Merge pull request #69 from aquasecurity/fix-kubeversion-fail

Exit kube-bench if we can't get valid kubernetes server version
2025-03-11 13:06:08 +00:00 · 2017-11-21 13:25:11 +00:00 · 2017-11-21 13:25:11 +00:00 · 778c662055
commit 778c662055
parent 4907843b7b 97485419e2
4 changed files with 39 additions and 48 deletions
--- a/cmd/common.go
+++ b/cmd/common.go
@ -62,7 +62,9 @@ func runChecks(t check.NodeType) {
 	}
 	ver := getKubeVersion()
-	path := fmt.Sprintf("%s/%s/%s", cfgDir, ver.Server, file)
+	glog.V(1).Info(fmt.Sprintf("Running tests for Kubernetes version: %s", ver))
 	path := fmt.Sprintf("%s/%s/%s", cfgDir, ver, file)
 	in, err := ioutil.ReadFile(path)
 	if err != nil {
 		exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err))
--- a/cmd/root.go
+++ b/cmd/root.go
@ -27,6 +27,7 @@ import (
 var (
 	envVarsPrefix      = "KUBE_BENCH"
 	cfgDir             = "./cfg"
 	defaultKubeVersion = "1.6"
 	cfgFile            string
 	jsonFmt            bool
 	pgSql              bool
--- a/cmd/util.go
+++ b/cmd/util.go
@ -213,39 +213,30 @@ func multiWordReplace(s string, subname string, sub string) string {
 	return strings.Replace(s, subname, sub, -1)
 }
-type version struct {
+func getKubeVersion() string {
 	Server string
 	Client string
 }
 func getKubeVersion() *version {
 	ver := new(version)
 	// These executables might not be on the user's path.
 	_, err := exec.LookPath("kubectl")
 	if err != nil {
-		s := fmt.Sprintf("Kubernetes version check skipped with error %v", err)
+		exitWithError(fmt.Errorf("kubernetes version check failed: %v", err))
 		continueWithError(err, sprintlnWarn(s))
 		return nil
 	}
-	cmd := exec.Command("kubectl", "version")
+	cmd := exec.Command("kubectl", "version", "--short")
-	out, err := cmd.Output()
+	out, err := cmd.CombinedOutput()
 	if err != nil {
-		s := fmt.Sprintf("Kubernetes version check skipped, with error getting kubectl version")
+		continueWithError(fmt.Errorf("%s", out), "")
 		continueWithError(err, sprintlnWarn(s))
 		return nil
 	}
-	clientVerRe := regexp.MustCompile(`Client.*Major:"(\d+)".*Minor:"(\d+)"`)
+	return getVersionFromKubectlOutput(string(out))
-	svrVerRe := regexp.MustCompile(`Server.*Major:"(\d+)".*Minor:"(\d+)"`)
+}
-	sub := clientVerRe.FindStringSubmatch(string(out))
+func getVersionFromKubectlOutput(s string) string {
-	ver.Client = sub[1] + "." + sub[2]
+	serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`)
-
+	subs := serverVersionRe.FindStringSubmatch(s)
-	sub = svrVerRe.FindStringSubmatch(string(out))
+	if len(subs) < 2 {
-	ver.Server = sub[1] + "." + sub[2]
+		printlnWarn(fmt.Sprintf("Unable to get kubectl version, using default version: %s", defaultKubeVersion))
-
+		return defaultKubeVersion
-	return ver
+	}
 	return subs[1]
 }
 func makeSubstitutions(s string, ext string, m map[string]string) string {
--- a/cmd/util_test.go
+++ b/cmd/util_test.go
@ -17,7 +17,6 @@ package cmd
 import (
 	"os"
 	"reflect"
 	"regexp"
 	"strconv"
 	"testing"
@ -182,19 +181,17 @@ func TestMultiWordReplace(t *testing.T) {
 	}
 }
-func TestGetKubeVersion(t *testing.T) {
+func TestKubeVersionRegex(t *testing.T) {
-	ver := getKubeVersion()
+	ver := getVersionFromKubectlOutput(`Client Version: v1.8.0
-	if ver == nil {
+		Server Version: v1.8.12
-		t.Log("Expected non nil version info.")
+		`)
-	} else {
+	if ver != "1.8" {
-		if ok, err := regexp.MatchString(`\d+.\d+`, ver.Client); !ok && err != nil {
+		t.Fatalf("Expected 1.8 got %s", ver)
 			t.Logf("Expected:%v got %v\n", "n.m", ver.Client)
 		}
 		if ok, err := regexp.MatchString(`\d+.\d+`, ver.Server); !ok && err != nil {
 			t.Logf("Expected:%v got %v\n", "n.m", ver.Server)
 	}
 	ver = getVersionFromKubectlOutput("Something completely different")
 	if ver != "1.6" {
 		t.Fatalf("Expected 1.6 got %s", ver)
 	}
 }