Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

k8s-psp-dump、secret、configmap、对于返回包的判断有误 #36

Open
yangusrname opened this issue Feb 24, 2022 · 3 comments
Open

k8s-psp-dump、secret、configmap、对于返回包的判断有误 #36

yangusrname opened this issue Feb 24, 2022 · 3 comments
Assignees
@neargle
Labels
bug Something isn't working

Comments

@yangusrname
Copy link

image
判断拉取失败,但是打印出的返回包中实际上已获取到信息,应该判定成功并输出到文件中。
secret、psp、configmap这三个都是这样。
image
可能需要修改这部分代码
@neargle
Copy link
Member

neargle commented Feb 24, 2022

收到,隔离中,排期搞。

@neargle neargle self-assigned this Feb 27, 2022
@neargle
Copy link
Member

neargle commented Feb 27, 2022

我这边的环境没办法复现呀,有纯文本的返回吗?

@yangusrname
Copy link
Author

yangusrname commented Mar 11, 2022
edited

./cdk run k8s-psp-dump auto

2022/03/11 01:27:08 getting K8s api-server API addr.
Find K8s api-server in ENV: https://10.1.0.1:443
2022/03/11 01:27:08 trying to dump K8s Pod Security Policies with user system:anonymous
2022/03/11 01:27:08 requesting /apis/policy/v1beta1/podsecuritypolicies
err found in post request, error response code: 403 Forbidden.
2022/03/11 01:27:08 failed, 403 Forbidden, api-server response:

2022/03/11 01:27:08 trying to dump K8s Pod Security Policies with local service-account: /var/run/secrets/kubernetes.io/serviceaccount/token
2022/03/11 01:27:08 requesting /apis/policy/v1beta1/podsecuritypolicies
2022/03/11 01:27:08 failed, api-server response:
{"kind":"PodSecurityPolicyList","apiVersion":"policy/v1beta1","metadata":{"resourceVersion":"1372081"},"items":[{"metadata":{"name":"psp.flannel.unprivileged","

第一部分是匿名拉取policies,我设置的禁止匿名,所以失败正常。第二部分token拉取显示失败,但实际上response中已经返回了policies,后面还有一堆我没有复制,都是policies。我后来自己改为,判断返回包中是否包含Failure
image

还有一个问题,失败时response没有输出,可见下图,resp为空
image

k8s-psp-dump中,无论对错都会生成文件,如下图,匿名部分显示失败然后创建文件成功,不会进行下一步使用token拉取
image

@neargle neargle added the bug Something isn't working label Mar 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@neargle neargle

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@neargle @yangusrname