From 519940ba6ba65cddb4b65848205a874e2f7f48e1 Mon Sep 17 00:00:00 2001 From: Alberto Otero Lorenzo Date: Mon, 17 Jul 2023 14:41:25 +0200 Subject: [PATCH] Add vib files Signed-off-by: Alberto Otero Lorenzo --- .vib/opensearch/goss/goss.yaml | 14 ++ .../goss/opensearch-dashboards.yaml | 9 ++ .vib/opensearch/goss/vars.yaml | 13 ++ .vib/opensearch/vib-publish.json | 125 ++++++++++++++++++ .vib/opensearch/vib-verify.json | 69 ++++++++++ 5 files changed, 230 insertions(+) create mode 100644 .vib/opensearch/goss/goss.yaml create mode 100644 .vib/opensearch/goss/opensearch-dashboards.yaml create mode 100644 .vib/opensearch/goss/vars.yaml create mode 100644 .vib/opensearch/vib-publish.json create mode 100644 .vib/opensearch/vib-verify.json diff --git a/.vib/opensearch/goss/goss.yaml b/.vib/opensearch/goss/goss.yaml new file mode 100644 index 0000000000000..eec98ab8d4a0a --- /dev/null +++ b/.vib/opensearch/goss/goss.yaml @@ -0,0 +1,14 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Goss tests exclusive to the current container + ../../opensearch/goss/opensearch.yaml: {} + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-files.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/opensearch/goss/opensearch-dashboards.yaml b/.vib/opensearch/goss/opensearch-dashboards.yaml new file mode 100644 index 0000000000000..0268ba3cdee7d --- /dev/null +++ b/.vib/opensearch/goss/opensearch-dashboards.yaml @@ -0,0 +1,9 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +command: + check-app-version: + exec: grep '"version":' /opt/bitnami/opensearch/package.json + exit-status: 0 + stdout: + - '"version": "{{ .Env.APP_VERSION }}",' diff --git a/.vib/opensearch/goss/vars.yaml b/.vib/opensearch/goss/vars.yaml new file mode 100644 index 0000000000000..698aa71e5a145 --- /dev/null +++ b/.vib/opensearch/goss/vars.yaml @@ -0,0 +1,13 @@ +directories: + - mode: "0775" + paths: + - /bitnami/opensearch + - /opt/bitnami/opensearch/logs + - /opt/bitnami/opensearch/plugins + - /opt/bitnami/opensearch/tmp + - /opt/bitnami/opensearch/config + - /opt/bitnami/opensearch/extensions +files: + - paths: + - /opt/bitnami/opensearch/bin/opensearch +root_dir: /opt/bitnami diff --git a/.vib/opensearch/vib-publish.json b/.vib/opensearch/vib-publish.json new file mode 100644 index 0000000000000..e5c34783d821d --- /dev/null +++ b/.vib/opensearch/vib-publish.json @@ -0,0 +1,125 @@ +{ + "context": { + "resources": { + "url": "{VIB_ENV_CONTAINER_URL}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "opensearch/goss/goss.yaml", + "vars_file": "opensearch/goss/vars.yaml", + "remote": { + "pod": { + "workload": "sts-opensearch-master" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "CRITICAL", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + }, + { + "action_id": "osspi-application", + "params": { + "additional_packages_file": "osspi-packages-amd64.json", + "scan_type": "BASE_OS", + "osm": { + "associated_bossd_release": "{VIB_ENV_BOSSD_RELEASE_ID}", + "product_name": "main-catalog-{VIB_ENV_CONTAINER}", + "product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container", + "architecture_overrides": [ + { + "architecture": "linux/amd64", + "product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container", + "additional_packages_file": "osspi-packages-amd64.json" + }, + { + "architecture": "linux/arm64", + "product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container-arm64", + "additional_packages_file": "osspi-packages-arm64.json" + } + ] + }, + "resources": { + "url": "{VIB_ENV_PACKAGES_JSON_URL}", + "path": "/{VIB_ENV_PATH}", + "authn": { + "header": "Authorization", + "token": "Bearer {VIB_ENV_GITHUB_TOKEN}" + } + } + } + } + ] + }, + "publish": { + "actions": [ + { + "action_id": "container-image-publish", + "params": { + "metadata": { + "tags": {VIB_ENV_ROLLING_TAGS} + }, + "repository": { + "kind": "OCI", + "url": "{VIB_ENV_REGISTRY_URL}", + "authn": { + "username": "{VIB_ENV_REGISTRY_USERNAME}", + "password": "{VIB_ENV_REGISTRY_PASSWORD}" + } + } + } + } + ] + } + } +} diff --git a/.vib/opensearch/vib-verify.json b/.vib/opensearch/vib-verify.json new file mode 100644 index 0000000000000..34f4a1f48015c --- /dev/null +++ b/.vib/opensearch/vib-verify.json @@ -0,0 +1,69 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + } + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "opensearch/goss/goss.yaml", + "vars_file": "opensearch/goss/vars.yaml", + "remote": { + "pod": { + "workload": "sts-opensearch-master" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "CRITICAL", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +}