From 4963e88a0c59279ab53f1a5f4bef3a8c723ecabf Mon Sep 17 00:00:00 2001
From: jmontesi <100689165+jmontesi@users.noreply.github.com>
Date: Wed, 20 Dec 2023 15:17:50 +0100
Subject: [PATCH] docs: add CNFCERT demo (#1757)
---
README.md | 12 ++++++++----
docs/assets/images/demo-cnfcert.svg | 1 +
2 files changed, 9 insertions(+), 4 deletions(-)
create mode 100644 docs/assets/images/demo-cnfcert.svg
diff --git a/README.md b/README.md
index 3f33732e0..d3280eed5 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,14 @@ Please contact us in case the documentation is broken.
* The catalog of all the available test cases can be found [here](https://github.com/test-network-function/cnf-certification-test/blob/main/CATALOG.md).
+## Demo
+
+
+
+
+
+
## Target Audience
* Partner
@@ -39,10 +47,6 @@ Please contact us in case the documentation is broken.
* OpenShift Container Platform
* Kubernetes Operator
-## Language
-
-Golang
-
## Linters for the Codebase
* [`checkmake`](https://github.com/mrtazz/checkmake)
diff --git a/docs/assets/images/demo-cnfcert.svg b/docs/assets/images/demo-cnfcert.svg
new file mode 100644
index 000000000..15116f202
--- /dev/null
+++ b/docs/assets/images/demo-cnfcert.svg
@@ -0,0 +1 @@
+> > ./run-cnf-suites.sh -o /tmp -l '!lifecycle && !platform-alteration' _____ _ _ ______ _____ _____ ______ _____ __ _____ _____ __ / __ \| \ | || ___|/ __ \| ___|| ___ \|_ _| / / | ___| | _ |\ \ | / \/| \| || |_ | / \/| |__ | |_/ / | | | | __ __|___ \ | |/' | | | | | | . || _| | | | __| | / | | | | \ \ / / \ \ | /| | | | | \__/\| |\ || | | \__/\| |___ | |\ \ | | | | \ V / /\__/ / _ \ |_/ / | | \____/\_| \_/\_| \____/\____/ \_| \_| \_/ | | \_/ \____/ (_) \___/ | | \_\ /_/ CNFCERT version: Unreleased build post v4.5.7 (0e8d7ebb07f1feff8701e068edb25c9d07443a3d) Claim file version: v0.4.0 Checks filter: !lifecycle && !platform-alteration Output folder: /tmp Log file: cnf-certsuite.log Running discovery of CNF target resources... Running suite AFFILIATED-CERTIFICATION [ FAIL ] affiliated-certification-container-is-certified-digest Running suite LIFECYCLE [ SKIP ] lifecycle-container-prestop (no matching labels) [ SKIP ] lifecycle-crd-scaling (no matching labels) [ SKIP ] lifecycle-container-poststart (no matching labels) [ SKIP ] lifecycle-image-pull-policy (no matching labels) [ SKIP ] lifecycle-readiness-probe (no matching labels) [ SKIP ] lifecycle-liveness-probe (no matching labels) [ SKIP ] lifecycle-startup-probe (no matching labels) [ SKIP ] lifecycle-pod-owner-type (no matching labels) [ SKIP ] lifecycle-pod-high-availability (no matching labels) [ SKIP ] lifecycle-pod-scheduling (no matching labels) [ SKIP ] lifecycle-pod-recreation (no matching labels) [ SKIP ] lifecycle-deployment-scaling (no matching labels) [ SKIP ] lifecycle-statefulset-scaling (no matching labels) [ SKIP ] lifecycle-persistent-volume-reclaim-policy (no matching labels) [ SKIP ] lifecycle-cpu-isolation (no matching labels) [ SKIP ] lifecycle-affinity-required-pods (no matching labels) [ SKIP ] lifecycle-pod-toleration-bypass (no matching labels) [ SKIP ] lifecycle-storage-provisioner (no matching labels) Running suite MANAGEABILITY [ PASS ] manageability-containers-image-tag [ PASS ] manageability-container-port-name-format Running suite OBSERVABILITY [ PASS ] observability-container-logging [ PASS ] observability-termination-policy [ FAIL ] observability-pod-disruption-budget Running suite OPERATOR Running suite ACCESS-CONTROL [ FAIL ] access-control-security-context [ PASS ] access-control-sys-admin-capability-check [ PASS ] access-control-net-admin-capability-check [ PASS ] access-control-net-raw-capability-check [ PASS ] access-control-ipc-lock-capability-check [ PASS ] access-control-bpf-capability-check [ PASS ] access-control-security-context-non-root-user-check [ PASS ] access-control-security-context-privilege-escalation [ PASS ] access-control-container-host-port [ PASS ] access-control-pod-host-network [ PASS ] access-control-pod-host-path [ PASS ] access-control-pod-host-ipc [ PASS ] access-control-pod-host-pid [ PASS ] access-control-namespace [ PASS ] access-control-pod-service-account [ PASS ] access-control-pod-role-bindings [ PASS ] access-control-cluster-role-bindings [ PASS ] access-control-pod-automount-service-account-token [ FAIL ] access-control-one-process-per-container [ PASS ] access-control-sys-nice-realtime-capability [ PASS ] access-control-namespace-resource-quota [ FAIL ] access-control-ssh-daemons [ PASS ] access-control-requests-and-limits [ PASS ] access-control-no-1337-uid Running suite NETWORKING [ SKIP ] networking-icmpv4-connectivity (compliant and non-compliant objects lists are empty) [ SKIP ] networking-icmpv4-connectivity-multus (compliant and non-compliant objects lists are empty) [ SKIP ] networking-icmpv6-connectivity (compliant and non-compliant objects lists are empty) [ SKIP ] networking-icmpv6-connectivity-multus (compliant and non-compliant objects lists are empty) [ FAIL ] networking-undeclared-container-ports-usage [ FAIL ] networking-ocp-reserved-ports-usage [ FAIL ] networking-network-policy-deny-all [ FAIL ] networking-reserved-partner-ports Running suite PERFORMANCE [ PASS ] performance-exclusive-cpu-pool [ PASS ] performance-max-resources-exec-probes Running suite PLATFORM-ALTERATION [ SKIP ] platform-alteration-hyperthread-enable (no matching labels) [ SKIP ] platform-alteration-base-image (no matching labels) [ SKIP ] platform-alteration-tainted-node-kernel (no matching labels) [ SKIP ] platform-alteration-isredhat-release (no matching labels) [ SKIP ] platform-alteration-is-selinux-enforcing (no matching labels) [ SKIP ] platform-alteration-hugepages-config (no matching labels) [ SKIP ] platform-alteration-boot-params (no matching labels) [ SKIP ] platform-alteration-sysctl-config (no matching labels) [ SKIP ] platform-alteration-service-mesh-usage (no matching labels) [ SKIP ] platform-alteration-ocp-lifecycle (no matching labels) [ SKIP ] platform-alteration-ocp-node-os-lifecycle (no matching labels) [ SKIP ] platform-alteration-hugepages-2m-only (no matching labels) [ SKIP ] platform-alteration-hugepages-1g-only (no matching labels) ----------------------------------------------------------- ------------------------------------ ----------------------------------------------------- INFO [Dec 20 11:11:52.495] [suite.go: 52] [networking-undeclared-container-ports-usage] Check networking-undeclared-container-ports-usage: getting test environment. INFO [Dec 20 11:11:52.495] [checksgroup.go: 258] [networking-undeclared-container-ports-usage] Running check DEBUG [Dec 20 11:11:52.591] [suite.go: 211] [networking-undeclared-container-ports-usage] Failed to get the container's listening ports, err: failed to execute command ss -tulwnH on containe r: test pod: test-7bb7c4455-xq47n ns: tnf, err: cannot execute command: " ss -tulwnH " on container: test pod: test-7bb7c4455-xq47n ns: tnf err:command terminated with exit code 1 --------------------------------------------- | LOG (networking-ocp-reserved-ports-usage) | INFO [Dec 20 11:11:52.891] [suite.go: 52] [networking-ocp-reserved-ports-usage] Check networking-ocp-reserved-ports-usage: getting test environment. INFO [Dec 20 11:11:52.891] [checksgroup.go: 258] [networking-ocp-reserved-ports-usage] Running check -------------------------------------------- | LOG (networking-network-policy-deny-all) | INFO [Dec 20 11:11:53.292] [suite.go: 52] [networking-network-policy-deny-all] Check networking-network-policy-deny-all: getting test environment. INFO [Dec 20 11:11:53.292] [checksgroup.go: 258] [networking-network-policy-deny-all] Running check INFO [Dec 20 11:11:53.292] [suite.go: 