From f90dd925b8ef80f5ef6b4df009fa728e7aff1098 Mon Sep 17 00:00:00 2001 From: Abubakr-Sadik Nii Nai Davis Date: Fri, 3 Nov 2017 12:59:35 +0000 Subject: [PATCH 1/6] Exit kube-bench if we can't get valid kubernetes server version and improve error messages. --- cmd/common.go | 2 +- cmd/util.go | 34 ++++++++++++---------------------- cmd/util_test.go | 13 +++---------- 3 files changed, 16 insertions(+), 33 deletions(-) diff --git a/cmd/common.go b/cmd/common.go index 3e01f2a..2bcf30e 100644 --- a/cmd/common.go +++ b/cmd/common.go @@ -62,7 +62,7 @@ func runChecks(t check.NodeType) { } ver := getKubeVersion() - path := fmt.Sprintf("%s/%s/%s", cfgDir, ver.Server, file) + path := fmt.Sprintf("%s/%s/%s", cfgDir, ver, file) in, err := ioutil.ReadFile(path) if err != nil { exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err)) diff --git a/cmd/util.go b/cmd/util.go index dfd8b23..97b5544 100644 --- a/cmd/util.go +++ b/cmd/util.go @@ -213,37 +213,27 @@ func multiWordReplace(s string, subname string, sub string) string { return strings.Replace(s, subname, sub, -1) } -type version struct { - Server string - Client string -} - -func getKubeVersion() *version { - ver := new(version) +func getKubeVersion() string { + failmsg := "kubernetes version check failed" // These executables might not be on the user's path. _, err := exec.LookPath("kubectl") if err != nil { - s := fmt.Sprintf("Kubernetes version check skipped with error %v", err) - continueWithError(err, sprintlnWarn(s)) - return nil + exitWithError(fmt.Errorf("%s: %s", failmsg, err)) } - cmd := exec.Command("kubectl", "version") - out, err := cmd.Output() + cmd := exec.Command("kubectl", "version", "--short") + out, err := cmd.CombinedOutput() if err != nil { - s := fmt.Sprintf("Kubernetes version check skipped, with error getting kubectl version") - continueWithError(err, sprintlnWarn(s)) - return nil + exitWithError(fmt.Errorf("%s, %s", failmsg, out)) } - clientVerRe := regexp.MustCompile(`Client.*Major:"(\d+)".*Minor:"(\d+)"`) - svrVerRe := regexp.MustCompile(`Server.*Major:"(\d+)".*Minor:"(\d+)"`) + validVersionPttn := `\d.\d` + serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`) + ver := serverVersionRe.FindStringSubmatch(string(out))[1] - sub := clientVerRe.FindStringSubmatch(string(out)) - ver.Client = sub[1] + "." + sub[2] - - sub = svrVerRe.FindStringSubmatch(string(out)) - ver.Server = sub[1] + "." + sub[2] + if matched, _ := regexp.MatchString(validVersionPttn, ver); !matched { + exitWithError(fmt.Errorf("%s: invalid server version ", failmsg, ver)) + } return ver } diff --git a/cmd/util_test.go b/cmd/util_test.go index 50044cf..646a75e 100644 --- a/cmd/util_test.go +++ b/cmd/util_test.go @@ -184,18 +184,11 @@ func TestMultiWordReplace(t *testing.T) { func TestGetKubeVersion(t *testing.T) { ver := getKubeVersion() - if ver == nil { - t.Log("Expected non nil version info.") - } else { - if ok, err := regexp.MatchString(`\d+.\d+`, ver.Client); !ok && err != nil { - t.Logf("Expected:%v got %v\n", "n.m", ver.Client) - } - - if ok, err := regexp.MatchString(`\d+.\d+`, ver.Server); !ok && err != nil { - t.Logf("Expected:%v got %v\n", "n.m", ver.Server) - } + if ok, err := regexp.MatchString(`\d+.