: (if on main and upstream) Send chat msg to dev team if failed to run QE tests if: ${{ failure() && github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }} diff --git a/.github/workflows/qe-ocp-413-intrusive.yaml b/.github/workflows/qe-ocp-413-intrusive.yaml index bee1a95c6..a191b42c5 100644 --- a/.github/workflows/qe-ocp-413-intrusive.yaml +++ b/.github/workflows/qe-ocp-413-intrusive.yaml @@ -62,10 +62,12 @@ jobs: sudo rm -rf /tmp/tnf_config/ sudo rm -rf /tmp/tnf_report/ - # Setup is complete. Time to run the QE tests. - name: Run the tests - run: FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=false ENABLE_PARALLEL=false ENABLE_FLAKY_RETRY=true make test-features - working-directory: cnfcert-tests-verification + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + max_attempts: 3 + command: cd ${GITHUB_WORKSPACE}/cnfcert-tests-verification; FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=false ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features - name: (if on main and upstream) Send chat msg to dev team if failed to run QE tests if: ${{ failure() && github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }} diff --git a/.github/workflows/qe-ocp-413.yaml b/.github/workflows/qe-ocp-413.yaml index 51af128bd..c36e12aa4 100644 --- a/.github/workflows/qe-ocp-413.yaml +++ b/.github/workflows/qe-ocp-413.yaml @@ -61,10 +61,12 @@ jobs: sudo rm -rf /tmp/tnf_config/ sudo rm -rf /tmp/tnf_report/ - # Setup is complete. Time to run the QE tests. - name: Run the tests - run: FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=false ENABLE_FLAKY_RETRY=true make test-features - working-directory: cnfcert-tests-verification + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + max_attempts: 3 + command: cd ${GITHUB_WORKSPACE}/cnfcert-tests-verification; FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features - name: (if on main and upstream) Send chat msg to dev team if failed to run QE tests if: ${{ failure() && github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }} diff --git a/.github/workflows/qe-ocp-414-intrusive.yaml b/.github/workflows/qe-ocp-414-intrusive.yaml index 22e340a9a..141ce85ca 100644 --- a/.github/workflows/qe-ocp-414-intrusive.yaml +++ b/.github/workflows/qe-ocp-414-intrusive.yaml @@ -62,10 +62,12 @@ jobs: sudo rm -rf /tmp/tnf_config/ sudo rm -rf /tmp/tnf_report/ - # Setup is complete. Time to run the QE tests. - name: Run the tests - run: FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=false ENABLE_PARALLEL=false ENABLE_FLAKY_RETRY=true make test-features - working-directory: cnfcert-tests-verification + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + max_attempts: 3 + command: cd ${GITHUB_WORKSPACE}/cnfcert-tests-verification; FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=false ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features - name: (if on main and upstream) Send chat msg to dev team if failed to run QE tests if: ${{ failure() && github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }} diff --git a/.github/workflows/qe-ocp-414.yaml b/.github/workflows/qe-ocp-414.yaml index 44f5cbf28..d04cacb6b 100644 --- a/.github/workflows/qe-ocp-414.yaml +++ b/.github/workflows/qe-ocp-414.yaml @@ -61,10 +61,12 @@ jobs: sudo rm -rf /tmp/tnf_config/ sudo rm -rf /tmp/tnf_report/ - # Setup is complete. Time to run the QE tests. - name: Run the tests - run: FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=false ENABLE_FLAKY_RETRY=true make test-features - working-directory: cnfcert-tests-verification + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + max_attempts: 3 + command: cd ${GITHUB_WORKSPACE}/cnfcert-tests-verification; FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features - name: (if on main and upstream) Send chat msg to dev team if failed to run QE tests if: ${{ failure() && github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }} diff --git a/.github/workflows/qe.yaml b/.github/workflows/qe.yaml index 1b46c4a87..fe8df05f6 100644 --- a/.github/workflows/qe.yaml +++ b/.github/workflows/qe.yaml @@ -10,8 +10,6 @@ on: env: QE_REPO: test-network-function/cnfcert-tests-verification - - jobs: qe-testing: runs-on: qe-runner @@ -105,10 +103,12 @@ jobs: run: ./scripts/delete-namespaces.sh working-directory: cnfcert-tests-verification - # Setup is complete. Time to run the QE tests. - name: Run the tests - run: FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features - working-directory: cnfcert-tests-verification + uses: nick-fields/retry@v2 + with: + timeout_minutes: 60 + max_attempts: 3 + command: cd ${GITHUB_WORKSPACE}/cnfcert-tests-verification; FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features - name: (if on main and upstream) Send chat msg to dev team if failed to run QE tests if: ${{ failure() && github.ref == 'refs/heads/main' && github.repository_owner == 'test-network-function' }} From 3d88e84a61207120dee4560f8d98a4891d13ab23 Mon Sep 17 00:00:00 2001 From: Gonzalo Reyero Ferreras <87083379+greyerof@users.noreply.github.com> Date: Thu, 16 Nov 2023 15:26:13 +0100 Subject: [PATCH 08/62] Fix gchat alert message. (#1630) After testing it in a private repo, it works when the webhook URL+query is surrounded by single quotes. --- .github/workflows/pre-main.yaml | 2 +- .github/workflows/qe-hosted.yml | 2 +- .github/workflows/qe-ocp-413-intrusive.yaml | 2 +- .github/workflows/qe-ocp-413.yaml | 2 +- .github/workflows/qe-ocp-414-intrusive.yaml | 2 +- .github/workflows/qe-ocp-414.yaml | 2 +- .github/workflows/qe.yaml | 2 +- .github/workflows/tnf-image.yaml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pre-main.yaml b/.github/workflows/pre-main.yaml index 0cd044974..5b349cb4b 100644 --- a/.github/workflows/pre-main.yaml +++ b/.github/workflows/pre-main.yaml @@ -451,7 +451,7 @@ jobs: run: | curl -X POST --data "{ \"text\": \"🚨⚠ī¸ Failed to create \`unstable\` container image from commit \<$GITHUB_REPO/commit/$COMMIT_SHA|$COMMIT_SHA\>, job ID \<$GITHUB_REPO/actions/runs/$JOB_RUN_ID/attempts/$JOB_RUN_ATTEMPT|$JOB_RUN_ID\> \" - }" -H 'Content-type: application/json; charset=UTF-8' ${{ secrets.GCHAT_WEBHOOK_URL }} + }" -H 'Content-type: application/json; charset=UTF-8' '${{ secrets.GCHAT_WEBHOOK_URL }}' # Push the new unstable TNF image to Quay.io. - name: (if on main and upstream) Authenticate against Quay.io diff --git a/.github/workflows/qe-hosted.yml b/.github/workflows/qe-hosted.yml index 7e5d06234..85ad1d393 100644 --- a/.github/workflows/qe-hosted.yml +++ b/.github/workflows/qe-hosted.yml @@ -106,4 +106,4 @@ jobs: run: | curl -X POST --data "{ \"text\": \"🚨⚠ī¸ Failed to run Github hosted QE tests from commit \<$GITHUB_REPO/commit/$COMMIT_SHA|$COMMIT_SHA\>, job ID \<$GITHUB_REPO/actions/runs/$JOB_RUN_ID/attempts/$JOB_RUN_ATTEMPT|$JOB_RUN_ID\> \" - }" -H 'Content-type: application/json; charset=UTF-8' ${{ secrets.QE_NIGHTLY_WEBHOOK }} + }" -H 'Content-type: application/json; charset=UTF-8' '${{ secrets.QE_NIGHTLY_WEBHOOK }}' diff --git a/.github/workflows/qe-ocp-413-intrusive.yaml b/.github/workflows/qe-ocp-413-intrusive.yaml index a191b42c5..f6187b0a7 100644 --- a/.github/workflows/qe-ocp-413-intrusive.yaml +++ b/.github/workflows/qe-ocp-413-intrusive.yaml @@ -79,4 +79,4 @@ jobs: run: | curl -X POST --data "{ \"text\": \"🚨⚠ī¸ Failed to run intrusive OCP 4.13 QE tests from commit \<$GITHUB_REPO/commit/$COMMIT_SHA|$COMMIT_SHA\>, job ID \<$GITHUB_REPO/actions/runs/$JOB_RUN_ID/attempts/$JOB_RUN_ATTEMPT|$JOB_RUN_ID\> \" - }" -H 'Content-type: application/json; charset=UTF-8' ${{ secrets.QE_NIGHTLY_WEBHOOK }} + }" -H 'Content-type: application/json; charset=UTF-8' '${{ secrets.QE_NIGHTLY_WEBHOOK }}' diff --git a/.github/workflows/qe-ocp-413.yaml b/.github/workflows/qe-ocp-413.yaml index c36e12aa4..09c3e8266 100644 --- a/.github/workflows/qe-ocp-413.yaml +++ b/.github/workflows/qe-ocp-413.yaml @@ -78,4 +78,4 @@ jobs: run: | curl -X POST --data "{ \"text\": \"🚨⚠ī¸ Failed to run non-intrusive OCP 4.13 QE tests from commit \<$GITHUB_REPO/commit/$COMMIT_SHA|$COMMIT_SHA\>, job ID \<$GITHUB_REPO/actions/runs/$JOB_RUN_ID/attempts/$JOB_RUN_ATTEMPT|$JOB_RUN_ID\> \" - }" -H 'Content-type: application/json; charset=UTF-8' ${{ secrets.QE_NIGHTLY_WEBHOOK }} + }" -H 'Content-type: application/json; charset=UTF-8' '${{ secrets.QE_NIGHTLY_WEBHOOK }}' diff --git a/.github/workflows/qe-ocp-414-intrusive.yaml b/.github/workflows/qe-ocp-414-intrusive.yaml index 141ce85ca..6a87d0f1b 100644 --- a/.github/workflows/qe-ocp-414-intrusive.yaml +++ b/.github/workflows/qe-ocp-414-intrusive.yaml @@ -79,4 +79,4 @@ jobs: run: | curl -X POST --data "{ \"text\": \"🚨⚠ī¸ Failed to run intrusive OCP 4.14 QE tests from commit \<$GITHUB_REPO/commit/$COMMIT_SHA|$COMMIT_SHA\>, job ID \<$GITHUB_REPO/actions/runs/$JOB_RUN_ID/attempts/$JOB_RUN_ATTEMPT|$JOB_RUN_ID\> \" - }" -H 'Content-type: application/json; charset=UTF-8' ${{ secrets.QE_NIGHTLY_WEBHOOK }} + }" -H 'Content-type: application/json; charset=UTF-8' '${{ secrets.QE_NIGHTLY_WEBHOOK }}' diff --git a/.github/workflows/qe-ocp-414.yaml b/.github/workflows/qe-ocp-414.yaml index d04cacb6b..2b0da85a6 100644 --- a/.github/workflows/qe-ocp-414.yaml +++ b/.github/workflows/qe-ocp-414.yaml @@ -78,4 +78,4 @@ jobs: run: | curl -X POST --data "{ \"text\": \"🚨⚠ī¸ Failed to run non-intrusive OCP 4.14 QE tests from commit \<$GITHUB_REPO/commit/$COMMIT_SHA|$COMMIT_SHA\>, job ID \<$GITHUB_REPO/actions/runs/$JOB_RUN_ID/attempts/$JOB_RUN_ATTEMPT|$JOB_RUN_ID\> \" - }" -H 'Content-type: application/json; charset=UTF-8' ${{ secrets.QE_NIGHTLY_WEBHOOK }} + }" -H 'Content-type: application/json; charset=UTF-8' '${{ secrets.QE_NIGHTLY_WEBHOOK }}' diff --git a/.github/workflows/qe.yaml b/.github/workflows/qe.yaml index fe8df05f6..094a40e6a 100644 --- a/.github/workflows/qe.yaml +++ b/.github/workflows/qe.yaml @@ -120,4 +120,4 @@ jobs: run: | curl -X POST --data "{ \"text\": \"🚨⚠ī¸ Failed to run Kind-based non-intrusive QE tests from commit \<$GITHUB_REPO/commit/$COMMIT_SHA|$COMMIT_SHA\>, job ID \<$GITHUB_REPO/actions/runs/$JOB_RUN_ID/attempts/$JOB_RUN_ATTEMPT|$JOB_RUN_ID\> \" - }" -H 'Content-type: application/json; charset=UTF-8' ${{ secrets.QE_NIGHTLY_WEBHOOK }} + }" -H 'Content-type: application/json; charset=UTF-8' '${{ secrets.QE_NIGHTLY_WEBHOOK }}' diff --git a/.github/workflows/tnf-image.yaml b/.github/workflows/tnf-image.yaml index 58c32979c..9c972e033 100644 --- a/.github/workflows/tnf-image.yaml +++ b/.github/workflows/tnf-image.yaml @@ -144,4 +144,4 @@ jobs: run: | curl -X POST --data "{ \"text\": \"🚨⚠ī¸ Failed to create container image version \`$TNF_VERSION\` from commit \<$GITHUB_REPO/commit/$COMMIT_SHA|$COMMIT_SHA\>, job ID \<$GITHUB_REPO/actions/runs/$JOB_RUN_ID/attempts/$JOB_RUN_ATTEMPT|$JOB_RUN_ID\> \" - }" -H 'Content-type: application/json; charset=UTF-8' ${{ secrets.GCHAT_WEBHOOK_URL }} + }" -H 'Content-type: application/json; charset=UTF-8' '${{ secrets.GCHAT_WEBHOOK_URL }}' From f507a555371742eac3afd3a1d3574268c22482b5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 16 Nov 2023 08:26:34 -0600 Subject: [PATCH 09/62] Update RHCOS to OCP version map (#1629) Co-authored-by: sebrandon1 --- .../platform/operatingsystem/files/rhcos_version_map | 1 + 1 file changed, 1 insertion(+) diff --git a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map index cd650f65c..c64275c91 100644 --- a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map +++ b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map @@ -189,6 +189,7 @@ 4.12.41 / 412.86.202310210217-0 4.12.42 / 412.86.202310302215-0 4.12.43 / 412.86.202311051457-0 +4.12.44 / 412.86.202311092041-0 4.12.5 / 412.86.202302170236-0 4.12.6 / 412.86.202302282003-0 4.12.7 / 412.86.202303011010-0 From 61ab6580e20f0684ff25125b51d53cfb48250420 Mon Sep 17 00:00:00 2001 From: Gonzalo Reyero Ferreras <87083379+greyerof@users.noreply.github.com> Date: Thu, 16 Nov 2023 18:27:49 +0100 Subject: [PATCH 10/62] Fixed function AreCPUResourcesWholeUnits(). (#1631) The bug happens when deploying pods with containers that don't have any cpu req/limit defined in its spec but they do have any other resource (like mem) set. cut.Resources.Requests and cut.Resources.Limits are maps, whose keys are the different resources (mem, cpu, hugepages) that were explicitly set in the container spec. Requests.Cpu() returns a defaulted (zeroed) Quantity for the cpu resource if that resource type doesn't exist in the requests map, which will happen if cpu reqs/limits are not explicitly set in the pod spec. --- pkg/provider/isolation.go | 17 ++++++++--------- pkg/provider/isolation_test.go | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 9 deletions(-) diff --git a/pkg/provider/isolation.go b/pkg/provider/isolation.go index e14bdb3e8..b47760a00 100644 --- a/pkg/provider/isolation.go +++ b/pkg/provider/isolation.go @@ -58,21 +58,20 @@ func AreCPUResourcesWholeUnits(p *Pod) bool { // Pods may contain more than one container. All containers must conform to the CPU isolation requirements. for _, cut := range p.Containers { // Resources must be specified - if len(cut.Resources.Requests) == 0 || len(cut.Resources.Limits) == 0 { + cpuRequestsMillis := cut.Resources.Requests.Cpu().MilliValue() + cpuLimitsMillis := cut.Resources.Limits.Cpu().MilliValue() + + if cpuRequestsMillis == 0 || cpuLimitsMillis == 0 { logrus.Debugf("%s has been found with undefined requests or limits.", cut.String()) return false } - // Gather the values - cpuRequests := cut.Resources.Requests.Cpu().MilliValue() - cpuLimits := cut.Resources.Limits.Cpu().MilliValue() - - if !isInteger(cpuRequests) { - logrus.Debugf("%s has CPU requests %d (milli) that has to be a whole unit.", cut.String(), cpuRequests) + if !isInteger(cpuRequestsMillis) { + logrus.Debugf("%s has CPU requests %d (milli) that has to be a whole unit.", cut.String(), cpuRequestsMillis) return false } - if !isInteger(cpuLimits) { - logrus.Debugf("%s has CPU limits %d (milli) that has to be a whole unit.", cut.String(), cpuLimits) + if !isInteger(cpuLimitsMillis) { + logrus.Debugf("%s has CPU limits %d (milli) that has to be a whole unit.", cut.String(), cpuLimitsMillis) return false } } diff --git a/pkg/provider/isolation_test.go b/pkg/provider/isolation_test.go index 91b79ac6f..ffd4bba33 100644 --- a/pkg/provider/isolation_test.go +++ b/pkg/provider/isolation_test.go @@ -218,6 +218,39 @@ func TestCPUIsolation(t *testing.T) { runtimeClassNameResult: true, loadBalancingResult: false, }, + { // Test Case #6 - Mem reqs/limit set, but no Cpu limits/reqs set. + testPod: &Pod{ + Containers: []*Container{ + { + Container: &corev1.Container{ + Resources: corev1.ResourceRequirements{ + Requests: corev1.ResourceList{ + "memory": resource.MustParse(validMemLimit), + }, + Limits: corev1.ResourceList{ + "memory": resource.MustParse(validMemLimit), + }, + }, + }, + }, + }, + Pod: &corev1.Pod{ + Spec: corev1.PodSpec{ + RuntimeClassName: &testClassName, + }, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "cpu-load-balancing.crio.io": "disable", + "irq-load-balancing.crio.io": "disable", + }, + }, + }, + }, + resourcesIdenticalResult: true, + wholeUnitsResult: false, + runtimeClassNameResult: true, + loadBalancingResult: true, + }, } for _, tc := range testCases { From 7dc8f40894230ed282959bdb99c6a4a1ad59f5d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Nov 2023 12:01:46 -0600 Subject: [PATCH 11/62] Bump ubi8/ubi from 8.8-1067.1698056881 to 8.9-1028 (#1633) Bumps ubi8/ubi from 8.8-1067.1698056881 to 8.9-1028. --- updated-dependencies: - dependency-name: ubi8/ubi dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 63c9ef3a2..26b014383 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi8/ubi:8.8-1067.1698056881 AS build +FROM registry.access.redhat.com/ubi8/ubi:8.9-1028 AS build ENV TNF_DIR=/usr/tnf ENV \ TNF_SRC_DIR=${TNF_DIR}/tnf-src \ From 85072051906f768dea45f8f1c88d57e2739cc3f6 Mon Sep 17 00:00:00 2001 From: jmontesi <100689165+jmontesi@users.noreply.github.com> Date: Thu, 16 Nov 2023 19:09:35 +0100 Subject: [PATCH 12/62] Bump github.com/test-network-function/oct from 0.0.3 to 0.0.4 (#1632) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 201cdade9..8806343ab 100644 --- a/go.mod +++ b/go.mod @@ -217,7 +217,7 @@ require ( github.com/openshift/machine-config-operator v0.0.1-0.20230515070935-49f32d46538e github.com/redhat-openshift-ecosystem/openshift-preflight v0.0.0-20231018165107-f04b78186455 github.com/robert-nix/ansihtml v1.0.1 - github.com/test-network-function/oct v0.0.3 + github.com/test-network-function/oct v0.0.4 github.com/test-network-function/privileged-daemonset v1.0.15 gopkg.in/yaml.v3 v3.0.1 gotest.tools/v3 v3.5.1 diff --git a/go.sum b/go.sum index 388ef03f4..894a4a6ed 100644 --- a/go.sum +++ b/go.sum @@ -573,8 +573,8 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= -github.com/test-network-function/oct v0.0.3 h1:jcVf+LVhN7FhKXjSqNUG1hsH6FrNwD9I/i6xowEZhB4= -github.com/test-network-function/oct v0.0.3/go.mod h1:Sz+lcJPXHge6VVs7bPtz9s0q8wcrMeQ4WA2PUGCyeok= +github.com/test-network-function/oct v0.0.4 h1:rU4kps/gbAHkR0rc5WzVtTOcJt/NBcse85RaG7WTuYw= +github.com/test-network-function/oct v0.0.4/go.mod h1:oOPuUMnX6YR+cl3usBJfwCllsv7Hphw9jVi7VtniAzo= github.com/test-network-function/privileged-daemonset v1.0.15 h1:Jgjf3sa4d9OuhZRTj3oLhaaGV7PtQLVeLK/LSd9YgdE= github.com/test-network-function/privileged-daemonset v1.0.15/go.mod h1:rDiFimleKbW2E501cNgHMYCrR52+w5Sg0a6trF2HZTo= github.com/test-network-function/test-network-function-claim v1.0.31 h1:Yqb9/8QPEEZO0LAIeuw65uPzDPnKSG8z/njpXAN2CJs= From fcdd8956367d9ff9034dba9e873276b59ea5c171 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Nov 2023 14:18:17 -0600 Subject: [PATCH 13/62] Bump ubi8/ubi-minimal from 8.8-1072.1697626218 to 8.9-1029 (#1634) Bumps ubi8/ubi-minimal from 8.8-1072.1697626218 to 8.9-1029. --- updated-dependencies: - dependency-name: ubi8/ubi-minimal dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 26b014383..3717de064 100644 --- a/Dockerfile +++ b/Dockerfile @@ -99,7 +99,7 @@ FROM quay.io/testnetworkfunction/oct:latest AS db # Copy the state into a new flattened image to reduce size. # TODO run as non-root -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8-1072.1697626218 +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9-1029 ENV \ TNF_DIR=/usr/tnf \ From 35637340ba1b52b2a976c26c6496973ac23b32dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 Nov 2023 00:05:05 +0200 Subject: [PATCH 14/62] Bump k8s.io/kubectl from 0.28.3 to 0.28.4 (#1636) Bumps [k8s.io/kubectl](https://github.com/kubernetes/kubectl) from 0.28.3 to 0.28.4. - [Commits](https://github.com/kubernetes/kubectl/compare/v0.28.3...v0.28.4) --- updated-dependencies: - dependency-name: k8s.io/kubectl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 8806343ab..b9560f678 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect ) -require k8s.io/client-go v0.28.3 +require k8s.io/client-go v0.28.4 require ( github.com/kelseyhightower/envconfig v1.4.0 @@ -25,8 +25,8 @@ require ( github.com/operator-framework/operator-lifecycle-manager v0.20.0 github.com/pkg/errors v0.9.1 // indirect helm.sh/helm/v3 v3.13.2 - k8s.io/api v0.28.3 - k8s.io/apimachinery v0.28.3 + k8s.io/api v0.28.4 + k8s.io/apimachinery v0.28.4 k8s.io/klog/v2 v2.100.1 // indirect ) @@ -183,8 +183,8 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect k8s.io/apiserver v0.28.3 // indirect - k8s.io/cli-runtime v0.28.3 // indirect - k8s.io/component-base v0.28.3 // indirect + k8s.io/cli-runtime v0.28.4 // indirect + k8s.io/component-base v0.28.4 // indirect k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect modernc.org/libc v1.22.5 // indirect @@ -221,7 +221,7 @@ require ( github.com/test-network-function/privileged-daemonset v1.0.15 gopkg.in/yaml.v3 v3.0.1 gotest.tools/v3 v3.5.1 - k8s.io/kubectl v0.28.3 + k8s.io/kubectl v0.28.4 ) replace github.com/redhat-openshift-ecosystem/openshift-preflight => github.com/redhat-openshift-ecosystem/openshift-preflight v0.0.0-20231018165107-f04b78186455 diff --git a/go.sum b/go.sum index 894a4a6ed..2062ba99f 100644 --- a/go.sum +++ b/go.sum @@ -1014,26 +1014,26 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM= -k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc= +k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY= +k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0= k8s.io/apiextensions-apiserver v0.28.3 h1:Od7DEnhXHnHPZG+W9I97/fSQkVpVPQx2diy+2EtmY08= k8s.io/apiextensions-apiserver v0.28.3/go.mod h1:NE1XJZ4On0hS11aWWJUTNkmVB03j9LM7gJSisbRt8Lc= -k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A= -k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8= +k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8= +k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg= k8s.io/apiserver v0.28.3 h1:8Ov47O1cMyeDzTXz0rwcfIIGAP/dP7L8rWbEljRcg5w= k8s.io/apiserver v0.28.3/go.mod h1:YIpM+9wngNAv8Ctt0rHG4vQuX/I5rvkEMtZtsxW2rNM= -k8s.io/cli-runtime v0.28.3 h1:lvuJYVkwCqHEvpS6KuTZsUVwPePFjBfSGvuaLl2SxzA= -k8s.io/cli-runtime v0.28.3/go.mod h1:jeX37ZPjIcENVuXDDTskG3+FnVuZms5D9omDXS/2Jjc= -k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4= -k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo= -k8s.io/component-base v0.28.3 h1:rDy68eHKxq/80RiMb2Ld/tbH8uAE75JdCqJyi6lXMzI= -k8s.io/component-base v0.28.3/go.mod h1:fDJ6vpVNSk6cRo5wmDa6eKIG7UlIQkaFmZN2fYgIUD8= +k8s.io/cli-runtime v0.28.4 h1:IW3aqSNFXiGDllJF4KVYM90YX4cXPGxuCxCVqCD8X+Q= +k8s.io/cli-runtime v0.28.4/go.mod h1:MLGRB7LWTIYyYR3d/DOgtUC8ihsAPA3P8K8FDNIqJ0k= +k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY= +k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4= +k8s.io/component-base v0.28.4 h1:c/iQLWPdUgI90O+T9TeECg8o7N3YJTiuz2sKxILYcYo= +k8s.io/component-base v0.28.4/go.mod h1:m9hR0uvqXDybiGL2nf/3Lf0MerAfQXzkfWhUY58JUbU= k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= -k8s.io/kubectl v0.28.3 h1:H1Peu1O3EbN9zHkJCcvhiJ4NUj6lb88sGPO5wrWIM6k= -k8s.io/kubectl v0.28.3/go.mod h1:RDAudrth/2wQ3Sg46fbKKl4/g+XImzvbsSRZdP2RiyE= +k8s.io/kubectl v0.28.4 h1:gWpUXW/T7aFne+rchYeHkyB8eVDl5UZce8G4X//kjUQ= +k8s.io/kubectl v0.28.4/go.mod h1:CKOccVx3l+3MmDbkXtIUtibq93nN2hkDR99XDCn7c/c= k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU= k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= modernc.org/libc v1.22.5 h1:91BNch/e5B0uPbJFgqbxXuOnxBQjlS//icfQEGmvyjE= From 5b34225ac1ef97e970c719524dc789b29fe74e7f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 17 Nov 2023 14:09:47 +0200 Subject: [PATCH 15/62] Update RHCOS to OCP version map (#1641) Co-authored-by: sebrandon1 --- .../platform/operatingsystem/files/rhcos_version_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map index c64275c91..2a777aa7c 100644 --- a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map +++ b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map @@ -222,6 +222,7 @@ 4.13.2 / 413.92.202305302312-0 4.13.21 / 413.92.202310210500-0 4.13.22 / 413.92.202311061658-0 +4.13.23 / 413.92.202311151359-0 4.13.3 / 413.92.202306070210-0 4.13.4 / 413.92.202306141213-0 4.13.5 / 413.92.202307140015-0 @@ -245,6 +246,7 @@ 4.14.0-rc.7 / 414.92.202310210434-0 4.14.1 / 414.92.202310270216-0 4.14.2 / 414.92.202311061957-0 +4.14.3 / 414.92.202311150705-0 4.4.0 / 44.81.202004260825-0 4.4.0-rc.0 / 44.81.202003110830-0 4.4.0-rc.1 / 44.81.202003130330-0 From 213b1b43a71b249c4adc465028bc1cdf57fac3b8 Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Fri, 17 Nov 2023 14:12:34 -0600 Subject: [PATCH 16/62] Re-enable QE PR checks (#1640) --- .github/workflows/qe-hosted.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/qe-hosted.yml b/.github/workflows/qe-hosted.yml index 85ad1d393..ae00fbdc4 100644 --- a/.github/workflows/qe-hosted.yml +++ b/.github/workflows/qe-hosted.yml @@ -1,8 +1,8 @@ name: QE Testing (Ubuntu-hosted) on: - # pull_request: - # branches: [ main ] + pull_request: + branches: [ main ] workflow_dispatch: # Schedule a daily cron at midnight UTC schedule: @@ -26,6 +26,7 @@ jobs: TEST_TNF_IMAGE_NAME: quay.io/testnetworkfunction/cnf-certification-test TEST_TNF_IMAGE_TAG: localtest DOCKER_CONFIG_DIR: '/home/runner/.docker/' + SKIP_PRELOAD_IMAGES: true steps: - name: Free Disk Space (Ubuntu) From 1ee56942fd9f46426e1e0db90f3b7cc00d8e0ba9 Mon Sep 17 00:00:00 2001 From: Shir Moran <101132224+shirmoran@users.noreply.github.com> Date: Mon, 20 Nov 2023 19:50:52 +0200 Subject: [PATCH 17/62] enable collector's sanity check (#1606) * enable collector's sanity check * added tmate session for testing * disable tmate session --- .github/workflows/pre-main.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pre-main.yaml b/.github/workflows/pre-main.yaml index 5b349cb4b..a9f0385f7 100644 --- a/.github/workflows/pre-main.yaml +++ b/.github/workflows/pre-main.yaml @@ -386,12 +386,12 @@ jobs: run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} - name: 'Test: Run Smoke Tests in a TNF container' - run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} TNF_ENABLE_DATA_COLLECTION=false ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} -l "${SMOKE_TESTS_GINKGO_LABELS_FILTER}" + run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} TNF_ENABLE_DATA_COLLECTION=true ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} -l "${SMOKE_TESTS_GINKGO_LABELS_FILTER}" - # - name: Run sanity check on collector - # uses: ./collector/.github/actions/run-sanity-check - # with: - # working_directory: collector + - name: Run sanity check on collector + uses: ./collector/.github/actions/run-sanity-check + with: + working_directory: collector - name: Upload container test results as an artifact uses: actions/upload-artifact@v3 From 8ed6607de48ff29e185dc530b7a565687e4d8982 Mon Sep 17 00:00:00 2001 From: David Elie-Dit-Cosaque <86730676+edcdavid@users.noreply.github.com> Date: Tue, 21 Nov 2023 08:40:20 -0600 Subject: [PATCH 18/62] Fix catalog links (#1650) --- CATALOG.md | 146 +++++++++--------- .../identifiers/doclinks.go | 146 +++++++++--------- .../identifiers/identifiers.go | 2 +- 3 files changed, 147 insertions(+), 147 deletions(-) diff --git a/CATALOG.md b/CATALOG.md index 96f3c9663..42d5b040e 100644 --- a/CATALOG.md +++ b/CATALOG.md @@ -76,7 +76,7 @@ Property|Description Unique ID|access-control-cluster-role-bindings Description|Tests that a Pod does not specify ClusterRoleBindings. Suggested Remediation|In most cases, Pod's should not have ClusterRoleBindings. The suggested remediation is to remove the need for ClusterRoleBindings, if possible. Cluster roles and cluster role bindings discouraged unless absolutely needed by CNF (often reserved for cluster admin only). -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-security-rbac +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-security-rbac Exception Process|Exception possible only for workloads that's cluster wide in nature and absolutely needs cluster level roles & role bindings Tags|telco,access-control |**Scenario**|**Optional/Mandatory**| @@ -92,7 +92,7 @@ Property|Description Unique ID|access-control-container-host-port Description|Verifies if containers define a hostPort. Suggested Remediation|Remove hostPort configuration from the container. CNF should avoid accessing host resources - containers should not configure HostPort. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-accessing-resource-on-host +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-avoid-accessing-resource-on-host Exception Process|Exception for host resource access tests will only be considered in rare cases where it is absolutely needed Tags|common,access-control |**Scenario**|**Optional/Mandatory**| @@ -108,7 +108,7 @@ Property|Description Unique ID|access-control-crd-roles Description|If an application creates CRDs it must supply a role to access those CRDs and no other API resources/permission. This test checks that there is at least one role present in each namespaces under test that only refers to CRDs under test. Suggested Remediation|Roles providing access to CRDs should not refer to any other api or resources. Change the generation of the CRD role accordingly -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-custom-role-to-access-application-crds +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide-guide/#cnf-best-practices-custom-role-to-access-application-crds Exception Process|No exception needed for optional/extended tests. Tags|extended,access-control |**Scenario**|**Optional/Mandatory**| @@ -124,7 +124,7 @@ Property|Description Unique ID|access-control-ipc-lock-capability-check Description|Ensures that containers do not use IPC_LOCK capability. CNF should avoid accessing host resources - spec.HostIpc should be false. Suggested Remediation|Exception possible if CNF uses mlock(), mlockall(), shmctl(), mmap(); exception will be considered for DPDK applications. Must identify which container requires the capability and detail why. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipc_lock +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-ipc_lock Exception Process|Exception possible if CNF uses mlock(), mlockall(), shmctl(), mmap(); exception will be considered for DPDK applications. Must identify which container requires the capability and detail why. Tags|telco,access-control |**Scenario**|**Optional/Mandatory**| @@ -140,7 +140,7 @@ Property|Description Unique ID|access-control-namespace Description|Tests that all CNF's resources (PUTs and CRs) belong to valid namespaces. A valid namespace meets the following conditions: (1) It was declared in the yaml config file under the targetNameSpaces tag. (2) It does not have any of the following prefixes: default, openshift-, istio- and aspenmesh- Suggested Remediation|Ensure that your CNF utilizes namespaces declared in the yaml config file. Additionally, the namespaces should not start with "default, openshift-, istio- or aspenmesh-". -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requirements-cnf-reqs +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-requirements-cnf-reqs Exception Process|No exceptions Tags|common,access-control |**Scenario**|**Optional/Mandatory**| @@ -156,7 +156,7 @@ Property|Description Unique ID|access-control-namespace-resource-quota Description|Checks to see if CNF workload pods are running in namespaces that have resource quotas applied. Suggested Remediation|Apply a ResourceQuota to the namespace your CNF is running in. The CNF namespace should have resource quota defined. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-memory-allocation +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-memory-allocation Exception Process|No exception needed for optional/extended tests. Tags|extended,access-control |**Scenario**|**Optional/Mandatory**| @@ -172,7 +172,7 @@ Property|Description Unique ID|access-control-net-admin-capability-check Description|Ensures that containers do not use NET_ADMIN capability. Note: this test also ensures iptables and nftables are not configured by CNF pods: - NET_ADMIN and NET_RAW are required to modify nftables (namespaced) which is not desired inside pods. nftables should be configured by an administrator outside the scope of the CNF. nftables are usually configured by operators, for instance the Performance Addon Operator (PAO) or istio. - Privileged container are required to modify host iptables, which is not safe to perform inside pods. nftables should be configured by an administrator outside the scope of the CNF. iptables are usually configured by operators, for instance the Performance Addon Operator (PAO) or istio. Suggested Remediation|Exception possible if CNF uses mlock(), mlockall(), shmctl(), mmap(); exception will be considered for DPDK applications. Must identify which container requires the capability and detail why. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-net_admin +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-net_admin Exception Process|Exception will be considered for user plane or networking functions (e.g. SR-IOV, Multicast). Must identify which container requires the capability and detail why. Tags|telco,access-control |**Scenario**|**Optional/Mandatory**| @@ -188,7 +188,7 @@ Property|Description Unique ID|access-control-net-raw-capability-check Description|Ensures that containers do not use NET_RAW capability. Note: this test also ensures iptables and nftables are not configured by CNF pods: - NET_ADMIN and NET_RAW are required to modify nftables (namespaced) which is not desired inside pods. nftables should be configured by an administrator outside the scope of the CNF. nftables are usually configured by operators, for instance the Performance Addon Operator (PAO) or istio. - Privileged container are required to modify host iptables, which is not safe to perform inside pods. nftables should be configured by an administrator outside the scope of the CNF. iptables are usually configured by operators, for instance the Performance Addon Operator (PAO) or istio. Suggested Remediation|Exception possible if CNF uses mlock(), mlockall(), shmctl(), mmap(); exception will be considered for DPDK applications. Must identify which container requires the capability and detail why. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-user-plane-cnfs +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-user-plane-cnfs Exception Process|Exception will be considered for user plane or networking functions. Must identify which container requires the capability and detail why. Tags|telco,access-control |**Scenario**|**Optional/Mandatory**| @@ -220,7 +220,7 @@ Property|Description Unique ID|access-control-one-process-per-container Description|Check that all containers under test have only one process running Suggested Remediation|Launch only one process per container. Should adhere to 1 process per container best practice wherever possible. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-one-process-per-container +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-one-process-per-container Exception Process|No exception needed for optional/extended tests. Not applicable to SNO applications. Tags|common,access-control |**Scenario**|**Optional/Mandatory**| @@ -236,7 +236,7 @@ Property|Description Unique ID|access-control-pod-automount-service-account-token Description|Check that all pods under test have automountServiceAccountToken set to false. Only pods that require access to the kubernetes API server should have automountServiceAccountToken set to true Suggested Remediation|Check that pod has automountServiceAccountToken set to false or pod is attached to service account which has automountServiceAccountToken set to false, unless the pod needs access to the kubernetes API server. Pods which do not need API access should set automountServiceAccountToken to false in pod spec. