Use new utility function for finding correct config files.

Improve order of message output Remove unnecessary local variable
2024-11-22 16:18:07 +00:00 · 2018-06-29 12:20:29 +01:00 · 2018-06-29 12:20:29 +01:00 · 9d0141871a
commit 9d0141871a
parent 344d2bfd24
1 changed files with 19 additions and 26 deletions
--- a/cmd/common.go
+++ b/cmd/common.go
@ -17,6 +17,7 @@ package cmd
 import (
 	"fmt"
 	"io/ioutil"
+	"os"
 	"path/filepath"

 	"github.com/aquasecurity/kube-bench/check"
@ -28,55 +29,50 @@ var (
 	errmsgs string
 )

-func runChecks(t check.NodeType) {
+func runChecks(nodetype check.NodeType) {
 	var summary check.Summary
-	var nodetype string
 	var file string
 	var err error
 	var typeConf *viper.Viper

-	switch t {
+	switch nodetype {
 	case check.MASTER:
 		file = masterFile
-		nodetype = "master"
 	case check.NODE:
 		file = nodeFile
-		nodetype = "node"
 	case check.FEDERATED:
 		file = federatedFile
-		nodetype = "federated"
 	}

-	var ver string
-	if kubeVersion != "" {
-		ver = kubeVersion
-	} else {
-		ver = getKubeVersion()
-		switch ver {
-		case "1.9", "1.10":
-			continueWithError(nil, fmt.Sprintf("No CIS spec for %s - using tests from CIS 1.2.0 spec for Kubernetes 1.8\n", ver))
-			ver = "1.8"
-		}
+	path, err := getConfigFilePath(kubeVersion, getKubeVersion(), file)
+	if err != nil {
+		exitWithError(fmt.Errorf("can't find %s controls file in %s: %v", nodetype, cfgDir, err))
 	}

-	path := filepath.Join(cfgDir, ver)
 	def := filepath.Join(path, file)
-
 	in, err := ioutil.ReadFile(def)
 	if err != nil {
-		exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err))
+		exitWithError(fmt.Errorf("error opening %s controls file: %v", nodetype, err))
 	}

+	glog.V(1).Info(fmt.Sprintf("Using benchmark file: %s\n", def))
+
 	// Merge kubernetes version specific config if any.
 	viper.SetConfigFile(path + "/config.yaml")
 	err = viper.MergeInConfig()
 	if err != nil {
-		continueWithError(err, fmt.Sprintf("Reading %s specific configuration file", ver))
+		if os.IsNotExist(err) {
+			glog.V(2).Info(fmt.Sprintf("No version-specific config.yaml file in %s", path))
+		} else {
+			exitWithError(fmt.Errorf("couldn't read config file %s: %v", path+"/config.yaml", err))
+		}
+	} else {
+		glog.V(1).Info(fmt.Sprintf("Using config file: %s\n", viper.ConfigFileUsed()))
 	}
-	typeConf = viper.Sub(nodetype)

 	// Get the set of exectuables and config files we care about on this type of node. This also
 	// checks that the executables we need for the node type are running.
+	typeConf = viper.Sub(string(nodetype))
 	binmap := getBinaries(typeConf)
 	confmap := getConfigFiles(typeConf)

@ -85,12 +81,9 @@ func runChecks(t check.NodeType) {
 	s = makeSubstitutions(s, "bin", binmap)
 	s = makeSubstitutions(s, "conf", confmap)

-	glog.V(1).Info(fmt.Sprintf("Using config file: %s\n", viper.ConfigFileUsed()))
-	glog.V(1).Info(fmt.Sprintf("Using benchmark file: %s\n", def))
-
-	controls, err := check.NewControls(t, []byte(s))
+	controls, err := check.NewControls(nodetype, []byte(s))
 	if err != nil {
-		exitWithError(fmt.Errorf("error setting up %s controls: %v", t, err))
+		exitWithError(fmt.Errorf("error setting up %s controls: %v", nodetype, err))
 	}

 	if groupList != "" && checkList == "" {