Control: StatefulSet Controller containers argument anonymous auth should be disabled
Description
This check ensures that the container in the StatefulSet Controller has anonymous auth disabled.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.statefulset_container_argument_anonymous_auth_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.statefulset_container_argument_anonymous_auth_disabled --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when (c -> 'command') is null or not ((c -> 'command') @> '["kubelet"]') then 'ok' when (c -> 'command') @> '["kubelet"]' and (c -> 'command') @> '["--anonymous-auth=true"]' then 'alarm' else 'ok' end as status, case when (c -> 'command') is null then c ->> 'name' || ' command not defined.' when not ((c -> 'command') @> '["kubelet"]') then c ->> 'name' || ' kubelet not defined.' when (c -> 'command') @> '["kubelet"]' and (c -> 'command') @> '["--anonymous-auth=true"]' then c ->> 'name' || ' anonymous auth enabled.' else c ->> 'name' || ' anonymous auth disabled.' end as reason, name as stateful_set_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_stateful_set, jsonb_array_elements(template -> 'spec' -> 'containers') as c;