cmd

package
v0.6.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 9, 2021 License: Apache-2.0 Imports: 28 Imported by: 5

Documentation

Index

Constants

View Source
const REGION = "AWS_REGION"

REGION ...

Variables

View Source
var KubeBenchVersion string
View Source
var RootCmd = &cobra.Command{
	Use:   os.Args[0],
	Short: "Run CIS Benchmarks checks against a Kubernetes deployment",
	Long:  `This tool runs the CIS Kubernetes Benchmark (https://www.cisecurity.org/benchmark/kubernetes/)`,
	Run: func(cmd *cobra.Command, args []string) {
		bv, err := getBenchmarkVersion(kubeVersion, benchmarkVersion, getPlatformName(), viper.GetViper())
		if err != nil {
			exitWithError(fmt.Errorf("unable to determine benchmark version: %v", err))
		}
		glog.V(1).Infof("Running checks for benchmark %v", bv)

		if isMaster() {
			glog.V(1).Info("== Running master checks ==")
			runChecks(check.MASTER, loadConfig(check.MASTER, bv), detecetedKubeVersion)

			valid, err := validTargets(bv, []string{string(check.CONTROLPLANE)}, viper.GetViper())
			if err != nil {
				exitWithError(fmt.Errorf("error validating targets: %v", err))
			}
			if valid {
				glog.V(1).Info("== Running control plane checks ==")
				runChecks(check.CONTROLPLANE, loadConfig(check.CONTROLPLANE, bv), detecetedKubeVersion)
			}
		} else {
			glog.V(1).Info("== Skipping master checks ==")
		}

		valid, err := validTargets(bv, []string{string(check.ETCD)}, viper.GetViper())
		if err != nil {
			exitWithError(fmt.Errorf("error validating targets: %v", err))
		}
		if valid && isEtcd() {
			glog.V(1).Info("== Running etcd checks ==")
			runChecks(check.ETCD, loadConfig(check.ETCD, bv), detecetedKubeVersion)
		} else {
			glog.V(1).Info("== Skipping etcd checks ==")
		}

		glog.V(1).Info("== Running node checks ==")
		runChecks(check.NODE, loadConfig(check.NODE, bv), detecetedKubeVersion)

		valid, err = validTargets(bv, []string{string(check.POLICIES)}, viper.GetViper())
		if err != nil {
			exitWithError(fmt.Errorf("error validating targets: %v", err))
		}
		if valid {
			glog.V(1).Info("== Running policies checks ==")
			runChecks(check.POLICIES, loadConfig(check.POLICIES, bv), detecetedKubeVersion)
		} else {
			glog.V(1).Info("== Skipping policies checks ==")
		}

		valid, err = validTargets(bv, []string{string(check.MANAGEDSERVICES)}, viper.GetViper())
		if err != nil {
			exitWithError(fmt.Errorf("error validating targets: %v", err))
		}
		if valid {
			glog.V(1).Info("== Running managed services checks ==")
			runChecks(check.MANAGEDSERVICES, loadConfig(check.MANAGEDSERVICES, bv), detecetedKubeVersion)
		} else {
			glog.V(1).Info("== Skipping managed services checks ==")
		}

		writeOutput(controlsCollection)
		exitCode := exitCodeSelection(controlsCollection)
		os.Exit(exitCode)
	},
}

RootCmd represents the base command when called without any subcommands

View Source
var TypeMap = map[string][]string{
	"ca":         {"cafile", "defaultcafile"},
	"kubeconfig": {"kubeconfig", "defaultkubeconfig"},
	"service":    {"svc", "defaultsvc"},
	"config":     {"confs", "defaultconf"},
}

Functions

func Execute

func Execute()

Execute adds all child commands to the root command sets flags appropriately. This is called by main.main(). It only needs to happen once to the rootCmd.

func NewRunFilter added in v0.0.27

func NewRunFilter(opts FilterOpts) (check.Predicate, error)

NewRunFilter constructs a Predicate based on FilterOpts which determines whether tested Checks should be run or not.

Types

type FilterOpts added in v0.0.27

type FilterOpts struct {
	CheckList string
	GroupList string
	Scored    bool
	Unscored  bool
}

type KubeVersion added in v0.5.0

type KubeVersion struct {
	Major string
	Minor string

	GitVersion string
	// contains filtered or unexported fields
}

func (*KubeVersion) BaseVersion added in v0.5.0

func (k *KubeVersion) BaseVersion() string

type VersionResponse added in v0.5.0

type VersionResponse struct {
	Major        string
	Minor        string
	GitVersion   string
	GitCommit    string
	GitTreeState string
	BuildDate    string
	GoVersion    string
	Compiler     string
	Platform     string
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL