Improve kube_bench output

author Cédric Ollivier <cedric.ollivier@orange.com>

Sat, 12 Sep 2020 14:12:50 +0000 (16:12 +0200)

committer Cédric Ollivier <cedric.ollivier@orange.com>

Sat, 12 Sep 2020 14:17:18 +0000 (16:17 +0200)
author Cédric Ollivier <cedric.ollivier@orange.com>
Sat, 12 Sep 2020 14:12:50 +0000 (16:12 +0200)
committer Cédric Ollivier <cedric.ollivier@orange.com>
Sat, 12 Sep 2020 14:17:18 +0000 (16:17 +0200)
diff --git a/docker/security/testcases.yaml b/docker/security/testcases.yaml

index 9636547..e5423a4 100644 (file)
--- a/docker/security/testcases.yaml
+++ b/docker/security/testcases.yaml
@@ -18,6 +18,7 @@ tiers:
                      name: 'kube_hunter'
                      args:
                          severity: high
+
              -
                  case_name: kube_bench
                  project_name: functest
diff --git a/functest_kubernetes/security/kube-bench.yaml b/functest_kubernetes/security/kube-bench.yaml

index 38a2ef6..2f2c57d 100644 (file)
--- a/functest_kubernetes/security/kube-bench.yaml
+++ b/functest_kubernetes/security/kube-bench.yaml
@@ -14,6 +14,7 @@ spec:
          - name: kube-bench
            image: aquasec/kube-bench:0.3.1
            command: ["kube-bench"]
+          args: ["--json"]
            volumeMounts:
              - name: var-lib-etcd
                mountPath: /var/lib/etcd
diff --git a/functest_kubernetes/security/security.py b/functest_kubernetes/security/security.py

index 33f5e97..73c33b7 100644 (file)
--- a/functest_kubernetes/security/security.py
+++ b/functest_kubernetes/security/security.py
@@ -13,6 +13,7 @@ Define the parent for Kubernetes testing.
  
  from __future__ import division
  
+import ast
  import json
  import logging
  import time
@@ -189,10 +190,28 @@ class KubeBench(SecurityTesting):
      See https://github.com/aquasecurity/kube-bench for more details
      """
  
+    __logger = logging.getLogger(__name__)
+
      def __init__(self, **kwargs):
          super(KubeBench, self).__init__(**kwargs)
          self.job_name = "kube-bench"
  
      def run(self, **kwargs):
          super(KubeBench, self).run(**kwargs)
+        self.details = ast.literal_eval(self.pod_log)
+        msg = prettytable.PrettyTable(
+            header_style='upper', padding_width=5,
+            field_names=['node_type', 'version', 'test_desc', 'pass',
+                         'fail', 'warn'])
+        for details in self.details:
+            for test in details['tests']:
+                msg.add_row(
+                    [details['node_type'], details['version'], test['desc'],
+                     test['pass'], test['fail'], test['warn']])
+                for result in test["results"]:
+                    if result['scored'] and result['status'] == 'FAIL':
+                        self.__logger.error(
+                            "%s\n%s", result['test_desc'],
+                            result['remediation'])
+        self.__logger.warning("Targets:\n\n%s\n", msg.get_string())
          self.result = 100
author	Cédric Ollivier <cedric.ollivier@orange.com>
	Sat, 12 Sep 2020 14:12:50 +0000 (16:12 +0200)
committer	Cédric Ollivier <cedric.ollivier@orange.com>
	Sat, 12 Sep 2020 14:17:18 +0000 (16:17 +0200)
docker/security/testcases.yaml		patch \| blob \| history
functest_kubernetes/security/kube-bench.yaml		patch \| blob \| history
functest_kubernetes/security/security.py		patch \| blob \| history