diff --git a/cmd/common.go b/cmd/common.go index bc4b272..dddbd19 100644 --- a/cmd/common.go +++ b/cmd/common.go @@ -211,18 +211,93 @@ func loadConfig(nodetype check.NodeType) string { file = federatedFile } - runningVersion := "" - if kubeVersion == "" { - runningVersion, err = getKubeVersion() + // runningVersion := "" + // if kubeVersion == "" { + // runningVersion, err = getKubeVersion() + // if err != nil { + // exitWithError(fmt.Errorf("Version check failed: %s\nAlternatively, you can specify the version with --version", err)) + // } + // } + + /* + + if kubeVersion == "" && benchmarkVersion == "" { + kubeVersion, err = getKubeVersion() + if err != nil { + exitWithError(fmt.Errorf("Version check failed: %s\nAlternatively, you can specify the version with --version", err)) + } + } + + if kubeVersion != "" && benchmarkVersion != "" { + exitWithError("Can not specify both version and benchmarkVersion") + } + + var fileVersion string + + if benchmarkVersion != "" { + fileVersion = benchmarkVersion + } else { + cis-ver kube-bench config k8s-ver + 1.3.0 1.11 1.11-1.12 + 1.4.1 1.13 1.13- + + cis-ver kube-bench(--benchmark) k8s-ver + 1.3.0 cis-1.3.0 1.11-1.12 + 1.4.1 cis-1.4.1 1.13- + + k8sToCISVersions := map[string]string { + "1.11": "cis-1.3.0", + "1.12": "cis-1.3.0", + "1.13": "cis-1.4.1", + "1.14": "cis-1.4.1", + "1.15": "cis-1.4.1", + "1.16": "cis-1.4.1", + } + + fileVersion, err := convertKubernetesVersionToCISVersion(kubeVersion) + if err != nil { + exitWithError(err) + } + } + path, err := getConfigFilePath(fileVersion, file) + if err != nil { + exitWithError(fmt.Errorf("can't find %s controls file in %s: %v", nodetype, cfgDir, err)) + } + + */ + + if kubeVersion == "" && benchmarkVersion == "" { + kubeVersion, err = getKubeVersion() if err != nil { exitWithError(fmt.Errorf("Version check failed: %s\nAlternatively, you can specify the version with --version", err)) } } - path, err := getConfigFilePath(kubeVersion, runningVersion, file) + + if kubeVersion != "" && benchmarkVersion != "" { + exitWithError(fmt.Errorf("It is not valid to specify both --version and --benchmark")) + } + + var fileVersion string + + if benchmarkVersion != "" { + fileVersion = benchmarkVersion + } else { + fileVersion, err = convertToCISVersion(kubeVersion) + if err != nil { + exitWithError(fmt.Errorf("failed to convert kubernetes version to CIS version: %v", err)) + } + } + + path, err := getConfigFilePath(fileVersion, file) if err != nil { exitWithError(fmt.Errorf("can't find %s controls file in %s: %v", nodetype, cfgDir, err)) } + // path, err := getConfigFilePath(kubeVersion, runningVersion, file) + // if err != nil { + // exitWithError(fmt.Errorf("can't find %s controls file in %s: %v", nodetype, cfgDir, err)) + // } + // Merge kubernetes version specific config if any. viper.SetConfigFile(path + "/config.yaml") err = viper.MergeInConfig() diff --git a/cmd/root.go b/cmd/root.go index 2591e6a..1ff623e 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -36,6 +36,7 @@ var ( envVarsPrefix = "KUBE_BENCH" defaultKubeVersion = "1.6" kubeVersion string + benchmarkVersion string cfgFile string cfgDir string jsonFmt bool @@ -114,6 +115,7 @@ func init() { RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is ./cfg/config.yaml)") RootCmd.PersistentFlags().StringVarP(&cfgDir, "config-dir", "D", "./cfg/", "config directory") RootCmd.PersistentFlags().StringVar(&kubeVersion, "version", "", "Manually specify Kubernetes version, automatically detected if unset") + RootCmd.PersistentFlags().StringVar(&benchmarkVersion, "benchmark", "", "Manually