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-automount-services-for-pods +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-automount-services-for-pods Exception Process|Exception will be considered if container needs to access APIs which OCP does not offer natively. Must document which container requires which API(s) and detail why existing OCP APIs cannot be used. Tags|telco,access-control |**Scenario**|**Optional/Mandatory**| @@ -252,7 +252,7 @@ Property|Description Unique ID|access-control-pod-host-ipc Description|Verifies that the spec.HostIpc parameter is set to false Suggested Remediation|Set the spec.HostIpc parameter to false in the pod configuration. CNF should avoid accessing host resources - spec.HostIpc should be false. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security Exception Process|Exception for host resource access tests will only be considered in rare cases where it is absolutely needed Tags|common,access-control |**Scenario**|**Optional/Mandatory**| @@ -268,7 +268,7 @@ Property|Description Unique ID|access-control-pod-host-network Description|Verifies that the spec.HostNetwork parameter is not set (not present) Suggested Remediation|Set the spec.HostNetwork parameter to false in the pod configuration. CNF should avoid accessing host resources - spec.HostNetwork should be false. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-the-host-network-namespace +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-avoid-the-host-network-namespace Exception Process|Exception for host resource access tests will only be considered in rare cases where it is absolutely needed Tags|common,access-control |**Scenario**|**Optional/Mandatory**| @@ -284,7 +284,7 @@ Property|Description Unique ID|access-control-pod-host-path Description|Verifies that the spec.HostPath parameter is not set (not present) Suggested Remediation|Set the spec.HostPath parameter to false in the pod configuration. CNF should avoid accessing host resources - spec.HostPath should be false. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security Exception Process|Exception for host resource access tests will only be considered in rare cases where it is absolutely needed Tags|common,access-control |**Scenario**|**Optional/Mandatory**| @@ -300,7 +300,7 @@ Property|Description Unique ID|access-control-pod-host-pid Description|Verifies that the spec.HostPid parameter is set to false Suggested Remediation|Set the spec.HostPid parameter to false in the pod configuration. CNF should avoid accessing host resources - spec.HostPid should be false. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security Exception Process|Exception for host resource access tests will only be considered in rare cases where it is absolutely needed Tags|common,access-control |**Scenario**|**Optional/Mandatory**| @@ -316,7 +316,7 @@ Property|Description Unique ID|access-control-pod-role-bindings Description|Ensures that a CNF does not utilize RoleBinding(s) in a non-CNF Namespace. Suggested Remediation|Ensure the CNF is not configured to use RoleBinding(s) in a non-CNF Namespace. Scope of role must <= scope of creator of role. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-security-rbac +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-security-rbac Exception Process|No exceptions Tags|common,access-control |**Scenario**|**Optional/Mandatory**| @@ -332,7 +332,7 @@ Property|Description Unique ID|access-control-pod-service-account Description|Tests that each CNF Pod utilizes a valid Service Account. Default or empty service account is not valid. Suggested Remediation|Ensure that the each CNF Pod is configured to use a valid Service Account -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-scc-permissions-for-an-application +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-scc-permissions-for-an-application Exception Process|No exceptions Tags|common,access-control |**Scenario**|**Optional/Mandatory**| @@ -348,7 +348,7 @@ Property|Description Unique ID|access-control-requests-and-limits Description|Check that containers have resource requests and limits specified in their spec. Suggested Remediation|Add requests and limits to your container spec. See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requests/limits +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-requests/limits Exception Process|There is no documented exception process for this. Tags|telco,access-control |**Scenario**|**Optional/Mandatory**| @@ -364,7 +364,7 @@ Property|Description Unique ID|access-control-security-context Description|Checks the security context matches one of the 4 categories Suggested Remediation|Exception possible if CNF uses mlock(), mlockall(), shmctl(), mmap(); exception will be considered for DPDK applications. Must identify which container requires the capability and document why. If the container had the right configuration of the allowed category from the 4 approved list then the test will pass. The 4 categories are defined in Requirement ID 94118 of the Extended Best Practices guide (private repo) -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security Exception Process|no exception needed for optional/extended test Tags|extended,access-control |**Scenario**|**Optional/Mandatory**| @@ -380,7 +380,7 @@ Property|Description Unique ID|access-control-security-context-non-root-user-check Description|Checks the security context runAsUser parameter in pods and containers to make sure it is not set to uid root(0). Pods and containers should not run as root (runAsUser is not set to uid0). Suggested Remediation|Change the pod and containers "runAsUser" uid to something other than root(0) -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security Exception Process|No exceptions - will only be considered under special circumstances. Must identify which container needs access and document why with details. Tags|common,access-control |**Scenario**|**Optional/Mandatory**| @@ -396,7 +396,7 @@ Property|Description Unique ID|access-control-security-context-privilege-escalation Description|Checks if privileged escalation is enabled (AllowPrivilegeEscalation=true). Suggested Remediation|Configure privilege escalation to false. Privileged escalation should not be allowed (AllowPrivilegeEscalation=false). -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security Exception Process|No exceptions Tags|common,access-control |**Scenario**|**Optional/Mandatory**| @@ -412,7 +412,7 @@ Property|Description Unique ID|access-control-service-type Description|Tests that each CNF Service does not utilize NodePort(s). Suggested Remediation|Ensure Services are not configured to use NodePort(s).CNF should avoid accessing host resources - tests that each CNF Service does not utilize NodePort(s). -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-the-host-network-namespace +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-avoid-the-host-network-namespace Exception Process|Exception for host resource access tests will only be considered in rare cases where it is absolutely needed Tags|common,access-control |**Scenario**|**Optional/Mandatory**| @@ -428,7 +428,7 @@ Property|Description Unique ID|access-control-ssh-daemons Description|Check that pods do not run SSH daemons. Suggested Remediation|Ensure that no SSH daemons are running inside a pod. Pods should not run as SSH Daemons (replicaset or statefulset only). -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-interaction/configuration +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-pod-interaction/configuration Exception Process|No exceptions - special consideration can be given to certain containers which run as utility tool daemon Tags|telco,access-control |**Scenario**|**Optional/Mandatory**| @@ -444,7 +444,7 @@ Property|Description Unique ID|access-control-sys-admin-capability-check Description|Ensures that containers do not use SYS_ADMIN capability Suggested Remediation|Exception possible if CNF uses mlock(), mlockall(), shmctl(), mmap(); exception will be considered for DPDK applications. Must identify which container requires the capability and detail why. Containers should not use the SYS_ADMIN Linux capability. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-sys_admin +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-avoid-sys_admin Exception Process|No exceptions Tags|common,access-control |**Scenario**|**Optional/Mandatory**| @@ -460,7 +460,7 @@ Property|Description Unique ID|access-control-sys-nice-realtime-capability Description|Check that pods running on nodes with realtime kernel enabled have the SYS_NICE capability enabled in their spec. In the case that a CNF is running on a node using the real-time kernel, SYS_NICE will be used to allow DPDK application to switch to SCHED_FIFO. Suggested Remediation|If pods are scheduled to realtime kernel nodes, they must add SYS_NICE capability to their spec. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-sys_nice +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-sys_nice Exception Process|There is no documented exception process for this. Tags|telco,access-control |**Scenario**|**Optional/Mandatory**| @@ -476,7 +476,7 @@ Property|Description Unique ID|access-control-sys-ptrace-capability Description|Check that if process namespace sharing is enabled for a Pod then the SYS_PTRACE capability is allowed. This capability is required when using Process Namespace Sharing. This is used when processes from one Container need to be exposed to another Container. For example, to send signals like SIGHUP from a process in a Container to another process in another Container. For more information on these capabilities refer to https://cloud.redhat.com/blog/linux-capabilities-in-openshift and https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ Suggested Remediation|Allow the SYS_PTRACE capability when enabling process namespace sharing for a Pod -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-sys_ptrace +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-sys_ptrace Exception Process|There is no documented exception process for this. Tags|telco,access-control |**Scenario**|**Optional/Mandatory**| @@ -510,7 +510,7 @@ Property|Description Unique ID|affiliated-certification-helm-version Description|Test to check if the helm chart is v3 Suggested Remediation|Check Helm Chart is v3 and not v2 which is not supported due to security risks associated with Tiller. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-helm +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-helm Exception Process|There is no documented exception process for this. Tags|common,affiliated-certification |**Scenario**|**Optional/Mandatory**| @@ -542,7 +542,7 @@ Property|Description Unique ID|affiliated-certification-operator-is-certified Description|Tests whether CNF Operators listed in the configuration file have passed the Red Hat Operator Certification Program (OCP). Suggested Remediation|Ensure that your Operator has passed Red Hat's Operator Certification Program (OCP). -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements Exception Process|There is no documented exception process for this.Partner can run CNF Certification test suite before passing other certifications (Container/Operator/HelmChart) but the affiliated certification test cases in CNF Certification test suite must be re-run once the other certifications have been granted. Tags|common,affiliated-certification |**Scenario**|**Optional/Mandatory**| @@ -560,7 +560,7 @@ Property|Description Unique ID|lifecycle-affinity-required-pods Description|Checks that affinity rules are in place if AffinityRequired: 'true' labels are set on Pods. Suggested Remediation|Pods which need to be co-located on the same node need Affinity rules. If a pod/statefulset/deployment is required to use affinity rules, please add AffinityRequired: 'true' as a label. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations Exception Process|There is no documented exception process for this. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -576,7 +576,7 @@ Property|Description Unique ID|lifecycle-container-shutdown Description|Ensure that the containers lifecycle preStop management feature is configured. The most basic requirement for the lifecycle management of Pods in OpenShift are the ability to start and stop correctly. There are different ways a pod can stop on an OpenShift cluster. One way is that the pod can remain alive but non-functional. Another way is that the pod can crash and become non-functional. When pods are shut down by the platform they are sent a SIGTERM signal which means that the process in the container should start shutting down, closing connections and stopping all activity. If the pod doesn’t shut down within the default 30 seconds then the platform may send a SIGKILL signal which will stop the pod immediately. This method isn’t as clean and the default time between the SIGTERM and SIGKILL messages can be modified based on the requirements of the application. Containers should respond to SIGTERM/SIGKILL with graceful shutdown. Suggested Remediation|The preStop can be used to gracefully stop the container and clean resources (e.g., DB connection). For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. All pods must respond to SIGTERM signal and shutdown gracefully with a zero exit code. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cloud-native-design-best-practices Exception Process|Identify which pod is not conforming to the process and submit information as to why it cannot use a preStop shutdown specification. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -592,7 +592,7 @@ Property|Description Unique ID|lifecycle-container-startup Description|Ensure that the containers lifecycle postStart management feature is configured. A container must receive important events from the platform and conform/react to these events properly. For example, a container should catch SIGTERM or SIGKILL from the platform and shutdown as quickly as possible. Other typically important events from the platform are PostStart to initialize before servicing requests and PreStop to release resources cleanly before shutting down. Suggested Remediation|PostStart is normally used to configure the container, set up dependencies, and record the new creation. You could use this event to check that a required API is available before the container’s main work begins. Kubernetes will not change the container’s state to Running until the PostStart script has executed successfully. For details, see https://www.containiq.com/post/kubernetes-container-lifecycle-events-and-hooks and https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks. PostStart is used to configure container, set up dependencies, record new creation. It can also be used to check that a required API is available before the container’s work begins. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cloud-native-design-best-practices Exception Process|Identify which pod is not conforming to the process and submit information as to why it cannot use a postStart startup specification. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -608,7 +608,7 @@ Property|Description Unique ID|lifecycle-cpu-isolation Description|CPU isolation requires: For each container within the pod, resource requests and limits must be identical. If cpu requests and limits are not identical and in whole units (Guaranteed pods with exclusive cpus), your pods will not be tested for compliance. The runTimeClassName must be specified. Annotations required disabling CPU and IRQ load-balancing. Suggested Remediation|CPU isolation testing is enabled. Please ensure that all pods adhere to the CPU isolation requirements. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cpu-isolation +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cpu-isolation Exception Process|There is no documented exception process for this. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -624,7 +624,7 @@ Property|Description Unique ID|lifecycle-crd-scaling Description|Tests that CNF crd support scale in/out operations. First, the test starts getting the current replicaCount (N) of the crd/s with the Pod Under Test. Then, it executes the scale-in oc command for (N-1) replicas. Lastly, it executes the scale-out oc command, restoring the original replicaCount of the crd/s. In case of crd that are managed by HPA the test is changing the min and max value to crd Replica - 1 during scale-in and the original replicaCount again for both min/max during the scale-out stage. Lastly its restoring the original min/max replica of the crd/s Suggested Remediation|Ensure CNF crd/replica sets can scale in/out successfully. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations Exception Process|There is no documented exception process for this. Not applicable to SNO applications. Tags|common,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -640,7 +640,7 @@ Property|Description Unique ID|lifecycle-deployment-scaling Description|Tests that CNF deployments support scale in/out operations. First, the test starts getting the current replicaCount (N) of the deployment/s with the Pod Under Test. Then, it executes the scale-in oc command for (N-1) replicas. Lastly, it executes the scale-out oc command, restoring the original replicaCount of the deployment/s. In case of deployments that are managed by HPA the test is changing the min and max value to deployment Replica - 1 during scale-in and the original replicaCount again for both min/max during the scale-out stage. Lastly its restoring the original min/max replica of the deployment/s Suggested Remediation|Ensure CNF deployments/replica sets can scale in/out successfully. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations Exception Process|There is no documented exception process for this. Not applicable to SNO applications. Tags|common,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -656,7 +656,7 @@ Property|Description Unique ID|lifecycle-image-pull-policy Description|Ensure that the containers under test are using IfNotPresent as Image Pull Policy. If there is a situation where the container dies and needs to be restarted, the image pull policy becomes important. PullIfNotPresent is recommended so that a loss of image registry access does not prevent the pod from restarting. Suggested Remediation|Ensure that the containers under test are using IfNotPresent as Image Pull Policy. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-use-imagepullpolicy-if-not-present +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-use-imagepullpolicy-if-not-present Exception Process|There is no documented exception process for this. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -672,7 +672,7 @@ Property|Description Unique ID|lifecycle-liveness-probe Description|Check that all containers under test have liveness probe defined. The most basic requirement for the lifecycle management of Pods in OpenShift are the ability to start and stop correctly. When starting up, health probes like liveness and readiness checks can be put into place to ensure the application is functioning properly. Suggested Remediation|Add a liveness probe to deployed containers. CNFs shall self-recover from common failures like pod failure, host failure, and network failure. Kubernetes native mechanisms such as health-checks (Liveness, Readiness and Startup Probes) shall be employed at a minimum. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations Exception Process|There is no documented exception process for this. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -688,7 +688,7 @@ Property|Description Unique ID|lifecycle-persistent-volume-reclaim-policy Description|Check that the persistent volumes the CNF pods are using have a reclaim policy of delete. Network Functions should clear persistent storage by deleting their PVs when removing their application from a cluster. Suggested Remediation|Ensure that all persistent volumes are using the reclaim policy: delete -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-csi +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-csi Exception Process|There is no documented exception process for this. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -704,7 +704,7 @@ Property|Description Unique ID|lifecycle-pod-high-availability Description|Ensures that CNF Pods specify podAntiAffinity rules and replica value is set to more than 1. Suggested Remediation|In high availability cases, Pod podAntiAffinity rule should be specified for pod scheduling and pod replica value is set to more than 1 . -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations Exception Process|There is no documented exception process for this. Not applicable to SNO applications. Tags|common,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -720,7 +720,7 @@ Property|Description Unique ID|lifecycle-pod-owner-type Description|Tests that CNF Pod(s) are deployed as part of a ReplicaSet(s)/StatefulSet(s). Suggested Remediation|Deploy the CNF using ReplicaSet/StatefulSet. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-no-naked-pods +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-no-naked-pods Exception Process|There is no documented exception process for this. Pods should not be deployed as DaemonSet or naked pods. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -736,7 +736,7 @@ Property|Description Unique ID|lifecycle-pod-recreation Description|Tests that a CNF is configured to support High Availability. First, this test cordons and drains a Node that hosts the CNF Pod. Next, the test ensures that OpenShift can re-instantiate the Pod on another Node, and that the actual replica count matches the desired replica count. Suggested Remediation|Ensure that CNF Pod(s) utilize a configuration that supports High Availability. Additionally, ensure that there are available Nodes in the OpenShift cluster that can be utilized in the event that a host Node fails. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-upgrade-expectations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-upgrade-expectations Exception Process|No exceptions - workloads should be able to be restarted/recreated. Tags|common,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -752,7 +752,7 @@ Property|Description Unique ID|lifecycle-pod-scheduling Description|Ensures that CNF Pods do not specify nodeSelector or nodeAffinity. In most cases, Pods should allow for instantiation on any underlying Node. CNFs shall not use node selectors nor taints/tolerations to assign pod location. Suggested Remediation|In most cases, Pod's should not specify their host Nodes through nodeSelector or nodeAffinity. However, there are cases in which CNFs require specialized hardware specific to a particular class of Node. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations Exception Process|Exception will only be considered if application requires specialized hardware. Must specify which container requires special hardware and why. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -768,7 +768,7 @@ Property|Description Unique ID|lifecycle-pod-toleration-bypass Description|Check that pods do not have NoExecute, PreferNoSchedule, or NoSchedule tolerations that have been modified from the default. Suggested Remediation|Do not allow pods to bypass the NoExecute, PreferNoSchedule, or NoSchedule tolerations that are default applied by Kubernetes. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-taints-and-tolerations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-taints-and-tolerations Exception Process|There is no documented exception process for this. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -784,7 +784,7 @@ Property|Description Unique ID|lifecycle-readiness-probe Description|Check that all containers under test have readiness probe defined. There are different ways a pod can stop on on OpenShift cluster. One way is that the pod can remain alive but non-functional. Another way is that the pod can crash and become non-functional. In the first case, if the administrator has implemented liveness and readiness checks, OpenShift can stop the pod and either restart it on the same node or a different node in the cluster. For the second case, when the application in the pod stops, it should exit with a code and write suitable log entries to help the administrator diagnose what the issue was that caused the problem. Suggested Remediation|Add a readiness probe to deployed containers -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations Exception Process|There is no documented exception process for this. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -800,7 +800,7 @@ Property|Description Unique ID|lifecycle-startup-probe Description|Check that all containers under test have startup probe defined. CNFs shall self-recover from common failures like pod failure, host failure, and network failure. Kubernetes native mechanisms such as health-checks (Liveness, Readiness and Startup Probes) shall be employed at a minimum. Suggested Remediation|Add a startup probe to deployed containers -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-exit-status +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-pod-exit-status Exception Process|There is no documented exception process for this. Tags|telco,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -816,7 +816,7 @@ Property|Description Unique ID|lifecycle-statefulset-scaling Description|Tests that CNF statefulsets support scale in/out operations. First, the test starts getting the current replicaCount (N) of the statefulset/s with the Pod Under Test. Then, it executes the scale-in oc command for (N-1) replicas. Lastly, it executes the scale-out oc command, restoring the original replicaCount of the statefulset/s. In case of statefulsets that are managed by HPA the test is changing the min and max value to statefulset Replica - 1 during scale-in and the original replicaCount again for both min/max during the scale-out stage. Lastly its restoring the original min/max replica of the statefulset/s Suggested Remediation|Ensure CNF statefulsets/replica sets can scale in/out successfully. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations Exception Process|There is no documented exception process for this. Not applicable to SNO applications. Tags|common,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -832,7 +832,7 @@ Property|Description Unique ID|lifecycle-storage-provisioner Description|Checks that pods do not place persistent volumes on local storage in multinode clusters. Local storage is recommended for single node clusters, but only one type of local storage should be installed (lvms or noprovisioner). Suggested Remediation|Use a non-local storage (e.g. no kubernetes.io/no-provisioner and no topolvm.io provisioners) in multinode clusters. Local storage are recommended for single node clusters only, but a single local provisioner should be installed. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-local-storage +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-local-storage Exception Process|No exceptions Tags|common,lifecycle |**Scenario**|**Optional/Mandatory**| @@ -850,7 +850,7 @@ Property|Description Unique ID|manageability-container-port-name-format Description|Check that the container's ports name follow the naming conventions. Name field in ContainerPort section must be of form `[-]`. More naming convention requirements may be released in future Suggested Remediation|Ensure that the container's ports name follow our partner naming conventions -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requirements-cnf-reqs +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-requirements-cnf-reqs Exception Process|No exception needed for optional/extended tests. Tags|extended,manageability |**Scenario**|**Optional/Mandatory**| @@ -866,7 +866,7 @@ Property|Description Unique ID|manageability-containers-image-tag Description|Check that image tag exists on containers. Suggested Remediation|Ensure that all the container images are tagged. Checks containers have image tags (e.g. latest, stable, dev). -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-image-tagging +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-image-tagging Exception Process|No exception needed for optional/extended tests. Tags|extended,manageability |**Scenario**|**Optional/Mandatory**| @@ -884,7 +884,7 @@ Property|Description Unique ID|networking-dpdk-cpu-pinning-exec-probe Description|If a CNF is doing CPU pinning, exec probes may not be used. Suggested Remediation|If the CNF is doing CPU pinning and running a DPDK process do not use exec probes (executing a command within the container) as it may pile up and block the node eventually. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cpu-manager-pinning +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cpu-manager-pinning Exception Process|There is no documented exception process for this. Tags|telco,networking |**Scenario**|**Optional/Mandatory**| @@ -900,7 +900,7 @@ Property|Description Unique ID|networking-dual-stack-service Description|Checks that all services in namespaces under test are either ipv6 single stack or dual stack. This test case requires the deployment of the debug daemonset. Suggested Remediation|Configure every CNF services with either a single stack ipv6 or dual stack (ipv4/ipv6) load balancer. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipv4-&-ipv6 +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-ipv4-&-ipv6 Exception Process|No exception needed for optional/extended tests. Tags|extended,networking |**Scenario**|**Optional/Mandatory**| @@ -916,7 +916,7 @@ Property|Description Unique ID|networking-icmpv4-connectivity Description|Checks that each CNF Container is able to communicate via ICMPv4 on the Default OpenShift network. This test case requires the Deployment of the debug daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped. Suggested Remediation|Ensure that the CNF is able to communicate via the Default OpenShift network. In some rare cases, CNFs may require routing table changes in order to communicate over the Default network. To exclude a particular pod from ICMPv4 connectivity tests, add the test-network-function.com/skip_connectivity_tests label to it. The label value is trivial, only its presence. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipv4-&-ipv6 +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-ipv4-&-ipv6 Exception Process|No exceptions - must be able to communicate on default network using IPv4 Tags|common,networking |**Scenario**|**Optional/Mandatory**| @@ -932,7 +932,7 @@ Property|Description Unique ID|networking-icmpv4-connectivity-multus Description|Checks that each CNF Container is able to communicate via ICMPv4 on the Multus network(s). This test case requires the Deployment of the debug daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped. Suggested Remediation|Ensure that the CNF is able to communicate via the Multus network(s). In some rare cases, CNFs may require routing table changes in order to communicate over the Multus network(s). To exclude a particular pod from ICMPv4 connectivity tests, add the test-network-function.com/skip_connectivity_tests label to it. The label value is trivial, only its presence. Not applicable if MULTUS is not supported. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations Exception Process|There is no documented exception process for this. Tags|telco,networking |**Scenario**|**Optional/Mandatory**| @@ -948,7 +948,7 @@ Property|Description Unique ID|networking-icmpv6-connectivity Description|Checks that each CNF Container is able to communicate via ICMPv6 on the Default OpenShift network. This test case requires the Deployment of the debug daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped. Suggested Remediation|Ensure that the CNF is able to communicate via the Default OpenShift network. In some rare cases, CNFs may require routing table changes in order to communicate over the Default network. To exclude a particular pod from ICMPv6 connectivity tests, add the test-network-function.com/skip_connectivity_tests label to it. The label value is trivial, only its presence. Not applicable if IPv6 is not supported. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipv4-&-ipv6 +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-ipv4-&-ipv6 Exception Process|There is no documented exception process for this. Tags|common,networking |**Scenario**|**Optional/Mandatory**| @@ -964,7 +964,7 @@ Property|Description Unique ID|networking-icmpv6-connectivity-multus Description|Checks that each CNF Container is able to communicate via ICMPv6 on the Multus network(s). This test case requires the Deployment of the debug daemonset and at least 2 pods connected to each network under test(one source and one destination). If no network with more than 2 pods exists this test will be skipped. Suggested Remediation|Ensure that the CNF is able to communicate via the Multus network(s). In some rare cases, CNFs may require routing table changes in order to communicate over the Multus network(s). To exclude a particular pod from ICMPv6 connectivity tests, add the test-network-function.com/skip_connectivity_tests label to it.The label value is trivial, only its presence. Not applicable if IPv6/MULTUS is not supported. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations Exception Process|There is no documented exception process for this. Tags|telco,networking |**Scenario**|**Optional/Mandatory**| @@ -980,7 +980,7 @@ Property|Description Unique ID|networking-network-policy-deny-all Description|Check that network policies attached to namespaces running CNF pods contain a default deny-all rule for both ingress and egress traffic Suggested Remediation|Ensure that a NetworkPolicy with a default deny-all is applied. After the default is applied, apply a network policy to allow the traffic your application requires. