standards icon indicating copy to clipboard operation
standards copied to clipboard
verified publisher icon SovereignCloudStack

make compliance test for scs-0115-v1: Default Rules for Security Groups downward compatible

Open fraugabel opened this issue 1 year ago • 4 comments

For Yaook-based Openstack, that consists neather of deprecated or latest versions of components the compliance test for Default Rules for Security Groups should still be usable:

  • if the current test fails (requesting https://neutron.l1a.cloudandheat.com:443/v2.0/default-security-group-rules), there should be an alternative test that
  1. creates a new security group to check whether default security group rules are automatically applied
  2. therefor checks for egress rules for IPv4 and IPv6 allowing all traffic
  3. and checks for ingress rules IPv4 and IPv6 blocking all traffic
  4. then deletes security group again

Note: requesting default-security-group-rules is available for yaook 2023.2 and later

fraugabel avatar Sep 11 '24 12:09 fraugabel

I think there will be now ingress rules at all. So you can count the rules: If there are only 2 rules and both are egress, the test should be successful.

josephineSei avatar Sep 11 '24 12:09 josephineSei

added alternative test, because the current test only works for the latest versions of the network and compute services, though older versions are not depricated yet

fraugabel avatar Sep 16 '24 08:09 fraugabel

PR: https://github.com/SovereignCloudStack/standards/pull/748

fraugabel avatar Sep 16 '24 08:09 fraugabel

Please only close when the PR is merged. Github can do that automatically – just link the two.

mbuechse avatar Sep 16 '24 08:09 mbuechse