Skip to content

Commit

Permalink
Merge branch 'main' into issue/289
Browse files Browse the repository at this point in the history
  • Loading branch information
@tonifinger
tonifinger authored Nov 15, 2023
2 parents 705283e + a28b58c commit c995b7d
Show file tree
Hide file tree
Showing 10 changed files with 278 additions and 57 deletions.
8 changes: 8 additions & 0 deletions .github/scs-compliance-check/openstack/clouds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,14 @@ clouds:
region_name: "prod2"
interface: "public"
identity_api_version: 3
pco-prod3:
auth_type: "v3applicationcredential"
auth:
auth_url: https://prod3.api.pco.get-cloud.io:5000
application_credential_id: "fe66c4c8cd3b4ea08262424783e1c58f"
region_name: "prod3"
interface: "public"
identity_api_version: 3
wavestack:
auth:
auth_url: https://api.wavestack.de:5000
Expand Down
23 changes: 23 additions & 0 deletions .github/workflows/check-pco-prod3-v1.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: "Compliance of pco-prod3"

on:
# Trigger compliance check every day at 4:30 UTC
schedule:
- cron: '30 4 * * *'
# Trigger compliance check after Docker image has been built
workflow_run:
workflows: [Build and publish scs-compliance-check Docker image]
types:
- completed
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:

jobs:
check-pco-prod3:
uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
with:
version: v1
layer: iaas
cloud: "pco-prod3"
secret_name: "OS_PASSWORD_PCOPROD3"
secrets: inherit
23 changes: 23 additions & 0 deletions .github/workflows/check-pco-prod3-v2.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: "Compliance of pco-prod3"

on:
# Trigger compliance check every day at 4:30 UTC
schedule:
- cron: '30 4 * * *'
# Trigger compliance check after Docker image has been built
workflow_run:
workflows: [Build and publish scs-compliance-check Docker image]
types:
- completed
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:

jobs:
check-pco-prod3:
uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
with:
version: v2
layer: iaas
cloud: "pco-prod3"
secret_name: "OS_PASSWORD_PCOPROD3"
secrets: inherit
23 changes: 23 additions & 0 deletions .github/workflows/check-pco-prod3-v3.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: "Compliance of pco-prod3"

on:
# Trigger compliance check every day at 4:30 UTC
schedule:
- cron: '30 4 * * *'
# Trigger compliance check after Docker image has been built
workflow_run:
workflows: [Build and publish scs-compliance-check Docker image]
types:
- completed
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:

jobs:
check-pco-prod3:
uses: ./.github/workflows/scs-compliance-check-with-application-credential.yml
with:
version: v3
layer: iaas
cloud: "pco-prod3"
secret_name: "OS_PASSWORD_PCOPROD3"
secrets: inherit
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ This is a list of clouds that we test on a nightly basis against our `scs-compat
| [gx-scs](https://github.com/SovereignCloudStack/docs/blob/main/community/cloud-resources/plusserver-gx-scs.md) | Dev environment provided for SCS & GAIA-X context | plusserver GmbH | ![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/SovereignCloudStack/standards/check-gx-scs-v1.yml?label=compliant) | [HM](https://health.gx-scs.sovereignit.cloud:3000/) |
| [pluscloud open - prod1](https://www.plusserver.com/en/products/pluscloud-open) | Public cloud for customers | plusserver GmbH | ![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/SovereignCloudStack/standards/check-pco-prod1-v1.yml?label=compliant) | [HM](https://health.prod1.plusserver.sovereignit.cloud:3000) |
| [pluscloud open - prod2](https://www.plusserver.com/en/products/pluscloud-open) | Public cloud for customers | plusserver GmbH | ![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/SovereignCloudStack/standards/check-pco-prod2-v1.yml?label=compliant) | [HM](https://health.prod1.plusserver.sovereignit.cloud:3000) |
| [pluscloud open - prod3](https://www.plusserver.com/en/products/pluscloud-open) | Public cloud for customers | plusserver GmbH | ![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/SovereignCloudStack/standards/check-pco-prod3-v2.yml?label=compliant) | [HM](https://health.prod1.plusserver.sovereignit.cloud:3000) |
| [Wavestack](https://www.noris.de/wavestack-cloud/) | Public cloud for customers | noris network AG/Wavecon GmbH | ![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/SovereignCloudStack/standards/check-wavestack-v3.yml?label=compliant) | [HM](https://health.wavestack1.sovereignit.cloud:3000/) |
| [REGIO.cloud](https://regio.digital) | Public cloud for customers | OSISM GmbH | ![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/SovereignCloudStack/standards/check-regio-a-v3.yml?label=compliant) | [Dashboard](https://apimon.services.regio.digital/public-dashboards/17cf094a47404398a5b8e35a4a3968d4?orgId=1&refresh=5m) |

Expand Down
46 changes: 27 additions & 19 deletions Standards/scs-0003-v1-sovereign-cloud-standards-yaml.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,11 +77,11 @@ Each certificate scope is recorded in a dedicated YAML file, e.g. `scs-open-kaas