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-vrfs-aka-routing-instances +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-vrfs-aka-routing-instances Exception Process|No exception needed for optional/extended tests. Tags|common,networking |**Scenario**|**Optional/Mandatory**| @@ -996,7 +996,7 @@ Property|Description Unique ID|networking-ocp-reserved-ports-usage Description|Check that containers do not listen on ports that are reserved by OpenShift Suggested Remediation|Ensure that CNF apps do not listen on ports that are reserved by OpenShift. The following ports are reserved by OpenShift and must NOT be used by any application: 22623, 22624. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ports-reserved-by-openshift +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-ports-reserved-by-openshift Exception Process|No exceptions Tags|common,networking |**Scenario**|**Optional/Mandatory**| @@ -1044,7 +1044,7 @@ Property|Description Unique ID|networking-undeclared-container-ports-usage Description|Check that containers do not listen on ports that weren't declared in their specification. Platforms may be configured to block undeclared ports. Suggested Remediation|Ensure the CNF apps do not listen on undeclared containers' ports. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requirements-cnf-reqs +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-requirements-cnf-reqs Exception Process|No exception needed for optional/extended tests. Tags|extended,networking |**Scenario**|**Optional/Mandatory**| @@ -1062,7 +1062,7 @@ Property|Description Unique ID|observability-container-logging Description|Check that all containers under test use standard input output and standard error when logging. A container must provide APIs for the platform to observe the container health and act accordingly. These APIs include health checks (liveness and readiness), logging to stderr and stdout for log aggregation (by tools such as Logstash or Filebeat), and integrate with tracing and metrics-gathering libraries (such as Prometheus or Metricbeat). Suggested Remediation|Ensure containers are not redirecting stdout/stderr -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-logging +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-logging Exception Process|There is no documented exception process for this. Tags|telco,observability |**Scenario**|**Optional/Mandatory**| @@ -1078,7 +1078,7 @@ Property|Description Unique ID|observability-crd-status Description|Checks that all CRDs have a status sub-resource specification (Spec.versions[].Schema.OpenAPIV3Schema.Properties[“status”]). Suggested Remediation|Ensure that all the CRDs have a meaningful status specification (Spec.versions[].Schema.OpenAPIV3Schema.Properties[“status”]). -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements Exception Process|No exceptions Tags|common,observability |**Scenario**|**Optional/Mandatory**| @@ -1094,7 +1094,7 @@ Property|Description Unique ID|observability-pod-disruption-budget Description|Checks to see if pod disruption budgets have allowed values for minAvailable and maxUnavailable Suggested Remediation|Ensure minAvailable is not zero and maxUnavailable does not equal the number of pods in the replica -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-upgrade-expectations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-upgrade-expectations Exception Process|No exceptions Tags|common,observability |**Scenario**|**Optional/Mandatory**| @@ -1110,7 +1110,7 @@ Property|Description Unique ID|observability-termination-policy Description|Check that all containers are using terminationMessagePolicy: FallbackToLogsOnError. There are different ways a pod can stop on an OpenShift cluster. One way is that the pod can remain alive but non-functional. Another way is that the pod can crash and become non-functional. In the first case, if the administrator has implemented liveness and readiness checks, OpenShift can stop the pod and either restart it on the same node or a different node in the cluster. For the second case, when the application in the pod stops, it should exit with a code and write suitable log entries to help the administrator diagnose what the issue was that caused the problem. Suggested Remediation|Ensure containers are all using FallbackToLogsOnError in terminationMessagePolicy -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-exit-status +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-pod-exit-status Exception Process|There is no documented exception process for this. Tags|telco,observability |**Scenario**|**Optional/Mandatory**| @@ -1128,7 +1128,7 @@ Property|Description Unique ID|operator-install-source Description|Tests whether a CNF Operator is installed via OLM. Suggested Remediation|Ensure that your Operator is installed via OLM. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements Exception Process|No exceptions Tags|common,operator |**Scenario**|**Optional/Mandatory**| @@ -1144,7 +1144,7 @@ Property|Description Unique ID|operator-install-status-no-privileges Description|The operator is not installed with privileged rights. Test passes if clusterPermissions is not present in the CSV manifest or is present with no resourceNames under its rules. Suggested Remediation|Ensure all the CNF operators have no privileges on cluster resources. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements Exception Process|No exceptions Tags|common,operator |**Scenario**|**Optional/Mandatory**| @@ -1160,7 +1160,7 @@ Property|Description Unique ID|operator-install-status-succeeded Description|Ensures that the target CNF operators report "Succeeded" as their installation status. Suggested Remediation|Ensure all the CNF operators have been successfully installed by OLM. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements Exception Process|No exceptions Tags|common,operator |**Scenario**|**Optional/Mandatory**| @@ -1276,7 +1276,7 @@ Property|Description Unique ID|platform-alteration-base-image Description|Ensures that the Container Base Image is not altered post-startup. This test is a heuristic, and ensures that there are no changes to the following directories: 1) /var/lib/rpm 2) /var/lib/dpkg 3) /bin 4) /sbin 5) /lib 6) /lib64 7) /usr/bin 8) /usr/sbin 9) /usr/lib 10) /usr/lib64 Suggested Remediation|Ensure that Container applications do not modify the Container Base Image. In particular, ensure that the following directories are not modified: 1) /var/lib/rpm 2) /var/lib/dpkg 3) /bin 4) /sbin 5) /lib 6) /lib64 7) /usr/bin 8) /usr/sbin 9) /usr/lib 10) /usr/lib64 Ensure that all required binaries are built directly into the container image, and are not installed post startup. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-image-standards +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-image-standards Exception Process|No exceptions Tags|common,platform-alteration |**Scenario**|**Optional/Mandatory**| @@ -1292,7 +1292,7 @@ Property|Description Unique ID|platform-alteration-boot-params Description|Tests that boot parameters are set through the MachineConfigOperator, and not set manually on the Node. Suggested Remediation|Ensure that boot parameters are set directly through the MachineConfigOperator, or indirectly through the PerformanceAddonOperator. Boot parameters should not be changed directly through the Node, as OpenShift should manage the changes for you. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-host-os +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-host-os Exception Process|No exceptions Tags|common,platform-alteration |**Scenario**|**Optional/Mandatory**| @@ -1324,7 +1324,7 @@ Property|Description Unique ID|platform-alteration-hugepages-2m-only Description|Check that pods using hugepages only use 2Mi size Suggested Remediation|Modify pod to consume 2Mi hugepages only -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-huge-pages +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-huge-pages Exception Process|No exception needed for optional/extended tests. Tags|extended,platform-alteration |**Scenario**|**Optional/Mandatory**| @@ -1340,7 +1340,7 @@ Property|Description Unique ID|platform-alteration-hugepages-config Description|Checks to see that HugePage settings have been configured through MachineConfig, and not manually on the underlying Node. This test case applies only to Nodes that are configured with the "worker" MachineConfigSet. First, the "worker" MachineConfig is polled, and the Hugepage settings are extracted. Next, the underlying Nodes are polled for configured HugePages through inspection of /proc/meminfo. The results are compared, and the test passes only if they are the same. Suggested Remediation|HugePage settings should be configured either directly through the MachineConfigOperator or indirectly using the PerformanceAddonOperator. This ensures that OpenShift is aware of the special MachineConfig requirements, and can provision your CNF on a Node that is part of the corresponding MachineConfigSet. Avoid making changes directly to an underlying Node, and let OpenShift handle the heavy lifting of configuring advanced settings. This test case applies only to Nodes that are configured with the "worker" MachineConfigSet. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-huge-pages +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-huge-pages Exception Process|No exceptions Tags|common,platform-alteration |**Scenario**|**Optional/Mandatory**| @@ -1372,7 +1372,7 @@ Property|Description Unique ID|platform-alteration-is-selinux-enforcing Description|verifies that all openshift platform/cluster nodes have selinux in "Enforcing" mode. Suggested Remediation|Configure selinux and enable enforcing mode. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-security +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-pod-security Exception Process|No exceptions Tags|common,platform-alteration |**Scenario**|**Optional/Mandatory**| @@ -1388,7 +1388,7 @@ Property|Description Unique ID|platform-alteration-isredhat-release Description|verifies if the container base image is redhat. Suggested Remediation|Build a new container image that is based on UBI (Red Hat Universal Base Image). -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-base-images +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-base-images Exception Process|No exceptions Tags|common,platform-alteration |**Scenario**|**Optional/Mandatory**| @@ -1404,7 +1404,7 @@ Property|Description Unique ID|platform-alteration-ocp-lifecycle Description|Tests that the running OCP version is not end of life. Suggested Remediation|Please update your cluster to a version that is generally available. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-k8s +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-k8s Exception Process|No exceptions Tags|common,platform-alteration |**Scenario**|**Optional/Mandatory**| @@ -1420,7 +1420,7 @@ Property|Description Unique ID|platform-alteration-ocp-node-os-lifecycle Description|Tests that the nodes running in the cluster have operating systems that are compatible with the deployed version of OpenShift. Suggested Remediation|Please update your workers to a version that is supported by your version of OpenShift -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-host-os +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-host-os Exception Process|No exceptions Tags|common,platform-alteration |**Scenario**|**Optional/Mandatory**| @@ -1452,7 +1452,7 @@ Property|Description Unique ID|platform-alteration-sysctl-config Description|Tests that no one has changed the node's sysctl configs after the node was created, the tests works by checking if the sysctl configs are consistent with the MachineConfig CR which defines how the node should be configured Suggested Remediation|You should recreate the node or change the sysctls, recreating is recommended because there might be other unknown changes -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security Exception Process|No exceptions Tags|common,platform-alteration |**Scenario**|**Optional/Mandatory**| @@ -1468,7 +1468,7 @@ Property|Description Unique ID|platform-alteration-tainted-node-kernel Description|Ensures that the Node(s) hosting CNFs do not utilize tainted kernels. This test case is especially important to support Highly Available CNFs, since when a CNF is re-instantiated on a backup Node, that Node's kernel may not have the same hacks.' Suggested Remediation|Test failure indicates that the underlying Node's kernel is tainted. Ensure that you have not altered underlying Node(s) kernels in order to run the CNF. -Best Practice Reference|https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations +Best Practice Reference|https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations Exception Process|If taint is necessary, document details of the taint and why it's needed by workload or environment. Tags|common,platform-alteration |**Scenario**|**Optional/Mandatory**| diff --git a/cnf-certification-test/identifiers/doclinks.go b/cnf-certification-test/identifiers/doclinks.go index d647adeb6..b014b9995 100644 --- a/cnf-certification-test/identifiers/doclinks.go +++ b/cnf-certification-test/identifiers/doclinks.go @@ -7,90 +7,90 @@ const ( NoDocLinkTelco = "No Doc Link - Telco" // Networking Suite - TestICMPv4ConnectivityIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipv4-&-ipv6" - TestNetworkPolicyDenyAllIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-vrfs-aka-routing-instances" + TestICMPv4ConnectivityIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-ipv4-&-ipv6" + TestNetworkPolicyDenyAllIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-vrfs-aka-routing-instances" TestReservedExtendedPartnerPortsDocLink = NoDocLinkExtended - TestDpdkCPUPinningExecProbeDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cpu-manager-pinning" + TestDpdkCPUPinningExecProbeDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cpu-manager-pinning" TestRestartOnRebootLabelOnPodsUsingSRIOVDocLink = NoDocLinkFarEdge TestLimitedUseOfExecProbesIdentifierDocLink = NoDocLinkFarEdge - TestICMPv6ConnectivityIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipv4-&-ipv6" - TestICMPv4ConnectivityMultusIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" - TestICMPv6ConnectivityMultusIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" - TestServiceDualStackIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipv4-&-ipv6" - TestUndeclaredContainerPortsUsageDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requirements-cnf-reqs" - TestOCPReservedPortsUsageDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ports-reserved-by-openshift" + TestICMPv6ConnectivityIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-ipv4-&-ipv6" + TestICMPv4ConnectivityMultusIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations" + TestICMPv6ConnectivityMultusIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations" + TestServiceDualStackIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-ipv4-&-ipv6" + TestUndeclaredContainerPortsUsageDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-requirements-cnf-reqs" + TestOCPReservedPortsUsageDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-ports-reserved-by-openshift" // Access Control Suite Test1337UIDIdentifierDocLink = NoDocLinkExtended - TestNetAdminIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-net_admin" - TestSysAdminIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-sys_admin" - TestIpcLockIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipc_lock" - TestNetRawIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-user-plane-cnfs" + TestNetAdminIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-net_admin" + TestSysAdminIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-avoid-sys_admin" + TestIpcLockIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-ipc_lock" + TestNetRawIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-user-plane-cnfs" TestBpfIdentifierDocLink = NoDocLinkTelco - TestSecConNonRootUserIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security" - TestSecContextIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security" - TestSecConPrivilegeEscalationDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security" - TestContainerHostPortDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-accessing-resource-on-host" - TestContainerHostNetworkDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-the-host-network-namespace" - TestPodHostNetworkDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-the-host-network-namespace" - TestPodHostPathDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security" - TestPodHostIPCDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security" - TestPodHostPIDDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security" - TestNamespaceBestPracticesIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requirements-cnf-reqs" - TestPodClusterRoleBindingsBestPracticesIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-security-rbac" - TestPodRoleBindingsBestPracticesIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-security-rbac" - TestPodServiceAccountBestPracticesIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-scc-permissions-for-an-application" - TestPodAutomountServiceAccountIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-automount-services-for-pods" - TestServicesDoNotUseNodeportsIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-the-host-network-namespace" - TestUnalteredBaseImageIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-image-standards" - TestOneProcessPerContainerIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-one-process-per-container" - TestSYSNiceRealtimeCapabilityIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-sys_nice" - TestSysPtraceCapabilityIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-sys_ptrace" - TestPodRequestsAndLimitsIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requests/limits" - TestNamespaceResourceQuotaIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-memory-allocation" - TestNoSSHDaemonsAllowedIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-interaction/configuration" + TestSecConNonRootUserIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security" + TestSecContextIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security" + TestSecConPrivilegeEscalationDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security" + TestContainerHostPortDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-avoid-accessing-resource-on-host" + TestContainerHostNetworkDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-avoid-the-host-network-namespace" + TestPodHostNetworkDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-avoid-the-host-network-namespace" + TestPodHostPathDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security" + TestPodHostIPCDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security" + TestPodHostPIDDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security" + TestNamespaceBestPracticesIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-requirements-cnf-reqs" + TestPodClusterRoleBindingsBestPracticesIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-security-rbac" + TestPodRoleBindingsBestPracticesIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-security-rbac" + TestPodServiceAccountBestPracticesIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-scc-permissions-for-an-application" + TestPodAutomountServiceAccountIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-automount-services-for-pods" + TestServicesDoNotUseNodeportsIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-avoid-the-host-network-namespace" + TestUnalteredBaseImageIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-image-standards" + TestOneProcessPerContainerIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-one-process-per-container" + TestSYSNiceRealtimeCapabilityIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-sys_nice" + TestSysPtraceCapabilityIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-sys_ptrace" + TestPodRequestsAndLimitsIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-requests/limits" + TestNamespaceResourceQuotaIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-memory-allocation" + TestNoSSHDaemonsAllowedIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-pod-interaction/configuration" // Affiliated Certification Suite - TestHelmVersionIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-helm" + TestHelmVersionIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-helm" TestContainerIsCertifiedDigestIdentifierDocLink = "https://redhat-connect.gitbook.io/partner-guide-for-red-hat-openshift-and-container/certify-your-application/overview" TestContainerIsCertifiedIdentifierDocLink = "https://redhat-connect.gitbook.io/partner-guide-for-red-hat-openshift-and-container/certify-your-application/overview" TestHelmIsCertifiedIdentifierDocLink = "https://redhat-connect.gitbook.io/partner-guide-for-red-hat-openshift-and-container/certify-your-application/overview" // Platform Alteration Suite - TestPodHugePages2MDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-huge-pages" + TestPodHugePages2MDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-huge-pages" TestPodHugePages1GDocLink = NoDocLinkFarEdge - TestHugepagesNotManuallyManipulatedDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-huge-pages" - TestNonTaintedNodeKernelsIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" - TestUnalteredStartupBootParamsIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-host-os" - TestSysctlConfigsIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security" + TestHugepagesNotManuallyManipulatedDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-huge-pages" + TestNonTaintedNodeKernelsIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations" + TestUnalteredStartupBootParamsIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-host-os" + TestSysctlConfigsIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-security" TestServiceMeshIdentifierDocLink = NoDocLinkExtended TestHyperThreadEnableDocLink = NoDocLinkExtended - TestOCPLifecycleIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-k8s" - TestNodeOperatingSystemIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-host-os" - TestIsRedHatReleaseIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-base-images" - TestIsSELinuxEnforcingIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-security" + TestOCPLifecycleIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-k8s" + TestNodeOperatingSystemIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-host-os" + TestIsRedHatReleaseIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-base-images" + TestIsSELinuxEnforcingIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-pod-security" // Lifecycle Suite - TestAffinityRequiredPodsDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" - TestStorageProvisionerDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-local-storage" - TestStartupIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices" - TestShutdownIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices" - TestPodNodeSelectorAndAffinityBestPracticesDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" - TestPodHighAvailabilityBestPracticesDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" - TestPodDeploymentBestPracticesIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-no-naked-pods" - TestDeploymentScalingIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" - TestStateFulSetScalingIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" - TestImagePullPolicyIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-use-imagepullpolicy-if-not-present" - TestPodRecreationIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-upgrade-expectations" - TestLivenessProbeIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" - TestReadinessProbeIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" - TestStartupProbeIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-exit-status" + TestAffinityRequiredPodsDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations" + TestStorageProvisionerDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-local-storage" + TestStartupIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cloud-native-design-best-practices" + TestShutdownIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cloud-native-design-best-practices" + TestPodNodeSelectorAndAffinityBestPracticesDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations" + TestPodHighAvailabilityBestPracticesDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations" + TestPodDeploymentBestPracticesIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-no-naked-pods" + TestDeploymentScalingIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations" + TestStateFulSetScalingIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations" + TestImagePullPolicyIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-use-imagepullpolicy-if-not-present" + TestPodRecreationIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-upgrade-expectations" + TestLivenessProbeIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations" + TestReadinessProbeIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations" + TestStartupProbeIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-pod-exit-status" //nolint:gosec - TestPodTolerationBypassIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-taints-and-tolerations" - TestPersistentVolumeReclaimPolicyIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-csi" - TestCPUIsolationIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cpu-isolation" - TestCrdScalingIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations" + TestPodTolerationBypassIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-taints-and-tolerations" + TestPersistentVolumeReclaimPolicyIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-csi" + TestCPUIsolationIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cpu-isolation" + TestCrdScalingIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-high-level-cnf-expectations" // Performance Test Suite TestExclusiveCPUPoolIdentifierDocLink = NoDocLinkFarEdge @@ -100,18 +100,18 @@ const ( TestRtAppNoExecProbesDocLink = NoDocLinkFarEdge // Operator Test Suite - TestOperatorInstallStatusSucceededIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements" - TestOperatorNoPrivilegesDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements" - TestOperatorIsCertifiedIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements" - TestOperatorIsInstalledViaOLMIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements" + TestOperatorInstallStatusSucceededIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements" + TestOperatorNoPrivilegesDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements" + TestOperatorIsCertifiedIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements" + TestOperatorIsInstalledViaOLMIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements" // Observability Test Suite - TestLoggingIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-logging" - TestTerminationMessagePolicyIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-exit-status" - TestCrdsStatusSubresourceIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements" - TestPodDisruptionBudgetIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-upgrade-expectations" + TestLoggingIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-logging" + TestTerminationMessagePolicyIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-pod-exit-status" + TestCrdsStatusSubresourceIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-cnf-operator-requirements" + TestPodDisruptionBudgetIdentifierDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-upgrade-expectations" // Manageability Test Suite - TestContainersImageTagDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-image-tagging" - TestContainerPortNameFormatDocLink = "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requirements-cnf-reqs" + TestContainersImageTagDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-image-tagging" + TestContainerPortNameFormatDocLink = "https://test-network-function.github.io/cnf-best-practices-guide/#cnf-best-practices-requirements-cnf-reqs" ) diff --git a/cnf-certification-test/identifiers/identifiers.go b/cnf-certification-test/identifiers/identifiers.go index 29e166136..457162716 100644 --- a/cnf-certification-test/identifiers/identifiers.go +++ b/cnf-certification-test/identifiers/identifiers.go @@ -1571,7 +1571,7 @@ tag. (2) It does not have any of the following prefixes: default, openshift-, is "If an application creates CRDs it must supply a role to access those CRDs and no other API resources/permission. This test checks that there is at least one role present in each namespaces under test that only refers to CRDs under test.", "Roles providing access to CRDs should not refer to any other api or resources. Change the generation of the CRD role accordingly", NoExceptionProcessForExtendedTests, - "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-custom-role-to-access-application-crds", + "https://test-network-function.github.io/cnf-best-practices-guide-guide/#cnf-best-practices-custom-role-to-access-application-crds", true, map[string]string{ FarEdge: Optional, From 3a209a4c0d288cfb8161b1875904153d78049457 Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Tue, 21 Nov 2023 12:25:35 -0600 Subject: [PATCH 19/62] Prepare for v4.5.6 (#1651) --- docs/runtime-env.md | 2 +- docs/test-container.md | 10 +++++----- pkg/provider/provider.go | 2 +- pkg/provider/provider_test.go | 2 +- version.json | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/runtime-env.md b/docs/runtime-env.md index 1d2ecfca6..c833320d3 100644 --- a/docs/runtime-env.md +++ b/docs/runtime-env.md @@ -68,4 +68,4 @@ export TNF_PARTNER_REPO=registry.dfwt5g.lab:5000/testnetworkfunction ``` Note that you can also specify the debug pod image to use with `SUPPORT_IMAGE` -environment variable, default to `debug-partner:4.5.5`. +environment variable, default to `debug-partner:4.5.6`. diff --git a/docs/test-container.md b/docs/test-container.md index a9fb044a4..fa9313042 100644 --- a/docs/test-container.md +++ b/docs/test-container.md @@ -112,8 +112,8 @@ Two env vars allow to control the web artifacts and the the new tar.gz file gene ### Build locally ```shell -podman build -t cnf-certification-test:v4.5.5 \ - --build-arg TNF_VERSION=v4.5.5 \ +podman build -t cnf-certification-test:v4.5.6 \ + --build-arg TNF_VERSION=v4.5.6 \ ``` * `TNF_VERSION` value is set to a branch, a tag, or a hash of a commit that will be installed into the image @@ -125,8 +125,8 @@ The unofficial source could be a fork of the TNF repository. Use the `TNF_SRC_URL` build argument to override the URL to a source repository. ```shell -podman build -t cnf-certification-test:v4.5.5 \ - --build-arg TNF_VERSION=v4.5.5 \ +podman build -t cnf-certification-test:v4.5.6 \ + --build-arg TNF_VERSION=v4.5.6 \ --build-arg TNF_SRC_URL=https://github.com/test-network-function/cnf-certification-test . ``` @@ -135,7 +135,7 @@ podman build -t cnf-certification-test:v4.5.5 \ Specify the custom TNF image using the `-i` parameter. ```shell -./run-tnf-container.sh -i cnf-certification-test:v4.5.5 +./run-tnf-container.sh -i cnf-certification-test:v4.5.6 -t ~/tnf/config -o ~/tnf/output -l "networking,access-control" ``` diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go index fb1a8e492..be9f9d1ed 100644 --- a/pkg/provider/provider.go +++ b/pkg/provider/provider.go @@ -60,7 +60,7 @@ const ( cscosName = "CentOS Stream CoreOS" rhelName = "Red Hat Enterprise Linux" tnfPartnerRepoDef = "quay.io/testnetworkfunction" - supportImageDef = "debug-partner:4.5.5" + supportImageDef = "debug-partner:4.5.6" ) // Node's roles labels. Node is role R if it has **any** of the labels of each list. diff --git a/pkg/provider/provider_test.go b/pkg/provider/provider_test.go index 392369246..abae97d2e 100644 --- a/pkg/provider/provider_test.go +++ b/pkg/provider/provider_test.go @@ -788,7 +788,7 @@ func TestBuildImageWithVersion(t *testing.T) { { repoVar: "", supportImageVar: "", - expectedOutput: "quay.io/testnetworkfunction/debug-partner:4.5.5", + expectedOutput: "quay.io/testnetworkfunction/debug-partner:4.5.6", }, } diff --git a/version.json b/version.json index 3e259f195..f84742631 100644 --- a/version.json +++ b/version.json @@ -1,5 +1,5 @@ { - "partner_tag": "v4.5.5", + "partner_tag": "v4.5.6", "claimFormat": "v0.1.0", "parserTag": "v0.1.4" } From eebaeb6bf25b09f205310cb3e3910360cb216814 Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Tue, 21 Nov 2023 12:45:56 -0600 Subject: [PATCH 20/62] Temp. disable collector sanity check (#1653) --- .github/workflows/pre-main.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pre-main.yaml b/.github/workflows/pre-main.yaml index a9f0385f7..9c2ea5eba 100644 --- a/.github/workflows/pre-main.yaml +++ b/.github/workflows/pre-main.yaml @@ -388,10 +388,10 @@ jobs: - name: 'Test: Run Smoke Tests in a TNF container' run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} TNF_ENABLE_DATA_COLLECTION=true ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} -l "${SMOKE_TESTS_GINKGO_LABELS_FILTER}" - - name: Run sanity check on collector - uses: ./collector/.github/actions/run-sanity-check - with: - working_directory: collector + # - name: Run sanity check on collector + # uses: ./collector/.github/actions/run-sanity-check + # with: + # working_directory: collector - name: Upload container test results as an artifact uses: actions/upload-artifact@v3 From b364be7b6e09cfd4dc0a2590a9bd476d4316d74d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Nov 2023 14:19:31 -0600 Subject: [PATCH 21/62] Bump github.com/mittwald/go-helm-client from 0.12.3 to 0.12.4 (#1652) Bumps [github.com/mittwald/go-helm-client](https://github.com/mittwald/go-helm-client) from 0.12.3 to 0.12.4. - [Release notes](https://github.com/mittwald/go-helm-client/releases) - [Commits](https://github.com/mittwald/go-helm-client/compare/v0.12.3...v0.12.4) --- updated-dependencies: - dependency-name: github.com/mittwald/go-helm-client dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 16 ++++++++-------- go.sum | 36 ++++++++++++++++++------------------ 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index b9560f678..6b68fff42 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require k8s.io/client-go v0.28.4 require ( github.com/kelseyhightower/envconfig v1.4.0 - github.com/mittwald/go-helm-client v0.12.3 + github.com/mittwald/go-helm-client v0.12.4 github.com/onsi/ginkgo/v2 v2.13.1 github.com/openshift/api v0.0.1 github.com/openshift/client-go v0.0.1 @@ -163,16 +163,16 @@ require ( go.opentelemetry.io/proto/otlp v1.0.