mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-22 06:38:06 +00:00
starting benchmark flag
This commit is contained in:
parent
16beb3e616
commit
58fc948626
@ -211,18 +211,93 @@ func loadConfig(nodetype check.NodeType) string {
|
||||
file = federatedFile
|
||||
}
|
||||
|
||||
runningVersion := ""
|
||||
if kubeVersion == "" {
|
||||
runningVersion, err = getKubeVersion()
|
||||
// runningVersion := ""
|
||||
// if kubeVersion == "" {
|
||||
// runningVersion, err = getKubeVersion()
|
||||
// if err != nil {
|
||||
// exitWithError(fmt.Errorf("Version check failed: %s\nAlternatively, you can specify the version with --version", err))
|
||||
// }
|
||||
// }
|
||||
|
||||
/*
|
||||
|
||||
if kubeVersion == "" && benchmarkVersion == "" {
|
||||
kubeVersion, err = getKubeVersion()
|
||||
if err != nil {
|
||||
exitWithError(fmt.Errorf("Version check failed: %s\nAlternatively, you can specify the version with --version", err))
|
||||
}
|
||||
}
|
||||
|
||||
if kubeVersion != "" && benchmarkVersion != "" {
|
||||
exitWithError("Can not specify both version and benchmarkVersion")
|
||||
}
|
||||
|
||||
var fileVersion string
|
||||
|
||||
if benchmarkVersion != "" {
|
||||
fileVersion = benchmarkVersion
|
||||
} else {
|
||||
cis-ver kube-bench config k8s-ver
|
||||
1.3.0 1.11 1.11-1.12
|
||||
1.4.1 1.13 1.13-
|
||||
|
||||
cis-ver kube-bench(--benchmark) k8s-ver
|
||||
1.3.0 cis-1.3.0 1.11-1.12
|
||||
1.4.1 cis-1.4.1 1.13-
|
||||
|
||||
k8sToCISVersions := map[string]string {
|
||||
"1.11": "cis-1.3.0",
|
||||
"1.12": "cis-1.3.0",
|
||||
"1.13": "cis-1.4.1",
|
||||
"1.14": "cis-1.4.1",
|
||||
"1.15": "cis-1.4.1",
|
||||
"1.16": "cis-1.4.1",
|
||||
}
|
||||
|
||||
fileVersion, err := convertKubernetesVersionToCISVersion(kubeVersion)
|
||||
if err != nil {
|
||||
exitWithError(err)
|
||||
}
|
||||
}
|
||||
path, err := getConfigFilePath(fileVersion, file)
|
||||
if err != nil {
|
||||
exitWithError(fmt.Errorf("can't find %s controls file in %s: %v", nodetype, cfgDir, err))
|
||||
}
|
||||
|
||||
*/
|
||||
|
||||
if kubeVersion == "" && benchmarkVersion == "" {
|
||||
kubeVersion, err = getKubeVersion()
|
||||
if err != nil {
|
||||
exitWithError(fmt.Errorf("Version check failed: %s\nAlternatively, you can specify the version with --version", err))
|
||||
}
|
||||
}
|
||||
path, err := getConfigFilePath(kubeVersion, runningVersion, file)
|
||||
|
||||
if kubeVersion != "" && benchmarkVersion != "" {
|
||||
exitWithError(fmt.Errorf("It is not valid to specify both --version and --benchmark"))
|
||||
}
|
||||
|
||||
var fileVersion string
|
||||
|
||||
if benchmarkVersion != "" {
|
||||
fileVersion = benchmarkVersion
|
||||
} else {
|
||||
fileVersion, err = convertToCISVersion(kubeVersion)
|
||||
if err != nil {
|
||||
exitWithError(fmt.Errorf("failed to convert kubernetes version to CIS version: %v", err))
|
||||
}
|
||||
}
|
||||
|
||||
path, err := getConfigFilePath(fileVersion, file)
|
||||
if err != nil {
|
||||
exitWithError(fmt.Errorf("can't find %s controls file in %s: %v", nodetype, cfgDir, err))
|
||||
}
|
||||
|
||||
// path, err := getConfigFilePath(kubeVersion, runningVersion, file)
|
||||
// if err != nil {
|
||||
// exitWithError(fmt.Errorf("can't find %s controls file in %s: %v", nodetype, cfgDir, err))
|
||||
// }
|
||||
|
||||
// Merge kubernetes version specific config if any.