\d+`, ver); !ok && err != nil { + t.Logf("Expected:%v got %v\n", "n.m", ver) } + } func TestFindConfigFile(t *testing.T) { From 42a1068964e29d21abb1fbbf08e0df805494429a Mon Sep 17 00:00:00 2001 From: Abubakr-Sadik Nii Nai Davis Date: Mon, 13 Nov 2017 15:25:34 +0000 Subject: [PATCH 2/6] Add default version if version check fails. --- cmd/root.go | 21 +++++++++++---------- cmd/util.go | 22 ++++++++++++++++------ 2 files changed, 27 insertions(+), 16 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index 08be2b3..3c80f5d 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -25,16 +25,17 @@ import ( ) var ( - envVarsPrefix = "KUBE_BENCH" - cfgDir = "./cfg" - cfgFile string - jsonFmt bool - pgSql bool - checkList string - groupList string - masterFile string - nodeFile string - federatedFile string + envVarsPrefix = "KUBE_BENCH" + cfgDir = "./cfg" + defaultKubeVersion = "1.6" + cfgFile string + jsonFmt bool + pgSql bool + checkList string + groupList string + masterFile string + nodeFile string + federatedFile string ) // RootCmd represents the base command when called without any subcommands diff --git a/cmd/util.go b/cmd/util.go index 97b5544..6addcfc 100644 --- a/cmd/util.go +++ b/cmd/util.go @@ -214,25 +214,35 @@ func multiWordReplace(s string, subname string, sub string) string { } func getKubeVersion() string { + var ver string + var matched bool + failmsg := "kubernetes version check failed" // These executables might not be on the user's path. _, err := exec.LookPath("kubectl") if err != nil { - exitWithError(fmt.Errorf("%s: %s", failmsg, err)) + continueWithError(err, failmsg) } cmd := exec.Command("kubectl", "version", "--short") out, err := cmd.CombinedOutput() if err != nil { - exitWithError(fmt.Errorf("%s, %s", failmsg, out)) + continueWithError(fmt.Errorf("%s", out), "") } - validVersionPttn := `\d.\d` serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`) - ver := serverVersionRe.FindStringSubmatch(string(out))[1] + subs := serverVersionRe.FindStringSubmatch(string(out)) + if len(subs) > 2 { + ver = string(subs[1]) + validVersionPttn := `\d.\d` + if matched, _ = regexp.MatchString(validVersionPttn, ver); !matched { + continueWithError(fmt.Errorf("%s: invalid server version ", ver), failmsg) + } + } - if matched, _ := regexp.MatchString(validVersionPttn, ver); !matched { - exitWithError(fmt.Errorf("%s: invalid server version ", failmsg, ver)) + if ver == "" || !matched { + printlnWarn(fmt.Sprintf("Unable to get kubectl version, using default version: %s", defaultKubeVersion)) + ver = defaultKubeVersion } return ver From c60c459bc49f183a5f76cf315f7fe69c3b502e66 Mon Sep 17 00:00:00 2001 From: Abubakr-Sadik Nii Nai Davis Date: Tue, 14 Nov 2017 22:27:55 +0000 Subject: [PATCH 3/6] Fix bug causing kubectl version to always return default version. --- cmd/util.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/util.go b/cmd/util.go index 6addcfc..113c4c5 100644 --- a/cmd/util.go +++ b/cmd/util.go @@ -232,7 +232,7 @@ func getKubeVersion() string { serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`) subs := serverVersionRe.FindStringSubmatch(string(out)) - if len(subs) > 2 { + if len(subs) == 2 { ver = string(subs[1]) validVersionPttn := `\d.\d` if matched, _ = regexp.MatchString(validVersionPttn, ver); !matched { From c93c94b3f6beed09ca497431eb3aea190abff600 Mon Sep 17 00:00:00 2001 From: Abubakr-Sadik Nii Nai Davis Date: Tue, 21 Nov 2017 12:20:02 +0000 Subject: [PATCH 4/6] Fix version check regexp. --- cmd/util.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/util.go b/cmd/util.go index 113c4c5..aa2baa0 100644 --- a/cmd/util.go +++ b/cmd/util.go @@ -234,7 +234,7 @@ func getKubeVersion() string { subs := serverVersionRe.FindStringSubmatch(string(out)) if len(subs) == 2 { ver = string(subs[1]) - validVersionPttn := `\d.\d` + validVersionPttn := `\d.\d.