SovereignCloudStack
diff --git a/‎Tests/iaas/image-metadata/image-md-check.py‎
Lines changed: 0 additions & 424 deletions b/‎Tests/iaas/image-metadata/image-md-check.py‎
Lines changed: 0 additions & 424 deletions
diff --git a/‎Tests/iaas/openstack_test.py‎
Lines changed: 49 additions & 7 deletions b/‎Tests/iaas/openstack_test.py‎
Lines changed: 49 additions & 7 deletions
diff --git a/‎Tests/iaas/scs_0100_flavor_naming/flavor_names_check.py‎
Lines changed: 0 additions & 4 deletions b/‎Tests/iaas/scs_0100_flavor_naming/flavor_names_check.py‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎Tests/iaas/scs_0101_entropy/entropy-check.py‎
Lines changed: 1 addition & 4 deletions b/‎Tests/iaas/scs_0101_entropy/entropy-check.py‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎Tests/iaas/scs_0101_entropy/entropy_check.py‎
Lines changed: 0 additions & 5 deletions b/‎Tests/iaas/scs_0101_entropy/entropy_check.py‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎Tests/iaas/scs_0102_image_metadata/image-md-check.py‎
Lines changed: 138 additions & 0 deletions b/‎Tests/iaas/scs_0102_image_metadata/image-md-check.py‎
Lines changed: 138 additions & 0 deletions
@@ -15,11 +15,20 @@
 import openstack
 
 from scs_0100_flavor_naming.flavor_names_check import \
-    compute_scs_flavors, compute_scs_0100_syntax_check, compute_scs_0100_semantics_check, compute_flavor_name_check
+    compute_scs_flavors, compute_scs_0100_syntax_check, compute_scs_0100_semantics_check
 from scs_0101_entropy.entropy_check import \
     compute_scs_0101_image_property, compute_scs_0101_flavor_property, compute_canonical_image, \
     compute_collected_vm_output, compute_scs_0101_entropy_avail, compute_scs_0101_rngd, \
-    compute_scs_0101_fips_test, compute_scs_0101_entropy_check
+    compute_scs_0101_fips_test
+from scs_0102_image_metadata.image_metadata import \
+    compute_scs_0102_prop_architecture, compute_scs_0102_prop_hash_algo, compute_scs_0102_prop_min_disk, \
+    compute_scs_0102_prop_min_ram, compute_scs_0102_prop_os_version, compute_scs_0102_prop_os_distro, \
+    compute_scs_0102_prop_hw_disk_bus, compute_scs_0102_prop_hypervisor_type, compute_scs_0102_prop_hw_rng_model, \
+    compute_scs_0102_prop_image_build_date, compute_scs_0102_prop_image_original_user, \
+    compute_scs_0102_prop_image_source, compute_scs_0102_prop_image_description, \
+    compute_scs_0102_prop_replace_frequency, compute_scs_0102_prop_provided_until, \
+    compute_scs_0102_prop_uuid_validity, compute_scs_0102_prop_hotfix_hours, \
+    compute_scs_0102_image_recency
 
 
 logger = logging.getLogger(__name__)
@@ -36,22 +45,54 @@ def usage(rcode=1, file=sys.stderr):
 
