--- controls: id: 1 text: "Master Checks" type: "master" groups: - id: 1.1 text: "Kube-apiserver" checks: - id: 0 text: "flag is set" tests: test_items: - flag: "--allow-privileged" set: true - id: 1 text: "flag is not set" tests: test_item: - flag: "--basic-auth" set: false - id: 2 text: "flag value is set to some value" tests: test_items: - flag: "--insecure-port" compare: op: eq value: 0 set: true - id: 3 text: "flag value is greater than or equal some number" tests: test_items: - flag: "--audit-log-maxage" compare: op: gte value: 30 set: true - id: 4 text: "flag value is less than some number" tests: test_items: - flag: "--max-backlog" compare: op: lt value: 30 set: true - id: 5 text: "flag value does not have some value" tests: test_items: - flag: "--admission-control" compare: op: nothave value: AlwaysAdmit set: true - id: 6 text: "test AND binary operation" tests: bin_op: and test_items: - flag: "--kubelet-client-certificate" set: true - flag: "--kubelet-clientkey" set: true - id: 7 text: "test OR binary operation" tests: bin_op: or test_items: - flag: "--secure-port" compare: op: eq value: 0 set: true - flag: "--secure-port" set: false - id: 8 text: "test flag with arbitrary text" tests: test_items: - flag: "644" compare: op: eq value: "644" set: true