aboutsummaryrefslogtreecommitdiffstats
path: root/test/security/k8s/src/check/rancher/rancher.go
blob: d77f15445ef3690dcbf5a94139ad3412279276c7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
// Package rancher wraps Rancher commands necessary for K8s inspection.
package rancher

import (
	"bytes"
	"fmt"
	"os/exec"

	"check"
)

const (
	bin                      = "rancher"
	paramHost                = "--host"
	cmdHosts                 = "hosts"
	cmdHostsParams           = "--quiet"
	cmdDocker                = "docker"
	cmdDockerCmdPs           = "ps"
	cmdDockerCmdPsParams     = "--no-trunc"
	cmdDockerCmdPsFilter     = "--filter"
	cmdDockerCmdPsFilterArgs = "label=io.rancher.stack_service.name="
	cmdDockerCmdPsFormat     = "--format"
	cmdDockerCmdPsFormatArgs = "{{.Command}}"
)

// Rancher implements Informer interface.
type Rancher struct {
	check.Informer
}

// GetAPIParams returns parameters of running Kubernetes API server.
// It queries default environment set in configuration file.
func (r *Rancher) GetAPIParams() ([]string, error) {
	return getProcessParams(check.APIProcess, check.APIService)
}

func getProcessParams(process check.Command, service check.Service) ([]string, error) {
	hosts, err := listHosts()
	if err != nil {
		return []string{}, err
	}

	for _, host := range hosts {
		cmd, err := getPsCmdOutput(host, service)
		if err != nil {
			return []string{}, err
		}

		if len(cmd) > 0 {
			i := bytes.Index(cmd, []byte(process.String()))
			if i == -1 {
				return []string{}, fmt.Errorf("missing %s command", process)
			}
			return btos(cmd[i+len(process.String()):]), nil
		}
	}
	return []string{}, nil
}

// listHosts lists IDs of active hosts.
// It queries default environment set in configuration file.
func listHosts() ([]string, error) {
	cmd := exec.Command(bin, cmdHosts, cmdHostsParams)
	out, err := cmd.Output()
	if err != nil {
		return nil, err
	}
	return btos(out), nil
}

// getPsCmdOutput returns running Kubernetes service command with its parameters.
// It queries default environment set in configuration file.
func getPsCmdOutput(host string, service check.Service) ([]byte, error) {
	// Following is equivalent to:
	// $ rancher --host $HOST \
	//   docker ps --no-trunc \
	//   --filter "label=io.rancher.stack_service.name=$SERVICE" \
	//   --format "{{.Command}}"
	cmd := exec.Command(bin, paramHost, host,
		cmdDocker, cmdDockerCmdPs, cmdDockerCmdPsParams,
		cmdDockerCmdPsFilter, cmdDockerCmdPsFilterArgs+service.String(),
		cmdDockerCmdPsFormat, cmdDockerCmdPsFormatArgs)
	out, err := cmd.Output()
	if err != nil {
		return nil, err
	}
	return out, nil
}

// btos converts slice of bytes to slice of strings split by white space characters.
func btos(in []byte) []string {
	var out []string
	for _, b := range bytes.Fields(in) {
		out = append(out, string(b))
	}
	return out
}