 def make_container(cloud):
     c = Container()
-    # scs_0100_flavor_naming
+    # basic support attributes shared by multiple testcases
     c.add_function('conn', lambda _: openstack.connect(cloud=cloud, timeout=32))
     c.add_function('flavors', lambda c: list(c.conn.list_flavors(get_extra=True)))
     c.add_function('images', lambda c: [img for img in c.conn.list_images() if img.visibility in ('public', 'community')])
+    # scs_0100_flavor_naming
     c.add_function('scs_flavors', lambda c: compute_scs_flavors(c.flavors))
     c.add_function('scs_0100_syntax_check', lambda c: compute_scs_0100_syntax_check(c.scs_flavors))
     c.add_function('scs_0100_semantics_check', lambda c: compute_scs_0100_semantics_check(c.scs_flavors))
-    c.add_function('flavor_name_check', lambda c: compute_flavor_name_check(c.scs_0100_syntax_check, c.scs_0100_semantics_check))
-    c.add_function('scs_0101_image_property', lambda c: compute_scs_0101_image_property(c.images))
-    c.add_function('scs_0101_flavor_property', lambda c: compute_scs_0101_flavor_property(c.flavors))
+    c.add_function('flavor_name_check', lambda c: all((
+        c.scs_0100_syntax_check, c.scs_0100_semantics_check,
+    )))
+    # scs_0101_entropy
     c.add_function('canonical_image', lambda c: compute_canonical_image(c.images))
     c.add_function('collected_vm_output', lambda c: compute_collected_vm_output(c.conn, c.flavors, c.canonical_image))
+    c.add_function('scs_0101_image_property', lambda c: compute_scs_0101_image_property(c.images))
+    c.add_function('scs_0101_flavor_property', lambda c: compute_scs_0101_flavor_property(c.flavors))
     c.add_function('scs_0101_entropy_avail', lambda c: compute_scs_0101_entropy_avail(c.collected_vm_output, c.canonical_image.name))
     c.add_function('scs_0101_rngd', lambda c: compute_scs_0101_rngd(c.collected_vm_output, c.canonical_image.name))
     c.add_function('scs_0101_fips_test', lambda c: compute_scs_0101_fips_test(c.collected_vm_output, c.canonical_image.name))
-    c.add_function('entropy_check', lambda c: compute_scs_0101_entropy_check(c.scs_0101_entropy_avail, c.scs_0101_fips_test))
+    c.add_function('entropy_check', lambda c: all((
+        c.scs_0101_entropy_avail, c.scs_0101_fips_test,
+    )))
+    # scs_0102_image_metadata
+    c.add_function('scs_0102_prop_architecture', lambda c: compute_scs_0102_prop_architecture(c.images))
+    c.add_function('scs_0102_prop_hash_algo', lambda c: compute_scs_0102_prop_hash_algo(c.images))
+    c.add_function('scs_0102_prop_min_disk', lambda c: compute_scs_0102_prop_min_disk(c.images))
+    c.add_function('scs_0102_prop_min_ram', lambda c: compute_scs_0102_prop_min_ram(c.images))
+    c.add_function('scs_0102_prop_os_version', lambda c: compute_scs_0102_prop_os_version(c.images))
+    c.add_function('scs_0102_prop_os_distro', lambda c: compute_scs_0102_prop_os_distro(c.images))
+    c.add_function('scs_0102_prop_hw_disk_bus', lambda c: compute_scs_0102_prop_hw_disk_bus(c.images))
+    c.add_function('scs_0102_prop_hypervisor_type', lambda c: compute_scs_0102_prop_hypervisor_type(c.images))
+    c.add_function('scs_0102_prop_hw_rng_model', lambda c: compute_scs_0102_prop_hw_rng_model(c.images))
+    c.add_function('scs_0102_prop_image_build_date', lambda c: compute_scs_0102_prop_image_build_date(c.images))
+    c.add_function('scs_0102_prop_image_original_user', lambda c: compute_scs_0102_prop_image_original_user(c.images))
+    c.add_function('scs_0102_prop_image_source', lambda c: compute_scs_0102_prop_image_source(c.images))
+    c.add_function('scs_0102_prop_image_description', lambda c: compute_scs_0102_prop_image_description(c.images))
+    c.add_function('scs_0102_prop_replace_frequency', lambda c: compute_scs_0102_prop_replace_frequency(c.images))
+    c.add_function('scs_0102_prop_provided_until', lambda c: compute_scs_0102_prop_provided_until(c.images))
+    c.add_function('scs_0102_prop_uuid_validity', lambda c: compute_scs_0102_prop_uuid_validity(c.images))
+    c.add_function('scs_0102_prop_hotfix_hours', lambda c: compute_scs_0102_prop_hotfix_hours(c.images))
+    c.add_function('scs_0102_image_recency', lambda c: compute_scs_0102_image_recency(c.images))
+    c.add_function('image_metadata_check', lambda c: all((
+        c.scs_0102_prop_architecture, c.scs_0102_prop_min_disk, c.scs_0102_prop_min_ram, c.scs_0102_prop_os_version,
+        c.scs_0102_prop_os_distro, c.scs_0102_prop_hw_disk_bus, c.scs_0102_prop_image_build_date,
+        c.scs_0102_prop_image_original_user, c.scs_0102_prop_image_source, c.scs_0102_prop_image_description,
+        c.scs_0102_prop_replace_frequency, c.scs_0102_prop_provided_until, c.scs_0102_prop_uuid_validity,
+        c.scs_0102_image_recency,
+    )))
     return c
 
