1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-26 01:49:28 +00:00

Use new utility function for finding correct config files.

Improve order of message output
Remove unnecessary local variable
This commit is contained in:
Liz Rice 2018-06-29 12:20:29 +01:00
parent 344d2bfd24
commit 9d0141871a

View File

@ -17,6 +17,7 @@ package cmd
import ( import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"os"
"path/filepath" "path/filepath"
"github.com/aquasecurity/kube-bench/check" "github.com/aquasecurity/kube-bench/check"
@ -28,55 +29,50 @@ var (
errmsgs string errmsgs string
) )
func runChecks(t check.NodeType) { func runChecks(nodetype check.NodeType) {
var summary check.Summary var summary check.Summary
var nodetype string
var file string var file string
var err error var err error
var typeConf *viper.Viper var typeConf *viper.Viper
switch t { switch nodetype {
case check.MASTER: case check.MASTER:
file = masterFile file = masterFile
nodetype = "master"
case check.NODE: case check.NODE:
file = nodeFile file = nodeFile
nodetype = "node"
case check.FEDERATED: case check.FEDERATED:
file = federatedFile file = federatedFile
nodetype = "federated"
} }
var ver string path, err := getConfigFilePath(kubeVersion, getKubeVersion(), file)
if kubeVersion != "" { if err != nil {
ver = kubeVersion exitWithError(fmt.Errorf("can't find %s controls file in %s: %v", nodetype, cfgDir, err))
} else {
ver = getKubeVersion()
switch ver {
case "1.9", "1.10":
continueWithError(nil, fmt.Sprintf("No CIS spec for %s - using tests from CIS 1.2.0 spec for Kubernetes 1.8\n", ver))
ver = "1.8"
}
} }
path := filepath.Join(cfgDir, ver)
def := filepath.Join(path, file) def := filepath.Join(path, file)
in, err := ioutil.ReadFile(def) in, err := ioutil.ReadFile(def)
if err != nil { if err != nil {
exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err)) exitWithError(fmt.Errorf("error opening %s controls file: %v", nodetype, err))
} }
glog.V(1).Info(fmt.Sprintf("Using benchmark file: %s\n", def))
// Merge kubernetes version specific config if any. // Merge kubernetes version specific config if any.
viper.SetConfigFile(path + "/config.yaml") viper.SetConfigFile(path + "/config.yaml")
err = viper.MergeInConfig() err = viper.MergeInConfig()
if err != nil { if err != nil {
continueWithError(err, fmt.Sprintf("Reading %s specific configuration file", ver)) if os.IsNotExist(err) {
glog.V(2).Info(fmt.Sprintf("No version-specific config.yaml file in %s", path))
} else {
exitWithError(fmt.Errorf("couldn't read config file %s: %v", path+"/config.yaml", err))
}
} else {
glog.V(1).Info(fmt.Sprintf("Using config file: %s\n", viper.ConfigFileUsed()))
} }
typeConf = viper.Sub(nodetype)
// Get the set of exectuables and config files we care about on this type of node. This also // Get the set of exectuables and config files we care about on this type of node. This also
// checks that the executables we need for the node type are running. // checks that the executables we need for the node type are running.
typeConf = viper.Sub(string(nodetype))
binmap := getBinaries(typeConf) binmap := getBinaries(typeConf)
confmap := getConfigFiles(typeConf) confmap := getConfigFiles(typeConf)
@ -85,12 +81,9 @@ func runChecks(t check.NodeType) {
s = makeSubstitutions(s, "bin", binmap) s = makeSubstitutions(s, "bin", binmap)
s = makeSubstitutions(s, "conf", confmap) s = makeSubstitutions(s, "conf", confmap)
glog.V(1).Info(fmt.Sprintf("Using config file: %s\n", viper.ConfigFileUsed())) controls, err := check.NewControls(nodetype, []byte(s))
glog.V(1).Info(fmt.Sprintf("Using benchmark file: %s\n", def))
controls, err := check.NewControls(t, []byte(s))
if err != nil { if err != nil {
exitWithError(fmt.Errorf("error setting up %s controls: %v", t, err)) exitWithError(fmt.Errorf("error setting up %s controls: %v", nodetype, err))
} }
if groupList != "" && checkList == "" { if groupList != "" && checkList == "" {