aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docker/security/testcases.yaml1
-rw-r--r--functest_kubernetes/security/kube-bench.yaml1
-rw-r--r--functest_kubernetes/security/security.py19
3 files changed, 21 insertions, 0 deletions
diff --git a/docker/security/testcases.yaml b/docker/security/testcases.yaml
index 9636547e..e5423a47 100644
--- a/docker/security/testcases.yaml
+++ b/docker/security/testcases.yaml
@@ -18,6 +18,7 @@ tiers:
name: 'kube_hunter'
args:
severity: high
+
-
case_name: kube_bench
project_name: functest
diff --git a/functest_kubernetes/security/kube-bench.yaml b/functest_kubernetes/security/kube-bench.yaml
index 38a2ef60..2f2c57d6 100644
--- a/functest_kubernetes/security/kube-bench.yaml
+++ b/functest_kubernetes/security/kube-bench.yaml
@@ -14,6 +14,7 @@ spec:
- name: kube-bench
image: aquasec/kube-bench:0.3.1
command: ["kube-bench"]
+ args: ["--json"]
volumeMounts:
- name: var-lib-etcd
mountPath: /var/lib/etcd
diff --git a/functest_kubernetes/security/security.py b/functest_kubernetes/security/security.py
index 33f5e978..73c33b73 100644
--- a/functest_kubernetes/security/security.py
+++ b/functest_kubernetes/security/security.py
@@ -13,6 +13,7 @@ Define the parent for Kubernetes testing.
from __future__ import division
+import ast
import json
import logging
import time
@@ -189,10 +190,28 @@ class KubeBench(SecurityTesting):
See https://github.com/aquasecurity/kube-bench for more details
"""
+ __logger = logging.getLogger(__name__)
+
def __init__(self, **kwargs):
super(KubeBench, self).__init__(**kwargs)
self.job_name = "kube-bench"
def run(self, **kwargs):
super(KubeBench, self).run(**kwargs)
+ self.details = ast.literal_eval(self.pod_log)
+ msg = prettytable.PrettyTable(
+ header_style='upper', padding_width=5,
+ field_names=['node_type', 'version', 'test_desc', 'pass',
+ 'fail', 'warn'])
+ for details in self.details:
+ for test in details['tests']:
+ msg.add_row(
+ [details['node_type'], details['version'], test['desc'],
+ test['pass'], test['fail'], test['warn']])
+ for result in test["results"]:
+ if result['scored'] and result['status'] == 'FAIL':
+ self.__logger.error(
+ "%s\n%s", result['test_desc'],
+ result['remediation'])
+ self.__logger.warning("Targets:\n\n%s\n", msg.get_string())
self.result = 100