Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with workload_meta_config.mode matcher #410

Open
wyardley opened this issue Mar 29, 2022 · 3 comments
Open

Issue with workload_meta_config.mode matcher #410

wyardley opened this issue Mar 29, 2022 · 3 comments

Comments

@wyardley
Copy link

Describe the problem

I've got a situation where workloadMetadataConfig.mode is set to GKE_METADATA, and yet the workload_meta_config.mode matcher seesm to be nil. This is using a slightly older version of this that's vendored in with https://github.com/GoogleCloudPlatform/inspec-gcp-helpers, so I can try to doublecheck if this issue affects the latest version as well.

Described in more detail at:
GoogleCloudPlatform/inspec-gke-cis-benchmark#30

Possible Solution
@wyardley
Copy link
Author

wyardley commented Mar 29, 2022
edited
Loading

Basic POC that shows this against current trunk as well.

title "GKE Nodepool test"

gcp_project_id = input("gcp_project_id")
gke_cluster = input("gke_cluster")
gke_cluster_location = input("gke_cluster_location")
gke_nodepool_name = input("gke_nodepool_name")

# you add controls here
control "gke-cluster-1.0" do
  impact 1.0
  title "Ensure cluster exists."
  desc "Testing"
  describe google_container_cluster(project: gcp_project_id, name: gke_cluster, location: gke_cluster_location) do
    it { should exist }
  end
  describe google_container_node_pool(project: gcp_project_id, nodepool_name: gke_nodepool_name, cluster_name: gke_cluster, location: gke_cluster_location) do
    it { should exist }
    its('config.workload_meta_config.mode') { should be_in %w[GCE_METADATA GKE_METADATA] }
  end
end
  ×  gke-cluster-1.0: Ensure cluster exists. (1 failed)
     ✔  Cluster xyz is expected to exist
     ✔  NodePool default-node-pool is expected to exist
     ×  NodePool default-node-pool config.workload_meta_config.mode is expected to be in "GCE_METADATA" and "GKE_METADATA"
     expected `` to be in the list: `["GCE_METADATA", "GKE_METADATA"]`

dumping out the config object, it's got:

     +     "workloadMetadataConfig"=>{"mode"=>"GKE_METADATA"},

the GCP CLI also shows

config:
  workloadMetadataConfig:
    mode: GKE_METADATA

@sa-progress
Copy link
Contributor

@wyardley this issue is fixed in this PR.

@wyardley
Copy link
Author

Woo! thanks @sa-progress!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wyardley @sa-progress