* Fix Junit missing testsuites
Fix issue https://github.com/aquasecurity/kube-bench/issues/883 but also bug with overriding output when --outputfile is effective and only write the last controls
* test new integration
* Update build.yml
* add wait for job to be ready
* Update build.yml
* Update build.yml
* Update build.yml
* test
* Update job.yaml
* Add wait
* test for logs
* Update job.yaml
* Create Expected_output.data
* Update build.yml
* Update build.yml
* remove empty line
* Add new line at the end
* add ---
* Delete docker.go
* Delete integration.go
* Delete integration_test.go
* Delete integration/testdata/cis-1.20 directory
* Delete integration/testdata/cis-1.6 directory
* Update integration testing
* Remove integration tests
Removed integration testing to github action
* Update build.yml
* Add files via upload
* Add new cis support v1.20!
* Fix issue with 1.1.9 and 1.1.10 tests
Tests in some cases stat empty path which will return error.
* Add tests for kubernetes 1.20 and retire 1.15 tests
kubernetes 1.15 is not supported anymore and we shouldn't keep testing it.
* Kubernetes 1.15 is not supported anymore
* Tests for kubernetes 1.20
* Fix yamllint errors
Removed trailing spaces (trailing-spaces)
* Add tests for v1.20
* Remove extra spaces
* Change cis test functions names
* Test 1.2.24 should be manual
* Test 1.2.26 should be manual
* Test 1.2.26 should be manual
* Change test 1.2.26
* Change test 1.2.26
* Change test 1.2.26
* Change test 1.2.26
* Change test 1.2.26
* Add more logging
The old logging could was lacking and in some cases misleading
* Add Logging
Add more logs and change some old messages, the important part is make each test log more readable by adding ------ test id ------ section in logs
* Fix typos
* more info
add more info in comment about the function and it use cases
Co-authored-by: Liz Rice <liz@lizrice.com>
* Use switch case
Change the logic from if to switch and tidy up the code
* Add example IAM policy
* Pass RotateKubeletServerCertificate related checks if it's not found (#767)
* Allow for environment variables to be checked in tests (#755)
* Initial commit for checking environment variables for etcd
* Revert config changes
* Remove redundant struct data
* Fix issues with failing tests
* Initial changes based on code review
* Add option to disable envTesting + Update docs
* Initial tests
* Finished testing
* Fix broken tests
* Add a total summary and always show all tests. (#759)
Whether the total summary is shown can be specified with an option.
Fixes#528
Signed-off-by: Christian Zunker <christian.zunker@codecentric.cloud>
* Update Readme.md file with link to Contribution guide (#754)
* Update License with the year and the owner name
Please add this to make your license agreement strong
* Updated Readme.md file with license and proper documentation links
I have added a proper license agreement to the documentation. Also shortened the links to the issues so that it does not break in any on the forks.
* Update LICENSE
* Update README.md
* Update README.md
* Remove erroneous license info
Co-authored-by: Liz Rice <liz@lizrice.com>
* Support auto-detect platform when running on EKS or GKE (#683)
* Support auto-detect platform when running on EKS or GKE
* Change to get platform name from `kubectl version`
* fix regexp and add test
* Update Server Version match for EKS
* try to get version info from api sever at first
* Refactor group skip
changed group 'skip' from being a bool to be 'type' string as done in check
* Change skip: true -> type: skip
Co-authored-by: Huang Huang <mozillazg101@gmail.com>
Co-authored-by: Wicked <jason_attwood@hotmail.co.uk>
Co-authored-by: Christian Zunker <827818+czunker@users.noreply.github.com>
Co-authored-by: Kaiwalya Koparkar <kaiwalyakoparkar@gmail.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
* Changes for 1.5
* Update cis-1.3 through 1.6 to also work with configmaps.
* Switch on if proxykubeconfig is set, instead of setting a variable in the script.
* permissons -> proxykubeconfig for 2.2.5/4.1.3 to keep these tests locked with 2.2.6/4.1.4
* Updating test output? Maybe?
* Copy integration test output files into docker image?
* Make entrypoint move integration folder to host, print 1.5 node info.
* Change the order of tests in travis to load files before testing.
* Return tests to place
Those tests comes first since there is more likely to fail with them and then the test will fail "faster" which will save time
* Remove copy integration
When running in a container we don't need to test, only when build and running in Travis to make sure everything is working fine.
* Add $ mark before proxykubeconfig
If not having $ before the parameter then it won't get substituted
* Add $ mark before proxykubeconfig
If not having $ before the parameter then it won't get substituted
* Remove test relate lines
We don't test while running, only integration testing when building and unit testing
* Add spaces
* Change 4.1.3 4.1.4
Those tests now should pass.
* Change tests 4.1.3 and 4.1.4
Those tests now should PASS
* Update job.data with more accurate counts. Thanks to @yoavrotems for getting the project this far!
* Thanks for linting, yamllint!
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
* read-only-port defaults are correct
* Tests that should catch good read-only-port
* Rework checks & tests
* Linting on issue template YAML
* More explicit test for 4.2.4
* Add tests for 1.1.19、1.1.20 and 1.1.21 of cis-1.5
* Avoid division by 0
* Use bitmask instead of lte
* Change to use multiple values via `use_multiple_values: true`
* Use find in 1.1.20 and 1.1.21
* Remove unnecessary whitespaces
* Fix a typo
* Add integration tests for cis 1.3 and cis 1.5
* Change the timeout of integration tests from 600s to 1200s
* Avoid repeated codes
* Update check.go
Added new warn_reason value which gives a brief explanation about why the not scored tests failed
* Update common.go
Changed when a not scored test fails because it has a wrong syntax audit command or just running something that can't be run the print the failure. but if the test just fails because it doesn't line up with the cis hardening recommendations then print the remediation text.
* Update check/check.go
fix typo
Co-Authored-By: Liz Rice <liz@lizrice.com>
* Update check.go
* Update common.go
* Update check.go
added back os.Exit(1) to exitWithError
* Update job-master.data
Change some tests output to fit warn reason. (No change to the summary)
* Update job-node.data
Changed some tests output to fit warn reason. (No change to the summary)
* Update job.data
Change some tests output to fit warn reason. (No change to the summary)
* Update common.go
Keep to old way to print manual test output
Co-authored-by: Liz Rice <liz@lizrice.com>
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
* add yamllint command to travis CI
installs and runs a linter across the YAML in the
project to ensure consistency in the written YAML.
this uses yamllint and the default yamllint config with
"truthy" and "line-length" disabled.
* run dos2unix on CRLF files
* YAMLLINT: remove trailing spaces
* YAMLLint: add YAML document start
* YAMLLint: too many spaces around bracket
* YAMLLint: fix indentation
* YAMLLint: remove duplicate key
* YAMLLint: newline at end of file
* YAMLLint: Too few spaces after comma
* YAMLLint: too many spaces after colon
* Add kubeconfig location of kube-proxy for AKS
* Add job for AKS node
* Automate ca file permission check
* removed job-aks.yaml as other PRs added needed features
* fixed integration test due to merge changes
* Fixes issue #439: Adds integration testing using KIND
* try integration tests
* started using ticker and timeouts
* trying built container image
* adds load image into KIND
* adds comparison
* fixes as per PR review