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/atomic v1.11.0 // indirect - golang.org/x/crypto v0.14.0 // indirect - golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea // indirect - golang.org/x/net v0.17.0 // indirect + golang.org/x/crypto v0.15.0 // indirect + golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect + golang.org/x/net v0.18.0 // indirect golang.org/x/oauth2 v0.10.0 // indirect - golang.org/x/sync v0.4.0 // indirect + golang.org/x/sync v0.5.0 // indirect golang.org/x/sys v0.14.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/term v0.14.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.14.0 // indirect + golang.org/x/tools v0.15.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 2062ba99f..ad7607f5f 100644 --- a/go.sum +++ b/go.sum @@ -429,8 +429,8 @@ github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mittwald/go-helm-client v0.12.3 h1:WlXhuMTT5HUdiYeiYMxlvi3XBxTKoGCNHcSsirLi8ug= -github.com/mittwald/go-helm-client v0.12.3/go.mod h1:lC1Sn912rgRkGQZBUntJO7TOlqa1kK3Idwr3yo1Tco0= +github.com/mittwald/go-helm-client v0.12.4 h1:fHI59uny/9vxGyBfxl8qSH5RD6mRvxNm9vi55Vw+dLY= +github.com/mittwald/go-helm-client v0.12.4/go.mod h1:Cg65orz0i3B2/Uv/7nIK4SzyhMsIS+mDpK0tbw3Cy5Q= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= @@ -646,8 +646,8 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= +golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -658,8 +658,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea h1:vLCWI/yYrdEHyN2JzIzPO3aaQJHQdp89IZBA/+azVC4= -golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -684,8 +684,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -722,8 +722,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= +golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -746,8 +746,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= -golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= +golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -803,8 +803,8 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= +golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -814,8 +814,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -871,8 +871,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 2663a346896279d1902dca7273dcf1f9eb309d2d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Nov 2023 12:37:02 +0100 Subject: [PATCH 22/62] Bump github.com/deckarep/golang-set/v2 from 2.3.1 to 2.4.0 (#1656) Bumps [github.com/deckarep/golang-set/v2](https://github.com/deckarep/golang-set) from 2.3.1 to 2.4.0. - [Release notes](https://github.com/deckarep/golang-set/releases) - [Commits](https://github.com/deckarep/golang-set/compare/v2.3.1...v2.4.0) --- updated-dependencies: - dependency-name: github.com/deckarep/golang-set/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6b68fff42..2686bcd66 100644 --- a/go.mod +++ b/go.mod @@ -207,7 +207,7 @@ require ( ) require ( - github.com/deckarep/golang-set/v2 v2.3.1 + github.com/deckarep/golang-set/v2 v2.4.0 github.com/fatih/color v1.16.0 github.com/go-logr/logr v1.3.0 github.com/go-logr/stdr v1.2.2 diff --git a/go.sum b/go.sum index ad7607f5f..e7c39437e 100644 --- a/go.sum +++ b/go.sum @@ -132,8 +132,8 @@ github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/deckarep/golang-set/v2 v2.3.1 h1:vjmkvJt/IV27WXPyYQpAh4bRyWJc5Y435D17XQ9QU5A= -github.com/deckarep/golang-set/v2 v2.3.1/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4= +github.com/deckarep/golang-set/v2 v2.4.0 h1:DnfgWKdhvHM8Kihdw9fKWXd08EdsPiyoHsk5bfsmkNI= +github.com/deckarep/golang-set/v2 v2.4.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4= github.com/distribution/distribution v2.7.1+incompatible h1:aGFx4EvJWKEh//lHPLwFhFgwFHKH06TzNVPamrMn04M= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= From 980606ac27cd5248cb8a7f3a18f021b34f905684 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 25 Nov 2023 20:55:10 +0200 Subject: [PATCH 23/62] Update RHCOS to OCP version map (#1659) Co-authored-by: sebrandon1 --- .../platform/operatingsystem/files/rhcos_version_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map index 2a777aa7c..dd834c8e5 100644 --- a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map +++ b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map @@ -223,6 +223,7 @@ 4.13.21 / 413.92.202310210500-0 4.13.22 / 413.92.202311061658-0 4.13.23 / 413.92.202311151359-0 +4.13.24 / 413.92.202311212041-0 4.13.3 / 413.92.202306070210-0 4.13.4 / 413.92.202306141213-0 4.13.5 / 413.92.202307140015-0 @@ -247,6 +248,7 @@ 4.14.1 / 414.92.202310270216-0 4.14.2 / 414.92.202311061957-0 4.14.3 / 414.92.202311150705-0 +4.14.4 / 414.92.202311222314-0 4.4.0 / 44.81.202004260825-0 4.4.0-rc.0 / 44.81.202003110830-0 4.4.0-rc.1 / 44.81.202003130330-0 From a399225d447138129b886eab922bf9f9a81f2c8e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 26 Nov 2023 13:16:40 +0200 Subject: [PATCH 24/62] Update RHCOS to OCP version map (#1660) Co-authored-by: sebrandon1 --- .../operatingsystem/files/rhcos_version_map | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map index dd834c8e5..dd048bf2e 100644 --- a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map +++ b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map @@ -231,23 +231,10 @@ 4.13.7 / 413.92.202307260246-0 4.13.8 / 413.92.202307311416-0 4.13.9 / 413.92.202308091852-0 -4.14.0 / 414.92.202310210434-0 -4.14.0-ec.0 / 414.92.202304281310-0 -4.14.0-ec.1 / 414.92.202305190723-0 -4.14.0-ec.2 / 414.92.202306100411-0 -4.14.0-ec.3 / 414.92.202307050443-0 -4.14.0-ec.4 / 414.92.202307250657-0 -4.14.0-rc.0 / 414.92.202308311551-0 4.14.0-rc.1 / 414.92.202309142337-0 -4.14.0-rc.2 / 414.92.202309222337-0 -4.14.0-rc.3 / 414.92.202309222337-0 4.14.0-rc.4 / 414.92.202309282257-0 4.14.0-rc.5 / 414.92.202310100209-0 4.14.0-rc.6 / 414.92.202310121638-0 -4.14.0-rc.7 / 414.92.202310210434-0 -4.14.1 / 414.92.202310270216-0 -4.14.2 / 414.92.202311061957-0 -4.14.3 / 414.92.202311150705-0 4.14.4 / 414.92.202311222314-0 4.4.0 / 44.81.202004260825-0 4.4.0-rc.0 / 44.81.202003110830-0 From bfb8e9861349c3e70b19064491121d6368165212 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 07:37:09 +0100 Subject: [PATCH 25/62] Update RHCOS to OCP version map (#1661) Co-authored-by: sebrandon1 --- .../operatingsystem/files/rhcos_version_map | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map index dd048bf2e..dd834c8e5 100644 --- a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map +++ b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map @@ -231,10 +231,23 @@ 4.13.7 / 413.92.202307260246-0 4.13.8 / 413.92.202307311416-0 4.13.9 / 413.92.202308091852-0 +4.14.0 / 414.92.202310210434-0 +4.14.0-ec.0 / 414.92.202304281310-0 +4.14.0-ec.1 / 414.92.202305190723-0 +4.14.0-ec.2 / 414.92.202306100411-0 +4.14.0-ec.3 / 414.92.202307050443-0 +4.14.0-ec.4 / 414.92.202307250657-0 +4.14.0-rc.0 / 414.92.202308311551-0 4.14.0-rc.1 / 414.92.202309142337-0 +4.14.0-rc.2 / 414.92.202309222337-0 +4.14.0-rc.3 / 414.92.202309222337-0 4.14.0-rc.4 / 414.92.202309282257-0 4.14.0-rc.5 / 414.92.202310100209-0 4.14.0-rc.6 / 414.92.202310121638-0 +4.14.0-rc.7 / 414.92.202310210434-0 +4.14.1 / 414.92.202310270216-0 +4.14.2 / 414.92.202311061957-0 +4.14.3 / 414.92.202311150705-0 4.14.4 / 414.92.202311222314-0 4.4.0 / 44.81.202004260825-0 4.4.0-rc.0 / 44.81.202003110830-0 From 679020f315fa077991c85a37d8f37e1dc02ed5d1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 08:24:36 -0600 Subject: [PATCH 26/62] Bump github.com/operator-framework/api from 0.19.0 to 0.20.0 (#1657) Bumps [github.com/operator-framework/api](https://github.com/operator-framework/api) from 0.19.0 to 0.20.0. - [Release notes](https://github.com/operator-framework/api/releases) - [Changelog](https://github.com/operator-framework/api/blob/master/RELEASE.md) - [Commits](https://github.com/operator-framework/api/compare/v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: github.com/operator-framework/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gonzalo Reyero Ferreras <87083379+greyerof@users.noreply.github.com> --- go.mod | 2 +- go.sum | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 2686bcd66..76f322235 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/onsi/ginkgo/v2 v2.13.1 github.com/openshift/api v0.0.1 github.com/openshift/client-go v0.0.1 - github.com/operator-framework/api v0.19.0 + github.com/operator-framework/api v0.20.0 github.com/operator-framework/operator-lifecycle-manager v0.20.0 github.com/pkg/errors v0.9.1 // indirect helm.sh/helm/v3 v3.13.2 diff --git a/go.sum b/go.sum index e7c39437e..9c0c65cdb 100644 --- a/go.sum +++ b/go.sum @@ -181,8 +181,6 @@ github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0X github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/glebarez/go-sqlite v1.21.2 h1:3a6LFC4sKahUunAmynQKLZceZCOzUthkRkEAl9gAXWo= github.com/glebarez/go-sqlite v1.21.2/go.mod h1:sfxdZyhQjTM2Wry3gVYWaW072Ri1WMdWJi0k6+3382k= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= @@ -471,8 +469,8 @@ github.com/openshift/client-go v0.0.1 h1:zJ9NsS9rwBtYkYzLCUECkdmrM6jPit3W7Q0+Pxf github.com/openshift/client-go v0.0.1/go.mod h1:I8qTI1lgErsWc6CVukSjP1PYqpafE7fue0ZPy7A2jiw= github.com/openshift/machine-config-operator v0.0.1-0.20230515070935-49f32d46538e h1:mR9giLRlLXK52kaEGOR96rIQchQRDUkttjMAkyao2XQ= github.com/openshift/machine-config-operator v0.0.1-0.20230515070935-49f32d46538e/go.mod h1:t9dXGgC9WVzI2cNv/4rMetGVYakWtaDxHWQuyN2til8= -github.com/operator-framework/api v0.19.0 h1:QU1CTJU+CufoeneA5rsNlP/uP96s8vDHWUYDFZTauzA= -github.com/operator-framework/api v0.19.0/go.mod h1:SCCslqke6AVOJ5JM+NqNE1CHuAgJLScsL66pnPaSMXs= +github.com/operator-framework/api v0.20.0 h1:A2YCRhr+6s0k3pRJacnwjh1Ue8BqjIGuQ2jvPg9XCB4= +github.com/operator-framework/api v0.20.0/go.mod h1:rXPOhrQ6mMeXqCmpDgt1ALoar9ZlHL+Iy5qut9R99a4= github.com/operator-framework/operator-lifecycle-manager v0.20.0 h1:h8SPePMO492krrRnamt5AepqD4nSWb3RRZdvZdN8x6I= github.com/operator-framework/operator-lifecycle-manager v0.20.0/go.mod h1:sml7etyu98h87eikzA6IKay6BRCzagkwYdcbuisdBTk= github.com/operator-framework/operator-manifest-tools v0.4.0 h1:u/qlCyVA84MtS5Ne016KpTcF0kqWgHyYEeOyFgVrX5k= From 08d0fb9352477dc6c6f53a3c15607ef0f668e86f Mon Sep 17 00:00:00 2001 From: David Elie-Dit-Cosaque <86730676+edcdavid@users.noreply.github.com> Date: Tue, 28 Nov 2023 08:10:48 -0600 Subject: [PATCH 27/62] Allow cluster role bindings for pods ultimately owned by a cluster wide operator (#1646) * Recursively get top pod owners. If top owner is a CSV installed cluster-wide, allow cluster role-bindings * Addressing comments from Gonzalo * Adding unit testing (comment from Brandon) --- cnf-certification-test/accesscontrol/suite.go | 67 ++++++++++++-- internal/clientsholder/clientsholder.go | 7 ++ pkg/provider/pods.go | 68 ++++++++++++++ pkg/provider/pods_test.go | 92 +++++++++++++++++-- 4 files changed, 218 insertions(+), 16 deletions(-) diff --git a/cnf-certification-test/accesscontrol/suite.go b/cnf-certification-test/accesscontrol/suite.go index 10917ccad..934ce0f9c 100644 --- a/cnf-certification-test/accesscontrol/suite.go +++ b/cnf-certification-test/accesscontrol/suite.go @@ -22,6 +22,7 @@ import ( "strings" "github.com/onsi/ginkgo/v2" + "github.com/operator-framework/api/pkg/operators/v1alpha1" "github.com/sirupsen/logrus" "github.com/test-network-function/cnf-certification-test/cnf-certification-test/accesscontrol/namespace" "github.com/test-network-function/cnf-certification-test/cnf-certification-test/accesscontrol/rbac" @@ -557,31 +558,77 @@ func testPodClusterRoleBindings(env *provider.TestEnvironment) { logrus.Infof("There were %d cluster role bindings found in the cluster.", len(env.ClusterRoleBindings)) for _, put := range env.Pods { - podIsCompliant := true ginkgo.By(fmt.Sprintf("Testing cluster role binding for pod: %s namespace: %s", put.Name, put.Namespace)) result, roleRefName, err := put.IsUsingClusterRoleBinding(env.ClusterRoleBindings) if err != nil { logrus.Errorf("failed to determine if pod %s/%s is using a cluster role binding: %v", put.Namespace, put.Name, err) - podIsCompliant = false + nonCompliantObjects = append(nonCompliantObjects, testhelper.NewPodReportObject(put.Namespace, put.Name, fmt.Sprintf("failed to determine if pod is using a cluster role binding: %v", err), false). + AddField(testhelper.ClusterRoleName, roleRefName)) } - // Pod was found to be using a cluster role binding. This is not allowed. - // Flagging this pod as a failed pod. - if result { - tnf.Logf(logrus.WarnLevel, "%s is using a cluster role binding", put.String()) - podIsCompliant = false + topOwners, err := put.GetTopOwner() + + if err != nil { + nonCompliantObjects = append(nonCompliantObjects, testhelper.NewPodReportObject(put.Namespace, put.Name, fmt.Sprintf("Error getting top owners of this pod, err=%s", err), false). + AddField(testhelper.ClusterRoleName, roleRefName)) + continue } - if podIsCompliant { - compliantObjects = append(compliantObjects, testhelper.NewPodReportObject(put.Namespace, put.Name, "Pod is not using a cluster role binding", true)) - } else { + logrus.Debugf("topOwners=%v", topOwners) + + csvNamespace, csvName, isOwnedByClusterWideOperator := OwnedByClusterWideOperator(topOwners, env) + // Pod is using a cluster role binding but is owned by a cluster wide operator, so it is ok + if isOwnedByClusterWideOperator && result { + tnf.Logf(logrus.InfoLevel, "%s is using a cluster role binding but is owned by CSV namespace=%s, name=%s", put.String(), csvNamespace, csvName) + compliantObjects = append(compliantObjects, testhelper.NewPodReportObject(put.Namespace, put.Name, "Pod is using a cluster role binding but owned by a cluster-wide operator", true)) + continue + } + if result { + // Pod was found to be using a cluster role binding. This is not allowed. + // Flagging this pod as a failed pod. + tnf.Logf(logrus.WarnLevel, "%s is using a cluster role binding", put.String()) nonCompliantObjects = append(nonCompliantObjects, testhelper.NewPodReportObject(put.Namespace, put.Name, "Pod is using a cluster role binding", false). AddField(testhelper.ClusterRoleName, roleRefName)) + continue } + compliantObjects = append(compliantObjects, testhelper.NewPodReportObject(put.Namespace, put.Name, "Pod is not using a cluster role binding", true)) } testhelper.AddTestResultReason(compliantObjects, nonCompliantObjects, tnf.ClaimFilePrintf, ginkgo.Fail) } +// Returns true if object identified by namespace and name is a CSV created by a cluster-wide operator +func IsCSVAndClusterWide(aNamespace, name string, env *provider.TestEnvironment) bool { + for _, op := range env.Operators { + if op.Csv != nil && + op.Csv.Namespace == aNamespace && + op.Csv.Name == name && + (op.IsClusterWide || IsInstallModeMultiNamespace(op.Csv.Spec.InstallModes)) { + return true + } + } + return false +} + +// return true if CSV install mode contains multi namespaces or all namespaces +func IsInstallModeMultiNamespace(installModes []v1alpha1.InstallMode) bool { + for i := 0; i < len(installModes); i++ { + if installModes[i].Type == v1alpha1.InstallModeTypeAllNamespaces { + return true + } + } + return false +} + +// Return true if one of the passed topOwners is a CSV that is installed by a cluster-wide operator +func OwnedByClusterWideOperator(topOwners map[string]provider.TopOwner, env *provider.TestEnvironment) (aNamespace, name string, found bool) { + for _, owner := range topOwners { + if IsCSVAndClusterWide(owner.Namespace, owner.Name, env) { + return owner.Namespace, owner.Name, true + } + } + return "", "", false +} + func testAutomountServiceToken(env *provider.TestEnvironment) { ginkgo.By("Should have automountServiceAccountToken set to false") diff --git a/internal/clientsholder/clientsholder.go b/internal/clientsholder/clientsholder.go index 7992d6e67..0d4daba45 100644 --- a/internal/clientsholder/clientsholder.go +++ b/internal/clientsholder/clientsholder.go @@ -43,6 +43,7 @@ import ( policyv1 "k8s.io/api/policy/v1" rbacv1 "k8s.io/api/rbac/v1" apiextv1fake "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/fake" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" k8sFakeClient "k8s.io/client-go/kubernetes/fake" networkingv1 "k8s.io/client-go/kubernetes/typed/networking/v1" "k8s.io/client-go/rest" @@ -63,6 +64,7 @@ type ClientsHolder struct { MachineCfg ocpMachine.Interface KubeConfig []byte ready bool + GroupResources []*metav1.APIResourceList } var clientsHolder = ClientsHolder{} @@ -292,6 +294,11 @@ func newClientsHolder(filenames ...string) (*ClientsHolder, error) { //nolint:fu if err != nil { return nil, fmt.Errorf("cannot instantiate discoveryClient: %s", err) } + clientsHolder.GroupResources, err = discoveryClient.ServerPreferredResources() + if err != nil { + logrus.Errorf("Could not get list of resources in cluster") + } + resolver := scale.NewDiscoveryScaleKindResolver(discoveryClient) gr, err := restmapper.GetAPIGroupResources(clientsHolder.K8sClient.Discovery()) if err != nil { diff --git a/pkg/provider/pods.go b/pkg/provider/pods.go index 130192440..f92865f54 100644 --- a/pkg/provider/pods.go +++ b/pkg/provider/pods.go @@ -29,6 +29,8 @@ import ( corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/dynamic" ) const ( @@ -404,3 +406,69 @@ func (p *Pod) IsRunAsUserID(uid int64) bool { } return *p.Pod.Spec.SecurityContext.RunAsUser == uid } + +// Get the list of top owners of pods +func (p *Pod) GetTopOwner() (topOwners map[string]TopOwner, err error) { + topOwners = make(map[string]TopOwner) + err = followOwnerReferences(clientsholder.GetClientsHolder().GroupResources, clientsholder.GetClientsHolder().DynamicClient, topOwners, p.Namespace, p.OwnerReferences) + if err != nil { + return topOwners, fmt.Errorf("could not get top owners, err=%s", err) + } + return topOwners, nil +} + +// Structure to describe a top owner of a pod +type TopOwner struct { + Kind string + Name string + Namespace string +} + +// Recursively follow the ownership tree to find the top owners +func followOwnerReferences(resourceList []*metav1.APIResourceList, dynamicClient dynamic.Interface, topOwners map[string]TopOwner, namespace string, ownerRefs []metav1.OwnerReference) (err error) { + for _, ownerRef := range ownerRefs { + fmt.Printf("-> Owner: %s/%s\n", ownerRef.Kind, ownerRef.Name) + // Get group resource version + gvr := getResourceSchema(resourceList, ownerRef.APIVersion, ownerRef.Kind) + // Get the owner resources + resource, err := dynamicClient.Resource(gvr).Namespace(namespace).Get(context.Background(), ownerRef.Name, metav1.GetOptions{}) + if err != nil { + return fmt.Errorf("could not get object indicated by owner references") + } + // Get owner references of the unstructured object + ownerReferences := resource.GetOwnerReferences() + if err != nil { + return fmt.Errorf("error getting owner references. err= %s", err) + } + // if no owner references, we have reached the top record it + if len(ownerReferences) == 0 { + logrus.Info("reached the top of this branch") + topOwners[ownerRef.Name] = TopOwner{Kind: ownerRef.Kind, Name: ownerRef.Name, Namespace: namespace} + } + // if not continue following other branches + err = followOwnerReferences(resourceList, dynamicClient, topOwners, namespace, ownerReferences) + if err != nil { + return fmt.Errorf("error following owners") + } + } + return nil +} + +// Get the Group Version Resource based on APIVersion and kind +func getResourceSchema(resourceList []*metav1.APIResourceList, apiVersion, kind string) (gvr schema.GroupVersionResource) { + const groupVersionComponentsNumber = 2 + for _, gr := range resourceList { + for i := 0; i < len(gr.APIResources); i++ { + if gr.APIResources[i].Kind == kind && gr.GroupVersion == apiVersion { + groupSplit := strings.Split(gr.GroupVersion, "/") + if len(groupSplit) == groupVersionComponentsNumber { + gvr.Group = groupSplit[0] + gvr.Version = groupSplit[1] + gvr.Resource = gr.APIResources[i].Name + } + return gvr + } + } + } + return gvr +} diff --git a/pkg/provider/pods_test.go b/pkg/provider/pods_test.go index e3d06c2d1..0bf4e4cb2 100644 --- a/pkg/provider/pods_test.go +++ b/pkg/provider/pods_test.go @@ -17,19 +17,22 @@ package provider import ( - "testing" - "errors" + "reflect" + "testing" - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/runtime" - + olmv1Alpha "github.com/operator-framework/api/pkg/operators/v1alpha1" "github.com/stretchr/testify/assert" "github.com/test-network-function/cnf-certification-test/internal/clientsholder" + v1app "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" + v1 "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + k8sDynamicFake "k8s.io/client-go/dynamic/fake" k8sfake "k8s.io/client-go/kubernetes/fake" + k8stesting "k8s.io/client-go/testing" ) func TestPod_CheckResourceOnly2MiHugePages(t *testing.T) { @@ -515,3 +518,80 @@ func TestIsRunAsUserID(t *testing.T) { assert.Equal(t, tc.expectedOutput, tc.testPod.IsRunAsUserID(tc.testUID)) } } + +func Test_followOwnerReferences(t *testing.T) { + type args struct { + topOwners map[string]TopOwner + namespace string + ownerRefs []metav1.OwnerReference + } + + csv1 := &olmv1Alpha.ClusterServiceVersion{ + TypeMeta: metav1.TypeMeta{Kind: "ClusterServiceVersion", APIVersion: "operators.coreos.com/v1alpha1"}, + ObjectMeta: metav1.ObjectMeta{ + Name: "csv1", + Namespace: "ns1", + OwnerReferences: []metav1.OwnerReference{}, + }, + } + dep1 := &v1app.Deployment{ + TypeMeta: metav1.TypeMeta{Kind: "Deployment", APIVersion: "apps/v1"}, + ObjectMeta: metav1.ObjectMeta{ + Name: "dep1", + Namespace: "ns1", + OwnerReferences: []metav1.OwnerReference{{APIVersion: "operators.coreos.com/v1alpha1", Kind: "ClusterServiceVersion", Name: "csv1"}}, + }, + } + rep1 := &v1app.ReplicaSet{ + TypeMeta: metav1.TypeMeta{Kind: "ReplicaSet", APIVersion: "apps/v1"}, + ObjectMeta: metav1.ObjectMeta{ + Name: "rep1", + Namespace: "ns1", + OwnerReferences: []metav1.OwnerReference{{APIVersion: "apps/v1", Kind: "Deployment", Name: "dep1"}}, + }, + } + + resourceList := []*metav1.APIResourceList{ + {GroupVersion: "operators.coreos.com/v1alpha1", APIResources: []metav1.APIResource{{Name: "clusterserviceversions", Kind: "ClusterServiceVersion"}}}, + {GroupVersion: "apps/v1", APIResources: []metav1.APIResource{{Name: "deployments", Kind: "Deployment"}}}, + {GroupVersion: "apps/v1", APIResources: []metav1.APIResource{{Name: "replicasets", Kind: "ReplicaSet"}}}, + {GroupVersion: "apps/v1", APIResources: []metav1.APIResource{{Name: "pods", Kind: "Pod"}}}, + } + + tests := []struct { + name string + args args + wantErr bool + }{ + { + name: "test1", + args: args{topOwners: map[string]TopOwner{"csv1": {Namespace: "ns1", Kind: "ClusterServiceVersion", Name: "csv1"}}, + namespace: "ns1", + ownerRefs: []metav1.OwnerReference{{APIVersion: "apps/v1", Kind: "ReplicaSet", Name: "rep1"}}, + }, + }, + } + + // Spoof the get and update functions + client := k8sDynamicFake.NewSimpleDynamicClient(runtime.NewScheme(), rep1, dep1, csv1) + client.Fake.AddReactor("get", "ClusterServiceVersion", func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) { + return true, csv1, nil + }) + client.Fake.AddReactor("get", "Deployment", func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) { + return true, dep1, nil + }) + client.Fake.AddReactor("get", "ReplicaSet", func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) { + return true, rep1, nil + }) + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + gotResults := map[string]TopOwner{} + if err := followOwnerReferences(resourceList, client, gotResults, tt.args.namespace, tt.args.ownerRefs); (err != nil) != tt.wantErr { + t.Errorf("followOwnerReferences() error = %v, wantErr %v", err, tt.wantErr) + } + if !reflect.DeepEqual(gotResults, tt.args.topOwners) { + t.Errorf("followOwnerReferences() = %v, want %v", gotResults, tt.args.topOwners) + } + }) + } +} From b8f281864bca121a0f75db945be26f401e3cda12 Mon Sep 17 00:00:00 2001 From: David Elie-Dit-Cosaque <86730676+edcdavid@users.noreply.github.com> Date: Tue, 28 Nov 2023 16:41:36 -0600 Subject: [PATCH 28/62] Add-batch-cert-script (#1604) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Script to batch check operators * installing operators using tasty😋(https://github.com/karmab/tasty) instead of operator SDK * Addressing comments from David R. and other fixes --- run-basic-batch-operators-test.sh | 345 ++++++++++++++++++++++++++++++ 1 file changed, 345 insertions(+) create mode 100755 run-basic-batch-operators-test.sh diff --git a/run-basic-batch-operators-test.sh b/run-basic-batch-operators-test.sh new file mode 100755 index 000000000..7df11a928 --- /dev/null +++ b/run-basic-batch-operators-test.sh @@ -0,0 +1,345 @@ +#!/bin/bash +set -o errexit -o nounset -o pipefail + +# Test run timestamp +TIMESTAMP=$(date +"%Y-%m-%d_%H-%M-%S_%Z") + +# Base folder +BASE_DIR=/var/www/html + +# index.html +INDEX_FILE=index2.html + +# INPUTS + +# tnf_config.yaml template file path +CONFIG_YAML_TEMPLATE="$(pwd)"/tnf_config.yml.template + +# Docker config used to pull operator images +DOCKER_CONFIG=config.json + +# Location of telco/non-telco classification file +CNF_TYPE=cmd/tnf/claim/show/csv/cnf-type.json + +# Operator catalog from user +OPERATOR_CATALOG="" + +# Operator from user +OPERATORS_UNDER_TEST="" + +# OUTPUTS + +# Report folder +REPORT_FOLDER_RELATIVE="report_$TIMESTAMP" + +# Report results folder +REPORT_FOLDER="$BASE_DIR"/"$REPORT_FOLDER_RELATIVE" + +# Operator file name +OPERATOR_LIST_FILENAME=operator-list.txt + +# Operator list path in the report +OPERATOR_LIST_PATH="$REPORT_FOLDER"/"$OPERATOR_LIST_FILENAME" + +# VARIABLES + +# Variable to add header only on the first run +addHeaders=-a + +# Create report directory +mkdir "$REPORT_FOLDER" + +cleanup() { + # Workaround for cleaning operator leftovers, see https://access.redhat.com/solutions/6971276 + oc delete mutatingwebhookconfigurations controller.devfile.io || true + oc delete validatingwebhookconfigurations controller.devfile.io || true + + # cleanup any leftovers + # https://docs.openshift.com/container-platform/4.14/operators/admin/olm-deleting-operators-from-cluster.html + oc get csv -n openshift-operators | grep -v packageserver | grep -v NAME | awk '{print "oc delete --wait=true csv " $2 " -n openshift-operators"}' | bash || true + oc get csv -A | grep -v packageserver | grep -v NAME | awk '{print "oc delete --wait=true csv " $2 " -n " $1}' | bash || true + oc get subscriptions -A | grep -v NAME | awk '{print "oc delete --wait=true subscription " $2 " -n " $1}' | bash || true + oc get job,configmap -n openshift-marketplace | grep -v NAME | grep -v "configmap/kube-root-ca.crt" | grep -v "configmap/marketplace-operator-lock" | grep -v "configmap/marketplace-trusted-ca" | grep -v "configmap/openshift-service-ca.crt" | awk '{print "oc delete --wait=true " $1 " -n openshift-marketplace" }' | bash || true +} + +waitDeleteNamespace() { + namespaceDeleting=$1 + # Wait for the CSV to be removed + oc wait csv -l test-network-function.com/operator=target -n "$namespaceDeleting" --for=delete --timeout=300s || true + + # Wait for the namespace to be removed + if [ "$namespaceDeleting" != "openshift-operators" ]; then + + echo "non openshift-operators namespace = $namespaceDeleting, deleting " + oc wait namespace "$namespaceDeleting" --for=delete --timeout=300s || true + forceDeleteNamespaceIfPresent "$namespaceDeleting" + fi +} + +waitForCsvToAppearAndLabel() { + csvNamespace=$1 + timeoutSeconds=300 + startTime=$(date +%s) + while true; do + csvs=$(oc get csv -n "$csvNamespace") + if [ "$csvs" != "" ]; then + # If any CSV is present, break + break + else + currentTime=$(date +%s) + elapsedTime=$((currentTime - startTime)) + # If elapsed time is greater than the timeout report failure + if [ "$elapsedTime" -ge "$timeoutSeconds" ]; then + echo "Timeout reached $timeoutSeconds seconds waiting for CSV." + return 1 + fi + + # Otherwise wait a bit + echo "Waiting for csv to be created in namespace $csvNamespace ..." + sleep 5 + fi + done + + # Label CSV with "test-network-function.com/operator=target" + oc get csv -n "$csvNamespace" -o custom-columns=':.metadata.name,:.metadata.namespace,:.kind' | grep -v openshift-operator-lifecycle-manager | sed '/^ *$/d' | awk '{print "oc label " $3 " -n " $2 " " $1 " test-network-function.com/operator=target "}' | bash + + # Wait for the CSV to be succeeded + status=0 + oc wait csv -l test-network-function.com/operator=target -n "$ns" --for=jsonpath=\{.status.phase\}=Succeeded --timeout=300s || status="$?" + return $status +} + +forceDeleteNamespaceIfPresent() { + aNamespace=$1 + + # Do not delete the redhat-operators namespace + if [ "$aNamespace" = "openshift-operators" ]; then + return 0 + fi + # Delete namespace + oc delete namespace "$aNamespace" --wait=false || true + oc wait namespace "$aNamespace" --for=delete --timeout=30s || true + + # If a namespace with this name does not exist, all is good, exit + if ! oc get namespace "$aNamespace"; then + return 0 + fi + + # Otherwise force delete namespace + oc get namespace "$aNamespace" -ojson | sed '/"kubernetes"/d' >temp.yaml + oc proxy & + pid=$! + echo "PID: $pid" + sleep 5 + curl -H "Content-Type: application/yaml" -X PUT --data-binary @temp.yaml http://127.0.0.1:8001/api/v1/namespaces/"$aNamespace"/finalize + kill -9 "$pid" + oc wait namespace "$aNamespace" --for=delete --timeout=300s || true +} + +# Check if the number of parameters is correct +if [ "$#" -eq 1 ]; then + OPERATOR_CATALOG=$1 + # Get all the packages present in the cluster catalog + oc get packagemanifest -o jsonpath='{range .items[*]}{.metadata.name}{","}{.status.catalogSource}{"\n"}{end}' | grep "$OPERATOR_CATALOG" | head -n -1 >"$OPERATOR_LIST_PATH" + +elif [ "$#" -eq 2 ]; then + OPERATOR_CATALOG=$1 + OPERATORS_UNDER_TEST=$2 + echo "$OPERATORS_UNDER_TEST " | sed 's/ /,'"$OPERATOR_CATALOG"'\n/g' >"$OPERATOR_LIST_PATH" +else + echo 'Wrong parameter count. + Usage: ./run-basic-batch-operators-test.sh [" ... ] + Examples: + ./run-basic-batch-operators-test.sh redhat-operators + ./run-basic-batch-operators-test.sh redhat-operators "file-integrity-operator kiali-ossm"' + exit 1 +fi + +# Check for docker config file +if [ ! -e "$DOCKER_CONFIG" ]; then + echo "Docker config is missing at $DOCKER_CONFIG" + exit 1 +fi + +# Check KUBECONFIG +if [[ ! -v "KUBECONFIG" ]]; then + echo "The environment variable KUBECONFIG is not set." + exit 1 +fi + +# Write config file template +cat <"$CONFIG_YAML_TEMPLATE" +targetNameSpaces: + - name: \$ns +podsUnderTestLabels: + - "test-network-function.com/generic: target" +operatorsUnderTestLabels: + - "test-network-function.com/operator: target" +EOF + +OPERATOR_PAGE=' + + + + + HTTP Link Example' + +# Add per test run links +{ + # Add per operator details link + echo "Time: $TIMESTAMP, catalog: $OPERATOR_CATALOG" + + #Add detailed results + echo ", detailed results: "''"link"'' + + # Add CSV file link + echo ", CSV: " + echo ''"link"'' + + # Add operator list link + echo ", operator list: " + echo ''"link"'' + + # New line + echo "
" +} >>"$BASE_DIR"/"$INDEX_FILE" + +echo "$OPERATOR_PAGE" >>"$REPORT_FOLDER"/"$INDEX_FILE" + +cleanup + +# For each operator in a provided catalog, this script will install the operator and run the CNF test suite. +while IFS=, read -r package_name catalog; do + if [ "$package_name" = "" ]; then + continue + fi + + echo "package=$package_name catalog=$catalog" + + status=0 + tasty install "$package_name" --source "$catalog" --stdout &>/dev/null || status=$? + + # if tasty fails, skip this operator + if [ "$status" != 0 ]; then + # Add per operator links + { + # Add error message + echo "Results for: $package_name, "'Operator installation failed due to tasty internal error, skipping test' + + # Add tnf_config link + echo ", tnf_config: " + echo ''"link"'' + + # New line + echo "
" + } >>"$REPORT_FOLDER"/"$INDEX_FILE" + + cleanup + + continue + fi + + namesCount=$(tasty install "$package_name" --source "$catalog" --stdout | grep -c "name:") + + if [ "$namesCount" = "4" ]; then + # Get namespace from tasty + ns=$(tasty install "$package_name" --source "$catalog" --stdout | grep "name:" | head -n1 | awk '{ print $2 }') + elif [ "$namesCount" = "2" ]; then + ns="openshift-operators" + fi + + echo "namespace=$ns" + + # If a namespace is present, it is probably stuck deleting from previous runs. Force delete it. + forceDeleteNamespaceIfPresent "$ns" + + # Install the operator in a custom namespace + tasty install "$package_name" --source "$catalog" -w + + # Setting report directory + reportDir="$REPORT_FOLDER"/"$package_name" + + # Store the results of CNF test in a new directory + mkdir -p "$reportDir" + + configYaml="$reportDir"/tnf_config.yml + + # Change the targetNameSpace in tng_config file + sed "s/\$ns/$ns/" "$CONFIG_YAML_TEMPLATE" >"$configYaml" + status=0 + # Wait for the CSV to appear + waitForCsvToAppearAndLabel "$ns" || status="$?" + + if [ "$status" != 0 ]; then + # Add per operator links + { + # Add error message + echo "Results for: $package_name, "'Operator installation failed, skipping test' + + # Add tnf_config link + echo ", tnf_config: " + echo ''"link"'' + + # New line + echo "
" + } >>"$REPORT_FOLDER"/"$INDEX_FILE" + # Remove the operator + tasty remove "$package_name" + + cleanup + waitDeleteNamespace "$ns" + + continue + fi + + echo "operator $package_name installed" + + # Label deployments, statefulsets and pods with "test-network-function.com/generic=target" + oc get deployment -n "$ns" -o custom-columns=':.metadata.name,:.metadata.namespace,:.kind' | sed '/^ *$/d' | awk '{print "oc label " $3 " -n " $2 " " $1 " test-network-function.com/generic=target "}' | bash + oc get statefulset -n "$ns" -o custom-columns=':.metadata.name,:.metadata.namespace,:.kind' | sed '/^ *$/d' | awk '{print "oc label " $3 " -n " $2 " " $1 " test-network-function.com/generic=target "}' | bash + oc get pods -n "$ns" -o custom-columns=':.metadata.name,:.metadata.namespace,:.kind' | sed '/^ *$/d' | awk '{print "oc label " $3 " -n " $2 " " $1 " test-network-function.com/generic=target "}' | bash + + # run tnf-container + ./run-tnf-container.sh -k "$KUBECONFIG" -t "$reportDir" -o "$reportDir" -c "$DOCKER_CONFIG" -l all || true + + # Unlabel and uninstall the operator + oc get csv -n "$ns" -o custom-columns=':.metadata.name,:.metadata.namespace,:.kind' | sed '/^ *$/d' | awk '{print "oc label " $3 " -n " $2 " " $1 " test-network-function.com/operator- "}' | bash + + # remove the operator + tasty remove "$package_name" + + cleanup + waitDeleteNamespace "$ns" + + # merge claim.json from each operator to a single csv file + ./tnf claim show csv -c "$reportDir"/claim.json -n "$package_name" -t "$CNF_TYPE" "$addHeaders" >>"$REPORT_FOLDER"/results.csv + + # Add per operator links + { + # Add parser link + echo "Results for: $package_name, parsed details:" + echo ''"link"'' + + # Add log link + echo ", log: " + echo ''"link"'' + + # Add tnf_config link + echo ", tnf_config: " + echo ''"link"'' + + # new line + echo "
" + } >>"$REPORT_FOLDER"/"$INDEX_FILE" + + # Only print headers once + addHeaders="" + +done <"$OPERATOR_LIST_PATH" + +# Resetting project to default +oc project default + +# closing html file +echo '' >>"$REPORT_FOLDER"/"$INDEX_FILE" +echo "DONE" From 4bc95905fbb1ada15f35b7ac264e0b792e8f9593 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 29 Nov 2023 15:32:31 +0200 Subject: [PATCH 29/62] Update RHCOS to OCP version map (#1669) Co-authored-by: sebrandon1 --- .../platform/operatingsystem/files/rhcos_version_map | 1 + 1 file changed, 1 insertion(+) diff --git a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map index dd834c8e5..cc2df7898 100644 --- a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map +++ b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map @@ -137,6 +137,7 @@ 4.11.51 / 411.86.202310091037-0 4.11.52 / 411.86.202310140407-0 4.11.53 / 411.86.202310261237-0 +4.11.54 / 411.86.202311221858-0 4.11.6 / 411.86.202209211811-0 4.11.7 / 411.86.202209211811-0 4.11.8 / 411.86.202210032349-0 From c6af662f06a7bb546740e6d93ef4fa3587f7cc11 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Nov 2023 00:14:29 +0200 Subject: [PATCH 30/62] Bump github.com/onsi/ginkgo/v2 from 2.13.1 to 2.13.2 (#1671) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.13.1 to 2.13.2. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.13.1...v2.13.2) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 76f322235..9c8fc52c0 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require k8s.io/client-go v0.28.4 require ( github.com/kelseyhightower/envconfig v1.4.0 github.com/mittwald/go-helm-client v0.12.4 - github.com/onsi/ginkgo/v2 v2.13.1 + github.com/onsi/ginkgo/v2 v2.13.2 github.com/openshift/api v0.0.1 github.com/openshift/client-go v0.0.1 github.com/operator-framework/api v0.20.0 diff --git a/go.sum b/go.sum index 9c0c65cdb..4dd2cf050 100644 --- a/go.sum +++ b/go.sum @@ -455,8 +455,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU= -github.com/onsi/ginkgo/v2 v2.13.1/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= +github.com/onsi/ginkgo/v2 v2.13.2 h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs= +github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= From ae2981eb3e58c0012abe32636796f4de5d4433d8 Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Thu, 30 Nov 2023 15:59:31 -0600 Subject: [PATCH 31/62] Add depends-on PRs action to qe-hosted workflow (#1677) --- .github/workflows/qe-hosted.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/qe-hosted.yml b/.github/workflows/qe-hosted.yml index ae00fbdc4..e66c2be15 100644 --- a/.github/workflows/qe-hosted.yml +++ b/.github/workflows/qe-hosted.yml @@ -49,6 +49,11 @@ jobs: - name: Run initial setup uses: ./.github/actions/setup + - name: Extract dependent Pull Requests + uses: depends-on/depends-on-action@main + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Install dependencies run: | sudo apt-get update From 060cefd142573df870cc528ef7049cd9db278110 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 09:11:24 -0600 Subject: [PATCH 32/62] Bump github.com/deckarep/golang-set/v2 from 2.4.0 to 2.5.0 (#1674) Bumps [github.com/deckarep/golang-set/v2](https://github.com/deckarep/golang-set) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/deckarep/golang-set/releases) - [Commits](https://github.com/deckarep/golang-set/compare/v2.4.0...v2.5.0) --- updated-dependencies: - dependency-name: github.com/deckarep/golang-set/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gonzalo Reyero Ferreras <87083379+greyerof@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 9c8fc52c0..f0a3d38d6 100644 --- a/go.mod +++ b/go.mod @@ -207,7 +207,7 @@ require ( ) require ( - github.com/deckarep/golang-set/v2 v2.4.0 + github.com/deckarep/golang-set/v2 v2.5.0 github.com/fatih/color v1.16.0 github.com/go-logr/logr v1.3.0 github.com/go-logr/stdr v1.2.2 diff --git a/go.sum b/go.sum index 4dd2cf050..3544d4a0f 100644 --- a/go.sum +++ b/go.sum @@ -132,8 +132,8 @@ github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/deckarep/golang-set/v2 v2.4.0 h1:DnfgWKdhvHM8Kihdw9fKWXd08EdsPiyoHsk5bfsmkNI= -github.com/deckarep/golang-set/v2 v2.4.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4= +github.com/deckarep/golang-set/v2 v2.5.0 h1:hn6cEZtQ0h3J8kFrHR/NrzyOoTnjgW1+FmNJzQ7y/sA= +github.com/deckarep/golang-set/v2 v2.5.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4= github.com/distribution/distribution v2.7.1+incompatible h1:aGFx4EvJWKEh//lHPLwFhFgwFHKH06TzNVPamrMn04M= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= From 3e6383d2dd055376dc67c1c04008b33ccc531346 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 09:12:55 -0600 Subject: [PATCH 33/62] Update RHCOS to OCP version map (#1678) Co-authored-by: sebrandon1 --- .../platform/operatingsystem/files/rhcos_version_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map index cc2df7898..c5edbb888 100644 --- a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map +++ b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map @@ -225,6 +225,7 @@ 4.13.22 / 413.92.202311061658-0 4.13.23 / 413.92.202311151359-0 4.13.24 / 413.92.202311212041-0 +4.13.25 / 413.92.202311281619-0 4.13.3 / 413.92.202306070210-0 4.13.4 / 413.92.202306141213-0 4.13.5 / 413.92.202307140015-0 @@ -250,6 +251,7 @@ 4.14.2 / 414.92.202311061957-0 4.14.3 / 414.92.202311150705-0 4.14.4 / 414.92.202311222314-0 +4.14.5 / 414.92.202311281318-0 4.4.0 / 44.81.202004260825-0 4.4.0-rc.0 / 44.81.202003110830-0 4.4.0-rc.1 / 44.81.202003130330-0 From 5b1d5fa27a63d5df643fc45ba006168946faab20 Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Fri, 1 Dec 2023 12:14:48 -0600 Subject: [PATCH 34/62] Cherry pick 1-to-1 result struct change (#1675) --- .github/workflows/pre-main.yaml | 2 +- .github/workflows/qe-hosted.yml | 10 +- cmd/tnf/claim/compare/testcases/testcases.go | 8 +- .../claim/compare/testcases/testcases_test.go | 96 ++-- .../testdata/claim_access_control.json | 538 ++++++------------ .../compare/testdata/claim_observability.json | 535 ++++++----------- cmd/tnf/claim/show/csv/csv.go | 16 +- cmd/tnf/claim/show/failures/failures.go | 2 +- cmd/tnf/claim/show/failures/failures_test.go | 2 +- .../claim/show/failures/testdata/claim1.json | 22 +- .../claim/show/failures/testdata/claim2.json | 22 +- cmd/tnf/pkg/claim/claim.go | 4 +- cmd/tnf/pkg/claim/claim_test.go | 6 +- cnf-certification-test/results/results.go | 13 +- version.json | 4 +- 15 files changed, 449 insertions(+), 831 deletions(-) diff --git a/.github/workflows/pre-main.yaml b/.github/workflows/pre-main.yaml index 9c2ea5eba..6a6716f18 100644 --- a/.github/workflows/pre-main.yaml +++ b/.github/workflows/pre-main.yaml @@ -14,7 +14,7 @@ env: OCT_IMAGE_NAME: testnetworkfunction/oct OCT_IMAGE_TAG: latest GRADETOOL_IMAGE_NAME: testnetworkfunction/gradetool - GRADETOOL_IMAGE_TAG: latest + GRADETOOL_IMAGE_TAG: test1 TNF_CONTAINER_CLIENT: docker TNF_NON_INTRUSIVE_ONLY: false TNF_ALLOW_PREFLIGHT_INSECURE: false diff --git a/.github/workflows/qe-hosted.yml b/.github/workflows/qe-hosted.yml index e66c2be15..c6e2b28ed 100644 --- a/.github/workflows/qe-hosted.yml +++ b/.github/workflows/qe-hosted.yml @@ -49,11 +49,6 @@ jobs: - name: Run initial setup uses: ./.github/actions/setup - - name: Extract dependent Pull Requests - uses: depends-on/depends-on-action@main - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies run: | sudo apt-get update @@ -95,6 +90,11 @@ jobs: repository: ${{ env.QE_REPO }} path: cnfcert-tests-verification + - name: Extract dependent Pull Requests + uses: depends-on/depends-on-action@main + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run the tests uses: nick-fields/retry@v2 with: diff --git a/cmd/tnf/claim/compare/testcases/testcases.go b/cmd/tnf/claim/compare/testcases/testcases.go index 353789816..022dcb648 100644 --- a/cmd/tnf/claim/compare/testcases/testcases.go +++ b/cmd/tnf/claim/compare/testcases/testcases.go @@ -34,11 +34,9 @@ type DiffReport struct { func getTestCasesResultsMap(testSuiteResults claim.TestSuiteResults) map[string]string { testCaseResults := map[string]string{} - for _, results := range testSuiteResults { - for i := range results { - testCase := results[i] - testCaseResults[testCase.TestID.ID] = testCase.State - } + //nolint:gocritic + for _, testCase := range testSuiteResults { + testCaseResults[testCase.TestID.ID] = testCase.State } return testCaseResults diff --git a/cmd/tnf/claim/compare/testcases/testcases_test.go b/cmd/tnf/claim/compare/testcases/testcases_test.go index 25fa2b7ce..3a76403be 100644 --- a/cmd/tnf/claim/compare/testcases/testcases_test.go +++ b/cmd/tnf/claim/compare/testcases/testcases_test.go @@ -27,13 +27,11 @@ func TestGetTestCasesResultsMap(t *testing.T) { { description: "one test case in the access-control ts", results: claim.TestSuiteResults{ - "access-control": []claim.TestCaseResult{ - { - TestID: claim.TestCaseID{ - ID: "access-control-ssh-daemons", - }, - State: "skipped", + "access-control": claim.TestCaseResult{ + TestID: claim.TestCaseID{ + ID: "access-control-ssh-daemons", }, + State: "skipped", }, }, expectedTestCasesResultsMap: map[string]string{ @@ -43,33 +41,29 @@ func TestGetTestCasesResultsMap(t *testing.T) { { description: "two test suites with two test cases each", results: claim.TestSuiteResults{ - "access-control": []claim.TestCaseResult{ - { - TestID: claim.TestCaseID{ - ID: "access-control-ssh-daemons", - }, - State: "skipped", + "access-control-ssh-daemons": claim.TestCaseResult{ + TestID: claim.TestCaseID{ + ID: "access-control-ssh-daemons", }, - { - TestID: claim.TestCaseID{ - ID: "access-control-sys-admin-capability-check", - }, - State: "passed", + State: "skipped", + }, + "access-control-sys-admin-capability-check": claim.TestCaseResult{ + TestID: claim.TestCaseID{ + ID: "access-control-sys-admin-capability-check", }, + State: "passed", }, - "lifecycle": []claim.TestCaseResult{ - { - TestID: claim.TestCaseID{ - ID: "lifecycle-pod-scheduling", - }, - State: "skipped", + "lifecycle-pod-scheduling": claim.TestCaseResult{ + TestID: claim.TestCaseID{ + ID: "lifecycle-pod-scheduling", }, - { - TestID: claim.TestCaseID{ - ID: "lifecycle-pod-high-availability", - }, - State: "failed", + State: "skipped", + }, + "lifecycle-pod-high-availability": claim.TestCaseResult{ + TestID: claim.TestCaseID{ + ID: "lifecycle-pod-high-availability", }, + State: "failed", }, }, expectedTestCasesResultsMap: map[string]string{ @@ -210,9 +204,9 @@ func TestGetDiffReport(t *testing.T) { }{ { description: "results1 empty, results2 with one tc result", - results1: map[string][]claim.TestCaseResult{}, - results2: map[string][]claim.TestCaseResult{ - "access-control": {{TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}}, + results1: map[string]claim.TestCaseResult{}, + results2: map[string]claim.TestCaseResult{ + "access-control": {TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}, }, expectedDiffReport: DiffReport{ Claim1ResultsSummary: TcResultsSummary{}, @@ -229,11 +223,11 @@ func TestGetDiffReport(t *testing.T) { }, { description: "results1 and results2 have the same passing tc", - results1: map[string][]claim.TestCaseResult{ - "access-control": {{TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}}, + results1: map[string]claim.TestCaseResult{ + "access-control": {TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}, }, - results2: map[string][]claim.TestCaseResult{ - "access-control": {{TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}}, + results2: map[string]claim.TestCaseResult{ + "access-control": {TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}, }, expectedDiffReport: DiffReport{ Claim1ResultsSummary: TcResultsSummary{Passed: 1}, @@ -244,11 +238,11 @@ func TestGetDiffReport(t *testing.T) { }, { description: "results1 and results2 have same tc with different result", - results1: map[string][]claim.TestCaseResult{ - "access-control": {{TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}}, + results1: map[string]claim.TestCaseResult{ + "access-control": {TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}, }, - results2: map[string][]claim.TestCaseResult{ - "access-control": {{TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "failed"}}, + results2: map[string]claim.TestCaseResult{ + "access-control": {TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "failed"}, }, expectedDiffReport: DiffReport{ Claim1ResultsSummary: TcResultsSummary{Passed: 1}, @@ -259,13 +253,13 @@ func TestGetDiffReport(t *testing.T) { }, { description: "results1 and results2 have the same two tcs from different test suites, both with different results", - results1: map[string][]claim.TestCaseResult{ - "access-control": {{TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}}, - "lifecycle": {{TestID: claim.TestCaseID{ID: "lifecycle-pod-scheduling"}, State: "failed"}}, + results1: map[string]claim.TestCaseResult{ + "access-control": {TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}, + "lifecycle": {TestID: claim.TestCaseID{ID: "lifecycle-pod-scheduling"}, State: "failed"}, }, - results2: map[string][]claim.TestCaseResult{ - "access-control": {{TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "failed"}}, - "lifecycle": {{TestID: claim.TestCaseID{ID: "lifecycle-pod-scheduling"}, State: "passed"}}, + results2: map[string]claim.TestCaseResult{ + "access-control": {TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "failed"}, + "lifecycle": {TestID: claim.TestCaseID{ID: "lifecycle-pod-scheduling"}, State: "passed"}, }, expectedDiffReport: DiffReport{ Claim1ResultsSummary: TcResultsSummary{Passed: 1, Failed: 1}, @@ -279,13 +273,13 @@ func TestGetDiffReport(t *testing.T) { }, { description: "one same test case result and another different", - results1: map[string][]claim.TestCaseResult{ - "access-control": {{TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}}, - "lifecycle": {{TestID: claim.TestCaseID{ID: "lifecycle-pod-scheduling"}, State: "failed"}}, + results1: map[string]claim.TestCaseResult{ + "access-control": {TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}, + "lifecycle": {TestID: claim.TestCaseID{ID: "lifecycle-pod-scheduling"}, State: "failed"}, }, - results2: map[string][]claim.TestCaseResult{ - "access-control": {{TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}}, - "lifecycle": {{TestID: claim.TestCaseID{ID: "lifecycle-pod-scheduling"}, State: "skipped"}}, + results2: map[string]claim.TestCaseResult{ + "access-control": {TestID: claim.TestCaseID{ID: "access-control-ssh-daemons"}, State: "passed"}, + "lifecycle": {TestID: claim.TestCaseID{ID: "lifecycle-pod-scheduling"}, State: "skipped"}, }, expectedDiffReport: DiffReport{ Claim1ResultsSummary: TcResultsSummary{Passed: 1, Failed: 1}, diff --git a/cmd/tnf/claim/compare/testdata/claim_access_control.json b/cmd/tnf/claim/compare/testdata/claim_access_control.json index 064f21492..6b5bd6ab1 100644 --- a/cmd/tnf/claim/compare/testdata/claim_access_control.json +++ b/cmd/tnf/claim/compare/testdata/claim_access_control.json @@ -9239,8 +9239,7 @@ "testsExtraInfo": "" }, "results": { - "access-control-bpf-capability-check": [ - { + "access-control-bpf-capability-check": { "capturedTestOutput": "Non compliant [BPF container: xdp-c pod: xdp ns: tnf \u0026Capabilities{Add:[BPF PERFMON NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"BPF\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "No Doc Link - Telco", @@ -9266,10 +9265,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-cluster-role-bindings": [ - { + }, + "access-control-cluster-role-bindings": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using a cluster role binding\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-security-rbac", @@ -9295,10 +9292,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-container-host-port": [ - { + }, + "access-control-container-host-port": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Host port is not configured\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-accessing-resource-on-host", @@ -9324,10 +9319,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-crd-roles": [ - { + }, + "access-control-crd-roles": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-custom-role-to-access-application-crds", @@ -9353,10 +9346,8 @@ "suite": "access-control", "tags": "extended" } - } - ], - "access-control-ipc-lock-capability-check": [ - { + }, + "access-control-ipc-lock-capability-check": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipc_lock", @@ -9382,10 +9373,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-namespace": [ - { + }, + "access-control-namespace": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"tnf\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"tnf\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"tnf\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\"],\"ObjectFieldsValues\":[\"Namespace has valid prefix\",\"tnf\"]},{\"ObjectType\":\"Namespace\",\"ObjectFieldsKeys\":[\"Reason For Compliance\"],\"ObjectFieldsValues\":[\"CRs are in the configured namespaces\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requirements-cnf-reqs", @@ -9411,10 +9400,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-namespace-resource-quota": [ - { + }, + "access-control-namespace-resource-quota": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is running in a namespace that has a ResourceQuota applied\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-memory-allocation", @@ -9440,10 +9427,8 @@ "suite": "access-control", "tags": "extended" } - } - ], - "access-control-net-admin-capability-check": [ - { + }, + "access-control-net-admin-capability-check": { "capturedTestOutput": "Non compliant [NET_ADMIN container: test pod: test-765d6b8dcf-gbvsd ns: tnf \u0026Capabilities{Add:[NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\nNon compliant [NET_ADMIN container: test pod: test-765d6b8dcf-s768n ns: tnf \u0026Capabilities{Add:[NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\nNon compliant [NET_ADMIN container: xdp-c pod: xdp ns: tnf \u0026Capabilities{Add:[BPF PERFMON NET_ADMIN],Drop:[],}] capability detected in container %!s(MISSING). All container caps: %!s(MISSING)\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"NET_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"xdp\",\"xdp-c\",\"NET_ADMIN\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-net_admin", @@ -9469,10 +9454,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-net-raw-capability-check": [ - { + }, + "access-control-net-raw-capability-check": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-user-plane-cnfs", @@ -9498,10 +9481,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-no-1337-uid": [ - { + }, + "access-control-no-1337-uid": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not using securityContext RunAsUser 1337\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "No Doc Link - Extended", @@ -9527,10 +9508,8 @@ "suite": "access-control", "tags": "extended" } - } - ], - "access-control-one-process-per-container": [ - { + }, + "access-control-one-process-per-container": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has only one process running\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-one-process-per-container", @@ -9556,10 +9535,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-pod-automount-service-account-token": [ - { + }, + "access-control-pod-automount-service-account-token": { "capturedTestOutput": "Pod [xdp] has been found with default service account name.\n", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-automount-services-for-pods", @@ -9585,10 +9562,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-pod-host-ipc": [ - { + }, + "access-control-pod-host-ipc": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostIpc is not set to true\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -9614,10 +9589,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-pod-host-network": [ - { + }, + "access-control-pod-host-network": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Host network is not set to true\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-the-host-network-namespace", @@ -9643,10 +9616,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-pod-host-path": [ - { + }, + "access-control-pod-host-path": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Hostpath path is not set\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -9672,10 +9643,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-pod-host-pid": [ - { + }, + "access-control-pod-host-pid": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"HostPid is not set to true\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -9701,10 +9670,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-pod-role-bindings": [ - { + }, + "access-control-pod-role-bindings": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"All the role bindings used by this pod (applied by the service accounts) live in the same namespace\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"The serviceAccountName is either empty or default\",\"tnf\",\"xdp\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-security-rbac", @@ -9730,10 +9697,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-pod-service-account": [ - { + }, + "access-control-pod-service-account": { "capturedTestOutput": "Pod [xdp tnf] (ns: %!s(MISSING)) does not have a valid service account name.\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod has a service account name\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod does not have a valid service account name\",\"tnf\",\"xdp\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-scc-permissions-for-an-application", @@ -9759,10 +9724,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-projected-volume-service-account-token": [ - { + }, + "access-control-projected-volume-service-account-token": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"the pod is not using a projected volume for service account access\",\"tnf\",\"test-765d6b8dcf-s768n\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ProjectedVolume\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Projected Volume Name\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\",\"Projected Volume SA Token\"],\"ObjectFieldsValues\":[\"the projected volume Service account token field is not nil\",\"tnf\",\"xdp\",\"kube-api-access-t8lpx\",\"\\u0026ServiceAccountTokenProjection{Audience:,ExpirationSeconds:*3607,Path:token,}\",\"nil\",\"nil\",\"nil\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-automount-services-for-pods", @@ -9788,10 +9751,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-requests-and-limits": [ - { + }, + "access-control-requests-and-limits": { "capturedTestOutput": "Container has been found missing resource limits: [container: xdp-c pod: xdp ns: tnf]\nContainer has been found missing resource requests: [container: xdp-c pod: xdp ns: tnf]\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container has resource requests and limits\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is missing resource requests or limits\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requests/limits", @@ -9817,10 +9778,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-security-context": [ - { + }, + "access-control-security-context": { "capturedTestOutput": "containerSCC [container: test pod: test-0 ns: tnf {false false false false false true false true false true true true CategoryID1(limited access granted automatically) true true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true false] but expected %!s(MISSING) - NOK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true] - OK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category1NoUID0 \n%!(EXTRA []interface {}=[])containerSCC [container: test pod: test-1 ns: tnf {false false false false false true false true false true true true CategoryID1(limited access granted automatically) true true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true false] but expected %!s(MISSING) - NOK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [true] - OK\nRunAsNonRoot = [true] - OK\nFsGroupPresent = [true] - OK\nDropCapabilities list - OK\n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID1(limited access granted automatically)] - OK\nTesting if pod belongs to category1NoUID0 \n%!(EXTRA []interface {}=[])containerSCC [container: test pod: test-765d6b8dcf-gbvsd ns: tnf {false false false false false false false false false false false true CategoryID2(advanced networking (vlan tag, dscp, priority)) false true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID2(advanced networking (vlan tag, dscp, priority))]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID2(advanced networking (vlan tag, dscp, priority))] - OK\nTesting if pod belongs to category [CategoryID3(SRIOV and DPDK)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID3(SRIOV and DPDK)] but expected %!s(MISSING) - NOK\ncontainerSCC [container: test pod: test-765d6b8dcf-s768n ns: tnf {false false false false false false false false false false false true CategoryID2(advanced networking (vlan tag, dscp, priority)) false true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID2(advanced networking (vlan tag, dscp, priority))]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory list is as expected [CategoryID2(advanced networking (vlan tag, dscp, priority))] - OK\nTesting if pod belongs to category [CategoryID3(SRIOV and DPDK)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent is not nil - OK\n%!(EXTRA []interface {}=[])CapabilitiesCategory = [CategoryID2(advanced networking (vlan tag, dscp, priority)) CategoryID3(SRIOV and DPDK)] but expected %!s(MISSING) - NOK\ncontainerSCC [container: xdp-c pod: xdp ns: tnf {false false false false false false false false false false false false CategoryID4(anything not matching lower category) false true}] is %!v(MISSING)\nTesting if pod belongs to category [CategoryID1(limited access granted automatically)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID1NoUID0(automatically granted, basic rights with mesh networks)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID1(limited access granted automatically)] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID2(advanced networking (vlan tag, dscp, priority))]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID2(advanced networking (vlan tag, dscp, priority))] but expected %!s(MISSING) - NOK\nTesting if pod belongs to category [CategoryID3(SRIOV and DPDK)]\nAllVolumeAllowed = [true] - OK\nRunAsUserPresent = [false true] but expected %!s(MISSING) - NOK\nRunAsNonRoot = [false] - OK\nFsGroupPresent = [false true] but expected %!s(MISSING) - NOK\nRequiredDropCapabilitiesPresent = [false true] but expected %!s(MISSING) - NOK\nits didnt have all the required (MKNOD, SETUID, SETGID, KILL)/(ALL) drop value \n%!(EXTRA []interface {}=[])HostDirVolumePluginPresent = [false] - OK\nHostIPC = [false] - OK\nHostNetwork = [false] - OK\nHostPID = [false] - OK\nHostPorts = [false] - OK\nHostNetwork = [false] - OK\nPrivilegedContainer = [false] - OK\nReadOnlyRootFilesystem = [false] - OK\nSeLinuxContextPresent = [false true] but expected %!s(MISSING) expected to be non nil - NOK\nCapabilitiesCategory = [CategoryID4(anything not matching lower category) CategoryID3(SRIOV and DPDK)] but expected %!s(MISSING) - NOK\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-0\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is category 1 or category NoUID0\",\"tnf\",\"test-1\",\"test\",\"CategoryID1NoUID0(automatically granted, basic rights with mesh networks)\"]},{\"ObjectType\":\"Cnf\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Category\"],\"ObjectFieldsValues\":[\"Overall CNF category\",\"CategoryID4(anything not matching lower category)\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\",\"CategoryID4(anything not matching lower category)\"]},{\"ObjectType\":\"ContainerCategory\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"Category\"],\"ObjectFieldsValues\":[\"container category is NOT category 1 or category NoUID0\",\"tnf\",\"xdp\",\"xdp-c\",\"CategoryID4(anything not matching lower category)\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -9846,10 +9805,8 @@ "suite": "access-control", "tags": "extended" } - } - ], - "access-control-security-context-non-root-user-check": [ - { + }, + "access-control-security-context-non-root-user-check": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Root User not detected (RunAsUser uid=0)\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -9875,10 +9832,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-security-context-privilege-escalation": [ - { + }, + "access-control-security-context-privilege-escalation": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"AllowPrivilegeEscalation is set to false\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"AllowPrivilegeEscalation is set to false\",\"tnf\",\"test-1\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -9904,10 +9859,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-service-type": [ - { + }, + "access-control-service-type": { "capturedTestOutput": "{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-the-host-network-namespace", @@ -9933,10 +9886,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-ssh-daemons": [ - { + }, + "access-control-ssh-daemons": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"test-0\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"test-1\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"test-765d6b8dcf-gbvsd\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"test-765d6b8dcf-s768n\"]},{\"ObjectType\":\"Pod\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\"],\"ObjectFieldsValues\":[\"Pod is not running an SSH daemon\",\"tnf\",\"xdp\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-interaction/configuration", @@ -9962,10 +9913,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-sys-admin-capability-check": [ - { + }, + "access-control-sys-admin-capability-check": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"No forbidden capabilities detected in container\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-sys_admin", @@ -9991,10 +9940,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-sys-nice-realtime-capability": [ - { + }, + "access-control-sys-nice-realtime-capability": { "capturedTestOutput": "[container: test pod: test-0 ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: test pod: test-1 ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: test pod: test-765d6b8dcf-gbvsd ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: test pod: test-765d6b8dcf-s768n ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n[container: xdp-c pod: xdp ns: tnf] has been found running on a realtime kernel enabled node without SYS_NICE capability.