-
Notifications
You must be signed in to change notification settings - Fork 19
/
token.go
75 lines (61 loc) · 1.61 KB
/
token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package token
import (
"os"
"github.com/quarkslab/kdigger/pkg/bucket"
)
const (
bucketName = "token"
bucketDescription = "Token checks for the presence of a service account token in the filesystem."
tokenPath = "/run/secrets/kubernetes.io/serviceaccount"
)
var bucketAliases = []string{"tokens", "tk"}
type Bucket struct{}
func (n Bucket) Run() (bucket.Results, error) {
res := bucket.NewResults(bucketName)
if tokenFolderExist() {
res.AddComment("A service account token is mounted.")
res.SetHeaders([]string{"namespace", "token", "CA"})
ns, err := readMountedData("namespace")
if err != nil {
return bucket.Results{}, err
}
t, err := readMountedData("token")
if err != nil {
return bucket.Results{}, err
}
ca, err := readMountedData("ca.crt")
if err != nil {
return bucket.Results{}, err
}
res.AddContent([]interface{}{ns, t, ca})
} else {
res.AddComment("No service account token was found in the local filesystem")
}
return *res, nil
}
func Register(b *bucket.Buckets) {
b.Register(bucket.Bucket{
Name: bucketName,
Description: bucketDescription,
Aliases: bucketAliases,
Factory: func(config bucket.Config) (bucket.Interface, error) {
return NewTokenBucket(config)
},
SideEffects: false,
RequireClient: false,
})
}
func NewTokenBucket(c bucket.Config) (*Bucket, error) {
return &Bucket{}, nil
}
func tokenFolderExist() bool {
_, err := os.Stat(tokenPath)
return !os.IsNotExist(err)
}
func readMountedData(data string) (string, error) {
b, err := os.ReadFile(tokenPath + "/" + data)
if err != nil {
return "", err
}
return string(b), nil
}