diff options
author | Cédric Ollivier <cedric.ollivier@orange.com> | 2020-09-12 16:12:50 +0200 |
---|---|---|
committer | Cédric Ollivier <cedric.ollivier@orange.com> | 2020-09-12 16:12:50 +0200 |
commit | 823b3a005ace9372a080421b2ae19152505201e4 (patch) | |
tree | 97df467cd5d096af70f5d17f82242ab193a2f8eb /functest_kubernetes/security | |
parent | 4f197110710e9f148eae4533792e8e7e2d72f053 (diff) |
Improve kube_bench output
It also fills self.details.
Change-Id: Ie73215ebcbd34de9d457fd364de4ab9cbdf64319
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
Diffstat (limited to 'functest_kubernetes/security')
-rw-r--r-- | functest_kubernetes/security/kube-bench.yaml | 1 | ||||
-rw-r--r-- | functest_kubernetes/security/security.py | 19 |
2 files changed, 20 insertions, 0 deletions
diff --git a/functest_kubernetes/security/kube-bench.yaml b/functest_kubernetes/security/kube-bench.yaml index 38a2ef60..2f2c57d6 100644 --- a/functest_kubernetes/security/kube-bench.yaml +++ b/functest_kubernetes/security/kube-bench.yaml @@ -14,6 +14,7 @@ spec: - name: kube-bench image: aquasec/kube-bench:0.3.1 command: ["kube-bench"] + args: ["--json"] volumeMounts: - name: var-lib-etcd mountPath: /var/lib/etcd diff --git a/functest_kubernetes/security/security.py b/functest_kubernetes/security/security.py index d06ffb28..f3d20750 100644 --- a/functest_kubernetes/security/security.py +++ b/functest_kubernetes/security/security.py @@ -13,6 +13,7 @@ Define the parent for Kubernetes testing. from __future__ import division +import ast import json import logging import time @@ -188,10 +189,28 @@ class KubeBench(SecurityTesting): See https://github.com/aquasecurity/kube-bench for more details """ + __logger = logging.getLogger(__name__) + def __init__(self, **kwargs): super(KubeBench, self).__init__(**kwargs) self.job_name = "kube-bench" def run(self, **kwargs): super(KubeBench, self).run(**kwargs) + self.details = ast.literal_eval(self.pod_log) + msg = prettytable.PrettyTable( + header_style='upper', padding_width=5, + field_names=['node_type', 'version', 'test_desc', 'pass', + 'fail', 'warn']) + for details in self.details: + for test in details['tests']: + msg.add_row( + [details['node_type'], details['version'], test['desc'], + test['pass'], test['fail'], test['warn']]) + for result in test["results"]: + if result['scored'] and result['status'] == 'FAIL': + self.__logger.error( + "%s\n%s", result['test_desc'], + result['remediation']) + self.__logger.warning("Targets:\n\n%s\n", msg.get_string()) self.result = 100 |