\n{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is running on a realtime kernel enabled node without SYS_NICE capability\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-sys_nice", @@ -10020,10 +9967,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-sys-ptrace-capability": [ - { + }, + "access-control-sys-ptrace-capability": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-sys_ptrace", @@ -10049,10 +9994,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "affiliated-certification-container-is-certified": [ - { + }, + "affiliated-certification-container-is-certified": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-connect.gitbook.io/partner-guide-for-red-hat-openshift-and-container/certify-your-application/overview", @@ -10078,10 +10021,8 @@ "suite": "affiliated-certification", "tags": "common" } - } - ], - "affiliated-certification-container-is-certified-digest": [ - { + }, + "affiliated-certification-container-is-certified-digest": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-connect.gitbook.io/partner-guide-for-red-hat-openshift-and-container/certify-your-application/overview", @@ -10107,10 +10048,8 @@ "suite": "affiliated-certification", "tags": "common" } - } - ], - "affiliated-certification-helm-version": [ - { + }, + "affiliated-certification-helm-version": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-helm", @@ -10136,10 +10075,8 @@ "suite": "affiliated-certification", "tags": "common" } - } - ], - "affiliated-certification-helmchart-is-certified": [ - { + }, + "affiliated-certification-helmchart-is-certified": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-connect.gitbook.io/partner-guide-for-red-hat-openshift-and-container/certify-your-application/overview", @@ -10165,10 +10102,8 @@ "suite": "affiliated-certification", "tags": "common" } - } - ], - "affiliated-certification-operator-is-certified": [ - { + }, + "affiliated-certification-operator-is-certified": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements", @@ -10194,10 +10129,8 @@ "suite": "affiliated-certification", "tags": "common" } - } - ], - "lifecycle-affinity-required-pods": [ - { + }, + "lifecycle-affinity-required-pods": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10223,10 +10156,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-container-shutdown": [ - { + }, + "lifecycle-container-shutdown": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices", @@ -10252,10 +10183,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-container-startup": [ - { + }, + "lifecycle-container-startup": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices", @@ -10281,10 +10210,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-cpu-isolation": [ - { + }, + "lifecycle-cpu-isolation": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cpu-isolation", @@ -10310,10 +10237,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-crd-scaling": [ - { + }, + "lifecycle-crd-scaling": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10339,10 +10264,8 @@ "suite": "lifecycle", "tags": "common" } - } - ], - "lifecycle-deployment-scaling": [ - { + }, + "lifecycle-deployment-scaling": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10368,10 +10291,8 @@ "suite": "lifecycle", "tags": "common" } - } - ], - "lifecycle-image-pull-policy": [ - { + }, + "lifecycle-image-pull-policy": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-use-imagepullpolicy-if-not-present", @@ -10397,10 +10318,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-liveness-probe": [ - { + }, + "lifecycle-liveness-probe": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10426,10 +10345,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-persistent-volume-reclaim-policy": [ - { + }, + "lifecycle-persistent-volume-reclaim-policy": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-csi", @@ -10455,10 +10372,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-pod-high-availability": [ - { + }, + "lifecycle-pod-high-availability": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10484,10 +10399,8 @@ "suite": "lifecycle", "tags": "common" } - } - ], - "lifecycle-pod-owner-type": [ - { + }, + "lifecycle-pod-owner-type": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-no-naked-pods", @@ -10513,10 +10426,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-pod-recreation": [ - { + }, + "lifecycle-pod-recreation": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-upgrade-expectations", @@ -10542,10 +10453,8 @@ "suite": "lifecycle", "tags": "common" } - } - ], - "lifecycle-pod-scheduling": [ - { + }, + "lifecycle-pod-scheduling": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10571,10 +10480,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-pod-toleration-bypass": [ - { + }, + "lifecycle-pod-toleration-bypass": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-taints-and-tolerations", @@ -10600,10 +10507,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-readiness-probe": [ - { + }, + "lifecycle-readiness-probe": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10629,10 +10534,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-startup-probe": [ - { + }, + "lifecycle-startup-probe": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-exit-status", @@ -10658,10 +10561,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-statefulset-scaling": [ - { + }, + "lifecycle-statefulset-scaling": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10687,10 +10588,8 @@ "suite": "lifecycle", "tags": "common" } - } - ], - "lifecycle-storage-required-pods": [ - { + }, + "lifecycle-storage-required-pods": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-local-storage", @@ -10716,10 +10615,8 @@ "suite": "lifecycle", "tags": "common" } - } - ], - "manageability-container-port-name-format": [ - { + }, + "manageability-container-port-name-format": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requirements-cnf-reqs", @@ -10745,10 +10642,8 @@ "suite": "manageability", "tags": "extended" } - } - ], - "manageability-containers-image-tag": [ - { + }, + "manageability-containers-image-tag": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-image-tagging", @@ -10774,10 +10669,8 @@ "suite": "manageability", "tags": "extended" } - } - ], - "networking-dpdk-cpu-pinning-exec-probe": [ - { + }, + "networking-dpdk-cpu-pinning-exec-probe": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cpu-manager-pinning", @@ -10803,10 +10696,8 @@ "suite": "networking", "tags": "telco" } - } - ], - "networking-dual-stack-service": [ - { + }, + "networking-dual-stack-service": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipv4-\u0026-ipv6", @@ -10832,10 +10723,8 @@ "suite": "networking", "tags": "extended" } - } - ], - "networking-icmpv4-connectivity": [ - { + }, + "networking-icmpv4-connectivity": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipv4-\u0026-ipv6", @@ -10861,10 +10750,8 @@ "suite": "networking", "tags": "common" } - } - ], - "networking-icmpv4-connectivity-multus": [ - { + }, + "networking-icmpv4-connectivity-multus": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10890,10 +10777,8 @@ "suite": "networking", "tags": "telco" } - } - ], - "networking-icmpv6-connectivity": [ - { + }, + "networking-icmpv6-connectivity": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipv4-\u0026-ipv6", @@ -10919,10 +10804,8 @@ "suite": "networking", "tags": "common" } - } - ], - "networking-icmpv6-connectivity-multus": [ - { + }, + "networking-icmpv6-connectivity-multus": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10948,10 +10831,8 @@ "suite": "networking", "tags": "telco" } - } - ], - "networking-network-policy-deny-all": [ - { + }, + "networking-network-policy-deny-all": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-vrfs-aka-routing-instances", @@ -10977,10 +10858,8 @@ "suite": "networking", "tags": "common" } - } - ], - "networking-ocp-reserved-ports-usage": [ - { + }, + "networking-ocp-reserved-ports-usage": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ports-reserved-by-openshift", @@ -11006,10 +10885,8 @@ "suite": "networking", "tags": "common" } - } - ], - "networking-reserved-partner-ports": [ - { + }, + "networking-reserved-partner-ports": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Extended", @@ -11035,10 +10912,8 @@ "suite": "networking", "tags": "extended" } - } - ], - "networking-restart-on-reboot-sriov-pod": [ - { + }, + "networking-restart-on-reboot-sriov-pod": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11064,10 +10939,8 @@ "suite": "networking", "tags": "faredge" } - } - ], - "networking-undeclared-container-ports-usage": [ - { + }, + "networking-undeclared-container-ports-usage": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requirements-cnf-reqs", @@ -11093,10 +10966,8 @@ "suite": "networking", "tags": "extended" } - } - ], - "observability-container-logging": [ - { + }, + "observability-container-logging": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-logging", @@ -11122,10 +10993,8 @@ "suite": "observability", "tags": "telco" } - } - ], - "observability-crd-status": [ - { + }, + "observability-crd-status": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements", @@ -11151,10 +11020,8 @@ "suite": "observability", "tags": "common" } - } - ], - "observability-pod-disruption-budget": [ - { + }, + "observability-pod-disruption-budget": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-upgrade-expectations", @@ -11180,10 +11047,8 @@ "suite": "observability", "tags": "common" } - } - ], - "observability-termination-policy": [ - { + }, + "observability-termination-policy": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-exit-status", @@ -11209,10 +11074,8 @@ "suite": "observability", "tags": "telco" } - } - ], - "operator-install-source": [ - { + }, + "operator-install-source": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements", @@ -11238,10 +11101,8 @@ "suite": "operator", "tags": "common" } - } - ], - "operator-install-status-no-privileges": [ - { + }, + "operator-install-status-no-privileges": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements", @@ -11267,10 +11128,8 @@ "suite": "operator", "tags": "common" } - } - ], - "operator-install-status-succeeded": [ - { + }, + "operator-install-status-succeeded": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements", @@ -11296,10 +11155,8 @@ "suite": "operator", "tags": "common" } - } - ], - "performance-exclusive-cpu-pool": [ - { + }, + "performance-exclusive-cpu-pool": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11325,10 +11182,8 @@ "suite": "performance", "tags": "faredge" } - } - ], - "performance-exclusive-cpu-pool-rt-scheduling-policy": [ - { + }, + "performance-exclusive-cpu-pool-rt-scheduling-policy": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11354,10 +11209,8 @@ "suite": "performance", "tags": "faredge" } - } - ], - "performance-isolated-cpu-pool-rt-scheduling-policy": [ - { + }, + "performance-isolated-cpu-pool-rt-scheduling-policy": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11383,10 +11236,8 @@ "suite": "performance", "tags": "faredge" } - } - ], - "performance-max-resources-exec-probes": [ - { + }, + "performance-max-resources-exec-probes": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11412,10 +11263,8 @@ "suite": "performance", "tags": "faredge" } - } - ], - "performance-rt-apps-no-exec-probes": [ - { + }, + "performance-rt-apps-no-exec-probes": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11441,10 +11290,8 @@ "suite": "performance", "tags": "faredge" } - } - ], - "performance-shared-cpu-pool-non-rt-scheduling-policy": [ - { + }, + "performance-shared-cpu-pool-non-rt-scheduling-policy": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11470,10 +11317,8 @@ "suite": "performance", "tags": "faredge" } - } - ], - "platform-alteration-base-image": [ - { + }, + "platform-alteration-base-image": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-image-standards", @@ -11499,10 +11344,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-boot-params": [ - { + }, + "platform-alteration-boot-params": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-host-os", @@ -11528,10 +11371,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-hugepages-1g-only": [ - { + }, + "platform-alteration-hugepages-1g-only": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11557,10 +11398,8 @@ "suite": "platform-alteration", "tags": "faredge" } - } - ], - "platform-alteration-hugepages-2m-only": [ - { + }, + "platform-alteration-hugepages-2m-only": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-huge-pages", @@ -11586,10 +11425,8 @@ "suite": "platform-alteration", "tags": "extended" } - } - ], - "platform-alteration-hugepages-config": [ - { + }, + "platform-alteration-hugepages-config": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-huge-pages", @@ -11615,10 +11452,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-hyperthread-enable": [ - { + }, + "platform-alteration-hyperthread-enable": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Extended", @@ -11644,10 +11479,8 @@ "suite": "platform-alteration", "tags": "extended" } - } - ], - "platform-alteration-is-selinux-enforcing": [ - { + }, + "platform-alteration-is-selinux-enforcing": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-security", @@ -11673,10 +11506,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-isredhat-release": [ - { + }, + "platform-alteration-isredhat-release": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-base-images", @@ -11702,10 +11533,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-ocp-lifecycle": [ - { + }, + "platform-alteration-ocp-lifecycle": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-k8s", @@ -11731,10 +11560,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-ocp-node-os-lifecycle": [ - { + }, + "platform-alteration-ocp-node-os-lifecycle": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-host-os", @@ -11760,10 +11587,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-service-mesh-usage": [ - { + }, + "platform-alteration-service-mesh-usage": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Extended", @@ -11789,10 +11614,8 @@ "suite": "platform-alteration", "tags": "extended" } - } - ], - "platform-alteration-sysctl-config": [ - { + }, + "platform-alteration-sysctl-config": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -11818,10 +11641,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-tainted-node-kernel": [ - { + }, + "platform-alteration-tainted-node-kernel": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -11848,7 +11669,6 @@ "tags": "common" } } - ] }, "versions": { "claimFormat": "v0.1.0", diff --git a/cmd/tnf/claim/compare/testdata/claim_observability.json b/cmd/tnf/claim/compare/testdata/claim_observability.json index 269849544..bf82e4610 100644 --- a/cmd/tnf/claim/compare/testdata/claim_observability.json +++ b/cmd/tnf/claim/compare/testdata/claim_observability.json @@ -9265,8 +9265,7 @@ "testsExtraInfo": "" }, "results": { - "access-control-bpf-capability-check": [ - { + "access-control-bpf-capability-check": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Telco", @@ -9292,10 +9291,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-cluster-role-bindings": [ - { + }, + "access-control-cluster-role-bindings": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-security-rbac", @@ -9321,10 +9318,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-container-host-port": [ - { + }, + "access-control-container-host-port": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-accessing-resource-on-host", @@ -9350,10 +9345,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-crd-roles": [ - { + }, + "access-control-crd-roles": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-custom-role-to-access-application-crds", @@ -9379,10 +9372,8 @@ "suite": "access-control", "tags": "extended" } - } - ], - "access-control-ipc-lock-capability-check": [ - { + }, + "access-control-ipc-lock-capability-check": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipc_lock", @@ -9408,10 +9399,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-namespace": [ - { + }, + "access-control-namespace": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requirements-cnf-reqs", @@ -9437,10 +9426,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-namespace-resource-quota": [ - { + }, + "access-control-namespace-resource-quota": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-memory-allocation", @@ -9466,10 +9453,8 @@ "suite": "access-control", "tags": "extended" } - } - ], - "access-control-net-admin-capability-check": [ - { + }, + "access-control-net-admin-capability-check": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-net_admin", @@ -9495,10 +9480,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-net-raw-capability-check": [ - { + }, + "access-control-net-raw-capability-check": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-user-plane-cnfs", @@ -9524,10 +9507,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-no-1337-uid": [ - { + }, + "access-control-no-1337-uid": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Extended", @@ -9553,10 +9534,8 @@ "suite": "access-control", "tags": "extended" } - } - ], - "access-control-one-process-per-container": [ - { + }, + "access-control-one-process-per-container": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-one-process-per-container", @@ -9582,10 +9561,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-pod-automount-service-account-token": [ - { + }, + "access-control-pod-automount-service-account-token": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-automount-services-for-pods", @@ -9611,10 +9588,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-pod-host-ipc": [ - { + }, + "access-control-pod-host-ipc": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -9640,10 +9615,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-pod-host-network": [ - { + }, + "access-control-pod-host-network": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-the-host-network-namespace", @@ -9669,10 +9642,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-pod-host-path": [ - { + }, + "access-control-pod-host-path": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -9698,10 +9669,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-pod-host-pid": [ - { + }, + "access-control-pod-host-pid": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -9727,10 +9696,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-pod-role-bindings": [ - { + }, + "access-control-pod-role-bindings": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-security-rbac", @@ -9756,10 +9723,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-pod-service-account": [ - { + }, + "access-control-pod-service-account": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-scc-permissions-for-an-application", @@ -9785,10 +9750,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-projected-volume-service-account-token": [ - { + }, + "access-control-projected-volume-service-account-token": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-automount-services-for-pods", @@ -9814,10 +9777,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-requests-and-limits": [ - { + }, + "access-control-requests-and-limits": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requests/limits", @@ -9843,10 +9804,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-security-context": [ - { + }, + "access-control-security-context": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -9872,10 +9831,8 @@ "suite": "access-control", "tags": "extended" } - } - ], - "access-control-security-context-non-root-user-check": [ - { + }, + "access-control-security-context-non-root-user-check": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -9901,10 +9858,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-security-context-privilege-escalation": [ - { + }, + "access-control-security-context-privilege-escalation": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -9930,10 +9885,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-service-type": [ - { + }, + "access-control-service-type": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-the-host-network-namespace", @@ -9959,10 +9912,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-ssh-daemons": [ - { + }, + "access-control-ssh-daemons": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-interaction/configuration", @@ -9988,10 +9939,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-sys-admin-capability-check": [ - { + }, + "access-control-sys-admin-capability-check": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-avoid-sys_admin", @@ -10017,10 +9966,8 @@ "suite": "access-control", "tags": "common" } - } - ], - "access-control-sys-nice-realtime-capability": [ - { + }, + "access-control-sys-nice-realtime-capability": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-sys_nice", @@ -10046,10 +9993,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "access-control-sys-ptrace-capability": [ - { + }, + "access-control-sys-ptrace-capability": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-sys_ptrace", @@ -10075,10 +10020,8 @@ "suite": "access-control", "tags": "telco" } - } - ], - "affiliated-certification-container-is-certified": [ - { + }, + "affiliated-certification-container-is-certified": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-connect.gitbook.io/partner-guide-for-red-hat-openshift-and-container/certify-your-application/overview", @@ -10104,10 +10047,8 @@ "suite": "affiliated-certification", "tags": "common" } - } - ], - "affiliated-certification-container-is-certified-digest": [ - { + }, + "affiliated-certification-container-is-certified-digest": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-connect.gitbook.io/partner-guide-for-red-hat-openshift-and-container/certify-your-application/overview", @@ -10133,10 +10074,8 @@ "suite": "affiliated-certification", "tags": "common" } - } - ], - "affiliated-certification-helm-version": [ - { + }, + "affiliated-certification-helm-version": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-helm", @@ -10162,10 +10101,8 @@ "suite": "affiliated-certification", "tags": "common" } - } - ], - "affiliated-certification-helmchart-is-certified": [ - { + }, + "affiliated-certification-helmchart-is-certified": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://redhat-connect.gitbook.io/partner-guide-for-red-hat-openshift-and-container/certify-your-application/overview", @@ -10191,10 +10128,8 @@ "suite": "affiliated-certification", "tags": "common" } - } - ], - "affiliated-certification-operator-is-certified": [ - { + }, + "affiliated-certification-operator-is-certified": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements", @@ -10220,10 +10155,8 @@ "suite": "affiliated-certification", "tags": "common" } - } - ], - "lifecycle-affinity-required-pods": [ - { + }, + "lifecycle-affinity-required-pods": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10249,10 +10182,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-container-shutdown": [ - { + }, + "lifecycle-container-shutdown": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices", @@ -10278,10 +10209,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-container-startup": [ - { + }, + "lifecycle-container-startup": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cloud-native-design-best-practices", @@ -10307,10 +10236,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-cpu-isolation": [ - { + }, + "lifecycle-cpu-isolation": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cpu-isolation", @@ -10336,10 +10263,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-crd-scaling": [ - { + }, + "lifecycle-crd-scaling": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10365,10 +10290,8 @@ "suite": "lifecycle", "tags": "common" } - } - ], - "lifecycle-deployment-scaling": [ - { + }, + "lifecycle-deployment-scaling": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10394,10 +10317,8 @@ "suite": "lifecycle", "tags": "common" } - } - ], - "lifecycle-image-pull-policy": [ - { + }, + "lifecycle-image-pull-policy": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-use-imagepullpolicy-if-not-present", @@ -10423,10 +10344,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-liveness-probe": [ - { + }, + "lifecycle-liveness-probe": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10452,10 +10371,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-persistent-volume-reclaim-policy": [ - { + }, + "lifecycle-persistent-volume-reclaim-policy": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-csi", @@ -10481,10 +10398,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-pod-high-availability": [ - { + }, + "lifecycle-pod-high-availability": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10510,10 +10425,8 @@ "suite": "lifecycle", "tags": "common" } - } - ], - "lifecycle-pod-owner-type": [ - { + }, + "lifecycle-pod-owner-type": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-no-naked-pods", @@ -10539,10 +10452,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-pod-recreation": [ - { + }, + "lifecycle-pod-recreation": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-upgrade-expectations", @@ -10568,10 +10479,8 @@ "suite": "lifecycle", "tags": "common" } - } - ], - "lifecycle-pod-scheduling": [ - { + }, + "lifecycle-pod-scheduling": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10597,10 +10506,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-pod-toleration-bypass": [ - { + }, + "lifecycle-pod-toleration-bypass": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-taints-and-tolerations", @@ -10626,10 +10533,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-readiness-probe": [ - { + }, + "lifecycle-readiness-probe": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10655,10 +10560,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-startup-probe": [ - { + }, + "lifecycle-startup-probe": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-exit-status", @@ -10684,10 +10587,8 @@ "suite": "lifecycle", "tags": "telco" } - } - ], - "lifecycle-statefulset-scaling": [ - { + }, + "lifecycle-statefulset-scaling": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10713,10 +10614,8 @@ "suite": "lifecycle", "tags": "common" } - } - ], - "lifecycle-storage-required-pods": [ - { + }, + "lifecycle-storage-required-pods": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-local-storage", @@ -10742,10 +10641,8 @@ "suite": "lifecycle", "tags": "common" } - } - ], - "manageability-container-port-name-format": [ - { + }, + "manageability-container-port-name-format": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requirements-cnf-reqs", @@ -10771,10 +10668,8 @@ "suite": "manageability", "tags": "extended" } - } - ], - "manageability-containers-image-tag": [ - { + }, + "manageability-containers-image-tag": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-image-tagging", @@ -10800,10 +10695,8 @@ "suite": "manageability", "tags": "extended" } - } - ], - "networking-dpdk-cpu-pinning-exec-probe": [ - { + }, + "networking-dpdk-cpu-pinning-exec-probe": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cpu-manager-pinning", @@ -10829,10 +10722,8 @@ "suite": "networking", "tags": "telco" } - } - ], - "networking-dual-stack-service": [ - { + }, + "networking-dual-stack-service": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipv4-\u0026-ipv6", @@ -10858,10 +10749,8 @@ "suite": "networking", "tags": "extended" } - } - ], - "networking-icmpv4-connectivity": [ - { + }, + "networking-icmpv4-connectivity": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipv4-\u0026-ipv6", @@ -10887,10 +10776,8 @@ "suite": "networking", "tags": "common" } - } - ], - "networking-icmpv4-connectivity-multus": [ - { + }, + "networking-icmpv4-connectivity-multus": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10916,10 +10803,8 @@ "suite": "networking", "tags": "telco" } - } - ], - "networking-icmpv6-connectivity": [ - { + }, + "networking-icmpv6-connectivity": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ipv4-\u0026-ipv6", @@ -10945,10 +10830,8 @@ "suite": "networking", "tags": "common" } - } - ], - "networking-icmpv6-connectivity-multus": [ - { + }, + "networking-icmpv6-connectivity-multus": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -10974,10 +10857,8 @@ "suite": "networking", "tags": "telco" } - } - ], - "networking-network-policy-deny-all": [ - { + }, + "networking-network-policy-deny-all": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-vrfs-aka-routing-instances", @@ -11003,10 +10884,8 @@ "suite": "networking", "tags": "common" } - } - ], - "networking-ocp-reserved-ports-usage": [ - { + }, + "networking-ocp-reserved-ports-usage": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-ports-reserved-by-openshift", @@ -11032,10 +10911,8 @@ "suite": "networking", "tags": "common" } - } - ], - "networking-reserved-partner-ports": [ - { + }, + "networking-reserved-partner-ports": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Extended", @@ -11061,10 +10938,8 @@ "suite": "networking", "tags": "extended" } - } - ], - "networking-restart-on-reboot-sriov-pod": [ - { + }, + "networking-restart-on-reboot-sriov-pod": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11090,10 +10965,8 @@ "suite": "networking", "tags": "faredge" } - } - ], - "networking-undeclared-container-ports-usage": [ - { + }, + "networking-undeclared-container-ports-usage": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-requirements-cnf-reqs", @@ -11119,9 +10992,8 @@ "suite": "networking", "tags": "extended" } - } - ], - "observability-container-logging": [ + }, + "observability-container-logging": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Found log line to stderr/stdout\",\"tnf\",\"xdp\",\"xdp-c\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { @@ -11148,10 +11020,8 @@ "suite": "observability", "tags": "telco" } - } - ], - "observability-crd-status": [ - { + }, + "observability-crd-status": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Custom Resource Definition\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Custom Resource Definition Name\",\"Custom Resource Definition Version\"],\"ObjectFieldsValues\":[\"Crd has a status sub resource set\",\"crdexamples.test-network-function.com\",\"v1\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements", @@ -11177,9 +11047,8 @@ "suite": "observability", "tags": "common" } - } - ], - "observability-pod-disruption-budget": [ + }, + "observability-pod-disruption-budget": { "capturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"StatefulSet\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"StatefulSet\",\"Pod Disruption Budget Reference\"],\"ObjectFieldsValues\":[\"StatefulSet: references PodDisruptionBudget\",\"test\",\"test-pdb-max\"]}],\"NonCompliantObjectsOut\":null}\n%!(EXTRA []interface {}=[])", "catalogInfo": { @@ -11206,9 +11075,8 @@ "suite": "observability", "tags": "common" } - } - ], - "observability-termination-policy": [ + }, + "observability-termination-policy": { "capturedTestOutput": "FAILURE: [container: xdp-c pod: xdp ns: tnf] does not have a TerminationMessagePolicy: FallbackToLogsOnError\n{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-gbvsd\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is FallbackToLogsOnError\",\"tnf\",\"test-765d6b8dcf-s768n\",\"test\"]}],\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"TerminationMessagePolicy is not FallbackToLogsOnError\",\"tnf\",\"xdp\",\"xdp-c\"]}]}\n%!