 
@@ -82,6 +123,7 @@ def __init__(self):
     def __getattr__(self, key):
         val = self._values.get(key)
         if val is None:
+            logger.debug(f'... {key}')
             try:
                 ret = self._functions[key](self)
             except BaseException as e:
 
@@ -76,7 +76,3 @@ def compute_scs_0100_semantics_check(scs_flavors: list) -> bool:
     if problems:
         logger.error(f"scs-100-semantics-check: flavor(s) failed: {', '.join(sorted(problems))}")
     return not problems
-
-
-def compute_flavor_name_check(syntax_check_result, semantics_check_result):
-    return syntax_check_result and semantics_check_result
@@ -22,10 +22,7 @@
 import openstack.cloud
 
 
-try:
-    from . import entropy_check
-except ImportError:
-    import entropy_check
+import entropy_check
 
 
 logger = logging.getLogger(__name__)
 
@@ -149,11 +149,6 @@ def compute_scs_0101_virtio_rng(collected_vm_output, image_name):
         logger.critical(f"Couldn't check VM '{image_name}' recommends", exc_info=True)
 
 
-def compute_scs_0101_entropy_check(scs_0101_entropy_avail_result, scs_0101_fips_test_result):
-    # note: this is about the mandatory things
-    return scs_0101_entropy_avail_result and scs_0101_fips_test_result
-
-
 class TestEnvironment:
     def __init__(self, conn):
         self.conn = conn
 
