Skip to content
This repository has been archived by the owner on Oct 30, 2024. It is now read-only.
This repository has been archived by the owner on Oct 30, 2024. It is now read-only.

Generate automount error when naming configuration file with 3 dash (---)  #591

Open
Open
Generate automount error when naming configuration file with 3 dash (---) #591
@sekveaja

Description

@sekveaja
sekveaja
opened on Jul 2, 2024
ISSUE TYPE
  • Bug Report
  1. We observe that naming with 3 dash (---) or plus for the configuration name in the yaml file, it generates error.
    In example ---RELEASE_NAME---
    configurationName: acme-sys-function---RELEASE-NAME---12-34-56

Error:
[error] AutomountServiceAccountTokenTrueAndDefaultSA
Message: Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.

  1. If name with 2 dash "--"
    configurationName: acme-sys-function--RELEASE-NAME--12-34-56

No Error is generated.
$ kubeaudit all -f ./test_manifest.yaml_2_dash
[WARNING]: kubernetes.io for override labels will soon be deprecated. Please, update them to use kubeaudit.io instead.
All checks completed. 0 high-risk vulnerabilities found

  1. If name with 1 dash "-"
    configurationName: acme-sys-function-RELEASE-NAME-12-34-56

No Error is generated.
$ kubeaudit all -f ./test_manifest.yaml_1_dash
[WARNING]: kubernetes.io for override labels will soon be deprecated. Please, update them to use kubeaudit.io instead.
All checks completed. 0 high-risk vulnerabilities found

We shouldn't have limitation when refer to a configuration file.
Please advice, if there is an error in the functionality of Kubeaudit.

ENVIRONMENT
  • Kubeaudit version: 0.22.1
STEPS TO REPRODUCE
  1. Edit or vi test_manifest.yaml
    Add the following contents:

---
# Source: acms-test/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: acms-test-1
labels:
traf_enable: active
annotations:
configurationName: acme-sys-function---RELEASE-NAME---12-34-56
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
selector:
matchLabels:
app.kubernetes.io/name: acms-test
template:
metadata:
labels:
acms-test/pod-type: sys-test
annotations:
adapt.acme.com/serviceconf_port: "8000"
acme.com/service-id: "acme-sys-function---RELEASE-NAME---12-34-56"

  1. Save and test
    kubeaudit all -f ./test_manifest.yaml

    Expected Result:

    ---------------- Results for ---------------

apiVersion: apps/v1
kind: Deployment
metadata:
name: acms-test-1

-- [error] AutomountServiceAccountTokenTrueAndDefaultSA
Message: Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpecor a non-default service account should be used.

  1. Edit and change this line as follow with 2 dash
    configurationName: acme-sys-function--RELEASE-NAME--12-34-56

  2. Test
    kubeaudit all -f ./test_manifest.yaml

Expected Result:
All checks completed. 0 high-risk vulnerabilities found

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions