...
Info | ||
---|---|---|
| ||
The presented manual is based on the example of the NMaaS project which allows the network operations and engineering community to contribute and construct a portfolio of network management applications that can be easily shared and installed to manage these growing sets of infrastructure. More about NMaaS project , you can find be found here. |
1. Bamboo plan.
A dedicated Bamboo plan has been created to launch WS scans of NMaaS components at will.
...
No automated triggers (e.g. either scheduled or push-based) were configured. Plan The plan has to be run manually.
It is worth noting that the scanning process is run within dedicated Docker containers rather than on the Bamboo agents directly. This is a recommended approach.
...
The plan uses the same source code repositories as as typical plans created for source code integration, Sonar updates or Docker image builds.
...
On the plan configuration level, a set of variables are defined that can be later on referenced from various tasks executed during the overall WS scan setup and execution process.
In our case, those include : apiKey, productToken, projectToken as well as productVersion and projectVersion (for each software component to be scanned within this Bamboo plan, e.g. projectTokenPlatform and projectVersionPlatform for the Platform component).
The first three are the identifiers of the GEANT organization and scanned product or project in the WS system. They are are provided by the WS administrators and must be kept secret and plan variables is a good place to store them. The other two indicate the version of the scanned product and project.
...
1.3. Stages, jobs and tasks.
The NMaaS software is composed of 3 major software components the Platform, Portal and Janitor. Each of them is scanned separately in a dedicated Job under the Default Stage of the plan.
...
The following description will base on the Platform scanning job. The other two are configured in a similar matter.
1.3.1. Checking out the source code repository.
...
The desired content of the Dockerfile should be also provided.
The content of the Dockerfile will be slightly different for each software component - in this case, execute permissions had to be granted to the gradlew file alsoas well.
In all the cases, JRE and curl should be available in the container.
We are copying the software sources to a known directory on the container, in this case:/scan.
We are relying on that some scan configuration files were already added to the sources as the run_ws.sh script.
...
The final task is again a Docker task but this time with the command Run a Docker container.
In the container environment variables sections, a list of environment variables are is being defined and assigned values from the previously created Plan variables.
...
2. Changes required in the software source code.
In the case of NMaaS, for each of the software components, a ws directory was created in the root directory with two files.
Info |
---|
The number of created directories depends on the number of components in a given project that need needs to be scanned separately. |
...
Typical content of the run_ws.sh script in is provided below. Please note the main scanning script (jar) is run with a number of arguments that are obtained from environment variables that are being set based on the Bamboo plan variables mentioned earlier.
...
The ws.config file contains the configuration of the scanning process specific to a particular software component. Below only a few first line lines are included. Please note that the variables are left blank and the ones provided from the command line are being used.
...
With all the above in place, the user can simply run the plan when desired.
...