Sha256: 9e98f15c8510ecc855c3ec5fcc5cd9e8feaa8b7c1e3ad7be48fd3682ff0f5fa4
Contents?: true
Size: 1.05 KB
Versions: 1
Compression:
Stored size: 1.05 KB
Contents
module KubeAutoAnalyzer
def self.check_authz
@log.debug("Entering the authorization checker")
target = @options.target_server
@log.debug("Checking enabled authorization options on #{target}")
@results[target][:authz] = Hash.new
pods = @client.get_pods
pods.each do |pod|
if pod['metadata']['name'] =~ /kube-apiserver/
@api_server = pod
end
end
api_server_command_line = @api_server['spec']['containers'][0]['command']
if api_server_command_line.index{|line| line =~ /--authorization-mode\S*RBAC/}
@results[target][:authz][:rbac] = true
else
@results[target][:authz][:rbac] = false
end
if api_server_command_line.index{|line| line =~ /--authorization-mode\S*ABAC/}
@results[target][:authz][:abac] = true
else
@results[target][:authz][:abac] = false
end
if api_server_command_line.index{|line| line =~ /--authorization-mode\S*Webhook/}
@results[target][:authz][:webhook] = true
else
@results[target][:authz][:webhook] = false
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| kube_auto_analyzer-0.0.17 | lib/kube_auto_analyzer/api_checks/authorization_checker.rb |