🌈 Change ordering of multi asset output

[czunker]

Signed-off-by: Christian Zunker christian@mondoo.com

[czunker]

This implements the order as discussed here: https://www.notion.so/mondoo/Multiple-Assets-report-in-CLI-6b8bf08a5439476ba1935a7b795af333

[czunker]

The output now looks like this:

cnspec scan k8s --discover daemonsets,deployments --namespace kube-system --policy-bundle policy/bundles/mondoo-kubernetes-best-practices.yaml
→ loaded configuration from /etc/opt/mondoo/mondoo.yml using source default
! Scanning with local policy bundles will switch into --incognito mode by default. Your results will not be sent upstream.
! invalid github token via environment variable, ignoring it
→ discover related assets for 1 asset(s)
→ namespace filter has been set to "kube-system"
→ use cluster name from kube config cluster-name=minikube
→ resolved assets resolved-assets=2
→ connecting to asset kube-system/coredns (k8s-object)
→ client> send all results asset=//policy.api.mondoo.com/assets/2Fl4AcKigRyaMBjmCEpdynTHkpI
→ connecting to asset kube-system/kube-proxy (k8s-object)
→ client> send all results asset=//policy.api.mondoo.com/assets/2Fl4AhD9C3zK7QoeVvh34uaergM

Asset: kube-system/coredns
========================
Data queries:

Controls:
✕ Fail:  Deployments should not bind to a host port B 60
✕ Fail:  Container should configure a livenessProbe A 80
✕ Fail:  Deployments should not run in default namespace A 80
✕ Fail:  Container should configure a readinessProbe A 80
✕ Fail:  Container should request CPU A 80
✓ Pass:  Pod should not define hostAliases
✕ Fail:  Container should request memory A 80

Asset: kube-system/kube-proxy
========================
Data queries:

Controls:
✕ Fail:  Container should request CPU A 80
✕ Fail:  Container should configure a livenessProbe A 80
✕ Fail:  DaemonSets should not run in default namespace A 80
✕ Fail:  Container should configure a readinessProbe A 80
✕ Fail:  DaemonSets should not bind to a host port B 60
✓ Pass:  Pod should not define hostAliases
✕ Fail:  Container should request memory A 80


Summary (2 assets)
========================

Target:     kube-system/coredns
Score:      A   100/100     (100% completed)
✓ Passed:   ██ 14% (1)
✕ Failed:   █████████████ 86% (6)
! Errors:   0% (0)
» Skipped:  0% (0)

Policies:
A 100  Kubernetes Best Practices Benchmark by Mondoo

To get more information, please run this scan with "-o full".

Target:     kube-system/kube-proxy
Score:      A    88/100     (100% completed)
✓ Passed:   ██ 14% (1)
✕ Failed:   █████████████ 86% (6)
! Errors:   0% (0)
» Skipped:  0% (0)

Policies:
A  88  Kubernetes Best Practices Benchmark by Mondoo

To get more information, please run this scan with "-o full".

[chris-rock]

This is a great improvement. Following I add a few things that need refinement:

Asset Output

Asset: kube-system/coredns-64897985d-b7t87
========================
Data queries:

Controls:
✕ Fail:  Container should have a memory limit A 80
✕ Fail:  Container should not mount the Docker socket F 0
✕ Fail:  Pods should not run Tiller (Helm v2) B 60
✕ Fail:  Container should not allow privilege escalation F 0
✕ Fail:  Pods should not run with NET_RAW capability D 20
✕ Fail:  Pod should not run with hostIPC D 20
✕ Fail:  Container should use an immutable root filesystem D 20
✕ Fail:  Pods should not bind to a host port D 20
✕ Fail:  Container should not mount the containerd socket F 0
✕ Fail:  Pod should not run with the default service account B 70
✕ Fail:  Container should not run as root F 0
✕ Fail:  Pods should not run Kubernetes dashboard B 60
✕ Fail:  Pods should not run with SYS_ADMIN capability D 20
✕ Fail:  Pod should not run with hostNetwork D 20
✕ Fail:  Container image pull should be consistent C 40
✕ Fail:  Container should have a CPU limit A 80
✕ Fail:  Pods should mount any host path volumes as read-only D 20
✕ Fail:  Container should not mount the CRI-O socket F 0
✕ Fail:  Container should not run as a privileged container F 0
✕ Fail:  Pod should not run with hostPID D 20

• Data queries: should not be printed if there is no data query running
• the == should cover the full length of the headline. eg:

Asset: kube-system/coredns-64897985d-b7t87
====================================

Summary

The summary is helping users to quickly gather the details:

Summary (7 assets)
========================

Target:     kube-system/coredns-64897985d-b7t87
Score:      A    91/100     (100% completed)
✓ Passed:   0% (0)
✕ Failed:   ███████████████ 100% (20)
! Errors:   0% (0)
» Skipped:  0% (0)

Policies:
A  91  Kubernetes Workload Security by Mondoo

To get more information, please run this scan with "-o full".

Target:     kube-system/etcd-minikube
Score:      B    74/100     (100% completed)
✓ Passed:   0% (0)
✕ Failed:   ███████████████ 100% (20)
! Errors:   0% (0)
» Skipped:  0% (0)

Policies:
B  74  Kubernetes Workload Security by Mondoo

To get more information, please run this scan with "-o full".

• The output To get more information, please run this scan with "-o full". should only be printed at the very button on only once.

[czunker]

@chris-rock Fixed your comments.

Additionally, I also adjusted the length of the divider for the summary to have the same everywhere.

[chris-rock]

Great improvement @czunker