specify Kubernetes version, automatically detected if unset") goflag.CommandLine.VisitAll(func(goflag *goflag.Flag) { RootCmd.PersistentFlags().AddGoFlag(goflag) diff --git a/cmd/util.go b/cmd/util.go index faa8e08..543ced8 100644 --- a/cmd/util.go +++ b/cmd/util.go @@ -27,16 +27,27 @@ var ( var psFunc func(string) string var statFunc func(string) (os.FileInfo, error) +var getBinariesFunc func(*viper.Viper) (map[string]string, error) var TypeMap = map[string][]string{ - "ca": []string{"cafile", "defaultcafile"}, + "ca": []string{"cafile", "defaultcafile"}, "kubeconfig": []string{"kubeconfig", "defaultkubeconfig"}, - "service": []string{"svc", "defaultsvc"}, - "config": []string{"confs", "defaultconf"}, + "service": []string{"svc", "defaultsvc"}, + "config": []string{"confs", "defaultconf"}, +} + +var k8sToCISVersions = map[string]string { + "1.11": "cis-1.3.0", + "1.12": "cis-1.3.0", + "1.13": "cis-1.4.1", + "1.14": "cis-1.4.1", + "1.15": "cis-1.4.1", + "1.16": "cis-1.4.1", } func init() { psFunc = ps statFunc = os.Stat + getBinariesFunc = getBinaries } func exitWithError(err error) { @@ -118,16 +129,16 @@ func getBinaries(v *viper.Viper) (map[string]string, error) { return binmap, nil } -// getConfigFilePath locates the config files we should be using based on either the specified -// version, or the running version of kubernetes if not specified -func getConfigFilePath(specifiedVersion string, runningVersion string, filename string) (path string, err error) { - var fileVersion string +// getConfigFilePath locates the config files we should be using based on +// the specified version +func getConfigFilePath(fileVersion string, filename string) (path string, err error) { + // var fileVersion string - if specifiedVersion != "" { - fileVersion = specifiedVersion - } else { - fileVersion = runningVersion - } + // if specifiedVersion != "" { + // fileVersion = specifiedVersion + // } else { + // fileVersion = runningVersion + // } glog.V(2).Info(fmt.Sprintf("Looking for config for version %s", fileVersion)) @@ -137,16 +148,19 @@ func getConfigFilePath(specifiedVersion string, runningVersion string, filename glog.V(2).Info(fmt.Sprintf("Looking for config file: %s\n", file)) if _, err = os.Stat(file); !os.IsNotExist(err) { - if specifiedVersion == "" && fileVersion != runningVersion { - glog.V(1).Info(fmt.Sprintf("No test file found for %s - using tests for Kubernetes %s\n", runningVersion, fileVersion)) + // if specifiedVersion == "" && fileVersion != runningVersion { + // glog.V(1).Info(fmt.Sprintf("No test file found for %s - using tests for Kubernetes %s\n", runningVersion, fileVersion)) + // } + if fileVersion == "" { + glog.V(1).Info(fmt.Sprintf("No test file found for CIS Version %s\n", fileVersion)) } return path, nil } - // If we were given an explicit version to look for, don't look for any others - if specifiedVersion != "" { - return "", err - } + // // If we were given an explicit version to look for, don't look for any others + // if specifiedVersion != "" { + // return "", err + // } fileVersion = decrementVersion(fileVersion) if fileVersion == "" { @@ -342,3 +356,11 @@ func makeSubstitutions(s string, ext string, m map[string]string) string { return s } + +func convertToCISVersion(kubeVersion string) (string, error) { + cisVersion, found := k8sToCISVersions[kubeVersion] + if !found { + return "", fmt.Errorf("Unable to find a CIS version for Kubernetes version: %s", kubeVersion) + } + return cisVersion, nil +} \ No newline at end of file