Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Typo in rh-1.0/4.1.3 #1651

Open
Arano-kai opened this issue Jul 30, 2024 · 0 comments · May be fixed by #1652
Open

Typo in rh-1.0/4.1.3 #1651

Arano-kai opened this issue Jul 30, 2024 · 0 comments · May be fixed by #1652

Comments

@Arano-kai
Copy link

Overview

The #1597 contains small typo in rh-1.0/4.1.3 that breaks check

How did you run kube-bench?

Deployed the job-node.yaml on OKD 4.12

What happened?
Related debug log:

I0730 07:41:14.744366 3503397 check.go:110] -----   Running check 4.1.3   -----
I0730 07:41:15.019047 3503397 check.go:180] failed to run: "# Get the node name where the pod is running\nNODE_NAME=$(oc get pod \"$HOSTNAME\" -o=jsonpath='{.spec.nodeName}')\n# Get the pod name in the openshift-sdn namespace\nPOD_NAME=$(oc get pods -n openshift-sdn -l app=sdn --field-selector spec.nodeName=\"$NODE_NAME\" -o jsonpath='{.items[0].metadata.name}' 2>/dev/null)\n\nif [ -z \"$POD_NAME\" ]; then\necho \"No matching pods found on the current node.\"\nelse\n# Execute the stat command\noc exec -n openshift-sdn \"$POD_NAME\"  - stat -Lc \"$i %n permissions=%a\" /config/kube-proxy-config.yaml  2>/dev/null\nfi", output: "", error: exit status 1
I0730 07:41:15.019103 3503397 check.go:186] Command: "# Get the node name where the pod is running\nNODE_NAME=$(oc get pod \"$HOSTNAME\" -o=jsonpath='{.spec.nodeName}')\n# Get the pod name in the openshift-sdn namespace\nPOD_NAME=$(oc get pods -n openshift-sdn -l app=sdn --field-selector spec.nodeName=\"$NODE_NAME\" -o jsonpath='{.items[0].metadata.name}' 2>/dev/null)\n\nif [ -z \"$POD_NAME\" ]; then\necho \"No matching pods found on the current node.\"\nelse\n# Execute the stat command\noc exec -n openshift-sdn \"$POD_NAME\"  - stat -Lc \"$i %n permissions=%a\" /config/kube-proxy-config.yaml  2>/dev/null\nfi\n" TestResult: <<EMPTY>> 
I0730 07:41:15.019119 3503397 check.go:190] failed to run: "# Get the node name where the pod is running\nNODE_NAME=$(oc get pod \"$HOSTNAME\" -o=jsonpath='{.spec.nodeName}')\n# Get the pod name in the openshift-sdn namespace\nPOD_NAME=$(oc get pods -n openshift-sdn -l app=sdn --field-selector spec.nodeName=\"$NODE_NAME\" -o jsonpath='{.items[0].metadata.name}' 2>/dev/null)\n\nif [ -z \"$POD_NAME\" ]; then\necho \"No matching pods found on the current node.\"\nelse\n# Execute the stat command\noc exec -n openshift-sdn \"$POD_NAME\"  - stat -Lc \"$i %n permissions=%a\" /config/kube-proxy-config.yaml  2>/dev/null\nfi", output: "", error: exit status 1

Error in oc exec ... part -- container command is preceded by a single dash, but should be a double dash instead

What did you expect to happen:

The check rh-1.0/4.1.3 must succeed

Environment

$ kube-bench version
v0.8.0
$ oc version
Client Version: 4.12.13
Kustomize Version: v4.5.7
Server Version: 4.12.0-0.okd-2023-03-18-084815
Kubernetes Version: v1.25.0-2786+eab9cc98fe4c00-dirty
@Arano-kai Arano-kai linked a pull request Jul 30, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: rh-1.0 check 4.1.3 typo Arano-kai/kube-bench
1 participant
@Arano-kai