Skip to content
This repository has been archived by the owner on Oct 30, 2024. It is now read-only.

Generate automount error when naming configuration file with 3 dash (---) #591

Open
1 task
sekveaja opened this issue Jul 2, 2024 · 1 comment
Open
1 task

Generate automount error when naming configuration file with 3 dash (---) #591

sekveaja opened this issue Jul 2, 2024 · 1 comment

Comments

@sekveaja
Copy link

sekveaja commented Jul 2, 2024
edited
Loading

ISSUE TYPE
  • Bug Report
  1. We observe that naming with 3 dash (---) or plus for the configuration name in the yaml file, it generates error.
    In example ---RELEASE_NAME---
    configurationName: acme-sys-function---RELEASE-NAME---12-34-56

Error:
[error] AutomountServiceAccountTokenTrueAndDefaultSA
Message: Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.

  1. If name with 2 dash "--"
    configurationName: acme-sys-function--RELEASE-NAME--12-34-56

No Error is generated.
$ kubeaudit all -f ./test_manifest.yaml_2_dash
[WARNING]: kubernetes.io for override labels will soon be deprecated. Please, update them to use kubeaudit.io instead.
All checks completed. 0 high-risk vulnerabilities found

  1. If name with 1 dash "-"
    configurationName: acme-sys-function-RELEASE-NAME-12-34-56

No Error is generated.
$ kubeaudit all -f ./test_manifest.yaml_1_dash
[WARNING]: kubernetes.io for override labels will soon be deprecated. Please, update them to use kubeaudit.io instead.
All checks completed. 0 high-risk vulnerabilities found

We shouldn't have limitation when refer to a configuration file.
Please advice, if there is an error in the functionality of Kubeaudit.

ENVIRONMENT
  • Kubeaudit version: 0.22.1
STEPS TO REPRODUCE
  1. Edit or vi test_manifest.yaml
    Add the following contents:

---
# Source: acms-test/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: acms-test-1
labels:
traf_enable: active
annotations:
configurationName: acme-sys-function---RELEASE-NAME---12-34-56
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
selector:
matchLabels:
app.kubernetes.io/name: acms-test
template:
metadata:
labels:
acms-test/pod-type: sys-test
annotations:
adapt.acme.com/serviceconf_port: "8000"
acme.com/service-id: "acme-sys-function---RELEASE-NAME---12-34-56"

  1. Save and test
    kubeaudit all -f ./test_manifest.yaml

    Expected Result:

    ---------------- Results for ---------------

apiVersion: apps/v1
kind: Deployment
metadata:
name: acms-test-1

-- [error] AutomountServiceAccountTokenTrueAndDefaultSA
Message: Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpecor a non-default service account should be used.

  1. Edit and change this line as follow with 2 dash
    configurationName: acme-sys-function--RELEASE-NAME--12-34-56

  2. Test
    kubeaudit all -f ./test_manifest.yaml

Expected Result:
All checks completed. 0 high-risk vulnerabilities found
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 2, 2024

Thanks for opening your first issue here! Be sure to follow the issue template!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sekveaja