k8s: Validate controller manager address flag

This patch verifies if CIS Kubernetes Benchmark v1.3.0 section regarding master node configuration is satisfied (1.3.7). Issue-ID: SECCOM-235 Change-Id: Id3f4bcb9a506dae3c7c0a884ad6c704dfae2a6d8 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
author: Pawel Wieczorek <p.wieczorek2@samsung.com> 2019-09-27 19:00:46 +0200
committer: Pawel Wieczorek <p.wieczorek2@samsung.com> 2019-09-27 19:51:05 +0200
commit: bd12bfbc6fbe4ecfc2152467ea6785c9e5163763 (patch)
tree: b109d44444a139cd49a57c41416e445fe24079cd /test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go
parent: 5a61d615fe1c05487c26c32b2e8e4416f6cbb421 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go b/test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go
new file mode 100644
index 000000000..85ab28564
--- /dev/null
+++ b/test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go
@@ -0,0 +1,12 @@
+package controllermanager
+
+import (
+	"check/validators/master/args"
+	"check/validators/master/boolean"
+)
+
+// IsInsecureBindAddressAbsentOrLoopback validates there is no insecure bind address or it is loopback address.
+func IsInsecureBindAddressAbsentOrLoopback(params []string) bool {
+	return boolean.IsFlagAbsent("--address=", params) ||
+		args.HasSingleFlagArgument("--address=", "127.0.0.1", params)
+}
author	Pawel Wieczorek <p.wieczorek2@samsung.com>	2019-09-27 19:00:46 +0200
committer	Pawel Wieczorek <p.wieczorek2@samsung.com>	2019-09-27 19:51:05 +0200
commit	bd12bfbc6fbe4ecfc2152467ea6785c9e5163763 (patch)
tree	b109d44444a139cd49a57c41416e445fe24079cd /test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go
parent	5a61d615fe1c05487c26c32b2e8e4416f6cbb421 (diff)