From b3bd560fd8a1bd155d4ef21bcfbe5f28e78b7147 Mon Sep 17 00:00:00 2001
From: Cédric Ollivier <cedric.ollivier@orange.com>
Date: Sat, 12 Sep 2020 16:12:50 +0200
Subject: Improve kube_bench output
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It also fills self.details.

Change-Id: Ie73215ebcbd34de9d457fd364de4ab9cbdf64319
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
(cherry picked from commit 823b3a005ace9372a080421b2ae19152505201e4)
---
 docker/security/testcases.yaml               |  1 +
 functest_kubernetes/security/kube-bench.yaml |  1 +
 functest_kubernetes/security/security.py     | 19 +++++++++++++++++++
 3 files changed, 21 insertions(+)

diff --git a/docker/security/testcases.yaml b/docker/security/testcases.yaml
index 9636547e..e5423a47 100644
--- a/docker/security/testcases.yaml
+++ b/docker/security/testcases.yaml
@@ -18,6 +18,7 @@ tiers:
                     name: 'kube_hunter'
                     args:
                         severity: high
+
             -
                 case_name: kube_bench
                 project_name: functest
diff --git a/functest_kubernetes/security/kube-bench.yaml b/functest_kubernetes/security/kube-bench.yaml
index 38a2ef60..2f2c57d6 100644
--- a/functest_kubernetes/security/kube-bench.yaml
+++ b/functest_kubernetes/security/kube-bench.yaml
@@ -14,6 +14,7 @@ spec:
         - name: kube-bench
           image: aquasec/kube-bench:0.3.1
           command: ["kube-bench"]
+          args: ["--json"]
           volumeMounts:
             - name: var-lib-etcd
               mountPath: /var/lib/etcd
diff --git a/functest_kubernetes/security/security.py b/functest_kubernetes/security/security.py
index 33f5e978..73c33b73 100644
--- a/functest_kubernetes/security/security.py
+++ b/functest_kubernetes/security/security.py
@@ -13,6 +13,7 @@ Define the parent for Kubernetes testing.
 
 from __future__ import division
 
+import ast
 import json
 import logging
 import time
@@ -189,10 +190,28 @@ class KubeBench(SecurityTesting):
     See https://github.com/aquasecurity/kube-bench for more details
     """
 
+    __logger = logging.getLogger(__name__)
+
     def __init__(self, **kwargs):
         super(KubeBench, self).__init__(**kwargs)
         self.job_name = "kube-bench"
 
     def run(self, **kwargs):
         super(KubeBench, self).run(**kwargs)
+        self.details = ast.literal_eval(self.pod_log)
+        msg = prettytable.PrettyTable(
+            header_style='upper', padding_width=5,
+            field_names=['node_type', 'version', 'test_desc', 'pass',
+                         'fail', 'warn'])
+        for details in self.details:
+            for test in details['tests']:
+                msg.add_row(
+                    [details['node_type'], details['version'], test['desc'],
+                     test['pass'], test['fail'], test['warn']])
+                for result in test["results"]:
+                    if result['scored'] and result['status'] == 'FAIL':
+                        self.__logger.error(
+                            "%s\n%s", result['test_desc'],
+                            result['remediation'])
+        self.__logger.warning("Targets:\n\n%s\n", msg.get_string())
         self.result = 100
-- 
cgit 1.2.3-korg