mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-22 08:08:07 +00:00
Use new utility function for finding correct config files.
Improve order of message output Remove unnecessary local variable
This commit is contained in:
parent
344d2bfd24
commit
9d0141871a
@ -17,6 +17,7 @@ package cmd
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/aquasecurity/kube-bench/check"
|
||||
@ -28,55 +29,50 @@ var (
|
||||
errmsgs string
|
||||
)
|
||||
|
||||
func runChecks(t check.NodeType) {
|
||||
func runChecks(nodetype check.NodeType) {
|
||||
var summary check.Summary
|
||||
var nodetype string
|
||||
var file string
|
||||
var err error
|
||||
var typeConf *viper.Viper
|
||||
|
||||
switch t {
|
||||
switch nodetype {
|
||||
case check.MASTER:
|
||||
file = masterFile
|
||||
nodetype = "master"
|
||||
case check.NODE:
|
||||
file = nodeFile
|
||||
nodetype = "node"
|
||||
case check.FEDERATED:
|
||||
file = federatedFile
|
||||
nodetype = "federated"
|
||||
}
|
||||
|
||||
var ver string
|
||||
if kubeVersion != "" {
|
||||
ver = kubeVersion
|
||||
} else {
|
||||
ver = getKubeVersion()
|
||||
switch ver {
|
||||
case "1.9", "1.10":
|
||||
continueWithError(nil, fmt.Sprintf("No CIS spec for %s - using tests from CIS 1.2.0 spec for Kubernetes 1.8\n", ver))
|
||||
ver = "1.8"
|
||||
}
|
||||
path, err := getConfigFilePath(kubeVersion, getKubeVersion(), file)
|
||||
if err != nil {
|
||||
exitWithError(fmt.Errorf("can't find %s controls file in %s: %v", nodetype, cfgDir, err))
|
||||
}
|
||||
|
||||
path := filepath.Join(cfgDir, ver)
|
||||
def := filepath.Join(path, file)
|
||||
|
||||
in, err := ioutil.ReadFile(def)
|
||||
if err != nil {
|
||||
exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err))
|
||||
exitWithError(fmt.Errorf("error opening %s controls file: %v", nodetype, err))
|
||||
}
|
||||
|
||||
glog.V(1).Info(fmt.Sprintf("Using benchmark file: %s\n", def))
|
||||
|
||||
// Merge kubernetes version specific config if any.
|
||||
viper.SetConfigFile(path + "/config.yaml")
|
||||
err = viper.MergeInConfig()
|
||||
if err != nil {
|
||||
continueWithError(err, fmt.Sprintf("Reading %s specific configuration file", ver))
|
||||
if os.IsNotExist(err) {
|
||||
glog.V(2).Info(fmt.Sprintf("No version-specific config.yaml file in %s", path))
|
||||
} else {
|
||||
exitWithError(fmt.Errorf("couldn't read config file %s: %v", path+"/config.yaml", err))
|
||||
}
|
||||
} else {
|
||||
glog.V(1).Info(fmt.Sprintf("Using config file: %s\n", viper.ConfigFileUsed()))
|
||||
}
|
||||
typeConf = viper.Sub(nodetype)
|
||||
|
||||
// Get the set of exectuables and config files we care about on this type of node. This also
|
||||
// checks that the executables we need for the node type are running.
|
||||
typeConf = viper.Sub(string(nodetype))
|
||||
binmap := getBinaries(typeConf)
|
||||
confmap := getConfigFiles(typeConf)
|
||||
|
||||
@ -85,12 +81,9 @@ func runChecks(t check.NodeType) {
|
||||
s = makeSubstitutions(s, "bin", binmap)
|
||||
s = makeSubstitutions(s, "conf", confmap)
|
||||
|
||||
glog.V(1).Info(fmt.Sprintf("Using config file: %s\n", viper.ConfigFileUsed()))
|
||||
glog.V(1).Info(fmt.Sprintf("Using benchmark file: %s\n", def))
|
||||
|
||||
controls, err := check.NewControls(t, []byte(s))
|
||||
controls, err := check.NewControls(nodetype, []byte(s))
|
||||
if err != nil {
|
||||
exitWithError(fmt.Errorf("error setting up %s controls: %v", t, err))
|
||||
exitWithError(fmt.Errorf("error setting up %s controls: %v", nodetype, err))
|
||||
}
|
||||
|
||||
if groupList != "" && checkList == "" {
|
||||
|
Loading…
Reference in New Issue
Block a user