mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2025-02-16 17:42:05 +00:00
Add version logging (#817)
* Add more logging issue #816 add more logging for better debug and information about version auto-detection and fix typo * Fix typo * Add more logging issue #816 add more logging for better debug and information about version auto-detection and fix typo * tidy logging output Co-authored-by: Liz Rice <liz@lizrice.com> * tidy logging output Co-authored-by: Liz Rice <liz@lizrice.com> * tidy logging output Co-authored-by: Liz Rice <liz@lizrice.com> * tidy logging output Co-authored-by: Liz Rice <liz@lizrice.com> * tidy logging output Co-authored-by: Liz Rice <liz@lizrice.com> * tidy logging output Co-authored-by: Liz Rice <liz@lizrice.com> * tidy logging output Co-authored-by: Liz Rice <liz@lizrice.com> * Remove extra logging Co-authored-by: Liz Rice <liz@lizrice.com>
This commit is contained in:
Yoav Rotem
GitHub
parent
b2d481812f
commit
e308bc1eba
@ -33,24 +33,28 @@ func (k *KubeVersion) BaseVersion() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func getKubeVersionFromRESTAPI() (*KubeVersion, error) {
|
func getKubeVersionFromRESTAPI() (*KubeVersion, error) {
|
||||||
|
glog.V(2).Info("Try to get version from Rest API")
|
||||||
k8sVersionURL := getKubernetesURL()
|
k8sVersionURL := getKubernetesURL()
|
||||||
serviceaccount := "/var/run/secrets/kubernetes.io/serviceaccount"
|
serviceaccount := "/var/run/secrets/kubernetes.io/serviceaccount"
|
||||||
cacertfile := fmt.Sprintf("%s/ca.crt", serviceaccount)
|
cacertfile := fmt.Sprintf("%s/ca.crt", serviceaccount)
|
||||||
tokenfile := fmt.Sprintf("%s/token", serviceaccount)
|
tokenfile := fmt.Sprintf("%s/token", serviceaccount)
|
||||||
|
|
||||||
tlsCert, err := loadCertficate(cacertfile)
|
tlsCert, err := loadCertificate(cacertfile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
glog.V(2).Infof("Failed loading certificate Error: %s", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
tb, err := ioutil.ReadFile(tokenfile)
|
tb, err := ioutil.ReadFile(tokenfile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
glog.V(2).Infof("Failed reading token file Error: %s", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
token := strings.TrimSpace(string(tb))
|
token := strings.TrimSpace(string(tb))
|
||||||
|
|
||||||
data, err := getWebDataWithRetry(k8sVersionURL, token, tlsCert)
|
data, err := getWebDataWithRetry(k8sVersionURL, token, tlsCert)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
glog.V(2).Infof("Failed to get data Error: %s", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -143,7 +147,7 @@ func getWebData(srvURL, token string, cacert *tls.Certificate) ([]byte, error) {
|
|||||||
return ioutil.ReadAll(resp.Body)
|
return ioutil.ReadAll(resp.Body)
|
||||||
}
|
}
|
||||||
|
|
||||||
func loadCertficate(certFile string) (*tls.Certificate, error) {
|
func loadCertificate(certFile string) (*tls.Certificate, error) {
|
||||||
cacert, err := ioutil.ReadFile(certFile)
|
cacert, err := ioutil.ReadFile(certFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|||||||
@ -11,8 +11,8 @@ import (
|
|||||||
"testing"
|
"testing"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestLoadCertficate(t *testing.T) {
|
func TestLoadCertificate(t *testing.T) {
|
||||||
tmp, err := ioutil.TempDir("", "TestFakeLoadCertficate")
|
tmp, err := ioutil.TempDir("", "TestFakeLoadCertificate")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("unable to create temp directory: %v", err)
|
t.Fatalf("unable to create temp directory: %v", err)
|
||||||
}
|
}
|
||||||
@ -58,7 +58,7 @@ FAjB57z2NcIgJuVpQnGRYtr/JcH2Qdsq8bLtXaojUIWOOqoTDRLYozdMOOQ=
|
|||||||
