arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 16:18:07 +00:00
Code Issues Releases Wiki Activity

Exit kube-bench if we can't get valid kubernetes server version and

Browse Source 
improve error messages.
This commit is contained in:
Abubakr-Sadik Nii Nai Davis 2017-11-03 12:59:35 +00:00
parent 85fb818e41
commit f90dd925b8
3 changed files with 16 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/common.go
View File

@ -62,7 +62,7 @@ func runChecks(t check.NodeType) {
} }
ver := getKubeVersion() ver := getKubeVersion()
path := fmt.Sprintf("%s/%s/%s", cfgDir, ver.Server, file) path := fmt.Sprintf("%s/%s/%s", cfgDir, ver, file)
in, err := ioutil.ReadFile(path) in, err := ioutil.ReadFile(path)
if err != nil { if err != nil {
exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err)) exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err))

34
cmd/util.go
View File

@ -213,37 +213,27 @@ func multiWordReplace(s string, subname string, sub string) string {
return strings.Replace(s, subname, sub, -1) return strings.Replace(s, subname, sub, -1)
} }
type version struct { func getKubeVersion() string {
Server string failmsg := "kubernetes version check failed"
Client string
}
func getKubeVersion() *version {
ver := new(version)
// These executables might not be on the user's path. // These executables might not be on the user's path.
_, err := exec.LookPath("kubectl") _, err := exec.LookPath("kubectl")
if err != nil { if err != nil {
s := fmt.Sprintf("Kubernetes version check skipped with error %v", err) exitWithError(fmt.Errorf("%s: %s", failmsg, err))
continueWithError(err, sprintlnWarn(s))
return nil
} }
cmd := exec.Command("kubectl", "version") cmd := exec.Command("kubectl", "version", "--short")
out, err := cmd.Output() out, err := cmd.CombinedOutput()
if err != nil { if err != nil {
s := fmt.Sprintf("Kubernetes version check skipped, with error getting kubectl version") exitWithError(fmt.Errorf("%s, %s", failmsg, out))
continueWithError(err, sprintlnWarn(s))
return nil
} }
clientVerRe := regexp.MustCompile(`Client.*Major:"(\d+)".*Minor:"(\d+)"`) validVersionPttn := `\d.\d`
svrVerRe := regexp.MustCompile(`Server.*Major:"(\d+)".*Minor:"(\d+)"`) serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`)
ver := serverVersionRe.FindStringSubmatch(string(out))[1]
sub := clientVerRe.FindStringSubmatch(string(out)) if matched, _ := regexp.MatchString(validVersionPttn, ver); !matched {
ver.Client = sub[1] + "." + sub[2] exitWithError(fmt.Errorf("%s: invalid server version ", failmsg, ver))
}
sub = svrVerRe.FindStringSubmatch(string(out))
ver.Server = sub[1] + "." + sub[2]
return ver return ver
} }

13
cmd/util_test.go
View File

@ -184,18 +184,11 @@ func TestMultiWordReplace(t *testing.T) {
func TestGetKubeVersion(t *testing.T) { func TestGetKubeVersion(t *testing.T) {
ver := getKubeVersion() ver := getKubeVersion()
if ver == nil {
t.Log("Expected non nil version info.")
} else {
if ok, err := regexp.MatchString(`\d+.\d+`, ver.Client); !ok && err != nil {
t.Logf("Expected:%v got %v\n", "n.m", ver.Client)
}
if ok, err := regexp.MatchString(`\d+.\d+`, ver.Server); !ok && err != nil {
t.Logf("Expected:%v got %v\n", "n.m", ver.Server)
}
if ok, err := regexp.MatchString(`\d+.\d+`, ver); !ok && err != nil {
t.Logf("Expected:%v got %v\n", "n.m", ver)
} }
} }
func TestFindConfigFile(t *testing.T) { func TestFindConfigFile(t *testing.T) {