\d` if matched, _ = regexp.MatchString(validVersionPttn, ver); !matched { continueWithError(fmt.Errorf("%s: invalid server version ", ver), failmsg) } From 730871f33048422abeda7cb73c8cb7b3815aff71 Mon Sep 17 00:00:00 2001 From: Liz Rice Date: Tue, 21 Nov 2017 13:19:09 +0000 Subject: [PATCH 5/6] Fix kubeVersion regex tests --- cmd/common.go | 2 ++ cmd/util.go | 27 +++++++++------------------ cmd/util_test.go | 14 ++++++++++++++ 3 files changed, 25 insertions(+), 18 deletions(-) diff --git a/cmd/common.go b/cmd/common.go index 2bcf30e..c552f86 100644 --- a/cmd/common.go +++ b/cmd/common.go @@ -62,6 +62,8 @@ func runChecks(t check.NodeType) { } ver := getKubeVersion() + glog.V(1).Info(fmt.Sprintf("Running tests for Kubernetes version: %s", ver)) + path := fmt.Sprintf("%s/%s/%s", cfgDir, ver, file) in, err := ioutil.ReadFile(path) if err != nil { diff --git a/cmd/util.go b/cmd/util.go index aa2baa0..f2c6b29 100644 --- a/cmd/util.go +++ b/cmd/util.go @@ -214,14 +214,10 @@ func multiWordReplace(s string, subname string, sub string) string { } func getKubeVersion() string { - var ver string - var matched bool - - failmsg := "kubernetes version check failed" // These executables might not be on the user's path. _, err := exec.LookPath("kubectl") if err != nil { - continueWithError(err, failmsg) + exitWithError(fmt.Errorf("kubernetes version check failed: %v", err)) } cmd := exec.Command("kubectl", "version", "--short") @@ -230,22 +226,17 @@ func getKubeVersion() string { continueWithError(fmt.Errorf("%s", out), "") } - serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`) - subs := serverVersionRe.FindStringSubmatch(string(out)) - if len(subs) == 2 { - ver = string(subs[1]) - validVersionPttn := `\d.\d.\d` - if matched, _ = regexp.MatchString(validVersionPttn, ver); !matched { - continueWithError(fmt.Errorf("%s: invalid server version ", ver), failmsg) - } - } + return getVersionFromKubectlOutput(string(out)) +} - if ver == "" || !matched { +func getVersionFromKubectlOutput(s string) string { + serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`) + subs := serverVersionRe.FindStringSubmatch(s) + if len(subs) < 2 { printlnWarn(fmt.Sprintf("Unable to get kubectl version, using default version: %s", defaultKubeVersion)) - ver = defaultKubeVersion + return defaultKubeVersion } - - return ver + return subs[1] } func makeSubstitutions(s string, ext string, m map[string]string) string { diff --git a/cmd/util_test.go b/cmd/util_test.go index 646a75e..7bf6a20 100644 --- a/cmd/util_test.go +++ b/cmd/util_test.go @@ -191,6 +191,20 @@ func TestGetKubeVersion(t *testing.T) { } +func TestKubeVersionRegex(t *testing.T) { + ver := getVersionFromKubectlOutput(`Client Version: v1.8.0 + Server Version: v1.8.12 + `) + if ver != "1.8" { + t.Fatalf("Expected 1.8 got %s", ver) + } + + ver = getVersionFromKubectlOutput("Something completely different") + if ver != "1.6" { + t.Fatalf("Expected 1.6 got %s", ver) + } +} + func TestFindConfigFile(t *testing.T) { cases := []struct { input []string From 97485419e2880205a18e6932ce6d34f6b13b692e Mon Sep 17 00:00:00 2001 From: Liz Rice Date: Tue, 21 Nov 2017 13:21:47 +0000 Subject: [PATCH 6/6] Can't run kubectl on Travis so I don't know how this test ever worked --- cmd/util_test.go | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/cmd/util_test.go b/cmd/util_test.go index 7bf6a20..1ef5be8 100644 --- a/cmd/util_test.go +++ b/cmd/util_test.go @@ -17,7 +17,6 @@ package cmd import ( "os" "reflect" - "regexp" "strconv" "testing" @@ -182,15 +181,6 @@ func TestMultiWordReplace(t *testing.T) { } } -func TestGetKubeVersion(t *testing.T) { - ver := getKubeVersion() - - if ok, err := regexp.MatchString(`\d+.\d+`, ver); !ok && err != nil { - t.Logf("Expected:%v got %v\n", "n.m", ver) - } - -} - func TestKubeVersionRegex(t *testing.T) { ver := getVersionFromKubectlOutput(`Client Version: v1.8.0 Server Version: v1.8.12