arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-05-06 08:59:42 +00:00
Code Issues Releases Wiki Activity

Get Kubernetes Version: Adds Retry Logic (#593)

Browse Source 
* Closes #551

* Closes #551

* Update cmd/kubernetes_version.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Closes #551

Co-authored-by: Liz Rice <liz@lizrice.com>
This commit is contained in:
Roberto Rojas 2020-03-05 10:34:44 -05:00 committed by GitHub
parent 06303f6a7a
commit b403b364fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 68 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
cmd/kubernetes_version.go
View File

@ -9,6 +9,7 @@ import (
"net/http" "net/http"
"os" "os"
"strings" "strings"
"time"
"github.com/golang/glog" "github.com/golang/glog"
) )
@ -30,7 +31,7 @@ func getKubeVersionFromRESTAPI() (string, error) {
} }
token := strings.TrimSpace(string(tb)) token := strings.TrimSpace(string(tb))
data, err := getWebData(k8sVersionURL, token, tlsCert) data, err := getWebDataWithRetry(k8sVersionURL, token, tlsCert)
if err != nil { if err != nil {
return "", err return "", err
} }
@ -42,6 +43,24 @@ func getKubeVersionFromRESTAPI() (string, error) {
return k8sVersion, nil return k8sVersion, nil
} }
// The idea of this function is so if Kubernetes DNS is not completely seetup and the
// Container where kube-bench is running needs time for DNS configure.
// Basically try 10 times, waiting 1 second until either it is successful or it fails.
func getWebDataWithRetry(k8sVersionURL, token string, cacert *tls.Certificate) (data []byte, err error) {
tries := 0
// We retry a few times in case the DNS service has not had time to come up
for tries < 10 {
data, err = getWebData(k8sVersionURL, token, cacert)
if err == nil {
return
}
tries++
time.Sleep(1 * time.Second)
}
return
}
func extractVersion(data []byte) (string, error) { func extractVersion(data []byte) (string, error) {
type versionResponse struct { type versionResponse struct {
Major string Major string

48
cmd/kubernetes_version_test.go
View File

@ -126,7 +126,55 @@ func TestGetWebData(t *testing.T) {
} }
} }
func TestGetWebDataWithRetry(t *testing.T) {
okfn := func(w http.ResponseWriter, r *http.Request) {
_, _ = fmt.Fprintln(w, `{
"major": "1",
"minor": "15"}`)
}
errfn := func(w http.ResponseWriter, r *http.Request) {
http.Error(w, http.StatusText(http.StatusInternalServerError),
http.StatusInternalServerError)
}
token := "dummyToken"
var tlsCert tls.Certificate
cases := []struct {
fn http.HandlerFunc
fail bool
}{
{
fn: okfn,
fail: false,
},
{
fn: errfn,
fail: true,
},
}
for id, c := range cases {
t.Run(strconv.Itoa(id), func(t *testing.T) {
ts := httptest.NewServer(c.fn)
defer ts.Close()
data, err := getWebDataWithRetry(ts.URL, token, &tlsCert)
if !c.fail {
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if len(data) == 0 {
t.Errorf("missing data")
}
} else {
if err == nil {
t.Errorf("Expected error")
}
}
})
}
}
func TestExtractVersion(t *testing.T) { func TestExtractVersion(t *testing.T) {
okJSON := []byte(`{ okJSON := []byte(`{
"major": "1", "major": "1",