325] [networking-network-policy-deny-all] Test for Deny All in network policies DEBUG [Dec 20 11:11:53.292] [suite.go: 359] [networking-network-policy-deny-all] test-7bb7c4455-xq47n was found to not have a default ingress deny-all network policy. DEBUG [Dec 20 11:11:53.292] [suite.go: 365] [networking-network-policy-deny-all] test-7bb7c4455-xq47n was found to not have a default egress deny-all network policy. ------------------------------------------- | LOG (networking-reserved-partner-ports) | INFO [Dec 20 11:11:53.593] [suite.go: 52] [networking-reserved-partner-ports] Check networking-reserved-partner-ports: getting test environment. INFO [Dec 20 11:11:53.593] [checksgroup.go: 258] [networking-reserved-partner-ports] Running check | LOG (observability-pod-disruption-budget) | INFO [Dec 20 11:11:43.535] [checksgroup.go: 258] [observability-pod-disruption-budget] Running check ---------------------------------------------------------------- | LOG (affiliated-certification-container-is-certified-digest) | INFO [Dec 20 11:11:40.552] [suite.go: 48] [affiliated-certification-container-is-certified-digest] Check affiliated-certification-container-is-certified-digest: getting test environment and certdb validator. INFO [Dec 20 11:11:40.927] [checksgroup.go: 258] [affiliated-certification-container-is-certified-digest] Running check DEBUG [Dec 20 11:11:42.017] [suite.go: 190] [affiliated-certification-container-is-certified-digest] container: test pod: test-7bb7c4455-xq47n ns: tnf digest not found in database, failing v alidation (repo=quay.io image=testnetworkfunction/cnf-test-partner tag=latest digest=sha256:5747bf903b77d9be4d765c4abe87a7c270fb0667173d3cabfa6fdf68e50f34e7) > ./run-cnf-suites.sh -o /tmp -l '!lifecycle && !platform-alteration' [ RUNNING ] affiliated-certification-container-is-certified-digest [ RUNNING ] affiliated-certification-container-is-certified-digest (1s) [ RUNNING ] affiliated-certification-container-is-certified-digest (1s) DEBUG [Dec 20 11:11:42.017] [suite.go: 190] [affiliated-certification-container-is-certified-digest] cont [ RUNNING ] manageability-containers-image-tag [ RUNNING ] manageability-container-port-name-format [ RUNNING ] observability-container-logging [ RUNNING ] observability-termination-policy (0s) INFO [Dec 20 11:11:43.234] [suite.go: 171] [observability-termination-policy] Testing for terminationMessagePolicy: container: [ RUNNING ] observability-pod-disruption-budget [ RUNNING ] access-control-security-context [ RUNNING ] access-control-sys-admin-capability-check [ RUNNING ] access-control-net-admin-capability-check [ RUNNING ] access-control-net-raw-capability-check [ RUNNING ] access-control-ipc-lock-capability-check [ RUNNING ] access-control-bpf-capability-check [ RUNNING ] access-control-security-context-non-root-user-check [ RUNNING ] access-control-security-context-privilege-escalation [ RUNNING ] access-control-container-host-port [ RUNNING ] access-control-pod-host-network [ RUNNING ] access-control-pod-host-path [ RUNNING ] access-control-pod-host-ipc [ RUNNING ] access-control-pod-host-pid [ RUNNING ] access-control-namespace [ RUNNING ] access-control-namespace (0s) INFO [Dec 20 11:11:47.744] [suite.go: 507] [access-control-namespace] CRs from autodiscovered CRDs should belong only to the configure [ RUNNING ] access-control-pod-service-account [ RUNNING ] access-control-pod-service-account (0s) INFO [Dec 20 11:11:48.045] [suite.go: 529] [access-control-pod-service-account] Testing service account for pod test-7bb7c44 [ RUNNING ] access-control-pod-role-bindings [ RUNNING ] access-control-pod-role-bindings (0s) INFO [Dec 20 11:11:48.346] [suite.go: 551] [access-control-pod-role-bindings] Testing role binding for pod: test-7bb7c4455-xq4 [ RUNNING ] access-control-cluster-role-bindings [ RUNNING ] access-control-pod-automount-service-account-token [ RUNNING ] access-control-pod-automount-service-account-token (0s) INFO [Dec 20 11:11:48.956] [suite.go: 708] [access-control-pod-automount-service-account-token] Should have [ RUNNING ] access-control-one-process-per-container [ RUNNING ] access-control-one-process-per-container (0s) DEBUG [Dec 20 11:11:49.383] [suite.go: 762] [access-control-one-process-per-container] Could not get number of processe [ RUNNING ] access-control-sys-nice-realtime-capability [ RUNNING ] access-control-namespace-resource-quota [ RUNNING ] access-control-ssh-daemons [ RUNNING ] access-control-ssh-daemons (0s) ERROR [Dec 20 11:11:50.387] [suite.go: 866] [access-control-ssh-daemons] could not get ssh daemon port on container: test pod: test-7 [ RUNNING ] access-control-requests-and-limits [ RUNNING ] access-control-no-1337-uid [ RUNNING ] networking-icmpv4-connectivity [ RUNNING ] networking-icmpv4-connectivity (0s) DEBUG [Dec 20 11:11:51.291] [icmp.go: 129] [networking-icmpv4-connectivity] There are no IPv4 networks to test, skipping test [ RUNNING ] networking-icmpv4-connectivity-multus (0s) DEBUG [Dec 20 11:11:51.592] [icmp.go: 126] [networking-icmpv4-connectivity-multus] No networks to test. [ RUNNING ] networking-icmpv4-connectivity-multus (0s) WARN [Dec 20 11:11:51.592] [check.go: 205] [networking-icmpv4-connectivity-multus] Check networking-icmpv4-connectivity-m [ RUNNING ] networking-icmpv6-connectivity [ RUNNING ] networking-icmpv6-connectivity (0s) DEBUG [Dec 20 11:11:51.893] [icmp.go: 126] [networking-icmpv6-connectivity] No networks to test. [ RUNNING ] networking-icmpv6-connectivity (0s) WARN [Dec 20 11:11:51.894] [check.go: 205] [networking-icmpv6-connectivity] Check networking-icmpv6-connectivity marked as skipp [ RUNNING ] networking-icmpv6-connectivity-multus [ RUNNING ] networking-undeclared-container-ports-usage [ RUNNING ] networking-undeclared-container-ports-usage (0s) DEBUG [Dec 20 11:11:52.591] [suite.go: 211] [networking-undeclared-container-ports-usage] Failed to get the containe [ RUNNING ] networking-ocp-reserved-ports-usage [ RUNNING ] networking-network-policy-deny-all [ RUNNING ] networking-reserved-partner-ports [ RUNNING ] performance-exclusive-cpu-pool [ RUNNING ] performance-max-resources-exec-probes | SUITE PASSED FAILED SKIPPED | | manageability 2 0 0 | | observability 2 1 1 | | access-control 21 3 3 | | networking 0 4 7 | | platform-alteration 0 0 13 | | affiliated-certification 0 1 3 | | lifecycle 0 0 18 | | performance 2 0 4 | | operator 0 0 3 | -------------------------------------------------- INFO [Dec 20 11:11:49.261] [suite.go: 61] [access-control-one-process-per-container] Check access-control-one-process-per-container: getting test environment. INFO [Dec 20 11:11:49.261] [checksgroup.go: 258] [access-control-one-process-per-container] Running check DEBUG [Dec 20 11:11:49.383] [suite.go: 762] [access-control-one-process-per-container] Could not get number of processes for: container: test pod: test-7bb7c4455-xq47n ns: tnf, error: cmd: " lsns -p 52494 -t pid -n " returned an invalid value | LOG (access-control-ssh-daemons) | INFO [Dec 20 11:11:50.285] [suite.go: 61] [access-control-ssh-daemons] Check access-control-ssh-daemons: getting test environment. INFO [Dec 20 11:11:50.285] [checksgroup.go: 258] [access-control-ssh-daemons] Running check ERROR [Dec 20 11:11:50.387] [suite.go: 866] [access-control-ssh-daemons] could not get ssh daemon port on container: test pod: test-7bb7c4455-xq47n ns: tnf, err: failed to execute command ss -tpln | grep sshd | head -1 | awk '{ print $4 }' | awk -F : '{ print $2 }' on container: test pod: test-7bb7c4455-xq47n ns: tnf, err: <nil> | LOG (networking-undeclared-container-ports-usage) | INFO [Dec 20 11:11:53.593] [suite.go: 52] [networking-reserved-partner-ports] Check networking-reserved-partner-port exit