Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(improvements): Improve the usability of karmor probe by detailing… #362

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
fix(improvements): Improve the usability of karmor probe by detailing…
… error messages

The following error may occur when executing "karmor probe".

  ```
  > karmor probe
  probe.go:380: error when getting kubearmor daemonset Get "http://localhost:8080/apis/apps/v1/namespaces/kube-system/daemonsets/kubearmor": dial tcp 127.0.0.1:8080: connect: connection refused

  Didn't find KubeArmor in systemd or Kubernetes, probing for support for KubeArmor

  Host:
    Observability/Audit: Supported (Kernel Version 5.15.0)
    Enforcement: Full (Supported LSMs: lockdown,capability,landlock,yama,apparmor)
  To get full probe, a daemonset will be deployed in your cluster - This daemonset will be deleted after probing
  Use --full tag to get full probing
  ```

When "karmor probe" is executed, "systemctl status kubearmor" is executed
internally, but the systemctl command may require sudo. In this case,
without sudo, an error occurs.

In this commit, to make it easier to understand the root cause of such an
error, error messages have been modified to be more detailed.

Signed-off-by: Hayato Kiwata <haytok@amazon.co.jp>
  • Loading branch information
haytok committed Aug 21, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit eae62c5eda8bafa735c8219df1a30f891c6c1f23
3 changes: 2 additions & 1 deletion probe/probe.go
Original file line number Diff line number Diff line change
@@ -534,8 +534,9 @@ func getPostureData(probeData []KubeArmorProbeData) map[string]string {
// sudo systemctl status kubearmor
func isSystemdMode() bool {
cmd := exec.Command("systemctl", "status", "kubearmor")
_, err := cmd.CombinedOutput()
out, err := cmd.CombinedOutput()
if err != nil {
log.Println("systemctl status kubearmor cannot be executed:", string(out))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should refactor the function to return error, and use Cobra Error handler to capture the errors. That way we will not show the error incase we find KubeArmor in kubernetes

return false
}
color.Green("\nFound KubeArmor running in Systemd mode \n\n")