kubeaudit icon indicating copy to clipboard operation
kubeaudit copied to clipboard
verified publisher icon Shopify

Generate automount error when naming configuration file with 3 dash (---)

Open sekveaja opened this issue 1 year ago • 1 comments

ISSUE TYPE
  • [ ] Bug Report
  1. We observe that naming with 3 dash (---) or plus for the configuration name in the yaml file, it generates error. In example ---RELEASE_NAME--- configurationName: acme-sys-function---RELEASE-NAME---12-34-56

Error: [error] AutomountServiceAccountTokenTrueAndDefaultSA Message: Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.

  1. If name with 2 dash "--" configurationName: acme-sys-function--RELEASE-NAME--12-34-56

No Error is generated. $ kubeaudit all -f ./test_manifest.yaml_2_dash [WARNING]: kubernetes.io for override labels will soon be deprecated. Please, update them to use kubeaudit.io instead. All checks completed. 0 high-risk vulnerabilities found

  1. If name with 1 dash "-" configurationName: acme-sys-function-RELEASE-NAME-12-34-56

No Error is generated. $ kubeaudit all -f ./test_manifest.yaml_1_dash [WARNING]: kubernetes.io for override labels will soon be deprecated. Please, update them to use kubeaudit.io instead. All checks completed. 0 high-risk vulnerabilities found

We shouldn't have limitation when refer to a configuration file. Please advice, if there is an error in the functionality of Kubeaudit.

ENVIRONMENT
  • Kubeaudit version: 0.22.1
STEPS TO REPRODUCE
  1. Edit or vi test_manifest.yaml Add the following contents:

--- # Source: acms-test/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: acms-test-1 labels: traf_enable: active annotations: configurationName: acme-sys-function---RELEASE-NAME---12-34-56 spec: replicas: 1 strategy: type: RollingUpdate rollingUpdate: maxSurge: 0 selector: matchLabels: app.kubernetes.io/name: acms-test template: metadata: labels: acms-test/pod-type: sys-test annotations: adapt.acme.com/serviceconf_port: "8000" acme.com/service-id: "acme-sys-function---RELEASE-NAME---12-34-56"

  1. Save and test kubeaudit all -f ./test_manifest.yaml

    Expected Result:

    ---------------- Results for ---------------

apiVersion: apps/v1 kind: Deployment metadata: name: acms-test-1

-- [error] AutomountServiceAccountTokenTrueAndDefaultSA Message: Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpecor a non-default service account should be used.

  1. Edit and change this line as follow with 2 dash configurationName: acme-sys-function--RELEASE-NAME--12-34-56

  2. Test kubeaudit all -f ./test_manifest.yaml

Expected Result: All checks completed. 0 high-risk vulnerabilities found

sekveaja avatar Jul 02 '24 21:07 sekveaja

Thanks for opening your first issue here! Be sure to follow the issue template!

github-actions[bot] avatar Jul 02 '24 21:07 github-actions[bot]