(EXTRA []interface {}=[])", "catalogInfo": { @@ -11235,10 +11103,8 @@ "suite": "observability", "tags": "telco" } - } - ], - "operator-install-source": [ - { + }, + "operator-install-source": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements", @@ -11264,10 +11130,8 @@ "suite": "operator", "tags": "common" } - } - ], - "operator-install-status-no-privileges": [ - { + }, + "operator-install-status-no-privileges": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements", @@ -11293,10 +11157,8 @@ "suite": "operator", "tags": "common" } - } - ], - "operator-install-status-succeeded": [ - { + }, + "operator-install-status-succeeded": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-operator-requirements", @@ -11322,10 +11184,8 @@ "suite": "operator", "tags": "common" } - } - ], - "performance-exclusive-cpu-pool": [ - { + }, + "performance-exclusive-cpu-pool": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11351,10 +11211,8 @@ "suite": "performance", "tags": "faredge" } - } - ], - "performance-exclusive-cpu-pool-rt-scheduling-policy": [ - { + }, + "performance-exclusive-cpu-pool-rt-scheduling-policy": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11380,10 +11238,8 @@ "suite": "performance", "tags": "faredge" } - } - ], - "performance-isolated-cpu-pool-rt-scheduling-policy": [ - { + }, + "performance-isolated-cpu-pool-rt-scheduling-policy": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11409,10 +11265,8 @@ "suite": "performance", "tags": "faredge" } - } - ], - "performance-max-resources-exec-probes": [ - { + }, + "performance-max-resources-exec-probes": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11438,10 +11292,8 @@ "suite": "performance", "tags": "faredge" } - } - ], - "performance-rt-apps-no-exec-probes": [ - { + }, + "performance-rt-apps-no-exec-probes": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11467,10 +11319,8 @@ "suite": "performance", "tags": "faredge" } - } - ], - "performance-shared-cpu-pool-non-rt-scheduling-policy": [ - { + }, + "performance-shared-cpu-pool-non-rt-scheduling-policy": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11496,10 +11346,8 @@ "suite": "performance", "tags": "faredge" } - } - ], - "platform-alteration-base-image": [ - { + }, + "platform-alteration-base-image": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-image-standards", @@ -11525,10 +11373,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-boot-params": [ - { + }, + "platform-alteration-boot-params": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-host-os", @@ -11554,10 +11400,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-hugepages-1g-only": [ - { + }, + "platform-alteration-hugepages-1g-only": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Far Edge", @@ -11583,10 +11427,8 @@ "suite": "platform-alteration", "tags": "faredge" } - } - ], - "platform-alteration-hugepages-2m-only": [ - { + }, + "platform-alteration-hugepages-2m-only": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-huge-pages", @@ -11612,10 +11454,8 @@ "suite": "platform-alteration", "tags": "extended" } - } - ], - "platform-alteration-hugepages-config": [ - { + }, + "platform-alteration-hugepages-config": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-huge-pages", @@ -11641,10 +11481,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-hyperthread-enable": [ - { + }, + "platform-alteration-hyperthread-enable": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Extended", @@ -11670,10 +11508,8 @@ "suite": "platform-alteration", "tags": "extended" } - } - ], - "platform-alteration-is-selinux-enforcing": [ - { + }, + "platform-alteration-is-selinux-enforcing": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-pod-security", @@ -11699,10 +11535,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-isredhat-release": [ - { + }, + "platform-alteration-isredhat-release": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-base-images", @@ -11728,10 +11562,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-ocp-lifecycle": [ - { + }, + "platform-alteration-ocp-lifecycle": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-k8s", @@ -11757,10 +11589,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-ocp-node-os-lifecycle": [ - { + }, + "platform-alteration-ocp-node-os-lifecycle": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-host-os", @@ -11786,10 +11616,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-service-mesh-usage": [ - { + }, + "platform-alteration-service-mesh-usage": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "No Doc Link - Extended", @@ -11815,10 +11643,8 @@ "suite": "platform-alteration", "tags": "extended" } - } - ], - "platform-alteration-sysctl-config": [ - { + }, + "platform-alteration-sysctl-config": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-cnf-security", @@ -11844,10 +11670,8 @@ "suite": "platform-alteration", "tags": "common" } - } - ], - "platform-alteration-tainted-node-kernel": [ - { + }, + "platform-alteration-tainted-node-kernel": { "capturedTestOutput": "", "catalogInfo": { "bestPracticeReference": "https://test-network-function.github.io/cnf-best-practices/#cnf-best-practices-high-level-cnf-expectations", @@ -11874,7 +11698,6 @@ "tags": "common" } } - ] }, "versions": { "claimFormat": "v0.1.0", diff --git a/cmd/tnf/claim/show/csv/csv.go b/cmd/tnf/claim/show/csv/csv.go index f1f10f5c5..5dac6fd50 100644 --- a/cmd/tnf/claim/show/csv/csv.go +++ b/cmd/tnf/claim/show/csv/csv.go @@ -159,16 +159,16 @@ func buildCSV(claimScheme *claim.Schema, cnfType string, catalogMap map[string]c record = append(record, CNFNameFlag, testID, - claimScheme.Claim.Results[testID][0].TestID.Suite, - claimScheme.Claim.Results[testID][0].CatalogInfo.Description, - claimScheme.Claim.Results[testID][0].State, - claimScheme.Claim.Results[testID][0].StartTime, - claimScheme.Claim.Results[testID][0].EndTime, - claimScheme.Claim.Results[testID][0].FailureReason, - claimScheme.Claim.Results[testID][0].CapturedTestOutput, + claimScheme.Claim.Results[testID].TestID.Suite, + claimScheme.Claim.Results[testID].CatalogInfo.Description, + claimScheme.Claim.Results[testID].State, + claimScheme.Claim.Results[testID].StartTime, + claimScheme.Claim.Results[testID].EndTime, + claimScheme.Claim.Results[testID].FailureReason, + claimScheme.Claim.Results[testID].CapturedTestOutput, catalogMap[testID].Remediation, cnfType, // Append the CNF type - claimScheme.Claim.Results[testID][0].CategoryClassification[cnfType], + claimScheme.Claim.Results[testID].CategoryClassification[cnfType], ) resultsCSVRecords = append(resultsCSVRecords, record) diff --git a/cmd/tnf/claim/show/failures/failures.go b/cmd/tnf/claim/show/failures/failures.go index 7c1753006..41d82a8ae 100644 --- a/cmd/tnf/claim/show/failures/failures.go +++ b/cmd/tnf/claim/show/failures/failures.go @@ -299,7 +299,7 @@ func showFailures(_ *cobra.Command, _ []string) error { // Order test case results by test suite, using a helper map. resultsByTestSuite := map[string][]*claim.TestCaseResult{} for id := range claimScheme.Claim.Results { - tcResult := claimScheme.Claim.Results[id][0] + tcResult := claimScheme.Claim.Results[id] resultsByTestSuite[tcResult.TestID.Suite] = append(resultsByTestSuite[tcResult.TestID.Suite], &tcResult) } diff --git a/cmd/tnf/claim/show/failures/failures_test.go b/cmd/tnf/claim/show/failures/failures_test.go index c57a747c8..86cf659de 100644 --- a/cmd/tnf/claim/show/failures/failures_test.go +++ b/cmd/tnf/claim/show/failures/failures_test.go @@ -381,7 +381,7 @@ func TestGetFailedTestCasesByTestSuite(t *testing.T) { // Order test case results by test suite, using a helper map. resultsByTestSuite := map[string][]*claim.TestCaseResult{} for id := range claimScheme.Claim.Results { - tcResult := claimScheme.Claim.Results[id][0] + tcResult := claimScheme.Claim.Results[id] resultsByTestSuite[tcResult.TestID.Suite] = append( resultsByTestSuite[tcResult.TestID.Suite], &tcResult, diff --git a/cmd/tnf/claim/show/failures/testdata/claim1.json b/cmd/tnf/claim/show/failures/testdata/claim1.json index 287434596..cf18d56bf 100644 --- a/cmd/tnf/claim/show/failures/testdata/claim1.json +++ b/cmd/tnf/claim/show/failures/testdata/claim1.json @@ -1,8 +1,7 @@ { "claim": { "results": { - "access-control-sys-admin-capability-check": [ - { + "access-control-sys-admin-capability-check": { "CapturedTestOutput": "Non compliant SYS_ADMIN capability detected in container container: test pod: test-887998557-8gwwm ns: tnf. All container caps: \u0026Capabilities{Add:[SYS_ADMIN NET_ADMIN],Drop:[],}\nNon compliant SYS_ADMIN capability detected in container container: test pod: test-887998557-pr2w5 ns: tnf. All container caps: \u0026Capabilities{Add:[SYS_ADMIN NET_ADMIN],Drop:[],}\n{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-887998557-8gwwm\",\"test\",\"SYS_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-887998557-pr2w5\",\"test\",\"SYS_ADMIN\"]}]}\n", "duration": 282454, "endTime": "2023-07-18 03:37:42.095508375 -0500 CDT m=+23.133713410", @@ -28,10 +27,8 @@ "NonTelco": "Optional", "Telco": "Mandatory" } - } - ], - "access-control-sys-nice-realtime-capability": [ - { + }, + "access-control-sys-nice-realtime-capability": { "CapturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"jack-6f88b5bfb4-q5cw6\",\"jack\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"jack-6f88b5bfb4-szs8g\",\"jack\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-887998557-8gwwm\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-887998557-pr2w5\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n", "duration": 245335, "endTime": "2023-07-18 03:37:44.324268378 -0500 CDT m=+25.362473413", @@ -57,10 +54,8 @@ "NonTelco": "Optional", "Telco": "Mandatory" } - } - ], - "platform-alteration-sysctl-config": [ - { + }, + "platform-alteration-sysctl-config": { "CapturedTestOutput": "", "duration": 0, "endTime": "0001-01-01 00:00:00 +0000 UTC", @@ -86,10 +81,8 @@ "NonTelco": "Optional", "Telco": "Mandatory" } - } - ], - "platform-alteration-tainted-node-kernel": [ - { + }, + "platform-alteration-tainted-node-kernel": { "CapturedTestOutput": "", "duration": 0, "endTime": "0001-01-01 00:00:00 +0000 UTC", @@ -116,7 +109,6 @@ "Telco": "Mandatory" } } - ] }, "versions": { "claimFormat": "v0.0.1", diff --git a/cmd/tnf/claim/show/failures/testdata/claim2.json b/cmd/tnf/claim/show/failures/testdata/claim2.json index a19e16e0b..3cf9d04f4 100644 --- a/cmd/tnf/claim/show/failures/testdata/claim2.json +++ b/cmd/tnf/claim/show/failures/testdata/claim2.json @@ -1,8 +1,7 @@ { "claim": { "results": { - "access-control-sys-admin-capability-check": [ - { + "access-control-sys-admin-capability-check": { "CapturedTestOutput": "Non compliant SYS_ADMIN capability detected in container container: test pod: test-887998557-8gwwm ns: tnf. All container caps: \u0026Capabilities{Add:[SYS_ADMIN NET_ADMIN],Drop:[],}\nNon compliant SYS_ADMIN capability detected in container container: test pod: test-887998557-pr2w5 ns: tnf. All container caps: \u0026Capabilities{Add:[SYS_ADMIN NET_ADMIN],Drop:[],}\n{\"CompliantObjectsOut\":null,\"NonCompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-887998557-8gwwm\",\"test\",\"SYS_ADMIN\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Non Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\",\"SCC Capability\"],\"ObjectFieldsValues\":[\"Non compliant capability detected in container\",\"tnf\",\"test-887998557-pr2w5\",\"test\",\"SYS_ADMIN\"]}]}\n", "duration": 282454, "endTime": "2023-07-18 03:37:42.095508375 -0500 CDT m=+23.133713410", @@ -28,10 +27,8 @@ "NonTelco": "Optional", "Telco": "Mandatory" } - } - ], - "access-control-sys-nice-realtime-capability": [ - { + }, + "access-control-sys-nice-realtime-capability": { "CapturedTestOutput": "{\"CompliantObjectsOut\":[{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"jack-6f88b5bfb4-q5cw6\",\"jack\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"jack-6f88b5bfb4-szs8g\",\"jack\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-0\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-1\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-887998557-8gwwm\",\"test\"]},{\"ObjectType\":\"Container\",\"ObjectFieldsKeys\":[\"Reason For Compliance\",\"Namespace\",\"Pod Name\",\"Container Name\"],\"ObjectFieldsValues\":[\"Container is not running on a realtime kernel enabled node\",\"tnf\",\"test-887998557-pr2w5\",\"test\"]}],\"NonCompliantObjectsOut\":null}\n", "duration": 245335, "endTime": "2023-07-18 03:37:44.324268378 -0500 CDT m=+25.362473413", @@ -57,10 +54,8 @@ "NonTelco": "Optional", "Telco": "Mandatory" } - } - ], - "platform-alteration-sysctl-config": [ - { + }, + "platform-alteration-sysctl-config": { "CapturedTestOutput": "", "duration": 0, "endTime": "0001-01-01 00:00:00 +0000 UTC", @@ -86,10 +81,8 @@ "NonTelco": "Optional", "Telco": "Mandatory" } - } - ], - "platform-alteration-tainted-node-kernel": [ - { + }, + "platform-alteration-tainted-node-kernel": { "CapturedTestOutput": "", "duration": 0, "endTime": "0001-01-01 00:00:00 +0000 UTC", @@ -116,7 +109,6 @@ "Telco": "Mandatory" } } - ] }, "versions": { "claimFormat": "v0.0.1", diff --git a/cmd/tnf/pkg/claim/claim.go b/cmd/tnf/pkg/claim/claim.go index db9d92012..e8654ef20 100644 --- a/cmd/tnf/pkg/claim/claim.go +++ b/cmd/tnf/pkg/claim/claim.go @@ -10,7 +10,7 @@ import ( ) const ( - supportedClaimFormatVersion = "v0.1.0" + supportedClaimFormatVersion = "v0.2.0" ) const ( @@ -54,7 +54,7 @@ type TestCaseResult struct { } // Maps a test suite name to a list of TestCaseResult -type TestSuiteResults map[string][]TestCaseResult +type TestSuiteResults map[string]TestCaseResult type Nodes struct { NodesSummary interface{} `json:"nodeSummary"` diff --git a/cmd/tnf/pkg/claim/claim_test.go b/cmd/tnf/pkg/claim/claim_test.go index c7fe57e66..1a383b4cb 100644 --- a/cmd/tnf/pkg/claim/claim_test.go +++ b/cmd/tnf/pkg/claim/claim_test.go @@ -22,14 +22,14 @@ func TestIsClaimFormatVersionSupported(t *testing.T) { }, { claimFormatVersion: "v0.0.0", - expectedError: "claim format version v0.0.0 is not supported. Supported version is v0.1.0", + expectedError: "claim format version v0.0.0 is not supported. Supported version is v0.2.0", }, { claimFormatVersion: "v0.0.1", - expectedError: "claim format version v0.0.1 is not supported. Supported version is v0.1.0", + expectedError: "claim format version v0.0.1 is not supported. Supported version is v0.2.0", }, { - claimFormatVersion: "v0.1.0", + claimFormatVersion: "v0.2.0", expectedError: "", }, } diff --git a/cnf-certification-test/results/results.go b/cnf-certification-test/results/results.go index 5a1064241..68bbe79b1 100644 --- a/cnf-certification-test/results/results.go +++ b/cnf-certification-test/results/results.go @@ -32,7 +32,7 @@ const ( ) // results is the results map -var results = map[string][]claim.Result{} +var results = map[string]claim.Result{} // RecordResult is a hook provided to save aspects of the ginkgo.GinkgoTestDescription for a given claim.Identifier. // Multiple results for a given identifier are aggregated as an array under the same key. @@ -44,7 +44,7 @@ func RecordResult(report types.SpecReport) { //nolint:gocritic // From Ginkgo aFailureReason = report.FailureMessage() } if claimID, ok := identifiers.TestIDToClaimID[report.LeafNodeText]; ok { - results[report.LeafNodeText] = append(results[report.LeafNodeText], claim.Result{ + results[report.LeafNodeText] = claim.Result{ Duration: int(report.RunTime.Nanoseconds()), FailureLocation: report.FailureLocation().String(), FailureLineContent: report.FailureLocation().ContentsOfLine(), @@ -65,7 +65,7 @@ func RecordResult(report types.SpecReport) { //nolint:gocritic // From Ginkgo BestPracticeReference: identifiers.Catalog[claimID].BestPracticeReference, ExceptionProcess: identifiers.Catalog[claimID].ExceptionProcess, }, - }) + } if report.State == types.SpecStateAborted { testhelper.AbortTrigger = claimID.Id } @@ -80,14 +80,13 @@ func RecordResult(report types.SpecReport) { //nolint:gocritic // From Ginkgo // RecordResult. The combination of the two forms a Claim's results. func GetReconciledResults() map[string]interface{} { resultMap := make(map[string]interface{}) - for key, vals := range results { + //nolint:gocritic + for key, val := range results { // initializes the result map, if necessary if _, ok := resultMap[key]; !ok { resultMap[key] = make([]claim.Result, 0) } - for _, val := range vals { //nolint:gocritic // Only done once at the end - resultMap[key] = append(resultMap[key].([]claim.Result), val) - } + resultMap[key] = val } return resultMap } diff --git a/version.json b/version.json index f84742631..143291e83 100644 --- a/version.json +++ b/version.json @@ -1,5 +1,5 @@ { "partner_tag": "v4.5.6", - "claimFormat": "v0.1.0", - "parserTag": "v0.1.4" + "claimFormat": "v0.2.0", + "parserTag": "v0.2.0" } From 4e8206fa4c9826dd7f2d95b4d57f2eef687a5d9f Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Fri, 1 Dec 2023 14:00:11 -0600 Subject: [PATCH 35/62] Switch gradetool to latest image (main) (#1680) --- .github/workflows/pre-main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pre-main.yaml b/.github/workflows/pre-main.yaml index 6a6716f18..9c2ea5eba 100644 --- a/.github/workflows/pre-main.yaml +++ b/.github/workflows/pre-main.yaml @@ -14,7 +14,7 @@ env: OCT_IMAGE_NAME: testnetworkfunction/oct OCT_IMAGE_TAG: latest GRADETOOL_IMAGE_NAME: testnetworkfunction/gradetool - GRADETOOL_IMAGE_TAG: test1 + GRADETOOL_IMAGE_TAG: latest TNF_CONTAINER_CLIENT: docker TNF_NON_INTRUSIVE_ONLY: false TNF_ALLOW_PREFLIGHT_INSECURE: false From bee96081d18169dd23a92a23b01ff658a5d15684 Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Fri, 1 Dec 2023 16:11:42 -0600 Subject: [PATCH 36/62] Increase QE timeout to 90 minutes (#1683) --- .github/workflows/qe-hosted.yml | 2 +- .github/workflows/qe-ocp-413-intrusive.yaml | 2 +- .github/workflows/qe-ocp-413.yaml | 2 +- .github/workflows/qe-ocp-414-intrusive.yaml | 2 +- .github/workflows/qe-ocp-414.yaml | 2 +- .github/workflows/qe.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/qe-hosted.yml b/.github/workflows/qe-hosted.yml index c6e2b28ed..f63cef9d9 100644 --- a/.github/workflows/qe-hosted.yml +++ b/.github/workflows/qe-hosted.yml @@ -98,7 +98,7 @@ jobs: - name: Run the tests uses: nick-fields/retry@v2 with: - timeout_minutes: 60 + timeout_minutes: 90 max_attempts: 3 command: cd ${GITHUB_WORKSPACE}/cnfcert-tests-verification; FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features diff --git a/.github/workflows/qe-ocp-413-intrusive.yaml b/.github/workflows/qe-ocp-413-intrusive.yaml index f6187b0a7..ff3e32f8e 100644 --- a/.github/workflows/qe-ocp-413-intrusive.yaml +++ b/.github/workflows/qe-ocp-413-intrusive.yaml @@ -65,7 +65,7 @@ jobs: - name: Run the tests uses: nick-fields/retry@v2 with: - timeout_minutes: 60 + timeout_minutes: 90 max_attempts: 3 command: cd ${GITHUB_WORKSPACE}/cnfcert-tests-verification; FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=false ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features diff --git a/.github/workflows/qe-ocp-413.yaml b/.github/workflows/qe-ocp-413.yaml index 09c3e8266..fa1ca9b01 100644 --- a/.github/workflows/qe-ocp-413.yaml +++ b/.github/workflows/qe-ocp-413.yaml @@ -64,7 +64,7 @@ jobs: - name: Run the tests uses: nick-fields/retry@v2 with: - timeout_minutes: 60 + timeout_minutes: 90 max_attempts: 3 command: cd ${GITHUB_WORKSPACE}/cnfcert-tests-verification; FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features diff --git a/.github/workflows/qe-ocp-414-intrusive.yaml b/.github/workflows/qe-ocp-414-intrusive.yaml index 6a87d0f1b..e8ebf4a33 100644 --- a/.github/workflows/qe-ocp-414-intrusive.yaml +++ b/.github/workflows/qe-ocp-414-intrusive.yaml @@ -65,7 +65,7 @@ jobs: - name: Run the tests uses: nick-fields/retry@v2 with: - timeout_minutes: 60 + timeout_minutes: 90 max_attempts: 3 command: cd ${GITHUB_WORKSPACE}/cnfcert-tests-verification; FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=false ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features diff --git a/.github/workflows/qe-ocp-414.yaml b/.github/workflows/qe-ocp-414.yaml index 2b0da85a6..6b84d8572 100644 --- a/.github/workflows/qe-ocp-414.yaml +++ b/.github/workflows/qe-ocp-414.yaml @@ -64,7 +64,7 @@ jobs: - name: Run the tests uses: nick-fields/retry@v2 with: - timeout_minutes: 60 + timeout_minutes: 90 max_attempts: 3 command: cd ${GITHUB_WORKSPACE}/cnfcert-tests-verification; FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features diff --git a/.github/workflows/qe.yaml b/.github/workflows/qe.yaml index 094a40e6a..06e7ecbe4 100644 --- a/.github/workflows/qe.yaml +++ b/.github/workflows/qe.yaml @@ -106,7 +106,7 @@ jobs: - name: Run the tests uses: nick-fields/retry@v2 with: - timeout_minutes: 60 + timeout_minutes: 90 max_attempts: 3 command: cd ${GITHUB_WORKSPACE}/cnfcert-tests-verification; FEATURES=${{matrix.suite}} TNF_REPO_PATH=${GITHUB_WORKSPACE} TNF_IMAGE=${{env.TEST_TNF_IMAGE_NAME}} TNF_IMAGE_TAG=${{env.TEST_TNF_IMAGE_TAG}} DISABLE_INTRUSIVE_TESTS=true ENABLE_PARALLEL=true ENABLE_FLAKY_RETRY=true make test-features From 69454b539fac816abab2743055b255df6df2cda3 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 2 Dec 2023 13:25:20 +0200 Subject: [PATCH 37/62] Update RHCOS to OCP version map (#1685) Co-authored-by: sebrandon1 --- .../platform/operatingsystem/files/rhcos_version_map | 1 + 1 file changed, 1 insertion(+) diff --git a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map index c5edbb888..a57e76577 100644 --- a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map +++ b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map @@ -191,6 +191,7 @@ 4.12.42 / 412.86.202310302215-0 4.12.43 / 412.86.202311051457-0 4.12.44 / 412.86.202311092041-0 +4.12.45 / 412.86.202311271639-0 4.12.5 / 412.86.202302170236-0 4.12.6 / 412.86.202302282003-0 4.12.7 / 412.86.202303011010-0 From 779aa0e7a689dfa4741a76c6dd764bee898e654f Mon Sep 17 00:00:00 2001 From: David Rabkin Date: Mon, 4 Dec 2023 16:34:22 +0200 Subject: [PATCH 38/62] Fix copyright years (#1686) --- cnf-certification-test/platform/bootparams/bootparams.go | 2 +- pkg/diagnostics/diagnostics.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cnf-certification-test/platform/bootparams/bootparams.go b/cnf-certification-test/platform/bootparams/bootparams.go index c28eb5a63..a01c2a5f4 100644 --- a/cnf-certification-test/platform/bootparams/bootparams.go +++ b/cnf-certification-test/platform/bootparams/bootparams.go @@ -1,4 +1,4 @@ -// Copyright (C) 2020-2022 Red Hat, Inc. +// Copyright (C) 2020-2023 Red Hat, Inc. // // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by diff --git a/pkg/diagnostics/diagnostics.go b/pkg/diagnostics/diagnostics.go index 40b8af855..64ee450b8 100644 --- a/pkg/diagnostics/diagnostics.go +++ b/pkg/diagnostics/diagnostics.go @@ -1,4 +1,4 @@ -// Copyright (C) 2021-2022 Red Hat, Inc. +// Copyright (C) 2021-2023 Red Hat, Inc. // // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by From 232b272c597aff56c0d5176fa1c2b0d1e1895511 Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Mon, 4 Dec 2023 12:06:15 -0600 Subject: [PATCH 39/62] Prepare for v4.5.7 (#1682) --- docs/runtime-env.md | 2 +- docs/test-container.md | 10 +++++----- pkg/provider/provider.go | 2 +- pkg/provider/provider_test.go | 2 +- version.json | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/runtime-env.md b/docs/runtime-env.md index c833320d3..65a85609c 100644 --- a/docs/runtime-env.md +++ b/docs/runtime-env.md @@ -68,4 +68,4 @@ export TNF_PARTNER_REPO=registry.dfwt5g.lab:5000/testnetworkfunction ``` Note that you can also specify the debug pod image to use with `SUPPORT_IMAGE` -environment variable, default to `debug-partner:4.5.6`. +environment variable, default to `debug-partner:4.5.7`. diff --git a/docs/test-container.md b/docs/test-container.md index fa9313042..d8249b5cb 100644 --- a/docs/test-container.md +++ b/docs/test-container.md @@ -112,8 +112,8 @@ Two env vars allow to control the web artifacts and the the new tar.gz file gene ### Build locally ```shell -podman build -t cnf-certification-test:v4.5.6 \ - --build-arg TNF_VERSION=v4.5.6 \ +podman build -t cnf-certification-test:v4.5.7 \ + --build-arg TNF_VERSION=v4.5.7 \ ``` * `TNF_VERSION` value is set to a branch, a tag, or a hash of a commit that will be installed into the image @@ -125,8 +125,8 @@ The unofficial source could be a fork of the TNF repository. Use the `TNF_SRC_URL` build argument to override the URL to a source repository. ```shell -podman build -t cnf-certification-test:v4.5.6 \ - --build-arg TNF_VERSION=v4.5.6 \ +podman build -t cnf-certification-test:v4.5.7 \ + --build-arg TNF_VERSION=v4.5.7 \ --build-arg TNF_SRC_URL=https://github.com/test-network-function/cnf-certification-test . ``` @@ -135,7 +135,7 @@ podman build -t cnf-certification-test:v4.5.6 \ Specify the custom TNF image using the `-i` parameter. ```shell -./run-tnf-container.sh -i cnf-certification-test:v4.5.6 +./run-tnf-container.sh -i cnf-certification-test:v4.5.7 -t ~/tnf/config -o ~/tnf/output -l "networking,access-control" ``` diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go index be9f9d1ed..9a9053008 100644 --- a/pkg/provider/provider.go +++ b/pkg/provider/provider.go @@ -60,7 +60,7 @@ const ( cscosName = "CentOS Stream CoreOS" rhelName = "Red Hat Enterprise Linux" tnfPartnerRepoDef = "quay.io/testnetworkfunction" - supportImageDef = "debug-partner:4.5.6" + supportImageDef = "debug-partner:4.5.7" ) // Node's roles labels. Node is role R if it has **any** of the labels of each list. diff --git a/pkg/provider/provider_test.go b/pkg/provider/provider_test.go index abae97d2e..a848d1e67 100644 --- a/pkg/provider/provider_test.go +++ b/pkg/provider/provider_test.go @@ -788,7 +788,7 @@ func TestBuildImageWithVersion(t *testing.T) { { repoVar: "", supportImageVar: "", - expectedOutput: "quay.io/testnetworkfunction/debug-partner:4.5.6", + expectedOutput: "quay.io/testnetworkfunction/debug-partner:4.5.7", }, } diff --git a/version.json b/version.json index 143291e83..f2983c1b3 100644 --- a/version.json +++ b/version.json @@ -1,5 +1,5 @@ { - "partner_tag": "v4.5.6", + "partner_tag": "v4.5.7", "claimFormat": "v0.2.0", "parserTag": "v0.2.0" } From 11c322f62fb4dadf4e7f6eebf78dea932a595c8e Mon Sep 17 00:00:00 2001 From: Banashri Mandal Date: Mon, 4 Dec 2023 19:09:56 +0100 Subject: [PATCH 40/62] Fix WG done call (#1688) --- cnf-certification-test/lifecycle/podrecreation/podrecreation.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cnf-certification-test/lifecycle/podrecreation/podrecreation.go b/cnf-certification-test/lifecycle/podrecreation/podrecreation.go index 8dd2f319b..edfd3fbf4 100644 --- a/cnf-certification-test/lifecycle/podrecreation/podrecreation.go +++ b/cnf-certification-test/lifecycle/podrecreation/podrecreation.go @@ -134,8 +134,8 @@ func deletePod(pod *corev1.Pod, mode string, wg *sync.WaitGroup) error { podName := pod.Name namespace := pod.Namespace go func() { + defer wg.Done() waitPodDeleted(namespace, podName, gracePeriodSeconds, watcher) - wg.Done() }() return nil } From 14faa1c3edd621328e3518115b9179825673d29d Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Mon, 4 Dec 2023 13:14:14 -0600 Subject: [PATCH 41/62] Remove GPL commitment (#1689) --- COMMITMENT | 46 ---------------------------------------------- 1 file changed, 46 deletions(-) delete mode 100644 COMMITMENT diff --git a/COMMITMENT b/COMMITMENT deleted file mode 100644 index 47ca828a2..000000000 --- a/COMMITMENT +++ /dev/null @@ -1,46 +0,0 @@ -GPL Cooperation Commitment -Version 1.0 - -Before filing or continuing to prosecute any legal proceeding or claim -(other than a Defensive Action) arising from termination of a Covered -License, we commit to extend to the person or entity ('you') accused -of violating the Covered License the following provisions regarding -cure and reinstatement, taken from GPL version 3. As used here, the -term 'this License' refers to the specific Covered License being -enforced. - - However, if you cease all violation of this License, then your - license from a particular copyright holder is reinstated (a) - provisionally, unless and until the copyright holder explicitly - and finally terminates your license, and (b) permanently, if the - copyright holder fails to notify you of the violation by some - reasonable means prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is - reinstated permanently if the copyright holder notifies you of the - violation by some reasonable means, this is the first time you - have received notice of violation of this License (for any work) - from that copyright holder, and you cure the violation prior to 30 - days after your receipt of the notice. - -We intend this Commitment to be irrevocable, and binding and -enforceable against us and assignees of or successors to our -copyrights. - -Definitions - -'Covered License' means the GNU General Public License, version 2 -(GPLv2), the GNU Lesser General Public License, version 2.1 -(LGPLv2.1), or the GNU Library General Public License, version 2 -(LGPLv2), all as published by the Free Software Foundation. - -'Defensive Action' means a legal proceeding or claim that We bring -against you in response to a prior proceeding or claim initiated by -you or your affiliate. - -'We' means each contributor to this repository as of the date of -inclusion of this file, including subsidiaries of a corporate -contributor. - -This work is available under a Creative Commons Attribution-ShareAlike -4.0 International license (https://creativecommons.org/licenses/by-sa/4.0/). \ No newline at end of file From 2cbc8bf3f858c746b5312fb3748344376ee3d3ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Dec 2023 13:42:35 -0600 Subject: [PATCH 42/62] Bump github.com/test-network-function/privileged-daemonset (#1695) Bumps [github.com/test-network-function/privileged-daemonset](https://github.com/test-network-function/privileged-daemonset) from 1.0.15 to 1.0.16. - [Release notes](https://github.com/test-network-function/privileged-daemonset/releases) - [Commits](https://github.com/test-network-function/privileged-daemonset/compare/v1.0.15...v1.0.16) --- updated-dependencies: - dependency-name: github.com/test-network-function/privileged-daemonset dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f0a3d38d6..5935e08bb 100644 --- a/go.mod +++ b/go.mod @@ -218,7 +218,7 @@ require ( github.com/redhat-openshift-ecosystem/openshift-preflight v0.0.0-20231018165107-f04b78186455 github.com/robert-nix/ansihtml v1.0.1 github.com/test-network-function/oct v0.0.4 - github.com/test-network-function/privileged-daemonset v1.0.15 + github.com/test-network-function/privileged-daemonset v1.0.16 gopkg.in/yaml.v3 v3.0.1 gotest.tools/v3 v3.5.1 k8s.io/kubectl v0.28.4 diff --git a/go.sum b/go.sum index 3544d4a0f..34049ad5a 100644 --- a/go.sum +++ b/go.sum @@ -573,8 +573,8 @@ github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/test-network-function/oct v0.0.4 h1:rU4kps/gbAHkR0rc5WzVtTOcJt/NBcse85RaG7WTuYw= github.com/test-network-function/oct v0.0.4/go.mod h1:oOPuUMnX6YR+cl3usBJfwCllsv7Hphw9jVi7VtniAzo= -github.com/test-network-function/privileged-daemonset v1.0.15 h1:Jgjf3sa4d9OuhZRTj3oLhaaGV7PtQLVeLK/LSd9YgdE= -github.com/test-network-function/privileged-daemonset v1.0.15/go.mod h1:rDiFimleKbW2E501cNgHMYCrR52+w5Sg0a6trF2HZTo= +github.com/test-network-function/privileged-daemonset v1.0.16 h1:p0Gf1nMMJZni7ymGS/PNJDc2dfvWlHuMQSMs4nmPxVs= +github.com/test-network-function/privileged-daemonset v1.0.16/go.mod h1:rLZMATiAMrxYjWNfYuWHX2my+aV+7iTKNIsuctweEMU= github.com/test-network-function/test-network-function-claim v1.0.31 h1:Yqb9/8QPEEZO0LAIeuw65uPzDPnKSG8z/njpXAN2CJs= github.com/test-network-function/test-network-function-claim v1.0.31/go.mod h1:itpxi9Ehhv9oNC9MiSAt52SKFtJBbQ/T1njTXspl1Hk= github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= From d90d834bd0d0f077bf60e2cd393fe9f1d111ee0b Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Tue, 5 Dec 2023 16:38:08 -0600 Subject: [PATCH 43/62] Update Go to v1.21.5 (#1697) --- .github/actions/setup/action.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/merge.yaml | 2 +- .github/workflows/pre-main.yaml | 8 ++++---- .github/workflows/preflight.yml | 2 +- .github/workflows/update-rhcos-mapping.yml | 2 +- Dockerfile | 2 +- go.mod | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index 8edb6b6b2..fdd8a0752 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -16,7 +16,7 @@ runs: - name: Set up Go 1.21 uses: actions/setup-go@v4 with: - go-version: 1.21.4 + go-version: 1.21.5 cache: false - name: Disable default go problem matcher diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 83a70f93c..e9d70f999 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -45,7 +45,7 @@ jobs: - name: Set up Go 1.21 uses: actions/setup-go@v4 with: - go-version: 1.21.4 + go-version: 1.21.5 - name: Install ginkgo run: make install-tools diff --git a/.github/workflows/merge.yaml b/.github/workflows/merge.yaml index 64855646f..a8793a6df 100644 --- a/.github/workflows/merge.yaml +++ b/.github/workflows/merge.yaml @@ -24,7 +24,7 @@ jobs: - name: Set up Go 1.21 uses: actions/setup-go@v4 with: - go-version: 1.21.4 + go-version: 1.21.5 - name: Check out code into the Go module directory uses: actions/checkout@v4 diff --git a/.github/workflows/pre-main.yaml b/.github/workflows/pre-main.yaml index 9c2ea5eba..32b499400 100644 --- a/.github/workflows/pre-main.yaml +++ b/.github/workflows/pre-main.yaml @@ -41,7 +41,7 @@ jobs: - name: Set up Go 1.21 uses: actions/setup-go@v4 with: - go-version: 1.21.4 + go-version: 1.21.5 - name: Disable default go problem matcher run: echo "::remove-matcher owner=go::" @@ -113,7 +113,7 @@ jobs: - name: Set up Go 1.21 uses: actions/setup-go@v4 with: - go-version: 1.21.4 + go-version: 1.21.5 - name: Disable default go problem matcher run: echo "::remove-matcher owner=go::" @@ -179,7 +179,7 @@ jobs: - name: Set up Go 1.21 uses: actions/setup-go@v4 with: - go-version: 1.21.4 + go-version: 1.21.5 - name: Disable default go problem matcher run: echo "::remove-matcher owner=go::" @@ -334,7 +334,7 @@ jobs: - name: Set up Go 1.21 uses: actions/setup-go@v4 with: - go-version: 1.21.4 + go-version: 1.21.5 diff --git a/.github/workflows/preflight.yml b/.github/workflows/preflight.yml index 8b55e41c2..0d8a68b79 100644 --- a/.github/workflows/preflight.yml +++ b/.github/workflows/preflight.yml @@ -20,7 +20,7 @@ jobs: - name: Set up Go 1.21 uses: actions/setup-go@v4 with: - go-version: 1.21.4 + go-version: 1.21.5 - name: Disable default go problem matcher run: echo "::remove-matcher owner=go::" diff --git a/.github/workflows/update-rhcos-mapping.yml b/.github/workflows/update-rhcos-mapping.yml index 08e62c1d6..48c6aa6b9 100644 --- a/.github/workflows/update-rhcos-mapping.yml +++ b/.github/workflows/update-rhcos-mapping.yml @@ -23,7 +23,7 @@ jobs: - name: Set up Go 1.21 uses: actions/setup-go@v4 with: - go-version: 1.21.4 + go-version: 1.21.5 # This prevents any failures due to the updated rhcos_versions_map file from # making it into the PR phase. diff --git a/Dockerfile b/Dockerfile index 3717de064..f939603bb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,7 +22,7 @@ RUN \ # Install Go binary and set the PATH ENV \ GO_DL_URL=https://golang.org/dl \ - GO_BIN_TAR=go1.21.4.linux-amd64.tar.gz \ + GO_BIN_TAR=go1.21.5.linux-amd64.tar.gz \ GOPATH=/root/go ENV GO_BIN_URL_x86_64=${GO_DL_URL}/${GO_BIN_TAR} RUN \ diff --git a/go.mod b/go.mod index 5935e08bb..7b986e8c3 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/test-network-function/cnf-certification-test -go 1.21.4 +go 1.21.5 require ( github.com/Masterminds/semver/v3 v3.2.1 From b97140c4d0ce0b3a8d444c35368d453c4421e825 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Dec 2023 14:49:45 -0600 Subject: [PATCH 44/62] Bump actions/setup-go from 4 to 5 (#1700) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/merge.yaml | 2 +- .github/workflows/pre-main.yaml | 8 ++++---- .github/workflows/preflight.yml | 2 +- .github/workflows/update-rhcos-mapping.yml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e9d70f999..f69e274c0 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -43,7 +43,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Go 1.21 - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.21.5 diff --git a/.github/workflows/merge.yaml b/.github/workflows/merge.yaml index a8793a6df..df63ea946 100644 --- a/.github/workflows/merge.yaml +++ b/.github/workflows/merge.yaml @@ -22,7 +22,7 @@ jobs: steps: - name: Set up Go 1.21 - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.21.5 diff --git a/.github/workflows/pre-main.yaml b/.github/workflows/pre-main.yaml index 32b499400..97e2a2600 100644 --- a/.github/workflows/pre-main.yaml +++ b/.github/workflows/pre-main.yaml @@ -39,7 +39,7 @@ jobs: steps: - name: Set up Go 1.21 - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.21.5 @@ -111,7 +111,7 @@ jobs: steps: - name: Set up Go 1.21 - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.21.5 @@ -177,7 +177,7 @@ jobs: echo '{ "auths": {} }' >> ${PFLT_DOCKERCONFIG} - name: Set up Go 1.21 - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.21.5 @@ -332,7 +332,7 @@ jobs: # needed by depends-on-action - name: Set up Go 1.21 - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.21.5 diff --git a/.github/workflows/preflight.yml b/.github/workflows/preflight.yml index 0d8a68b79..c07d54671 100644 --- a/.github/workflows/preflight.yml +++ b/.github/workflows/preflight.yml @@ -18,7 +18,7 @@ jobs: - uses: actions/checkout@v4 - name: Set up Go 1.21 - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.21.5 diff --git a/.github/workflows/update-rhcos-mapping.yml b/.github/workflows/update-rhcos-mapping.yml index 48c6aa6b9..d8676ce88 100644 --- a/.github/workflows/update-rhcos-mapping.yml +++ b/.github/workflows/update-rhcos-mapping.yml @@ -21,7 +21,7 @@ jobs: run: make update-rhcos-versions - name: Set up Go 1.21 - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 1.21.5 From b5247701c182d4a69c5350fd2f1d41b2a7fbbf44 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 8 Dec 2023 13:00:45 +0200 Subject: [PATCH 45/62] Update RHCOS to OCP version map (#1705) Co-authored-by: sebrandon1 --- .../platform/operatingsystem/files/rhcos_version_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map index a57e76577..ae626e99c 100644 --- a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map +++ b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map @@ -138,6 +138,7 @@ 4.11.52 / 411.86.202310140407-0 4.11.53 / 411.86.202310261237-0 4.11.54 / 411.86.202311221858-0 +4.11.55 / 411.86.202311302109-0 4.11.6 / 411.86.202209211811-0 4.11.7 / 411.86.202209211811-0 4.11.8 / 411.86.202210032349-0 @@ -227,6 +228,7 @@ 4.13.23 / 413.92.202311151359-0 4.13.24 / 413.92.202311212041-0 4.13.25 / 413.92.202311281619-0 +4.13.26 / 413.92.202312042340-0 4.13.3 / 413.92.202306070210-0 4.13.4 / 413.92.202306141213-0 4.13.5 / 413.92.202307140015-0 @@ -253,6 +255,7 @@ 4.14.3 / 414.92.202311150705-0 4.14.4 / 414.92.202311222314-0 4.14.5 / 414.92.202311281318-0 +4.14.6 / 414.92.202312011602-0 4.4.0 / 44.81.202004260825-0 4.4.0-rc.0 / 44.81.202003110830-0 4.4.0-rc.1 / 44.81.202003130330-0 From ac85eb06544d223c7c8070adc130b789cafbc5fa Mon Sep 17 00:00:00 2001 From: David Rabkin Date: Mon, 11 Dec 2023 15:58:42 +0200 Subject: [PATCH 46/62] The find command requires a directory as the first argument (#1709) --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 9e7a74b0f..f35f9de13 100644 --- a/Makefile +++ b/Makefile @@ -55,7 +55,7 @@ LINKER_TNF_RELEASE_FLAGS+= -X github.com/test-network-function/cnf-certification LINKER_TNF_RELEASE_FLAGS+= -X github.com/test-network-function/cnf-certification-test/cnf-certification-test.GitPreviousRelease=${GIT_PREVIOUS_RELEASE} LINKER_TNF_RELEASE_FLAGS+= -X github.com/test-network-function/cnf-certification-test/cnf-certification-test.ClaimFormatVersion=${CLAIM_FORMAT_VERSION} PARSER_RELEASE=$(shell jq .parserTag version.json) -BASH_SCRIPTS=$(shell find -name "*.sh" -not -path "./.git/*") +BASH_SCRIPTS=$(shell find . -name "*.sh" -not -path "./.git/*") all: build From 9dd95699b593692df54bffdd9b3e760e1284b3b3 Mon Sep 17 00:00:00 2001 From: David Rabkin Date: Mon, 11 Dec 2023 17:14:10 +0200 Subject: [PATCH 47/62] Add operator versions (#1708) * Add operator versions * Fix the indentation --- cmd/tnf/claim/show/csv/csv.go | 12 +++++++++++- cmd/tnf/pkg/claim/claim.go | 11 +++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/cmd/tnf/claim/show/csv/csv.go b/cmd/tnf/claim/show/csv/csv.go index 5dac6fd50..7128b350d 100644 --- a/cmd/tnf/claim/show/csv/csv.go +++ b/cmd/tnf/claim/show/csv/csv.go @@ -143,7 +143,7 @@ func buildCSV(claimScheme *claim.Schema, cnfType string, catalogMap map[string]c // add header if flag is present (defaults to no header) if addHeaderFlag { resultsCSVRecords = append(resultsCSVRecords, []string{ - "CNFName", "testID", "Suite", + "CNFName", "OperatorVersion", "testID", "Suite", "Description", "State", "StartTime", "EndTime", "FailureReason", "Output", @@ -152,12 +152,22 @@ func buildCSV(claimScheme *claim.Schema, cnfType string, catalogMap map[string]c }) } + opVers := "" + for i, op := range claimScheme.Claim.Configurations.TestOperators { + if i == 0 { + opVers = op.Version + } else { + opVers = opVers + ", " + op.Version + } + } + for testID := range claimScheme.Claim.Results { // initialize record record := []string{} // creates and appends new CSV record record = append(record, CNFNameFlag, + opVers, testID, claimScheme.Claim.Results[testID].TestID.Suite, claimScheme.Claim.Results[testID].CatalogInfo.Description, diff --git a/cmd/tnf/pkg/claim/claim.go b/cmd/tnf/pkg/claim/claim.go index e8654ef20..2794e3280 100644 --- a/cmd/tnf/pkg/claim/claim.go +++ b/cmd/tnf/pkg/claim/claim.go @@ -63,9 +63,16 @@ type Nodes struct { CsiDriver interface{} `json:"csiDriver"` } +type TestOperator struct { + Name string `json:"name"` + Namespace string `json:"namespace"` + Version string `json:"version"` +} + type Configurations struct { - Config interface{} `json:"Config"` - AbnormalEvents []interface{} `json:"AbnormalEvents"` + Config interface{} `json:"Config"` + AbnormalEvents []interface{} `json:"AbnormalEvents"` + TestOperators []TestOperator `json:"testOperators"` } type Schema struct { From 4fd9a03100b4c60af99a3ba9bf546b394040022f Mon Sep 17 00:00:00 2001 From: David Elie-Dit-Cosaque <86730676+edcdavid@users.noreply.github.com> Date: Mon, 11 Dec 2023 11:34:10 -0600 Subject: [PATCH 48/62] extracts results.html from tar.gz and debug mode (#1706) * extracts results.html from tar.gz and debug mode * Addressing comment from David R. --- run-basic-batch-operators-test.