From 3d46271b99c36731253867ce5fd801466bb44f46 Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Tue, 20 Aug 2024 15:28:28 +0200 Subject: [PATCH] [bitnami/keydb] ci: VIB tests (#71060) --- .vib/keydb/goss/goss.yaml | 15 ++++++++ .vib/keydb/goss/keydb.yaml | 31 ++++++++++++++++ .vib/keydb/goss/vars.yaml | 16 +++++++++ .vib/keydb/vib-verify.json | 73 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 135 insertions(+) create mode 100644 .vib/keydb/goss/goss.yaml create mode 100644 .vib/keydb/goss/keydb.yaml create mode 100644 .vib/keydb/goss/vars.yaml create mode 100644 .vib/keydb/vib-verify.json diff --git a/.vib/keydb/goss/goss.yaml b/.vib/keydb/goss/goss.yaml new file mode 100644 index 000000000000..089f4bad9460 --- /dev/null +++ b/.vib/keydb/goss/goss.yaml @@ -0,0 +1,15 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Goss tests exclusive to the current container + ../../keydb/goss/keydb.yaml: {} + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/keydb/goss/keydb.yaml b/.vib/keydb/goss/keydb.yaml new file mode 100644 index 000000000000..0974ca114215 --- /dev/null +++ b/.vib/keydb/goss/keydb.yaml @@ -0,0 +1,31 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +file: + /opt/bitnami/keydb/etc/keydb.conf: + exists: true + mode: "0664" + contents: + - /port.*6379/ + - /dir.*/bitnami/keydb/data/ + - /pidfile.*/opt/bitnami/keydb/tmp/keydb.pid/ + - "daemonize yes" +command: + check-keydb-server: + exec: keydb-server /opt/bitnami/keydb/etc/keydb.conf && sleep 5 && ps aux + exit-status: 0 + timeout: 20000 + stdout: + - /keydb-server.*(127.0.0.1|localhost).*6379/ + check-keydb-server-ssl: + exec: ldd /opt/bitnami/keydb/bin/keydb-server + exit-status: 0 + stdout: + - "libcrypto.so" + - "libssl.so" + check-keydb-cli-ssl: + exec: ldd /opt/bitnami/keydb/bin/keydb-cli + exit-status: 0 + stdout: + - "libcrypto.so" + - "libssl.so" diff --git a/.vib/keydb/goss/vars.yaml b/.vib/keydb/goss/vars.yaml new file mode 100644 index 000000000000..670beab20691 --- /dev/null +++ b/.vib/keydb/goss/vars.yaml @@ -0,0 +1,16 @@ +binaries: + - keydb-cli + - keydb-server + - wait-for-port +directories: + - mode: "0775" + paths: + - /bitnami + - /bitnami/keydb + - /bitnami/keydb/data + - /opt/bitnami/keydb + - /opt/bitnami/keydb/etc +root_dir: /opt/bitnami +version: + bin_name: keydb-server + flag: --version diff --git a/.vib/keydb/vib-verify.json b/.vib/keydb/vib-verify.json new file mode 100644 index 000000000000..01548ba992e3 --- /dev/null +++ b/.vib/keydb/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "keydb/goss/goss.yaml", + "vars_file": "keydb/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-keydb" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +}