Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make compliance test for scs-0115-v1: Default Rules for Security Groups downward compatible #746

Closed
fraugabel opened this issue Sep 11, 2024 · 4 comments · Fixed by #748
Closed

make compliance test for scs-0115-v1: Default Rules for Security Groups downward compatible #746

fraugabel opened this issue Sep 11, 2024 · 4 comments · Fixed by #748
Labels
IaaS Issues or pull requests relevant for Team1: IaaS question Further information is requested SCS-VP10 Related to tender lot SCS-VP10

Comments

@fraugabel
Copy link
Contributor

fraugabel commented Sep 11, 2024
edited
Loading

For Yaook-based Openstack, that consists neather of deprecated or latest versions of components the compliance test for Default Rules for Security Groups should still be usable:

  1. creates a new security group to check whether default security group rules are automatically applied
  2. therefor checks for egress rules for IPv4 and IPv6 allowing all traffic
  3. and checks for ingress rules IPv4 and IPv6 blocking all traffic
  4. then deletes security group again

Note:
requesting default-security-group-rules is available for yaook 2023.2 and later
@fraugabel fraugabel added question Further information is requested IaaS Issues or pull requests relevant for Team1: IaaS SCS-VP10 Related to tender lot SCS-VP10 labels Sep 11, 2024
@josephineSei
Copy link
Contributor

I think there will be now ingress rules at all. So you can count the rules: If there are only 2 rules and both are egress, the test should be successful.

@fraugabel
Copy link
Contributor Author

added alternative test, because the current test only works for the latest versions of the network and compute services, though older versions are not depricated yet

@fraugabel
Copy link
Contributor Author

PR: #748

@github-project-automation github-project-automation bot moved this from Backlog to Done in Sovereign Cloud Stack Sep 16, 2024
@mbuechse
Copy link
Contributor

Please only close when the PR is merged. Github can do that automatically – just link the two.

@mbuechse mbuechse reopened this Sep 16, 2024
@github-project-automation github-project-automation bot moved this from Done to Backlog in Sovereign Cloud Stack Sep 16, 2024
@mbuechse mbuechse linked a pull request Sep 16, 2024 that will close this issue
Issue/718 default sg rule #748
Merged
mbuechse added a commit that referenced this issue Nov 8, 2024
@fraugabel @mbuechse
Rework default-security-group-rules.py (#748)
4ca42f9 
This makes the test for the default rules of security groups downwards compatible
with versions of OpenStack that don't have network.default_security_group_rules().

Solves #746.

Signed-off-by: Katharina Trentau <[email protected]>
Signed-off-by: Matthias Büchse <[email protected]>
Co-authored-by: Matthias Büchse <[email protected]>
@github-project-automation github-project-automation bot moved this from Backlog to Done in Sovereign Cloud Stack Nov 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
IaaS Issues or pull requests relevant for Team1: IaaS question Further information is requested SCS-VP10 Related to tender lot SCS-VP10
Projects
Sovereign Cloud Stack
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue/718 default sg rule SovereignCloudStack/standards
3 participants
@mbuechse @fraugabel @josephineSei