aboutsummaryrefslogtreecommitdiffstats
path: root/test/security/k8s/src/check/cmd
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2019-05-29 20:17:44 +0200
committerPawel Wieczorek <p.wieczorek2@samsung.com>2019-07-08 12:29:52 +0200
commit28bd2f7044d0b120d202a9ef1a2ef8294f153bad (patch)
tree11be846e73ad2c2342274bd682c5187aa51bd5d9 /test/security/k8s/src/check/cmd
parentff3ebac2a21a4f9d8213ec255656d199cb6f4fe9 (diff)
k8s: Validate API server boolean flags
This patch verifies if CIS Kubernetes Benchmark v1.3.0 sections regarding master node configuration are satisfied (1.1.1 - 1.1.5, 1.1.8, 1.1.9, 1.1.20 and 1.1.23). Issue-ID: SECCOM-235 Change-Id: Ib964b5111b616a891c3963ef9695af660810e8ba Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'test/security/k8s/src/check/cmd')
-rw-r--r--test/security/k8s/src/check/cmd/check/check.go13
1 files changed, 12 insertions, 1 deletions
diff --git a/test/security/k8s/src/check/cmd/check/check.go b/test/security/k8s/src/check/cmd/check/check.go
index e48088a9e..fd4c2aff9 100644
--- a/test/security/k8s/src/check/cmd/check/check.go
+++ b/test/security/k8s/src/check/cmd/check/check.go
@@ -5,6 +5,7 @@ import (
"log"
"check/rancher"
+ "check/validators/master"
)
func main() {
@@ -13,5 +14,15 @@ func main() {
if err != nil {
log.Fatal(err)
}
- log.Printf("%s\n", k8sParams)
+
+ log.Printf("IsBasicAuthFileAbsent: %t\n", master.IsBasicAuthFileAbsent(k8sParams))
+ log.Printf("IsTokenAuthFileAbsent: %t\n", master.IsTokenAuthFileAbsent(k8sParams))
+ log.Printf("IsInsecureAllowAnyTokenAbsent: %t\n", master.IsInsecureAllowAnyTokenAbsent(k8sParams))
+
+ log.Printf("IsAnonymousAuthDisabled: %t\n", master.IsAnonymousAuthDisabled(k8sParams))
+ log.Printf("IsKubeletHTTPSConnected: %t\n", master.IsKubeletHTTPSConnected(k8sParams))
+ log.Printf("IsInsecurePortUnbound: %t\n", master.IsInsecurePortUnbound(k8sParams))
+ log.Printf("IsProfilingDisabled: %t\n", master.IsProfilingDisabled(k8sParams))
+ log.Printf("IsRepairMalformedUpdatesDisabled: %t\n", master.IsRepairMalformedUpdatesDisabled(k8sParams))
+ log.Printf("IsServiceAccountLookupEnabled: %t\n", master.IsServiceAccountLookupEnabled(k8sParams))
}