diff options
author | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2019-09-27 19:00:46 +0200 |
---|---|---|
committer | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2019-09-27 19:51:05 +0200 |
commit | bd12bfbc6fbe4ecfc2152467ea6785c9e5163763 (patch) | |
tree | b109d44444a139cd49a57c41416e445fe24079cd /test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go | |
parent | 5a61d615fe1c05487c26c32b2e8e4416f6cbb421 (diff) |
k8s: Validate controller manager address flag
This patch verifies if CIS Kubernetes Benchmark v1.3.0 section
regarding master node configuration is satisfied (1.3.7).
Issue-ID: SECCOM-235
Change-Id: Id3f4bcb9a506dae3c7c0a884ad6c704dfae2a6d8
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go')
-rw-r--r-- | test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go b/test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go new file mode 100644 index 000000000..85ab28564 --- /dev/null +++ b/test/security/k8s/src/check/validators/master/controllermanager/controllermanager.go @@ -0,0 +1,12 @@ +package controllermanager + +import ( + "check/validators/master/args" + "check/validators/master/boolean" +) + +// IsInsecureBindAddressAbsentOrLoopback validates there is no insecure bind address or it is loopback address. +func IsInsecureBindAddressAbsentOrLoopback(params []string) bool { + return boolean.IsFlagAbsent("--address=", params) || + args.HasSingleFlagArgument("--address=", "127.0.0.1", params) +} |