@@ -0,0 +1,138 @@
+#!/usr/bin/env python3
+# vim: set ts=4 sw=4 et:
+#
+# SCS/Docs/tools/image-md-check.py
+
+"""
+Retrieve metadata from (public) images and check for compliance
+with SCS specifications.
+
+(c) Kurt Garloff <[email protected]>, 09/2022
+SPDX-License-Identifier: CC-BY-SA-4.0
+"""
+
+from collections import Counter
+import getopt
+import logging
+import os
+import sys
+
+import openstack
+
+
+from image_metadata import \
+    compute_scs_0102_prop_architecture, compute_scs_0102_prop_hash_algo, compute_scs_0102_prop_min_disk, \
+    compute_scs_0102_prop_min_ram, compute_scs_0102_prop_os_version, compute_scs_0102_prop_os_distro, \
+    compute_scs_0102_prop_hw_disk_bus, compute_scs_0102_prop_hypervisor_type, compute_scs_0102_prop_hw_rng_model, \
+    compute_scs_0102_prop_image_build_date, compute_scs_0102_prop_image_original_user, \
+    compute_scs_0102_prop_image_source, compute_scs_0102_prop_image_description, \
+    compute_scs_0102_prop_replace_frequency, compute_scs_0102_prop_provided_until, \
+    compute_scs_0102_prop_uuid_validity, compute_scs_0102_prop_hotfix_hours, \
+    compute_scs_0102_image_recency
+
+
+logger = logging.getLogger(__name__)
+
+
+def usage(ret):
+    "Usage information"
+    print("Usage: image-md-check.py [options] [images]")
+    print("image-md-check.py will create a report on public images by retrieving")
+    print(" the image metadata (properties) and comparing this against the image")
+    print(" metadata spec from SCS.")
+    print("Options: --os-cloud CLOUDNAME: Use this cloud config, default is $OS_CLOUD")
+    print(" -p/--private : Also consider private images")
+    print(" -v/--verbose : Be more verbose")
+    print(" -h/--help    : Print this usage information")
+    print(" [-V/--image-visibility VIS_LIST] : filters images by visibility")
+    print("                (default: 'public,community'; use '*' to disable)")
+    print("If you pass images, only these will be validated, otherwise all images")
+    print("(filtered according to -p, -V) from the catalog will be processed.")
+    sys.exit(ret)
+
+
+def main(argv):
+    "Main entry point"
+    # configure logging, disable verbose library logging
+    logging.basicConfig(format='%(levelname)s: %(message)s', level=logging.INFO)
+    openstack.enable_logging(debug=False)
+    image_visibility = set()
+    private = False
+    cloud = os.environ.get("OS_CLOUD")
+    err = 0
+    try:
+        opts, args = getopt.gnu_getopt(argv[1:], "phvc:sV:",
+                                       ("private", "help", "os-cloud=", "verbose", "skip-completeness", "image-visibility="))
+    except getopt.GetoptError:  # as exc:
+        print("CRITICAL: Command-line syntax error", file=sys.stderr)
+        usage(1)
+    for opt in opts:
+        if opt[0] == "-h" or opt[0] == "--help":
+            usage(0)
+        elif opt[0] == "-p" or opt[0] == "--private":
+            private = True  # only keep this for backwards compatibility (we have -V now)
+        elif opt[0] == "-v" or opt[0] == "--verbose":
+            logging.getLogger().setLevel(logging.DEBUG)
+        elif opt[0] == "-s" or opt[0] == "--skip-completeness":
+            logger.info("ignoring obsolete command-line option -s")
+        elif opt[0] == "-c" or opt[0] == "--os-cloud":
+            cloud = opt[1]
+        if opt[0] == "-V" or opt[0] == "--image-visibility":
+            image_visibility.update([v.strip() for v in opt[1].split(',')])
+    image_names = args
+    if not cloud:
+        print("CRITICAL: Need to specify --os-cloud or set OS_CLOUD environment.", file=sys.stderr)
+        usage(1)
+    if not image_visibility:
+        image_visibility.update(("public", "community"))
+    if private:
+        image_visibility.add("private")
+    try:
+        conn = openstack.connect(cloud=cloud, timeout=24)
+        all_images = list(conn.image.images())
+        if '*' not in image_visibility:
+            logger.debug(f"Images: filter for visibility {', '.join(sorted(image_visibility))}")
+            all_images = [img for img in all_images if img.visibility in image_visibility]
+        all_image_names = [f"{img.name} ({img.visibility})" for img in all_images]
+        logger.debug(f"Images: {', '.join(all_image_names) or '(NONE)'}")
+        by_name = {img.name: img for img in all_images}
+        if len(by_name) != len(all_images):
+            counter = Counter([img.name for img in all_images])
+            duplicates = [name for name, count in counter.items() if count > 1]
+            print(f'WARNING: duplicate names detected: {", ".join(duplicates)}', file=sys.stderr)
+        if image_names:
+            images = [by_name[nm] for nm in image_names]
+        else:
+            images = all_images
+        result = all((
+            compute_scs_0102_prop_architecture(images),
+            compute_scs_0102_prop_min_disk(images),
+            compute_scs_0102_prop_min_ram(images),
+            compute_scs_0102_prop_os_version(images),
+            compute_scs_0102_prop_os_distro(images),
+            compute_scs_0102_prop_hw_disk_bus(images),
+            compute_scs_0102_prop_image_build_date(images),
+            compute_scs_0102_prop_image_original_user(images),
+            compute_scs_0102_prop_image_source(images),
+            compute_scs_0102_prop_image_description(images),
+            compute_scs_0102_prop_replace_frequency(images),
+            compute_scs_0102_prop_provided_until(images),
+            compute_scs_0102_prop_uuid_validity(images),
+            compute_scs_0102_prop_hotfix_hours(images),
+            compute_scs_0102_image_recency(images),
+        ))
+        print("image-metadata-check: " + ('FAIL', 'PASS')[min(1, result)])
+        # recommended stuff
+        _ = all((
+            compute_scs_0102_prop_hash_algo(images),
+            compute_scs_0102_prop_hypervisor_type(images),
+            compute_scs_0102_prop_hw_rng_model(images),
+        ))
+    except BaseException as exc:
+        print(f"CRITICAL: {exc!r}", file=sys.stderr)
+        return 1 + err
+    return err
+
+
+if __name__ == "__main__":
+    sys.exit(main(sys.argv))