diff --git a/cfg/1.8/master.yaml b/cfg/1.8/master.yaml index 818b4bf..43cbabc 100644 --- a/cfg/1.8/master.yaml +++ b/cfg/1.8/master.yaml @@ -539,7 +539,7 @@ groups: scored: true - id: 1.1.33 - text: "1.1.34 Ensure that the --experimental-encryption-provider-config argument is + text: "Ensure that the --experimental-encryption-provider-config argument is set as appropriate (Scored)" audit: "ps -ef | grep $apiserverbin | grep -v grep" tests: diff --git a/cmd/root.go b/cmd/root.go index 08be2b3..3c80f5d 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -25,16 +25,17 @@ import ( ) var ( - envVarsPrefix = "KUBE_BENCH" - cfgDir = "./cfg" - cfgFile string - jsonFmt bool - pgSql bool - checkList string - groupList string - masterFile string - nodeFile string - federatedFile string + envVarsPrefix = "KUBE_BENCH" + cfgDir = "./cfg" + defaultKubeVersion = "1.6" + cfgFile string + jsonFmt bool + pgSql bool + checkList string + groupList string + masterFile string + nodeFile string + federatedFile string ) // RootCmd represents the base command when called without any subcommands diff --git a/cmd/util.go b/cmd/util.go index f724847..66ae5a7 100644 --- a/cmd/util.go +++ b/cmd/util.go @@ -213,39 +213,30 @@ func multiWordReplace(s string, subname string, sub string) string { return strings.Replace(s, subname, sub, -1) } -type version struct { - Server string - Client string -} - -func getKubeVersion() *version { - ver := new(version) +func getKubeVersion() string { // These executables might not be on the user's path. _, err := exec.LookPath("kubectl") if err != nil { - s := fmt.Sprintf("Kubernetes version check skipped with error %v", err) - continueWithError(err, sprintlnWarn(s)) - return nil + exitWithError(fmt.Errorf("kubernetes version check failed: %v", err)) } - cmd := exec.Command("kubectl", "version") - out, err := cmd.Output() + cmd := exec.Command("kubectl", "version", "--short") + out, err := cmd.CombinedOutput() if err != nil { - s := fmt.Sprintf("Kubernetes version check skipped, with error getting kubectl version") - continueWithError(err, sprintlnWarn(s)) - return nil + continueWithError(fmt.Errorf("%s", out), "") } - clientVerRe := regexp.MustCompile(`Client.*Major:"(\d+)".*Minor:"(\d+)"`) - svrVerRe := regexp.MustCompile(`Server.*Major:"(\d+)".*Minor:"(\d+)"`) - - sub := clientVerRe.FindStringSubmatch(string(out)) - ver.Client = sub[1] + "." + sub[2] - - sub = svrVerRe.FindStringSubmatch(string(out)) - ver.Server = sub[1] + "." + sub[2] + return getVersionFromKubectlOutput(string(out)) +} - return ver +func getVersionFromKubectlOutput(s string) string { + serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`) + subs := serverVersionRe.FindStringSubmatch(s) + if len(subs) < 2 { + printlnWarn(fmt.Sprintf("Unable to get kubectl version, using default version: %s", defaultKubeVersion)) + return defaultKubeVersion + } + return subs[1] } func makeSubstitutions(s string, ext string, m map[string]string) string { diff --git a/cmd/util_test.go b/cmd/util_test.go index e9c6eac..3650ea0 100644 --- a/cmd/util_test.go +++ b/cmd/util_test.go @@ -17,7 +17,6 @@ package cmd import ( "os" "reflect" - "regexp" "strconv" "testing" @@ -182,19 +181,17 @@ func TestMultiWordReplace(t *testing.T) { } } -func TestGetKubeVersion(t *testing.T) { - ver := getKubeVersion() - if ver == nil { - t.Log("Expected non nil version info.") - } else { - if ok, err := regexp.MatchString(`\d+.\d+`, ver.Client); !ok && err != nil { - t.Logf("Expected:%v got %v\n", "n.m", ver.Client) - } - - if ok, err := regexp.MatchString(`\d+.\d+`, ver.Server); !ok && err != nil { - t.Logf("Expected:%v got %v\n", "n.m", ver.Server) - } +func TestKubeVersionRegex(t *testing.T) { + ver := getVersionFromKubectlOutput(`Client Version: v1.8.0 + Server Version: v1.8.12 + `) + if ver != "1.8" { + t.Fatalf("Expected 1.8 got %s", ver) + } + ver = getVersionFromKubectlOutput("Something completely different") + if ver != "1.6" { + t.Fatalf("Expected 1.6 got %s", ver) } }