mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-22 06:38:06 +00:00
Fix issue with kubernetes version check, where the master binary is
used for all modes including nodes and federated.
This commit is contained in:
Abubakr-Sadik Nii Nai Davis
parent
6d26814cf6
commit
06466d6573
@ -145,18 +145,19 @@ func verifyNodeType(t check.NodeType) []string {
|
||||
kubeNodeConf = append(kubeNodeConf, kubeConfDir+"/kubelet")
|
||||
kubeNodeConf = append(kubeNodeConf, kubeConfDir+"/proxy")
|
||||
|
||||
w = append(w, verifyKubeVersion(kubeMasterBin)...)
|
||||
|
||||
switch t {
|
||||
case check.MASTER:
|
||||
w = append(w, verifyBin(kubeMasterBin)...)
|
||||
w = append(w, verifyBin(xMasterBin)...)
|
||||
w = append(w, verifyConf(kubeMasterConf)...)
|
||||
w = append(w, verifyKubeVersion(kubeMasterBin[0])...)
|
||||
case check.NODE:
|
||||
w = append(w, verifyBin(kubeNodeBin)...)
|
||||
w = append(w, verifyConf(kubeNodeConf)...)
|
||||
w = append(w, verifyKubeVersion(kubeNodeBin[0])...)
|
||||
case check.FEDERATED:
|
||||
w = append(w, verifyBin(kubeFederatedBin)...)
|
||||
w = append(w, verifyKubeVersion(kubeFederatedBin[0])...)
|
||||
}
|
||||
|
||||
return w
|
||||
@ -256,35 +257,22 @@ func verifyBin(binPath []string) []string {
|
||||
return w
|
||||
}
|
||||
|
||||
func verifyKubeVersion(binPath []string) []string {
|
||||
func verifyKubeVersion(b string) []string {
|
||||
// These executables might not be on the user's path.
|
||||
// TODO! Check the version number using kubectl, which is more likely to be on the path.
|
||||
var w []string
|
||||
|
||||
for _, b := range binPath {
|
||||
_, err := exec.LookPath(b)
|
||||
if err != nil {
|
||||
w = append(w, fmt.Sprintf("%s: command not found on path - version check skipped\n", b))
|
||||
continue
|
||||
}
|
||||
// Check version
|
||||
cmd := exec.Command(b, "--version")
|
||||
cmd.Stderr = os.Stderr
|
||||
out, err := cmd.Output()
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "%s: %s\n", cmd.Args, err)
|
||||
}
|
||||
|
||||
// Check version
|
||||
cmd := exec.Command(b, "--version")
|
||||
cmd.Stderr = os.Stderr
|
||||
out, err := cmd.Output()
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "%s: %s\n", cmd.Args, err)
|
||||
}
|
||||
|
||||
matched := strings.Contains(string(out), kubeVersion)
|
||||
if !matched {
|
||||
w = append(w, fmt.Sprintf(
|
||||
"%s unsupported version, expected %s, got %s\n",
|
||||
b,
|
||||
kubeVersion,
|
||||
string(out),
|
||||
))
|
||||
}
|
||||
matched := strings.Contains(string(out), kubeVersion)
|
||||
if !matched {
|
||||
w = append(w, fmt.Sprintf("%s unsupported version.", b))
|
||||
}
|
||||
|
||||
return w
|
||||
|
||||
Loading…
Reference in New Issue
Block a user