From c86d0ff81bd85cca1781fbfd9a634276165a9024 Mon Sep 17 00:00:00 2001 From: Philippe ALEXANDRE Date: Fri, 23 Mar 2018 09:27:48 +0100 Subject: [PATCH 1/3] Replace fmt.Sprintf by filepath.Join --- cmd/common.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/cmd/common.go b/cmd/common.go index 15cb237..3b316a2 100644 --- a/cmd/common.go +++ b/cmd/common.go @@ -17,7 +17,8 @@ package cmd import ( "fmt" "io/ioutil" - + "path/filepath" + "github.com/aquasecurity/kube-bench/check" "github.com/golang/glog" "github.com/spf13/viper" @@ -47,9 +48,12 @@ func runChecks(t check.NodeType) { } ver := getKubeVersion() - path := fmt.Sprintf("%s/%s", cfgDir, ver) - - def := fmt.Sprintf("%s/%s", path, file) + // path := fmt.Sprintf("%s/%s", cfgDir, ver) + path := filepath.Join(cfgDir, ver) + + // def := fmt.Sprintf("%s/%s", path, file) + def := filepath.Join(path, file) + in, err := ioutil.ReadFile(def) if err != nil { exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err)) From d6c16f7563c52cff41ceb2107d1ddd060225ef3f Mon Sep 17 00:00:00 2001 From: Philippe ALEXANDRE Date: Fri, 23 Mar 2018 09:29:17 +0100 Subject: [PATCH 2/3] Try to use kubelet when kubectl is unavailable --- cmd/util.go | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/cmd/util.go b/cmd/util.go index 4f0c658..7b8e9de 100644 --- a/cmd/util.go +++ b/cmd/util.go @@ -215,10 +215,19 @@ func multiWordReplace(s string, subname string, sub string) string { func getKubeVersion() string { // These executables might not be on the user's path. _, err := exec.LookPath("kubectl") + if err != nil { - exitWithError(fmt.Errorf("kubernetes version check failed: %v", err)) + _, err = exec.LookPath("kubelet") + if err != nil { + exitWithError(fmt.Errorf("Version check failed: need kubectl or kubelet binaries to get kubernetes version")) + } + return getKubeVersionFromKubelet() } + return getKubeVersionFromKubectl() +} + +func getKubeVersionFromKubectl() string { cmd := exec.Command("kubectl", "version", "--short") out, err := cmd.CombinedOutput() if err != nil { @@ -228,6 +237,17 @@ func getKubeVersion() string { return getVersionFromKubectlOutput(string(out)) } +func getKubeVersionFromKubelet() string { + cmd := exec.Command("kubelet", "--version") + out, err := cmd.CombinedOutput() + + if err != nil { + continueWithError(fmt.Errorf("%s", out), "") + } + + return getVersionFromKubeletOutput(string(out)) +} + func getVersionFromKubectlOutput(s string) string { serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`) subs := serverVersionRe.FindStringSubmatch(s) @@ -238,6 +258,16 @@ func getVersionFromKubectlOutput(s string) string { return subs[1] } +func getVersionFromKubeletOutput(s string) string { + serverVersionRe := regexp.MustCompile(`Kubernetes v(\d+.\d+)`) + subs := serverVersionRe.FindStringSubmatch(s) + if len(subs) < 2 { + printlnWarn(fmt.Sprintf("Unable to get kubelet version, using default version: %s", defaultKubeVersion)) + return defaultKubeVersion + } + return subs[1] +} + func makeSubstitutions(s string, ext string, m map[string]string) string { for k, v := range m { subst := "$" + k + ext From f091c8adeaba696b7c14658331b78cda77a97b57 Mon Sep 17 00:00:00 2001 From: Philippe ALEXANDRE Date: Tue, 27 Mar 2018 15:33:01 +0200 Subject: [PATCH 3/3] Remove the old lines of fmt.Sprintf in cmd/common.go --- cmd/common.go | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/cmd/common.go b/cmd/common.go index 3b316a2..cce49b3 100644 --- a/cmd/common.go +++ b/cmd/common.go @@ -18,7 +18,7 @@ import ( "fmt" "io/ioutil" "path/filepath" - + "github.com/aquasecurity/kube-bench/check" "github.com/golang/glog" "github.com/spf13/viper" @@ -48,12 +48,10 @@ func runChecks(t check.NodeType) { } ver := getKubeVersion() - // path := fmt.Sprintf("%s/%s", cfgDir, ver) path := filepath.Join(cfgDir, ver) - - // def := fmt.Sprintf("%s/%s", path, file) + def := filepath.Join(path, file) - + in, err := ioutil.ReadFile(def) if err != nil { exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err))