arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-27 08:58:06 +00:00
Code Issues Releases Wiki Activity

Add function to retrieve Kubernetes server version.

Browse Source 
The server version is used to load the correct benchmark check
to run against the Kubernetes cluster.
This commit is contained in:
Abubakr-Sadik Nii Nai Davis 2017-09-17 14:35:25 +00:00
parent 8ea0892437
commit 56fa20103a
6 changed files with 56 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/common.go
View File

@ -90,7 +90,9 @@ func runChecks(t check.NodeType) {
file = federatedFile file = federatedFile
} }
in, err := ioutil.ReadFile(file) ver := getKubeVersion()
path := fmt.Sprintf("%s/%s/%s", cfgDir, ver.Server, file)
in, err := ioutil.ReadFile(path)
if err != nil { if err != nil {
exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err)) exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err))
} }

2
cmd/federated.go
View File

@ -33,7 +33,7 @@ func init() {
federatedCmd.PersistentFlags().StringVarP(&federatedFile, federatedCmd.PersistentFlags().StringVarP(&federatedFile,
"file", "file",
"f", "f",
cfgDir+"/federated.yaml", "/federated.yaml",
"Alternative YAML file for federated checks", "Alternative YAML file for federated checks",
) )

2
cmd/master.go
View File

@ -33,7 +33,7 @@ func init() {
masterCmd.PersistentFlags().StringVarP(&masterFile, masterCmd.PersistentFlags().StringVarP(&masterFile,
"file", "file",
"f", "f",
cfgDir+"/master.yaml", "/master.yaml",
"Alternative YAML file for master checks", "Alternative YAML file for master checks",
) )

2
cmd/node.go
View File

@ -33,7 +33,7 @@ func init() {
nodeCmd.PersistentFlags().StringVarP(&nodeFile, nodeCmd.PersistentFlags().StringVarP(&nodeFile,
"file", "file",
"f", "f",
cfgDir+"/node.yaml", "/node.yaml",
"Alternative YAML file for node checks", "Alternative YAML file for node checks",
) )

35
cmd/util.go
View File

@ -159,3 +159,38 @@ func multiWordReplace(s string, subname string, sub string) string {
return strings.Replace(s, subname, sub, -1) return strings.Replace(s, subname, sub, -1)
} }
type version struct {
Server string
Client string
}
func getKubeVersion() *version {
ver := new(version)
// These executables might not be on the user's path.
_, err := exec.LookPath("kubectl")
if err != nil {
s := fmt.Sprintf("Kubernetes version check skipped with error %v", err)
continueWithError(err, sprintlnWarn(s))
return nil
}
cmd := exec.Command("kubectl", "version")
out, err := cmd.Output()
if err != nil {
s := fmt.Sprintf("Kubernetes version check skipped, with error getting kubectl version")
continueWithError(err, sprintlnWarn(s))
return nil
}
clientVerRe := regexp.MustCompile(`Client.*Major:"(\d+)".*Minor:"(\d+)"`)
svrVerRe := regexp.MustCompile(`Server.*Major:"(\d+)".*Minor:"(\d+)"`)
sub := clientVerRe.FindStringSubmatch(string(out))
ver.Client = sub[1] + "." + sub[2]
sub = svrVerRe.FindStringSubmatch(string(out))
ver.Server = sub[1] + "." + sub[2]
return ver
}

15
cmd/util_test.go
View File

@ -129,3 +129,18 @@ func TestMultiWordReplace(t *testing.T) {
}) })
} }
} }
func TestGetKubeVersion(t *testing.T) {
ver := getKubeVersion()
if ver == nil {
t.Log("Expected non nil version info.")
} else {
if ok, err := regexp.MatchString(`\d+.\d+`, ver.Client); !ok && err != nil {
t.Logf("Expected:%v got %v\n", "n.m", ver.Client)
}
if ok, err := regexp.MatchString(`\d+.\d+`, ver.Server); !ok && err != nil {
t.Logf("Expected:%v got %v\n", "n.m", ver.Server)
}
}
}