The #1597 contains small typo in rh-1.0/4.1.3 that breaks check
How did you run kube-bench?
Deployed the job-node.yaml on OKD 4.12
What happened?
Related debug log:
I0730 07:41:14.744366 3503397 check.go:110] ----- Running check 4.1.3 -----
I0730 07:41:15.019047 3503397 check.go:180] failed to run: "# Get the node name where the pod is running\nNODE_NAME=$(oc get pod \"$HOSTNAME\" -o=jsonpath='{.spec.nodeName}')\n# Get the pod name in the openshift-sdn namespace\nPOD_NAME=$(oc get pods -n openshift-sdn -l app=sdn --field-selector spec.nodeName=\"$NODE_NAME\" -o jsonpath='{.items[0].metadata.name}' 2>/dev/null)\n\nif [ -z \"$POD_NAME\" ]; then\necho \"No matching pods found on the current node.\"\nelse\n# Execute the stat command\noc exec -n openshift-sdn \"$POD_NAME\" - stat -Lc \"$i %n permissions=%a\" /config/kube-proxy-config.yaml 2>/dev/null\nfi", output: "", error: exit status 1
I0730 07:41:15.019103 3503397 check.go:186] Command: "# Get the node name where the pod is running\nNODE_NAME=$(oc get pod \"$HOSTNAME\" -o=jsonpath='{.spec.nodeName}')\n# Get the pod name in the openshift-sdn namespace\nPOD_NAME=$(oc get pods -n openshift-sdn -l app=sdn --field-selector spec.nodeName=\"$NODE_NAME\" -o jsonpath='{.items[0].metadata.name}' 2>/dev/null)\n\nif [ -z \"$POD_NAME\" ]; then\necho \"No matching pods found on the current node.\"\nelse\n# Execute the stat command\noc exec -n openshift-sdn \"$POD_NAME\" - stat -Lc \"$i %n permissions=%a\" /config/kube-proxy-config.yaml 2>/dev/null\nfi\n" TestResult: <<EMPTY>>
I0730 07:41:15.019119 3503397 check.go:190] failed to run: "# Get the node name where the pod is running\nNODE_NAME=$(oc get pod \"$HOSTNAME\" -o=jsonpath='{.spec.nodeName}')\n# Get the pod name in the openshift-sdn namespace\nPOD_NAME=$(oc get pods -n openshift-sdn -l app=sdn --field-selector spec.nodeName=\"$NODE_NAME\" -o jsonpath='{.items[0].metadata.name}' 2>/dev/null)\n\nif [ -z \"$POD_NAME\" ]; then\necho \"No matching pods found on the current node.\"\nelse\n# Execute the stat command\noc exec -n openshift-sdn \"$POD_NAME\" - stat -Lc \"$i %n permissions=%a\" /config/kube-proxy-config.yaml 2>/dev/null\nfi", output: "", error: exit status 1
Error in oc exec ... part -- container command is preceded by a single dash, but should be a double dash instead
What did you expect to happen:
The check rh-1.0/4.1.3 must succeed
Environment
$ kube-bench version
v0.8.0
$ oc version
Client Version: 4.12.13
Kustomize Version: v4.5.7
Server Version: 4.12.0-0.okd-2023-03-18-084815
Kubernetes Version: v1.25.0-2786+eab9cc98fe4c00-dirty
Overview
The #1597 contains small typo in rh-1.0/4.1.3 that breaks check
How did you run kube-bench?
Deployed the
job-node.yamlon OKD 4.12What happened? Related debug log:
Error in
oc exec ...part -- container command is preceded by a single dash, but should be a double dash insteadWhat did you expect to happen:
The check rh-1.0/4.1.3 must succeed
Environment