1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 16:18:07 +00:00

Merge branch 'master' into unnecessary-warning

This commit is contained in:
Abubakr-Sadik Nii Nai Davis 2017-11-28 17:44:53 +00:00
commit 53eb720952
4 changed files with 37 additions and 48 deletions

View File

@ -539,7 +539,7 @@ groups:
scored: true
- id: 1.1.33
text: "1.1.34 Ensure that the --experimental-encryption-provider-config argument is
text: "Ensure that the --experimental-encryption-provider-config argument is
set as appropriate (Scored)"
audit: "ps -ef | grep $apiserverbin | grep -v grep"
tests:

View File

@ -25,16 +25,17 @@ import (
)
var (
envVarsPrefix = "KUBE_BENCH"
cfgDir = "./cfg"
cfgFile string
jsonFmt bool
pgSql bool
checkList string
groupList string
masterFile string
nodeFile string
federatedFile string
envVarsPrefix = "KUBE_BENCH"
cfgDir = "./cfg"
defaultKubeVersion = "1.6"
cfgFile string
jsonFmt bool
pgSql bool
checkList string
groupList string
masterFile string
nodeFile string
federatedFile string
)
// RootCmd represents the base command when called without any subcommands

View File

@ -213,39 +213,30 @@ func multiWordReplace(s string, subname string, sub string) string {
return strings.Replace(s, subname, sub, -1)
}
type version struct {
Server string
Client string
}
func getKubeVersion() *version {
ver := new(version)
func getKubeVersion() string {
// These executables might not be on the user's path.
_, err := exec.LookPath("kubectl")
if err != nil {
s := fmt.Sprintf("Kubernetes version check skipped with error %v", err)
continueWithError(err, sprintlnWarn(s))
return nil
exitWithError(fmt.Errorf("kubernetes version check failed: %v", err))
}
cmd := exec.Command("kubectl", "version")
out, err := cmd.Output()
cmd := exec.Command("kubectl", "version", "--short")
out, err := cmd.CombinedOutput()
if err != nil {
s := fmt.Sprintf("Kubernetes version check skipped, with error getting kubectl version")
continueWithError(err, sprintlnWarn(s))
return nil
continueWithError(fmt.Errorf("%s", out), "")
}
clientVerRe := regexp.MustCompile(`Client.*Major:"(\d+)".*Minor:"(\d+)"`)
svrVerRe := regexp.MustCompile(`Server.*Major:"(\d+)".*Minor:"(\d+)"`)
return getVersionFromKubectlOutput(string(out))
}
sub := clientVerRe.FindStringSubmatch(string(out))
ver.Client = sub[1] + "." + sub[2]
sub = svrVerRe.FindStringSubmatch(string(out))
ver.Server = sub[1] + "." + sub[2]
return ver
func getVersionFromKubectlOutput(s string) string {
serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`)
subs := serverVersionRe.FindStringSubmatch(s)
if len(subs) < 2 {
printlnWarn(fmt.Sprintf("Unable to get kubectl version, using default version: %s", defaultKubeVersion))
return defaultKubeVersion
}
return subs[1]
}
func makeSubstitutions(s string, ext string, m map[string]string) string {

View File

@ -17,7 +17,6 @@ package cmd
import (
"os"
"reflect"
"regexp"
"strconv"
"testing"
@ -182,19 +181,17 @@ func TestMultiWordReplace(t *testing.T) {
}
}
func TestGetKubeVersion(t *testing.T) {
ver := getKubeVersion()
if ver == nil {
t.Log("Expected non nil version info.")
} else {
if ok, err := regexp.MatchString(`\d+.\d+`, ver.Client); !ok && err != nil {
t.Logf("Expected:%v got %v\n", "n.m", ver.Client)
}
if ok, err := regexp.MatchString(`\d+.\d+`, ver.Server); !ok && err != nil {
t.Logf("Expected:%v got %v\n", "n.m", ver.Server)
}
func TestKubeVersionRegex(t *testing.T) {
ver := getVersionFromKubectlOutput(`Client Version: v1.8.0
Server Version: v1.8.12
`)
if ver != "1.8" {
t.Fatalf("Expected 1.8 got %s", ver)
}
ver = getVersionFromKubectlOutput("Something completely different")
if ver != "1.6" {
t.Fatalf("Expected 1.6 got %s", ver)
}
}