|
||||
viper.SetConfigFile(path + "/config.yaml")
|
||||
err = viper.MergeInConfig()
|
||||
|
@ -36,6 +36,7 @@ var (
|
||||
envVarsPrefix = "KUBE_BENCH"
|
||||
defaultKubeVersion = "1.6"
|
||||
kubeVersion string
|
||||
benchmarkVersion string
|
||||
cfgFile string
|
||||
cfgDir string
|
||||
jsonFmt bool
|
||||
@ -114,6 +115,7 @@ func init() {
|
||||
RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is ./cfg/config.yaml)")
|
||||
RootCmd.PersistentFlags().StringVarP(&cfgDir, "config-dir", "D", "./cfg/", "config directory")
|
||||
RootCmd.PersistentFlags().StringVar(&kubeVersion, "version", "", "Manually specify Kubernetes version, automatically detected if unset")
|
||||
RootCmd.PersistentFlags().StringVar(&benchmarkVersion, "benchmark", "", "Manually specify Kubernetes version, automatically detected if unset")
|
||||
|
||||
goflag.CommandLine.VisitAll(func(goflag *goflag.Flag) {
|
||||
RootCmd.PersistentFlags().AddGoFlag(goflag)
|
||||
|
58
cmd/util.go
58
cmd/util.go
@ -27,16 +27,27 @@ var (
|
||||
|
||||
var psFunc func(string) string
|
||||
var statFunc func(string) (os.FileInfo, error)
|
||||
var getBinariesFunc func(*viper.Viper) (map[string]string, error)
|
||||
var TypeMap = map[string][]string{
|
||||
"ca": []string{"cafile", "defaultcafile"},
|
||||
"ca": []string{"cafile", "defaultcafile"},
|
||||
"kubeconfig": []string{"kubeconfig", "defaultkubeconfig"},
|
||||
"service": []string{"svc", "defaultsvc"},
|
||||
"config": []string{"confs", "defaultconf"},
|
||||
"service": []string{"svc", "defaultsvc"},
|
||||
"config": []string{"confs", "defaultconf"},
|
||||
}
|
||||
|
||||
var k8sToCISVersions = map[string]string {
|
||||
"1.11": "cis-1.3.0",
|
||||
"1.12": "cis-1.3.0",
|
||||
"1.13": "cis-1.4.1",
|
||||
"1.14": "cis-1.4.1",
|
||||
"1.15": "cis-1.4.1",
|
||||
"1.16": "cis-1.4.1",
|
||||
}
|
||||
|
||||
func init() {
|
||||
psFunc = ps
|
||||
statFunc = os.Stat
|
||||
getBinariesFunc = getBinaries
|
||||
}
|
||||
|
||||
func exitWithError(err error) {
|
||||
@ -118,16 +129,16 @@ func getBinaries(v *viper.Viper) (map[string]string, error) {
|
||||
return binmap, nil
|
||||
}
|
||||
|
||||
// getConfigFilePath locates the config files we should be using based on either the specified
|
||||
// version, or the running version of kubernetes if not specified
|
||||
func getConfigFilePath(specifiedVersion string, runningVersion string, filename string) (path string, err error) {
|
||||
var fileVersion string
|
||||
// getConfigFilePath locates the config files we should be using based on
|
||||
// the specified version
|
||||
func getConfigFilePath(fileVersion string, filename string) (path string, err error) {
|
||||
// var fileVersion string
|
||||
|
||||
if specifiedVersion != "" {
|
||||
fileVersion = specifiedVersion
|
||||
} else {
|
||||
fileVersion = runningVersion
|
||||
}
|
||||
// if specifiedVersion != "" {
|
||||
// fileVersion = specifiedVersion
|
||||
// } else {
|
||||
// fileVersion = runningVersion
|
||||
// }
|
||||
|
||||
glog.V(2).Info(fmt.Sprintf("Looking for config for version %s", fileVersion))
|
||||
|
||||
@ -137,16 +148,19 @@ func getConfigFilePath(specifiedVersion string, runningVersion string, filename
|
||||
glog.V(2).Info(fmt.Sprintf("Looking for config file: %s\n", file))
|
||||
|
||||
if _, err = os.Stat(file); !os.IsNotExist(err) {
|
||||
if specifiedVersion == "" && fileVersion != runningVersion {
|
||||
glog.V(1).Info(fmt.Sprintf("No test file found for %s - using tests for Kubernetes %s\n", runningVersion, fileVersion))
|
||||
// if specifiedVersion == "" && fileVersion != runningVersion {
|
||||
// glog.V(1).Info(fmt.Sprintf("No test file found for %s - using tests for Kubernetes %s\n", runningVersion, fileVersion))
|
||||
// }
|
||||
if fileVersion == "" {
|
||||
glog.V(1).Info(fmt.Sprintf("No test file found for CIS Version %s\n", fileVersion))
|
||||
}
|
||||
return path, nil
|
||||
}
|
||||
|
||||
// If we were given an explicit version to look for, don't look for any others
|
||||
if specifiedVersion != "" {
|
||||
return "", err
|
||||
}
|
||||
// // If we were given an explicit version to look for, don't look for any others
|
||||
// if specifiedVersion != "" {
|
||||
// return "", err
|
||||
// }
|
||||
|
||||
fileVersion = decrementVersion(fileVersion)
|
||||
if fileVersion == "" {
|
||||
@ -342,3 +356,11 @@ func makeSubstitutions(s string, ext string, m map[string]string) string {
|
||||
|
||||
return s
|
||||
}
|
||||
|
||||
func convertToCISVersion(kubeVersion string) (string, error) {
|
||||
cisVersion, found := k8sToCISVersions[kubeVersion]
|
||||
if !found {
|
||||
return "", fmt.Errorf("Unable to find a CIS version for Kubernetes version: %s", kubeVersion)
|
||||
}
|
||||
return cisVersion, nil
|
||||
}
|
Loading…
Reference in New Issue
Block a user