1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-01-05 13:20:55 +00:00

Autodetect the binaries and config files from a set of options

This commit is contained in:
Liz Rice 2017-08-30 18:37:01 +01:00
parent e4e41683c4
commit 6a5a62b278
3 changed files with 57 additions and 46 deletions

View File

@ -52,30 +52,25 @@ var (
func runChecks(t check.NodeType) { func runChecks(t check.NodeType) {
var summary check.Summary var summary check.Summary
var file string var file string
var err error
var typeConf *viper.Viper
// Master variables switch t {
apiserverBin = viper.GetString("installation." + installation + ".master.bin.apiserver") case check.MASTER:
apiserverConf = viper.GetString("installation." + installation + ".master.conf.apiserver") file = masterFile
schedulerBin = viper.GetString("installation." + installation + ".master.bin.scheduler") typeConf = viper.Sub("master")
schedulerConf = viper.GetString("installation." + installation + ".master.conf.scheduler") case check.NODE:
controllerManagerBin = viper.GetString("installation." + installation + ".master.bin.controller-manager") file = nodeFile
controllerManagerConf = viper.GetString("installation." + installation + ".master.conf.controller-manager") typeConf = viper.Sub("node")
config = viper.GetString("installation." + installation + ".config") case check.FEDERATED:
file = federatedFile
typeConf = viper.Sub("federated")
}
etcdBin = viper.GetString("etcd.bin") // Get the set of exectuables we care about on this type of node
etcdConf = viper.GetString("etcd.conf") binmap := getBinaries(typeConf.Sub("bins"), false)
flanneldBin = viper.GetString("flanneld.bin") extrasmap := getBinaries(viper.Sub("optional"), true)
flanneldConf = viper.GetString("flanneld.conf") confmap := getConfigFiles(typeConf.Sub("confs"))
// Node variables
kubeletBin = viper.GetString("installation." + installation + ".node.bin.kubelet")
kubeletConf = viper.GetString("installation." + installation + ".node.conf.kubelet")
proxyBin = viper.GetString("installation." + installation + ".node.bin.proxy")
proxyConf = viper.GetString("installation." + installation + ".node.conf.proxy")
// Federated
fedApiserverBin = viper.GetString("installation." + installation + ".federated.bin.apiserver")
fedControllerManagerBin = viper.GetString("installation." + installation + ".federated.bin.controller-manager")
// Run kubernetes installation validation checks. // Run kubernetes installation validation checks.
verifyKubeVersion(kubeMajorVersion, kubeMinorVersion) verifyKubeVersion(kubeMajorVersion, kubeMinorVersion)
@ -96,26 +91,10 @@ func runChecks(t check.NodeType) {
} }
// Variable substitutions. Replace all occurrences of variables in controls files. // Variable substitutions. Replace all occurrences of variables in controls files.
s := multiWordReplace(string(in), "$apiserverbin", apiserverBin) s := string(in)
s = multiWordReplace(s, "$apiserverconf", apiserverConf) s = makeSubstitutions(s, "bin", binmap)
s = multiWordReplace(s, "$schedulerbin", schedulerBin) s = makeSubstitutions(s, "bin", extrasmap)
s = multiWordReplace(s, "$schedulerconf", schedulerConf) s = makeSubstitutions(s, "conf", confmap)
s = multiWordReplace(s, "$controllermanagerbin", controllerManagerBin)
s = multiWordReplace(s, "$controllermanagerconf", controllerManagerConf)
s = multiWordReplace(s, "$config", config)
s = multiWordReplace(s, "$etcdbin", etcdBin)
s = multiWordReplace(s, "$etcdconf", etcdConf)
s = multiWordReplace(s, "$flanneldbin", flanneldBin)
s = multiWordReplace(s, "$flanneldconf", flanneldConf)
s = multiWordReplace(s, "$kubeletbin", kubeletBin)
s = multiWordReplace(s, "$kubeletconf", kubeletConf)
s = multiWordReplace(s, "$proxybin", proxyBin)
s = multiWordReplace(s, "$proxyconf", proxyConf)
s = multiWordReplace(s, "$fedapiserverbin", fedApiserverBin)
s = multiWordReplace(s, "$fedcontrollermanagerbin", fedControllerManagerBin)
controls, err := check.NewControls(t, []byte(s)) controls, err := check.NewControls(t, []byte(s))
if err != nil { if err != nil {

View File

@ -52,7 +52,7 @@ func exitWithError(err error) {
func continueWithError(err error, msg string) string { func continueWithError(err error, msg string) string {
if err != nil { if err != nil {
glog.V(1).Info(err) glog.V(2).Info(err)
} }
if msg != "" { if msg != "" {
@ -85,12 +85,12 @@ func ps(proc string) string {
} }
// getBinaries finds which of the set of candidate executables are running // getBinaries finds which of the set of candidate executables are running
func getBinaries(v *viper.Viper) map[string]string { func getBinaries(v *viper.Viper, optional bool) map[string]string {
binmap := make(map[string]string) binmap := make(map[string]string)
for _, exeType := range v.AllKeys() { for _, exeType := range v.AllKeys() {
bin, err := findExecutable(v.GetStringSlice(exeType)) bin, err := findExecutable(v.GetStringSlice(exeType))
if err != nil { if err != nil && !optional {
exitWithError(fmt.Errorf("looking for %s executable but none of the candidates are running", exeType)) exitWithError(fmt.Errorf("looking for %s executable but none of the candidates are running", exeType))
} }
@ -162,6 +162,8 @@ func findExecutable(candidates []string) (string, error) {
for _, c := range candidates { for _, c := range candidates {
if verifyBin(c) { if verifyBin(c) {
return c, nil return c, nil
} else {
glog.V(1).Info(fmt.Sprintf("executable '%s' not running", c))
} }
} }
@ -237,3 +239,13 @@ func multiWordReplace(s string, subname string, sub string) string {
return strings.Replace(s, subname, sub, -1) return strings.Replace(s, subname, sub, -1)
} }
func makeSubstitutions(s string, ext string, m map[string]string) string {
for k, v := range m {
subst := "$" + k + ext
glog.V(1).Info(fmt.Sprintf("Substituting %s with '%s'\n", subst, v))
s = multiWordReplace(s, subst, v)
}
return s
}

View File

@ -185,7 +185,7 @@ func TestGetBinaries(t *testing.T) {
for k, val := range c.config { for k, val := range c.config {
v.Set(k, val) v.Set(k, val)
} }
m := getBinaries(v) m := getBinaries(v, false)
if !reflect.DeepEqual(m, c.exp) { if !reflect.DeepEqual(m, c.exp) {
t.Fatalf("Got %v\nExpected %v", m, c.exp) t.Fatalf("Got %v\nExpected %v", m, c.exp)
} }
@ -275,3 +275,23 @@ func TestGetConfigFiles(t *testing.T) {
}) })
} }
} }
func TestMakeSubsitutions(t *testing.T) {
cases := []struct {
input string
subst map[string]string
exp string
}{
{input: "Replace $thisbin", subst: map[string]string{"this": "that"}, exp: "Replace that"},
{input: "Replace $thisbin", subst: map[string]string{"this": "that", "here": "there"}, exp: "Replace that"},
{input: "Replace $thisbin and $herebin", subst: map[string]string{"this": "that", "here": "there"}, exp: "Replace that and there"},
}
for _, c := range cases {
t.Run(c.input, func(t *testing.T) {
s := makeSubstitutions(c.input, "bin", c.subst)
if s != c.exp {
t.Fatalf("Got %s expected %s", s, c.exp)
}
})
}
}