From 5a61d615fe1c05487c26c32b2e8e4416f6cbb421 Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek <p.wieczorek2@samsung.com>
Date: Fri, 27 Sep 2019 18:26:13 +0200
Subject: k8s: Add controller manager information collection

Issue-ID: SECCOM-235
Change-Id: Ieceb6337f935e6a5a6b94248ccf072229116510a
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
---
 test/security/k8s/src/check/check.go           | 12 ++++++++++--
 test/security/k8s/src/check/cmd/check/check.go |  5 +++++
 test/security/k8s/src/check/rancher/rancher.go |  6 ++++++
 test/security/k8s/src/check/raw/raw.go         |  6 ++++++
 4 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/test/security/k8s/src/check/check.go b/test/security/k8s/src/check/check.go
index b9814829e..cf412c112 100644
--- a/test/security/k8s/src/check/check.go
+++ b/test/security/k8s/src/check/check.go
@@ -6,6 +6,8 @@ type Informer interface {
 	GetAPIParams() ([]string, error)
 	// GetSchedulerParams returns scheduler parameters.
 	GetSchedulerParams() ([]string, error)
+	// GetControllerManagerParams returns controller manager parameters.
+	GetControllerManagerParams() ([]string, error)
 }
 
 // Command represents commands run on cluster.
@@ -16,15 +18,18 @@ const (
 	APIProcess Command = iota
 	// SchedulerProcess represents scheduler command ("kube-scheduler").
 	SchedulerProcess
+	// ControllerManagerProcess represents controller manager command ("kube-controller-manager").
+	ControllerManagerProcess
 )
 
 func (c Command) String() string {
 	names := [...]string{
 		"kube-apiserver",
 		"kube-scheduler",
+		"kube-controller-manager",
 	}
 
-	if c < APIProcess || c > SchedulerProcess {
+	if c < APIProcess || c > ControllerManagerProcess {
 		return "exit"
 	}
 	return names[c]
@@ -38,15 +43,18 @@ const (
 	APIService Service = iota
 	// SchedulerService represents scheduler service ("kubernetes/scheduler").
 	SchedulerService
+	// ControllerManagerService represents controller manager service ("kubernetes/controller-manager").
+	ControllerManagerService
 )
 
 func (s Service) String() string {
 	names := [...]string{
 		"kubernetes/kubernetes",
 		"kubernetes/scheduler",
+		"kubernetes/controller-manager",
 	}
 
-	if s < APIService || s > SchedulerService {
+	if s < APIService || s > ControllerManagerService {
 		return ""
 	}
 	return names[s]
diff --git a/test/security/k8s/src/check/cmd/check/check.go b/test/security/k8s/src/check/cmd/check/check.go
index 2d25100f3..dd089b107 100644
--- a/test/security/k8s/src/check/cmd/check/check.go
+++ b/test/security/k8s/src/check/cmd/check/check.go
@@ -48,4 +48,9 @@ func main() {
 		log.Fatal(err)
 	}
 	master.CheckScheduler(schedulerParams)
+
+	_, err = info.GetControllerManagerParams()
+	if err != nil {
+		log.Fatal(err)
+	}
 }
diff --git a/test/security/k8s/src/check/rancher/rancher.go b/test/security/k8s/src/check/rancher/rancher.go
index 41f3c38e2..842fd3ff6 100644
--- a/test/security/k8s/src/check/rancher/rancher.go
+++ b/test/security/k8s/src/check/rancher/rancher.go
@@ -40,6 +40,12 @@ func (r *Rancher) GetSchedulerParams() ([]string, error) {
 	return getProcessParams(check.SchedulerProcess, check.SchedulerService)
 }
 
+// GetControllerManagerParams returns parameters of running Kubernetes scheduler.
+// It queries default environment set in configuration file.
+func (r *Rancher) GetControllerManagerParams() ([]string, error) {
+	return getProcessParams(check.ControllerManagerProcess, check.ControllerManagerService)
+}
+
 func getProcessParams(process check.Command, service check.Service) ([]string, error) {
 	hosts, err := listHosts()
 	if err != nil {
diff --git a/test/security/k8s/src/check/raw/raw.go b/test/security/k8s/src/check/raw/raw.go
index 3c5409aee..04a6fa554 100644
--- a/test/security/k8s/src/check/raw/raw.go
+++ b/test/security/k8s/src/check/raw/raw.go
@@ -40,6 +40,12 @@ func (r *Raw) GetSchedulerParams() ([]string, error) {
 	return getProcessParams(check.SchedulerProcess)
 }
 
+// GetControllerManagerParams returns parameters of running Kubernetes scheduler.
+// It queries only cluster nodes with "controlplane" role.
+func (r *Raw) GetControllerManagerParams() ([]string, error) {
+	return getProcessParams(check.ControllerManagerProcess)
+}
+
 func getProcessParams(process check.Command) ([]string, error) {
 	nodes, err := config.GetNodesInfo()
 	if err != nil {
-- 
cgit 1.2.3-korg