starting benchmark flag

5 years ago · 58fc948626
parent 16beb3e616
commit 58fc948626
3 changed files with 121 additions and 22 deletions
--- a/cmd/common.go
+++ b/cmd/common.go
@ -211,18 +211,93 @@ func loadConfig(nodetype check.NodeType) string {
 		file = federatedFile
 	}

-	runningVersion := ""
-	if kubeVersion == "" {
-		runningVersion, err = getKubeVersion()
+	// runningVersion := ""
+	// if kubeVersion == "" {
+	// 	runningVersion, err = getKubeVersion()
+	// 	if err != nil {
+	// 		exitWithError(fmt.Errorf("Version check failed: %s\nAlternatively, you can specify the version with --version", err))
+	// 	}
+	// }
+
+	/*
+
+			  if kubeVersion == "" && benchmarkVersion == "" {
+					kubeVersion, err = getKubeVersion()
+					if err != nil {
+						exitWithError(fmt.Errorf("Version check failed: %s\nAlternatively, you can specify the version with --version", err))
+					}
+			   }
+
+			   if kubeVersion != "" && benchmarkVersion != "" {
+				   exitWithError("Can not specify both version and benchmarkVersion")
+			   }
+
+			   var fileVersion string
+
+				if benchmarkVersion != "" {
+					fileVersion = benchmarkVersion
+				} else {
+					cis-ver	kube-bench config	k8s-ver
+					1.3.0	   1.11	            1.11-1.12
+					1.4.1	   1.13	            1.13-
+
+					cis-ver	kube-bench(--benchmark)  k8s-ver
+					1.3.0	   cis-1.3.0	         1.11-1.12
+					1.4.1	   cis-1.4.1	         1.13-
+
+					k8sToCISVersions := map[string]string {
+						"1.11": "cis-1.3.0",
+						"1.12": "cis-1.3.0",
+						"1.13": "cis-1.4.1",
+						"1.14": "cis-1.4.1",
+						"1.15": "cis-1.4.1",
+						"1.16": "cis-1.4.1",
+					}
+
+		            fileVersion, err := convertKubernetesVersionToCISVersion(kubeVersion)
+					if err != nil {
+					  exitWithError(err)
+				    }
+				}
+				path, err := getConfigFilePath(fileVersion, file)
+				if err != nil {
+					exitWithError(fmt.Errorf("can't find %s controls file in %s: %v", nodetype, cfgDir, err))
+				}
+
+	*/
+
+	if kubeVersion == "" && benchmarkVersion == "" {
+		kubeVersion, err = getKubeVersion()
 		if err != nil {
 			exitWithError(fmt.Errorf("Version check failed: %s\nAlternatively, you can specify the version with --version", err))
 		}
 	}
-	path, err := getConfigFilePath(kubeVersion, runningVersion, file)
+
+	if kubeVersion != "" && benchmarkVersion != "" {
+		exitWithError(fmt.Errorf("It is not valid to specify both --version and --benchmark"))
+	}
+
+	var fileVersion string
+
+	if benchmarkVersion != "" {
+		fileVersion = benchmarkVersion
+	} else {
+		fileVersion, err = convertToCISVersion(kubeVersion)
+		if err != nil {
+			exitWithError(fmt.Errorf("failed to convert kubernetes version to CIS version: %v", err))
+		}
+	}
+
+	path, err := getConfigFilePath(fileVersion, file)
 	if err != nil {
 		exitWithError(fmt.Errorf("can't find %s controls file in %s: %v", nodetype, cfgDir, err))
 	}

+	// path, err := getConfigFilePath(kubeVersion, runningVersion, file)
+	// if err != nil {
+	// 	exitWithError(fmt.Errorf("can't find %s controls file in %s: %v", nodetype, cfgDir, err))
+	// }
+
 	// Merge kubernetes version specific config if any.
 	viper.SetConfigFile(path + "/config.yaml")
 	err = viper.MergeInConfig()
--- a/cmd/root.go
+++ b/cmd/root.go
@ -36,6 +36,7 @@ var (
 	envVarsPrefix      = "KUBE_BENCH"
 	defaultKubeVersion = "1.6"
 	kubeVersion        string
+	benchmarkVersion   string
 	cfgFile            string
 	cfgDir             string
 	jsonFmt            bool
@ -114,6 +115,7 @@ func init() {
 	RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is ./cfg/config.yaml)")
 	RootCmd.PersistentFlags().StringVarP(&cfgDir, "config-dir", "D", "./cfg/", "config directory")
 	RootCmd.PersistentFlags().StringVar(&kubeVersion, "version", "", "Manually specify Kubernetes version, automatically detected if unset")
+	RootCmd.PersistentFlags().StringVar(&benchmarkVersion, "benchmark", "", "Manually specify Kubernetes version, automatically detected if unset")

