arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-22 06:38:06 +00:00
Code Issues Releases Wiki Activity

Fix issue with kubernetes version check, where the master binary is

Browse Source 
used for all modes including nodes and federated.
This commit is contained in:
Abubakr-Sadik Nii Nai Davis 2017-07-06 18:31:18 +00:00
parent 6d26814cf6
commit 06466d6573
1 changed files with 14 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
cmd/common.go
View File

@ -145,18 +145,19 @@ func verifyNodeType(t check.NodeType) []string {
kubeNodeConf = append(kubeNodeConf, kubeConfDir+"/kubelet") kubeNodeConf = append(kubeNodeConf, kubeConfDir+"/kubelet")
kubeNodeConf = append(kubeNodeConf, kubeConfDir+"/proxy") kubeNodeConf = append(kubeNodeConf, kubeConfDir+"/proxy")
w = append(w, verifyKubeVersion(kubeMasterBin)...)
switch t { switch t {
case check.MASTER: case check.MASTER:
w = append(w, verifyBin(kubeMasterBin)...) w = append(w, verifyBin(kubeMasterBin)...)
w = append(w, verifyBin(xMasterBin)...) w = append(w, verifyBin(xMasterBin)...)
w = append(w, verifyConf(kubeMasterConf)...) w = append(w, verifyConf(kubeMasterConf)...)
w = append(w, verifyKubeVersion(kubeMasterBin[0])...)
case check.NODE: case check.NODE:
w = append(w, verifyBin(kubeNodeBin)...) w = append(w, verifyBin(kubeNodeBin)...)
w = append(w, verifyConf(kubeNodeConf)...) w = append(w, verifyConf(kubeNodeConf)...)
w = append(w, verifyKubeVersion(kubeNodeBin[0])...)
case check.FEDERATED: case check.FEDERATED:
w = append(w, verifyBin(kubeFederatedBin)...) w = append(w, verifyBin(kubeFederatedBin)...)
w = append(w, verifyKubeVersion(kubeFederatedBin[0])...)
} }
return w return w
@ -256,35 +257,22 @@ func verifyBin(binPath []string) []string {
return w return w
} }
func verifyKubeVersion(binPath []string) []string { func verifyKubeVersion(b string) []string {
// These executables might not be on the user's path. // These executables might not be on the user's path.
// TODO! Check the version number using kubectl, which is more likely to be on the path. // TODO! Check the version number using kubectl, which is more likely to be on the path.
var w []string var w []string
for _, b := range binPath { // Check version
_, err := exec.LookPath(b) cmd := exec.Command(b, "--version")
if err != nil { cmd.Stderr = os.Stderr
w = append(w, fmt.Sprintf("%s: command not found on path - version check skipped\n", b)) out, err := cmd.Output()
continue if err != nil {
} fmt.Fprintf(os.Stderr, "%s: %s\n", cmd.Args, err)
}
// Check version matched := strings.Contains(string(out), kubeVersion)
cmd := exec.Command(b, "--version") if !matched {
cmd.Stderr = os.Stderr w = append(w, fmt.Sprintf("%s unsupported version.", b))
out, err := cmd.Output()
if err != nil {
fmt.Fprintf(os.Stderr, "%s: %s\n", cmd.Args, err)
}
matched := strings.Contains(string(out), kubeVersion)
if !matched {
w = append(w, fmt.Sprintf(
"%s unsupported version, expected %s, got %s\n",
b,
kubeVersion,
string(out),
))
}
} }
return w return w