The certification YAML _MUST_ contain the following keys:

| Key | Type | Description | Example |
| ---------- | ------------- | ---------------------------------------------------- | ---------------------------------------------------------------------------------------- |
| `name` | String | Full name of this certificate scope | _SCS Open KaaS_ |
| `url` | String | Valid URL to the latest raw version of this document | _<https://github.com/SovereignCloudStack/standards/blob/main/Tests/scs-open-kaas.yaml>_ |
| `versions` | Array of maps | List of version descriptors (described below) | (see below) |
| Key | Type | Description | Example |
| ---------- | ------------- | ---------------------------------------------------- | ----------------------------------------------------------------------------------------------- |
| `name` | String | Full name of this certificate scope | _SCS Open KaaS_ |
| `url` | String | Valid URL to the latest raw version of this document | `https://raw.githubusercontent.com/SovereignCloudStack/standards/main/Tests/scs-open-kaas.yaml` |
| `versions` | Array of maps | List of version descriptors (described below) | (see below) |

The certification YAML _MAY_ contain the following keys:

Expand All @@ -93,11 +93,11 @@ where corresponding means: of the same layer. The latter certificate is said to
We implement this logic by allowing for the designation of a certificate scope as a prerequisite;
then a certificate of that prerequisite scope has to be presented before the certificate of the scope in question can be granted.

| Key | Type | Description | Example |
| ------------------- | ------ | ------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- |
| `prerequisite` | Map | Descriptor for the prerequisite certificate scope, if any | |
| `prerequisite.name` | String | Full name of the certificate scope | _SCS Compatible IaaS_ |
| `prerequisite.url` | String | Valid URL to the latest raw version of the certificate scope | _[scs-compatible-iaas.yaml](https://github.com/SovereignCloudStack/standards/blob/main/Tests/scs-compatible-iaas.yaml)_ |
| Key | Type | Description | Example |
| ------------------- | ------ | ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
| `prerequisite` | Map | Descriptor for the prerequisite certificate scope, if any | |
| `prerequisite.name` | String | Full name of the certificate scope | _SCS Compatible IaaS_ |
| `prerequisite.url` | String | Valid URL to the latest raw version of the certificate scope | _[scs-compatible-iaas.yaml](https://raw.githubusercontent.com/SovereignCloudStack/standards/main/Tests/scs-compatible-iaas.yaml)_ |

### Version descriptor

Expand All @@ -122,15 +122,23 @@ are effective at the same time.

Every list of standards consists of several standards that – altogether – define the particular layer standard in the given version.

| Key | Type | Description | Example |
| ------------------------------------------ | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------- |
| `name` | String | Full name of the particular standard | _Flavor naming_ |
| `url` | String | Valid URL to the latest raw version of the particular standard | _[Flavor naming](https://github.com/SovereignCloudStack/standards/blob/main/Standards/scs-0100-v2-flavor-naming.md)_ |
| `condition` | String | State of the particular standard, currently either `mandatory` or `optional`, default is `mandatory` | _mandatory_ |
| `check_tools` | Array | List of `url`, `args` maps that list all tools that must pass | |
| `check_tools.executable` | String | Valid local filename (relative to the path of scs-compliance-check.py) or URL to the latest check tool that verifies compliance with the particular standard. (URL is not yet supported due to security considerations.) | _image-md-check.py_ |
| `check_tools.args` | String | _Optional_ list of arguments to be passed to the `check_tool`. Preferably none needed. | `-v` |
| `check_tools.condition` | String | _Optionally_ overrides the per-standard condition (`mandatory` or `optional`) | _optional_ |
| Key | Type | Description | Example |
| ------------------------ | ------ | ------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------ |
| `name` | String | Full name of the particular standard | _Flavor naming_ |
| `url` | String | Valid URL to the latest raw version of the particular standard | _[Flavor naming](https://raw.githubusercontent.com/SovereignCloudStack/standards/main/Standards/scs-0100-v2-flavor-naming.md)_ |
| `condition` | String | State of the particular standard, currently either `mandatory` or `optional`, default is `mandatory` | _mandatory_ |
| `check_tools` | Array | List of check tool descriptors: listing all tools that must pass | |

### Check tool descriptor

| Key | Type | Description | Example |
| ----------------- | ------ | ---------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| `executable` | String | Valid local filename (relative to the path of scs-compliance-check.py) of a script that verifies compliance with the particular standard | _image-md-check.py_ |
| `args` | String | _Optional_ list of arguments to be passed to the `check_tool`. Preferably none needed. | `-v` |
| `condition` | String | _Optionally_ overrides the per-standard condition (`mandatory` or `optional`) | _optional_ |
| `classification` | String | One of: `light` (_default_), `medium`, `heavy`; describes the resource usage of the script; used to select an appropiate test interval | _heavy_ |

_Note_: the `executable` could in principle also be given via a URL; however, this is not yet supported due to security considerations.

### Basic Example

Expand Down
Loading

0 comments on commit c995b7d

Please sign in to comment.