Control: Pod containers should have audit log path configured appropriately
Description
This check ensures that the container in the Pod has audit log path configured appropriately.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.pod_container_argument_audit_log_path_configuredSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.pod_container_argument_audit_log_path_configured --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when (c -> 'command') is null or not ((c -> 'command') @> '["kube-apiserver"]') then 'ok' when (c -> 'command') @> '["kube-apiserver"]' and (c ->> 'command' not like '%"--audit-log-path=%') then 'alarm' else 'alarm' end as status, case when (c -> 'command') is null then c ->> 'name' || ' command not defined.' when not ((c -> 'command') @> '["kube-apiserver"]') then c ->> 'name' || ' kube-apiserver not defined.' when (c -> 'command') @> '["kube-apiserver"]' and (c ->> 'command' not like '%"--audit-log-path=%') then c ->> 'name' || ' audit log path not configured.' else c ->> 'name' || ' audit log path configured.' end as reason, name as pod_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_pod, jsonb_array_elements(containers) as c;