|
|
||||||
for id, c := range cases {
|
for id, c := range cases {
|
||||||
t.Run(strconv.Itoa(id), func(t *testing.T) {
|
t.Run(strconv.Itoa(id), func(t *testing.T) {
|
||||||
tlsCert, err := loadCertficate(c.file)
|
tlsCert, err := loadCertificate(c.file)
|
||||||
if !c.fail {
|
if !c.fail {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("unexpected error: %v", err)
|
t.Errorf("unexpected error: %v", err)
|
||||||
|
|||||||
@ -291,12 +291,15 @@ func getKubeVersion() (*KubeVersion, error) {
|
|||||||
_, err := exec.LookPath("kubectl")
|
_, err := exec.LookPath("kubectl")
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
glog.V(3).Infof("Error locating kubectl: %s", err)
|
||||||
_, err = exec.LookPath("kubelet")
|
_, err = exec.LookPath("kubelet")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
glog.V(3).Infof("Error locating kubelet: %s", err)
|
||||||
// Search for the kubelet binary all over the filesystem and run the first match to get the kubernetes version
|
// Search for the kubelet binary all over the filesystem and run the first match to get the kubernetes version
|
||||||
cmd := exec.Command("/bin/sh", "-c", "`find / -type f -executable -name kubelet 2>/dev/null | grep -m1 .` --version")
|
cmd := exec.Command("/bin/sh", "-c", "`find / -type f -executable -name kubelet 2>/dev/null | grep -m1 .` --version")
|
||||||
out, err := cmd.CombinedOutput()
|
out, err := cmd.CombinedOutput()
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
glog.V(3).Infof("Found kubelet and query kubernetes version is: %s", string(out))
|
||||||
return getVersionFromKubeletOutput(string(out)), nil
|
return getVersionFromKubeletOutput(string(out)), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -313,6 +316,7 @@ func getKubeVersionFromKubectl() *KubeVersion {
|
|||||||
cmd := exec.Command("kubectl", "version", "-o", "json")
|
cmd := exec.Command("kubectl", "version", "-o", "json")
|
||||||
out, err := cmd.CombinedOutput()
|
out, err := cmd.CombinedOutput()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
glog.V(2).Infof("Failed to query kubectl: %s", err)
|
||||||
glog.V(2).Info(err)
|
glog.V(2).Info(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -324,6 +328,7 @@ func getKubeVersionFromKubelet() *KubeVersion {
|
|||||||
out, err := cmd.CombinedOutput()
|
out, err := cmd.CombinedOutput()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
glog.V(2).Infof("Failed to query kubelet: %s", err)
|
||||||
glog.V(2).Info(err)
|
glog.V(2).Info(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -331,7 +336,7 @@ func getKubeVersionFromKubelet() *KubeVersion {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func getVersionFromKubectlOutput(s string) *KubeVersion {
|
func getVersionFromKubectlOutput(s string) *KubeVersion {
|
||||||
glog.V(2).Info(s)
|
glog.V(2).Infof("Kubectl output: %s", s)
|
||||||
type versionResult struct {
|
type versionResult struct {
|
||||||
ServerVersion VersionResponse
|
ServerVersion VersionResponse
|
||||||
}
|
}
|
||||||
@ -354,7 +359,7 @@ func getVersionFromKubectlOutput(s string) *KubeVersion {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func getVersionFromKubeletOutput(s string) *KubeVersion {
|
func getVersionFromKubeletOutput(s string) *KubeVersion {
|
||||||
glog.V(2).Info(s)
|
glog.V(2).Infof("Kubelet output: %s", s)
|
||||||
serverVersionRe := regexp.MustCompile(`Kubernetes v(\d+.\d+)`)
|
serverVersionRe := regexp.MustCompile(`Kubernetes v(\d+.\d+)`)
|
||||||
subs := serverVersionRe.FindStringSubmatch(s)
|
subs := serverVersionRe.FindStringSubmatch(s)
|
||||||
if len(subs) < 2 {
|
if len(subs) < 2 {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user