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/run-basic-batch-operators-test.sh b/run-basic-batch-operators-test.sh index 7df11a928..89781e05d 100755 --- a/run-basic-batch-operators-test.sh +++ b/run-basic-batch-operators-test.sh @@ -29,8 +29,16 @@ OPERATORS_UNDER_TEST="" # OUTPUTS -# Report folder -REPORT_FOLDER_RELATIVE="report_$TIMESTAMP" +# Check if DEBUG mode +if [ -n "${DEBUG_RUN+any}" ]; then + echo "DEBUG_RUN is set. Running in debug mode" + # Debug folder + REPORT_FOLDER_RELATIVE="debug_$TIMESTAMP" +else + echo "DEBUG_RUN is not set. Running in non-debug mode" + # Report folder + REPORT_FOLDER_RELATIVE="report_$TIMESTAMP" +fi # Report results folder REPORT_FOLDER="$BASE_DIR"/"$REPORT_FOLDER_RELATIVE" @@ -314,11 +322,14 @@ while IFS=, read -r package_name catalog; do # merge claim.json from each operator to a single csv file ./tnf claim show csv -c "$reportDir"/claim.json -n "$package_name" -t "$CNF_TYPE" "$addHeaders" >>"$REPORT_FOLDER"/results.csv + # extract parser + tar -xvf "$reportDir"/*.tar.gz -C "$reportDir" results.html + # Add per operator links { # Add parser link echo "Results for: $package_name, parsed details:" - echo ''"link"'' + echo ''"link"'' # Add log link echo ", log: " From 19f0ed1a3157bc359efc49ee8af8048660ef14f3 Mon Sep 17 00:00:00 2001 From: David Elie-Dit-Cosaque <86730676+edcdavid@users.noreply.github.com> Date: Mon, 11 Dec 2023 11:45:21 -0600 Subject: [PATCH 49/62] Updating Telco list (#1712) --- cmd/tnf/claim/show/csv/cnf-type.json | 92 ++++++++++++---------------- 1 file changed, 40 insertions(+), 52 deletions(-) diff --git a/cmd/tnf/claim/show/csv/cnf-type.json b/cmd/tnf/claim/show/csv/cnf-type.json index 22936216f..32566906b 100644 --- a/cmd/tnf/claim/show/csv/cnf-type.json +++ b/cmd/tnf/claim/show/csv/cnf-type.json @@ -1,62 +1,50 @@ { - "advanced-cluster-management": "Telco", - "amq7-interconnect-operator": "Telco", - "amq-broker-rhel8": "Telco", - "amq-online": "Telco", - "amq-streams": "Telco", - "ansible-automation-platform-operator": "Telco", - "bare-metal-event-relay": "Telco", - "bookkeeper-operator": "Telco", - "openshift-cert-manager-operator": "Telco", - "cincinnati-operator": "Telco", - "cloud-native-postgresql": "Telco", - "cluster-logging": "Telco", - "cluster-monitoring-operator": "Telco", - "compliance-operator": "Telco", - "couchbase-enterprise-certified": "Telco", - "crunchy-postgres-operator": "Telco", + "klusterlet-product": "Telco", "elasticsearch-operator": "Telco", - "file-integrity-operator": "Telco", - "gatekeeper-operator-product": "Telco", - "gitlab-operator": "Telco", - "gitlab-runner-operator": "Telco", - "gitops-argocd-operator": "Telco", - "grafana-operator": "Telco", - "ibm-minio-operator": "Telco", - "jaeger-product": "Telco", - "keda": "Telco", - "kiali-ossm": "Telco", - "kubernetes-nmstate-operator": "Telco", - "kubevirt-hyperconverged": "Telco", - "local-storage-operator": "Telco", - "lvms-operator": "Telco", - "mcg-operator": "Telco", - "metalLB": "Telco", - "mongodb-enterprise": "Telco", - "mtc-operator": "Telco", + "mtv-operator": "Telco", + "sandboxed-containers-operator": "Telco", + "sriov-network-operator": "Telco", "multicluster-engine": "Telco", - "nfd": "Telco", - "ocs-operator": "Telco", - "odf-csi-addons-operator": "Telco", - "odf-operator": "Telco", - "openshift-cluster-node-tuning-operator": "Telco", "openshift-gitops-operator": "Telco", + "bare-metal-event-relay": "Telco", + "jaeger-product": "Telco", + "kubevirt-hyperconverged": "Telco", + "clusterresourceoverride": "Telco", + "node-maintenance-operator": "Telco", + "costmanagement-metrics-operator": "Telco", + "loki-operator": "Telco", + "opentelemetry-product": "Telco", + "openshift-secondary-scheduler-operator": "Telco", "openshift-pipelines-operator-rh": "Telco", - "performance-addon-operator": "Telco", - "rhods-prometheus-operator": "Telco", - "PTP Fast Event Notification": "Telco", - "ptp-operator": "Telco", - "pulsar-operator": "Telco", + "dpu-network-operator": "Telco", + "devspaces": "Telco", + "jws-operator": "Telco", + "compliance-operator": "Telco", + "vertical-pod-autoscaler": "Telco", + "nfd": "Telco", "quay-operator": "Telco", + "node-observability-operator": "Telco", + "container-security-operator": "Telco", + "aws-efs-csi-driver-operator": "Telco", "redhat-oadp-operator": "Telco", - "rhacs-operator ": "Telco", + "cluster-logging": "Telco", + "quay-bridge-operator": "Telco", + "web-terminal": "Telco", + "openshift-cert-manager-operator": "Telco", + "aws-load-balancer-operator": "Telco", + "topology-aware-lifecycle-manager": "Telco", + "openshift-custom-metrics-autoscaler-operator": "Telco", + "serverless-operator": "Telco", + "metallb-operator": "Telco", "rhsso-operator": "Telco", + "external-dns-operator": "Telco", + "local-storage-operator": "Telco", + "ptp-operator": "Telco", + "numaresources-operator": "Telco", + "kubernetes-nmstate-operator": "Telco", + "self-node-remediation": "Telco", "servicemeshoperator": "Telco", - "splunk-operator": "Telco", - "sriov-fec": "Telco", - "sriov-network-operator": "Telco", - "strimzi-kafka-operator": "Telco", - "topology-aware-lifecycle-manager": "Telco", - "vault-helm": "Telco", - "zookeeper-operator": "Telco" + "file-integrity-operator": "Telco", + "kiali-ossm": "Telco", + "node-healthcheck-operator": "Telco" } From e09c4bb54dae0bb31fd4dba85392cfbc76b70887 Mon Sep 17 00:00:00 2001 From: David Elie-Dit-Cosaque <86730676+edcdavid@users.noreply.github.com> Date: Tue, 12 Dec 2023 16:49:20 -0600 Subject: [PATCH 50/62] skip operator if claim file couldn't be parsed (#1714) * skip operator if claim file couldn't be parsed * addressing comments from David R. --- run-basic-batch-operators-test.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/run-basic-batch-operators-test.sh b/run-basic-batch-operators-test.sh index 89781e05d..404a58429 100755 --- a/run-basic-batch-operators-test.sh +++ b/run-basic-batch-operators-test.sh @@ -319,6 +319,28 @@ while IFS=, read -r package_name catalog; do cleanup waitDeleteNamespace "$ns" + # Check parsing claim file + ./tnf claim show csv -c "$reportDir"/claim.json -n "$package_name" -t "$CNF_TYPE" "$addHeaders" || { + + # if parsing claim file fails, skip this operator + # Add per operator links + { + # Add error message + echo "Results for: $package_name, "'Operator installation failed due to claim parsing error, skipping test' + + # Add tnf_config link + echo ", tnf_config: " + echo ''"link"'' + + # New line + echo "
" + } >>"$REPORT_FOLDER/$INDEX_FILE" + + cleanup + + continue + } + # merge claim.json from each operator to a single csv file ./tnf claim show csv -c "$reportDir"/claim.json -n "$package_name" -t "$CNF_TYPE" "$addHeaders" >>"$REPORT_FOLDER"/results.csv From 2a5158a8ec1f18a9f52793e7e2a7b16fd6ef4193 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Dec 2023 13:13:52 -0600 Subject: [PATCH 51/62] Bump github/codeql-action from 2 to 3 (#1722) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f69e274c0..db9e08fb4 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} tools: latest @@ -64,7 +64,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -78,4 +78,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 From 82d3442b393268db758dbe9ce415cb44d819c12c Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Wed, 13 Dec 2023 14:50:49 -0600 Subject: [PATCH 52/62] Enable QE nightlies for ginkgo_removal (#1723) --- .github/workflows/qe-ocp-413-intrusive.yaml | 8 +++++++- .github/workflows/qe-ocp-413.yaml | 8 +++++++- .github/workflows/qe-ocp-414-intrusive.yaml | 8 +++++++- .github/workflows/qe-ocp-414.yaml | 8 +++++++- 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/.github/workflows/qe-ocp-413-intrusive.yaml b/.github/workflows/qe-ocp-413-intrusive.yaml index ff3e32f8e..653ba80dc 100644 --- a/.github/workflows/qe-ocp-413-intrusive.yaml +++ b/.github/workflows/qe-ocp-413-intrusive.yaml @@ -18,6 +18,11 @@ jobs: matrix: # Add more suites if more intrusive tests are added to the QE repo suite: [lifecycle] + include: + - test_suite_ref: main + qe_ref: main + - test_suite_ref: ginkgo_removal + qe_ref: ginkgo_removal env: SHELL: /bin/bash KUBECONFIG: '/home/labuser/.kube/config' @@ -32,7 +37,7 @@ jobs: - name: Check out code uses: actions/checkout@v4 with: - ref: ${{ github.sha }} + ref: ${{ matrix.test_suite_ref }} - name: Run initial setup uses: ./.github/actions/setup @@ -51,6 +56,7 @@ jobs: with: repository: ${{ env.QE_REPO }} path: cnfcert-tests-verification + ref: ${{ matrix.qe_ref }} - name: Preemptively potential QE namespaces run: ./scripts/delete-namespaces.sh diff --git a/.github/workflows/qe-ocp-413.yaml b/.github/workflows/qe-ocp-413.yaml index fa1ca9b01..c619cdec7 100644 --- a/.github/workflows/qe-ocp-413.yaml +++ b/.github/workflows/qe-ocp-413.yaml @@ -17,6 +17,11 @@ jobs: fail-fast: false matrix: suite: [accesscontrol, affiliatedcertification, manageability, networking, lifecycle, performance, platformalteration, observability, operator] + include: + - test_suite_ref: main + qe_ref: main + - test_suite_ref: ginkgo_removal + qe_ref: ginkgo_removal env: SHELL: /bin/bash KUBECONFIG: '/home/labuser/.kube/config' @@ -31,7 +36,7 @@ jobs: - name: Check out code uses: actions/checkout@v4 with: - ref: ${{ github.sha }} + ref: ${{ matrix.test_suite_ref }} - name: Run initial setup uses: ./.github/actions/setup @@ -50,6 +55,7 @@ jobs: with: repository: ${{ env.QE_REPO }} path: cnfcert-tests-verification + ref: ${{ matrix.qe_ref }} - name: Preemptively potential QE namespaces run: ./scripts/delete-namespaces.sh diff --git a/.github/workflows/qe-ocp-414-intrusive.yaml b/.github/workflows/qe-ocp-414-intrusive.yaml index e8ebf4a33..f4f21c573 100644 --- a/.github/workflows/qe-ocp-414-intrusive.yaml +++ b/.github/workflows/qe-ocp-414-intrusive.yaml @@ -18,6 +18,11 @@ jobs: matrix: # Add more suites if more intrusive tests are added to the QE repo suite: [lifecycle] + include: + - test_suite_ref: main + qe_ref: main + - test_suite_ref: ginkgo_removal + qe_ref: ginkgo_removal env: SHELL: /bin/bash KUBECONFIG: '/home/labuser2/.kube/config' @@ -32,7 +37,7 @@ jobs: - name: Check out code uses: actions/checkout@v4 with: - ref: ${{ github.sha }} + ref: ${{ matrix.test_suite_ref }} - name: Run initial setup uses: ./.github/actions/setup @@ -51,6 +56,7 @@ jobs: with: repository: ${{ env.QE_REPO }} path: cnfcert-tests-verification + ref: ${{ matrix.qe_ref }} - name: Preemptively potential QE namespaces run: ./scripts/delete-namespaces.sh diff --git a/.github/workflows/qe-ocp-414.yaml b/.github/workflows/qe-ocp-414.yaml index 6b84d8572..3ceba7733 100644 --- a/.github/workflows/qe-ocp-414.yaml +++ b/.github/workflows/qe-ocp-414.yaml @@ -17,6 +17,11 @@ jobs: fail-fast: false matrix: suite: [accesscontrol, affiliatedcertification, manageability, networking, lifecycle, performance, platformalteration, observability, operator] + include: + - test_suite_ref: main + qe_ref: main + - test_suite_ref: ginkgo_removal + qe_ref: ginkgo_removal env: SHELL: /bin/bash KUBECONFIG: '/home/labuser2/.kube/config' @@ -31,7 +36,7 @@ jobs: - name: Check out code uses: actions/checkout@v4 with: - ref: ${{ github.sha }} + ref: ${{ matrix.test_suite_ref }} - name: Run initial setup uses: ./.github/actions/setup @@ -50,6 +55,7 @@ jobs: with: repository: ${{ env.QE_REPO }} path: cnfcert-tests-verification + ref: ${{ matrix.qe_ref }} - name: Preemptively potential QE namespaces run: ./scripts/delete-namespaces.sh From 8f517bad38dbea4afa9ec8ccdb99484ede142376 Mon Sep 17 00:00:00 2001 From: Brandon Palm Date: Wed, 13 Dec 2023 16:42:57 -0600 Subject: [PATCH 53/62] Revert "Enable QE nightlies for ginkgo_removal (#1723)" (#1724) This reverts commit 82d3442b393268db758dbe9ce415cb44d819c12c. --- .github/workflows/qe-ocp-413-intrusive.yaml | 8 +------- .github/workflows/qe-ocp-413.yaml | 8 +------- .github/workflows/qe-ocp-414-intrusive.yaml | 8 +------- .github/workflows/qe-ocp-414.yaml | 8 +------- 4 files changed, 4 insertions(+), 28 deletions(-) diff --git a/.github/workflows/qe-ocp-413-intrusive.yaml b/.github/workflows/qe-ocp-413-intrusive.yaml index 653ba80dc..ff3e32f8e 100644 --- a/.github/workflows/qe-ocp-413-intrusive.yaml +++ b/.github/workflows/qe-ocp-413-intrusive.yaml @@ -18,11 +18,6 @@ jobs: matrix: # Add more suites if more intrusive tests are added to the QE repo suite: [lifecycle] - include: - - test_suite_ref: main - qe_ref: main - - test_suite_ref: ginkgo_removal - qe_ref: ginkgo_removal env: SHELL: /bin/bash KUBECONFIG: '/home/labuser/.kube/config' @@ -37,7 +32,7 @@ jobs: - name: Check out code uses: actions/checkout@v4 with: - ref: ${{ matrix.test_suite_ref }} + ref: ${{ github.sha }} - name: Run initial setup uses: ./.github/actions/setup @@ -56,7 +51,6 @@ jobs: with: repository: ${{ env.QE_REPO }} path: cnfcert-tests-verification - ref: ${{ matrix.qe_ref }} - name: Preemptively potential QE namespaces run: ./scripts/delete-namespaces.sh diff --git a/.github/workflows/qe-ocp-413.yaml b/.github/workflows/qe-ocp-413.yaml index c619cdec7..fa1ca9b01 100644 --- a/.github/workflows/qe-ocp-413.yaml +++ b/.github/workflows/qe-ocp-413.yaml @@ -17,11 +17,6 @@ jobs: fail-fast: false matrix: suite: [accesscontrol, affiliatedcertification, manageability, networking, lifecycle, performance, platformalteration, observability, operator] - include: - - test_suite_ref: main - qe_ref: main - - test_suite_ref: ginkgo_removal - qe_ref: ginkgo_removal env: SHELL: /bin/bash KUBECONFIG: '/home/labuser/.kube/config' @@ -36,7 +31,7 @@ jobs: - name: Check out code uses: actions/checkout@v4 with: - ref: ${{ matrix.test_suite_ref }} + ref: ${{ github.sha }} - name: Run initial setup uses: ./.github/actions/setup @@ -55,7 +50,6 @@ jobs: with: repository: ${{ env.QE_REPO }} path: cnfcert-tests-verification - ref: ${{ matrix.qe_ref }} - name: Preemptively potential QE namespaces run: ./scripts/delete-namespaces.sh diff --git a/.github/workflows/qe-ocp-414-intrusive.yaml b/.github/workflows/qe-ocp-414-intrusive.yaml index f4f21c573..e8ebf4a33 100644 --- a/.github/workflows/qe-ocp-414-intrusive.yaml +++ b/.github/workflows/qe-ocp-414-intrusive.yaml @@ -18,11 +18,6 @@ jobs: matrix: # Add more suites if more intrusive tests are added to the QE repo suite: [lifecycle] - include: - - test_suite_ref: main - qe_ref: main - - test_suite_ref: ginkgo_removal - qe_ref: ginkgo_removal env: SHELL: /bin/bash KUBECONFIG: '/home/labuser2/.kube/config' @@ -37,7 +32,7 @@ jobs: - name: Check out code uses: actions/checkout@v4 with: - ref: ${{ matrix.test_suite_ref }} + ref: ${{ github.sha }} - name: Run initial setup uses: ./.github/actions/setup @@ -56,7 +51,6 @@ jobs: with: repository: ${{ env.QE_REPO }} path: cnfcert-tests-verification - ref: ${{ matrix.qe_ref }} - name: Preemptively potential QE namespaces run: ./scripts/delete-namespaces.sh diff --git a/.github/workflows/qe-ocp-414.yaml b/.github/workflows/qe-ocp-414.yaml index 3ceba7733..6b84d8572 100644 --- a/.github/workflows/qe-ocp-414.yaml +++ b/.github/workflows/qe-ocp-414.yaml @@ -17,11 +17,6 @@ jobs: fail-fast: false matrix: suite: [accesscontrol, affiliatedcertification, manageability, networking, lifecycle, performance, platformalteration, observability, operator] - include: - - test_suite_ref: main - qe_ref: main - - test_suite_ref: ginkgo_removal - qe_ref: ginkgo_removal env: SHELL: /bin/bash KUBECONFIG: '/home/labuser2/.kube/config' @@ -36,7 +31,7 @@ jobs: - name: Check out code uses: actions/checkout@v4 with: - ref: ${{ matrix.test_suite_ref }} + ref: ${{ github.sha }} - name: Run initial setup uses: ./.github/actions/setup @@ -55,7 +50,6 @@ jobs: with: repository: ${{ env.QE_REPO }} path: cnfcert-tests-verification - ref: ${{ matrix.qe_ref }} - name: Preemptively potential QE namespaces run: ./scripts/delete-namespaces.sh From 1c3dc0502c09cd359be0dc347937072b0d06a571 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Dec 2023 13:30:45 -0600 Subject: [PATCH 54/62] Bump actions/upload-artifact from 3 to 4 (#1729) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pre-main.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pre-main.yaml b/.github/workflows/pre-main.yaml index 97e2a2600..4fecb7c0d 100644 --- a/.github/workflows/pre-main.yaml +++ b/.github/workflows/pre-main.yaml @@ -239,7 +239,7 @@ jobs: run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-cnf-suites.sh -l "${SMOKE_TESTS_GINKGO_LABELS_FILTER}" - name: Upload smoke test results as an artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: smoke-tests @@ -276,7 +276,7 @@ jobs: run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-cnf-suites.sh -l "preflight" - name: Upload preflight smoke test results as an artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: preflight-smoke-tests @@ -394,7 +394,7 @@ jobs: # working_directory: collector - name: Upload container test results as an artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: smoke-tests-container @@ -431,7 +431,7 @@ jobs: run: TNF_LOG_LEVEL=${TNF_SMOKE_TESTS_LOG_LEVEL} ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} -l "preflight" - name: Upload container preflight test results as an artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: preflight-smoke-tests-container From d5204d4992ab5810797b48ea5a20cfb5711e6179 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Dec 2023 08:18:07 -0600 Subject: [PATCH 55/62] Bump helm.sh/helm/v3 from 3.13.2 to 3.13.3 (#1735) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.13.2 to 3.13.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.13.2...v3.13.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 7b986e8c3..ab09af486 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/operator-framework/api v0.20.0 github.com/operator-framework/operator-lifecycle-manager v0.20.0 github.com/pkg/errors v0.9.1 // indirect - helm.sh/helm/v3 v3.13.2 + helm.sh/helm/v3 v3.13.3 k8s.io/api v0.28.4 k8s.io/apimachinery v0.28.4 k8s.io/klog/v2 v2.100.1 // indirect @@ -182,7 +182,7 @@ require ( google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect - k8s.io/apiserver v0.28.3 // indirect + k8s.io/apiserver v0.28.4 // indirect k8s.io/cli-runtime v0.28.4 // indirect k8s.io/component-base v0.28.4 // indirect k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect @@ -203,7 +203,7 @@ require ( require ( github.com/hashicorp/go-version v1.6.0 - k8s.io/apiextensions-apiserver v0.28.3 + k8s.io/apiextensions-apiserver v0.28.4 ) require ( diff --git a/go.sum b/go.sum index 34049ad5a..c864405f1 100644 --- a/go.sum +++ b/go.sum @@ -1003,8 +1003,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= -helm.sh/helm/v3 v3.13.2 h1:IcO9NgmmpetJODLZhR3f3q+6zzyXVKlRizKFwbi7K8w= -helm.sh/helm/v3 v3.13.2/go.mod h1:GIHDwZggaTGbedevTlrQ6DB++LBN6yuQdeGj0HNaDx0= +helm.sh/helm/v3 v3.13.3 h1:0zPEdGqHcubehJHP9emCtzRmu8oYsJFRrlVF3TFj8xY= +helm.sh/helm/v3 v3.13.3/go.mod h1:3OKO33yI3p4YEXtTITN2+4oScsHeQe71KuzhlZ+aPfg= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -1014,12 +1014,12 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY= k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0= -k8s.io/apiextensions-apiserver v0.28.3 h1:Od7DEnhXHnHPZG+W9I97/fSQkVpVPQx2diy+2EtmY08= -k8s.io/apiextensions-apiserver v0.28.3/go.mod h1:NE1XJZ4On0hS11aWWJUTNkmVB03j9LM7gJSisbRt8Lc= +k8s.io/apiextensions-apiserver v0.28.4 h1:AZpKY/7wQ8n+ZYDtNHbAJBb+N4AXXJvyZx6ww6yAJvU= +k8s.io/apiextensions-apiserver v0.28.4/go.mod h1:pgQIZ1U8eJSMQcENew/0ShUTlePcSGFq6dxSxf2mwPM= k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8= k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg= -k8s.io/apiserver v0.28.3 h1:8Ov47O1cMyeDzTXz0rwcfIIGAP/dP7L8rWbEljRcg5w= -k8s.io/apiserver v0.28.3/go.mod h1:YIpM+9wngNAv8Ctt0rHG4vQuX/I5rvkEMtZtsxW2rNM= +k8s.io/apiserver v0.28.4 h1:BJXlaQbAU/RXYX2lRz+E1oPe3G3TKlozMMCZWu5GMgg= +k8s.io/apiserver v0.28.4/go.mod h1:Idq71oXugKZoVGUUL2wgBCTHbUR+FYTWa4rq9j4n23w= k8s.io/cli-runtime v0.28.4 h1:IW3aqSNFXiGDllJF4KVYM90YX4cXPGxuCxCVqCD8X+Q= k8s.io/cli-runtime v0.28.4/go.mod h1:MLGRB7LWTIYyYR3d/DOgtUC8ihsAPA3P8K8FDNIqJ0k= k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY= From a86a9813d04dc968878d68ef0bec15628da3fe65 Mon Sep 17 00:00:00 2001 From: aabughosh <88486034+aabughosh@users.noreply.github.com> Date: Fri, 15 Dec 2023 17:36:18 +0200 Subject: [PATCH 56/62] to add a msg about the k8s bug (#1720) * to add a msg about the k8s bug * Update suite.go * Update suite.go --- cnf-certification-test/lifecycle/suite.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cnf-certification-test/lifecycle/suite.go b/cnf-certification-test/lifecycle/suite.go index f68232097..c71265ada 100644 --- a/cnf-certification-test/lifecycle/suite.go +++ b/cnf-certification-test/lifecycle/suite.go @@ -224,7 +224,9 @@ func testContainersPostStart(env *provider.TestEnvironment) { tnf.ClaimFilePrintf("%s does not have postStart defined", cut) nonCompliantObjects = append(nonCompliantObjects, testhelper.NewContainerReportObject(cut.Namespace, cut.Podname, cut.Name, "Container does not have postStart defined", false)) } else { - compliantObjects = append(compliantObjects, testhelper.NewContainerReportObject(cut.Namespace, cut.Podname, cut.Name, "Container has postStart defined", true)) + compliantObjects = append(compliantObjects, testhelper.NewContainerReportObject(cut.Namespace, cut.Podname, cut.Name, "Container has postStart defined."+ + "Attention: There is a known upstream bug where a pod with a still-running postStart lifecycle hook that is deleted may not be terminated even after "+ + "the terminationGracePeriod k8s bug link: kubernetes/kubernetes#116032", true)) } } testhelper.AddTestResultReason(compliantObjects, nonCompliantObjects, tnf.ClaimFilePrintf, ginkgo.Fail) From 90a5f4360463793869cbd0ec92fdbbea1b0c9eb1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Dec 2023 21:20:33 +0200 Subject: [PATCH 57/62] Bump github.com/test-network-function/privileged-daemonset (#1742) Bumps [github.com/test-network-function/privileged-daemonset](https://github.com/test-network-function/privileged-daemonset) from 1.0.16 to 1.0.18. - [Release notes](https://github.com/test-network-function/privileged-daemonset/releases) - [Commits](https://github.com/test-network-function/privileged-daemonset/compare/v1.0.16...v1.0.18) --- updated-dependencies: - dependency-name: github.com/test-network-function/privileged-daemonset dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index ab09af486..386a0ad1e 100644 --- a/go.mod +++ b/go.mod @@ -186,7 +186,7 @@ require ( k8s.io/cli-runtime v0.28.4 // indirect k8s.io/component-base v0.28.4 // indirect k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect - k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect + k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect modernc.org/libc v1.22.5 // indirect modernc.org/mathutil v1.5.0 // indirect modernc.org/memory v1.5.0 // indirect @@ -218,7 +218,7 @@ require ( github.com/redhat-openshift-ecosystem/openshift-preflight v0.0.0-20231018165107-f04b78186455 github.com/robert-nix/ansihtml v1.0.1 github.com/test-network-function/oct v0.0.4 - github.com/test-network-function/privileged-daemonset v1.0.16 + github.com/test-network-function/privileged-daemonset v1.0.18 gopkg.in/yaml.v3 v3.0.1 gotest.tools/v3 v3.5.1 k8s.io/kubectl v0.28.4 diff --git a/go.sum b/go.sum index c864405f1..b0267ed96 100644 --- a/go.sum +++ b/go.sum @@ -573,8 +573,8 @@ github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/test-network-function/oct v0.0.4 h1:rU4kps/gbAHkR0rc5WzVtTOcJt/NBcse85RaG7WTuYw= github.com/test-network-function/oct v0.0.4/go.mod h1:oOPuUMnX6YR+cl3usBJfwCllsv7Hphw9jVi7VtniAzo= -github.com/test-network-function/privileged-daemonset v1.0.16 h1:p0Gf1nMMJZni7ymGS/PNJDc2dfvWlHuMQSMs4nmPxVs= -github.com/test-network-function/privileged-daemonset v1.0.16/go.mod h1:rLZMATiAMrxYjWNfYuWHX2my+aV+7iTKNIsuctweEMU= +github.com/test-network-function/privileged-daemonset v1.0.18 h1:BFGAz5A77VxJCfHx6YEI+QehEINfCHm7KB+35QebsWs= +github.com/test-network-function/privileged-daemonset v1.0.18/go.mod h1:zIxnKlnvftN62+38OCu/H7bLDjW3fzkpTY+lhyfxlPM= github.com/test-network-function/test-network-function-claim v1.0.31 h1:Yqb9/8QPEEZO0LAIeuw65uPzDPnKSG8z/njpXAN2CJs= github.com/test-network-function/test-network-function-claim v1.0.31/go.mod h1:itpxi9Ehhv9oNC9MiSAt52SKFtJBbQ/T1njTXspl1Hk= github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= @@ -1032,8 +1032,8 @@ k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5Ohx k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= k8s.io/kubectl v0.28.4 h1:gWpUXW/T7aFne+rchYeHkyB8eVDl5UZce8G4X//kjUQ= k8s.io/kubectl v0.28.4/go.mod h1:CKOccVx3l+3MmDbkXtIUtibq93nN2hkDR99XDCn7c/c= -k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU= -k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI= +k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= modernc.org/libc v1.22.5 h1:91BNch/e5B0uPbJFgqbxXuOnxBQjlS//icfQEGmvyjE= modernc.org/libc v1.22.5/go.mod h1:jj+Z7dTNX8fBScMVNRAYZ/jF91K8fdT2hYMThc3YjBY= modernc.org/mathutil v1.5.0 h1:rV0Ko/6SfM+8G+yKiyI830l3Wuz1zRutdslNoQ0kfiQ= From ee7807cdf9ae2daf30a7f4ac4ec9f006eb1764d1 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 16 Dec 2023 14:37:56 +0200 Subject: [PATCH 58/62] Update RHCOS to OCP version map (#1743) Co-authored-by: sebrandon1 --- .../platform/operatingsystem/files/rhcos_version_map | 1 + 1 file changed, 1 insertion(+) diff --git a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map index ae626e99c..fc8178135 100644 --- a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map +++ b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map @@ -256,6 +256,7 @@ 4.14.4 / 414.92.202311222314-0 4.14.5 / 414.92.202311281318-0 4.14.6 / 414.92.202312011602-0 +4.14.7 / 414.92.202312132152-0 4.4.0 / 44.81.202004260825-0 4.4.0-rc.0 / 44.81.202003110830-0 4.4.0-rc.1 / 44.81.202003130330-0 From 7ccf1a47f73df91ba28d3a7a90a54fe87c7a34e9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 17 Dec 2023 19:57:30 +0200 Subject: [PATCH 59/62] Update RHCOS to OCP version map (#1744) Co-authored-by: sebrandon1 --- .../platform/operatingsystem/files/rhcos_version_map | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map index fc8178135..289f24224 100644 --- a/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map +++ b/cnf-certification-test/platform/operatingsystem/files/rhcos_version_map @@ -193,6 +193,7 @@ 4.12.43 / 412.86.202311051457-0 4.12.44 / 412.86.202311092041-0 4.12.45 / 412.86.202311271639-0 +4.12.46 / 412.86.202312121613-0 4.12.5 / 412.86.202302170236-0 4.12.6 / 412.86.202302282003-0 4.12.7 / 412.86.202303011010-0 @@ -229,6 +230,7 @@ 4.13.24 / 413.92.202311212041-0 4.13.25 / 413.92.202311281619-0 4.13.26 / 413.92.202312042340-0 +4.13.27 / 413.92.202312131705-0 4.13.3 / 413.92.202306070210-0 4.13.4 / 413.92.202306141213-0 4.13.5 / 413.92.202307140015-0 From ae04021ade036c1359a130569a15ed56625056f0 Mon Sep 17 00:00:00 2001 From: David Elie-Dit-Cosaque <86730676+edcdavid@users.noreply.github.com> Date: Mon, 18 Dec 2023 08:15:00 -0600 Subject: [PATCH 60/62] Fix for fatal error in diagnostics (#1715) (#1740) --- pkg/diagnostics/diagnostics.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/pkg/diagnostics/diagnostics.go b/pkg/diagnostics/diagnostics.go index 64ee450b8..a513d6b4b 100644 --- a/pkg/diagnostics/diagnostics.go +++ b/pkg/diagnostics/diagnostics.go @@ -86,13 +86,15 @@ func GetHwInfoAllNodes() (out map[string]NodeHwInfo) { lscpu, err := getHWJsonOutput(debugPod, o, lscpuCommand) if err != nil { logrus.Errorf("problem getting lscpu for node %s", debugPod.Spec.NodeName) + } else { + var ok bool + temp, ok := lscpu.(map[string]interface{}) + if !ok { + logrus.Errorf("problem casting lscpu field for node %s, lscpu=%v", debugPod.Spec.NodeName, lscpu) + } else { + hw.Lscpu = temp["lscpu"] + } } - var ok bool - hw.Lscpu, ok = lscpu.(map[string]interface{})["lscpu"] - if !ok { - logrus.Errorf("problem casting lscpu field for node %s, lscpu=%v", debugPod.Spec.NodeName, lscpu) - } - hw.IPconfig, err = getHWJsonOutput(debugPod, o, ipCommand) if err != nil { logrus.Errorf("problem getting ip config for node %s", debugPod.Spec.NodeName) From a21238f98b7247d96a231947b04460a67e538fc5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Dec 2023 13:29:23 -0600 Subject: [PATCH 61/62] Bump github.com/mittwald/go-helm-client from 0.12.4 to 0.12.5 (#1746) Bumps [github.com/mittwald/go-helm-client](https://github.com/mittwald/go-helm-client) from 0.12.4 to 0.12.5. - [Release notes](https://github.com/mittwald/go-helm-client/releases) - [Commits](https://github.com/mittwald/go-helm-client/compare/v0.12.4...v0.12.5) --- updated-dependencies: - dependency-name: github.com/mittwald/go-helm-client dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 386a0ad1e..49fdf3e9e 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require k8s.io/client-go v0.28.4 require ( github.com/kelseyhightower/envconfig v1.4.0 - github.com/mittwald/go-helm-client v0.12.4 + github.com/mittwald/go-helm-client v0.12.5 github.com/onsi/ginkgo/v2 v2.13.2 github.com/openshift/api v0.0.1 github.com/openshift/client-go v0.0.1 diff --git a/go.sum b/go.sum index b0267ed96..13f4ac1c6 100644 --- a/go.sum +++ b/go.sum @@ -427,8 +427,8 @@ github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mittwald/go-helm-client v0.12.4 h1:fHI59uny/9vxGyBfxl8qSH5RD6mRvxNm9vi55Vw+dLY= -github.com/mittwald/go-helm-client v0.12.4/go.mod h1:Cg65orz0i3B2/Uv/7nIK4SzyhMsIS+mDpK0tbw3Cy5Q= +github.com/mittwald/go-helm-client v0.12.5 h1:HSLc6t63xrxAaiuFPHISdrIFIGxGex802mDXxJSKzQM= +github.com/mittwald/go-helm-client v0.12.5/go.mod h1:KdTGgeKDD3mFuTV18nw8E3IlEJfBd7oN/zcXlY2myYs= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= From 455016e4441149401e277e35321fa372a4b1edc4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Dec 2023 16:00:20 +0200 Subject: [PATCH 62/62] Bump golang.org/x/crypto from 0.15.0 to 0.17.0 (#1749) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.15.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 49fdf3e9e..473fa42f6 100644 --- a/go.mod +++ b/go.mod @@ -163,13 +163,13 @@ require ( go.opentelemetry.io/proto/otlp v1.0.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/atomic v1.11.0 // indirect - golang.org/x/crypto v0.15.0 // indirect + golang.org/x/crypto v0.17.0 // indirect golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect golang.org/x/net v0.18.0 // indirect golang.org/x/oauth2 v0.10.0 // indirect golang.org/x/sync v0.5.0 // indirect - golang.org/x/sys v0.14.0 // indirect - golang.org/x/term v0.14.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/term v0.15.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.15.0 // indirect diff --git a/go.sum b/go.sum index 13f4ac1c6..f23e1698b 100644 --- a/go.sum +++ b/go.sum @@ -644,8 +644,8 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= -golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -795,14 +795,14 @@ golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= -golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= -golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=