From 9d0141871ae05500a9d9b8a405541511a60341ee Mon Sep 17 00:00:00 2001 From: Liz Rice Date: Fri, 29 Jun 2018 12:20:29 +0100 Subject: [PATCH] Use new utility function for finding correct config files. Improve order of message output Remove unnecessary local variable --- cmd/common.go | 45 +++++++++++++++++++-------------------------- 1 file changed, 19 insertions(+), 26 deletions(-) diff --git a/cmd/common.go b/cmd/common.go index 1536d7c..69233c9 100644 --- a/cmd/common.go +++ b/cmd/common.go @@ -17,6 +17,7 @@ package cmd import ( "fmt" "io/ioutil" + "os" "path/filepath" "github.com/aquasecurity/kube-bench/check" @@ -28,55 +29,50 @@ var ( errmsgs string ) -func runChecks(t check.NodeType) { +func runChecks(nodetype check.NodeType) { var summary check.Summary - var nodetype string var file string var err error var typeConf *viper.Viper - switch t { + switch nodetype { case check.MASTER: file = masterFile - nodetype = "master" case check.NODE: file = nodeFile - nodetype = "node" case check.FEDERATED: file = federatedFile - nodetype = "federated" } - var ver string - if kubeVersion != "" { - ver = kubeVersion - } else { - ver = getKubeVersion() - switch ver { - case "1.9", "1.10": - continueWithError(nil, fmt.Sprintf("No CIS spec for %s - using tests from CIS 1.2.0 spec for Kubernetes 1.8\n", ver)) - ver = "1.8" - } + path, err := getConfigFilePath(kubeVersion, getKubeVersion(), file) + if err != nil { + exitWithError(fmt.Errorf("can't find %s controls file in %s: %v", nodetype, cfgDir, err)) } - path := filepath.Join(cfgDir, ver) def := filepath.Join(path, file) - in, err := ioutil.ReadFile(def) if err != nil { - exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err)) + exitWithError(fmt.Errorf("error opening %s controls file: %v", nodetype, err)) } + glog.V(1).Info(fmt.Sprintf("Using benchmark file: %s\n", def)) + // Merge kubernetes version specific config if any. viper.SetConfigFile(path + "/config.yaml") err = viper.MergeInConfig() if err != nil { - continueWithError(err, fmt.Sprintf("Reading %s specific configuration file", ver)) + if os.IsNotExist(err) { + glog.V(2).Info(fmt.Sprintf("No version-specific config.yaml file in %s", path)) + } else { + exitWithError(fmt.Errorf("couldn't read config file %s: %v", path+"/config.yaml", err)) + } + } else { + glog.V(1).Info(fmt.Sprintf("Using config file: %s\n", viper.ConfigFileUsed())) } - typeConf = viper.Sub(nodetype) // Get the set of exectuables and config files we care about on this type of node. This also // checks that the executables we need for the node type are running. + typeConf = viper.Sub(string(nodetype)) binmap := getBinaries(typeConf) confmap := getConfigFiles(typeConf) @@ -85,12 +81,9 @@ func runChecks(t check.NodeType) { s = makeSubstitutions(s, "bin", binmap) s = makeSubstitutions(s, "conf", confmap) - glog.V(1).Info(fmt.Sprintf("Using config file: %s\n", viper.ConfigFileUsed())) - glog.V(1).Info(fmt.Sprintf("Using benchmark file: %s\n", def)) - - controls, err := check.NewControls(t, []byte(s)) + controls, err := check.NewControls(nodetype, []byte(s)) if err != nil { - exitWithError(fmt.Errorf("error setting up %s controls: %v", t, err)) + exitWithError(fmt.Errorf("error setting up %s controls: %v", nodetype, err)) } if groupList != "" && checkList == "" {