From 76dd9bfcc14f2a77dd9a8155e66434a304cd0c38 Mon Sep 17 00:00:00 2001 From: Pawel Wieczorek Date: Thu, 26 Sep 2019 16:43:01 +0200 Subject: k8s: Extract common interface to simplify development Common command and service name extraction is intended to limit execution to small set of allowed processes. This patch also drops unnecessary use of "Kubernetes" name because this whole subproject concerns its clusters. Issue-ID: SECCOM-235 Change-Id: I8babfeb4f24cf3baa4d236ca622c21170ab6205e Signed-off-by: Pawel Wieczorek --- test/security/k8s/src/check/rancher/rancher.go | 36 ++++++++++++++++---------- 1 file changed, 23 insertions(+), 13 deletions(-) (limited to 'test/security/k8s/src/check/rancher/rancher.go') diff --git a/test/security/k8s/src/check/rancher/rancher.go b/test/security/k8s/src/check/rancher/rancher.go index d60b73b65..d77f15445 100644 --- a/test/security/k8s/src/check/rancher/rancher.go +++ b/test/security/k8s/src/check/rancher/rancher.go @@ -3,8 +3,10 @@ package rancher import ( "bytes" - "errors" + "fmt" "os/exec" + + "check" ) const ( @@ -16,32 +18,40 @@ const ( cmdDockerCmdPs = "ps" cmdDockerCmdPsParams = "--no-trunc" cmdDockerCmdPsFilter = "--filter" - cmdDockerCmdPsFilterArgs = "label=io.rancher.stack_service.name=kubernetes/kubernetes" + cmdDockerCmdPsFilterArgs = "label=io.rancher.stack_service.name=" cmdDockerCmdPsFormat = "--format" cmdDockerCmdPsFormatArgs = "{{.Command}}" - k8sProcess = "kube-apiserver" ) -// GetK8sParams returns parameters of running Kubernetes API server. +// Rancher implements Informer interface. +type Rancher struct { + check.Informer +} + +// GetAPIParams returns parameters of running Kubernetes API server. // It queries default environment set in configuration file. -func GetK8sParams() ([]string, error) { +func (r *Rancher) GetAPIParams() ([]string, error) { + return getProcessParams(check.APIProcess, check.APIService) +} + +func getProcessParams(process check.Command, service check.Service) ([]string, error) { hosts, err := listHosts() if err != nil { return []string{}, err } for _, host := range hosts { - cmd, err := getK8sCmd(host) + cmd, err := getPsCmdOutput(host, service) if err != nil { return []string{}, err } if len(cmd) > 0 { - i := bytes.Index(cmd, []byte(k8sProcess)) + i := bytes.Index(cmd, []byte(process.String())) if i == -1 { - return []string{}, errors.New("missing " + k8sProcess + " command") + return []string{}, fmt.Errorf("missing %s command", process) } - return btos(cmd[i+len(k8sProcess):]), nil + return btos(cmd[i+len(process.String()):]), nil } } return []string{}, nil @@ -58,17 +68,17 @@ func listHosts() ([]string, error) { return btos(out), nil } -// getK8sCmd returns running Kubernetes API server command with its parameters. +// getPsCmdOutput returns running Kubernetes service command with its parameters. // It queries default environment set in configuration file. -func getK8sCmd(host string) ([]byte, error) { +func getPsCmdOutput(host string, service check.Service) ([]byte, error) { // Following is equivalent to: // $ rancher --host $HOST \ // docker ps --no-trunc \ - // --filter "label=io.rancher.stack_service.name=kubernetes/kubernetes" \ + // --filter "label=io.rancher.stack_service.name=$SERVICE" \ // --format "{{.Command}}" cmd := exec.Command(bin, paramHost, host, cmdDocker, cmdDockerCmdPs, cmdDockerCmdPsParams, - cmdDockerCmdPsFilter, cmdDockerCmdPsFilterArgs, + cmdDockerCmdPsFilter, cmdDockerCmdPsFilterArgs+service.String(), cmdDockerCmdPsFormat, cmdDockerCmdPsFormatArgs) out, err := cmd.Output() if err != nil { -- cgit 1.2.3-korg