 	goflag.CommandLine.VisitAll(func(goflag *goflag.Flag) {
 		RootCmd.PersistentFlags().AddGoFlag(goflag)
--- a/cmd/util.go
+++ b/cmd/util.go
@ -27,16 +27,27 @@ var (

 var psFunc func(string) string
 var statFunc func(string) (os.FileInfo, error)
+var getBinariesFunc func(*viper.Viper) (map[string]string, error)
 var TypeMap = map[string][]string{
-	"ca": []string{"cafile", "defaultcafile"},
+	"ca":         []string{"cafile", "defaultcafile"},
 	"kubeconfig": []string{"kubeconfig", "defaultkubeconfig"},
-	"service": []string{"svc", "defaultsvc"},
-	"config": []string{"confs", "defaultconf"},
+	"service":    []string{"svc", "defaultsvc"},
+	"config":     []string{"confs", "defaultconf"},
+}
+
+var k8sToCISVersions = map[string]string {
+	"1.11": "cis-1.3.0",
+	"1.12": "cis-1.3.0",
+	"1.13": "cis-1.4.1",
+	"1.14": "cis-1.4.1",
+	"1.15": "cis-1.4.1",
+	"1.16": "cis-1.4.1",
 }

 func init() {
 	psFunc = ps
 	statFunc = os.Stat
+	getBinariesFunc = getBinaries
 }

 func exitWithError(err error) {
@ -118,16 +129,16 @@ func getBinaries(v *viper.Viper) (map[string]string, error) {
 	return binmap, nil
 }

-// getConfigFilePath locates the config files we should be using based on either the specified
-// version, or the running version of kubernetes if not specified
-func getConfigFilePath(specifiedVersion string, runningVersion string, filename string) (path string, err error) {
-	var fileVersion string
+// getConfigFilePath locates the config files we should be using based on 
+// the specified version
+func getConfigFilePath(fileVersion string, filename string) (path string, err error) {
+	// var fileVersion string

-	if specifiedVersion != "" {
-		fileVersion = specifiedVersion
-	} else {
-		fileVersion = runningVersion
-	}
+	// if specifiedVersion != "" {
+	// 	fileVersion = specifiedVersion
+	// } else {
+	// 	fileVersion = runningVersion
+	// }

 	glog.V(2).Info(fmt.Sprintf("Looking for config for version %s", fileVersion))

@ -137,16 +148,19 @@ func getConfigFilePath(specifiedVersion string, runningVersion string, filename
 		glog.V(2).Info(fmt.Sprintf("Looking for config file: %s\n", file))

 		if _, err = os.Stat(file); !os.IsNotExist(err) {
-			if specifiedVersion == "" && fileVersion != runningVersion {
-				glog.V(1).Info(fmt.Sprintf("No test file found for %s - using tests for Kubernetes %s\n", runningVersion, fileVersion))
+			// if specifiedVersion == "" && fileVersion != runningVersion {
+			// 	glog.V(1).Info(fmt.Sprintf("No test file found for %s - using tests for Kubernetes %s\n", runningVersion, fileVersion))
+			// }
+			if fileVersion == "" {
+				glog.V(1).Info(fmt.Sprintf("No test file found for CIS Version %s\n", fileVersion))
 			}
 			return path, nil
 		}

-		// If we were given an explicit version to look for, don't look for any others
-		if specifiedVersion != "" {
-			return "", err
-		}
+		// // If we were given an explicit version to look for, don't look for any others
+		// if specifiedVersion != "" {
+		// 	return "", err
+		// }

 		fileVersion = decrementVersion(fileVersion)
 		if fileVersion == "" {
@ -342,3 +356,11 @@ func makeSubstitutions(s string, ext string, m map[string]string) string {

 	return s
 }
+
+func convertToCISVersion(kubeVersion string) (string, error) {
+	cisVersion, found := k8sToCISVersions[kubeVersion]
+	 if !found {
+		 return "", fmt.Errorf("Unable to find a CIS version for Kubernetes version: %s", kubeVersion)
+	 } 
+	 return cisVersion, nil
+}