Control: Replication Controller containers argument anonymous auth should be disabled
Description
This check ensures that the container in the Replication Controller has anonymous auth disabled.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.replication_controller_container_argument_anonymous_auth_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.replication_controller_container_argument_anonymous_auth_disabled --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when (c -> 'command') is null or not ((c -> 'command') @> '["kubelet"]') then 'ok' when (c -> 'command') @> '["kubelet"]' and (c -> 'command') @> '["--anonymous-auth=true"]' then 'alarm' else 'ok' end as status, case when (c -> 'command') is null then c ->> 'name' || ' command not defined.' when not ((c -> 'command') @> '["kubelet"]') then c ->> 'name' || ' kubelet not defined.' when (c -> 'command') @> '["kubelet"]' and (c -> 'command') @> '["--anonymous-auth=true"]' then c ->> 'name' || ' anonymous auth enabled.' else c ->> 'name' || ' anonymous auth disabled.' end as reason, name as replication_controller_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_replication_controller, jsonb_array_elements(template -> 'spec' -> 'containers') as c;