Skip to content
This repository has been archived by the owner on Jan 13, 2023. It is now read-only.

node metadata check failing #30

Open
wyardley opened this issue Mar 29, 2022 · 0 comments
Open

node metadata check failing #30

wyardley opened this issue Mar 29, 2022 · 0 comments

Comments

@wyardley
Copy link

wyardley commented Mar 29, 2022
edited
Loading 

% inspec exec inspec-gke-cis-gcp --controls cis-gke-5.4.2-node-metadata -t gcp:// --input-file inputs.yml --reporter cli
[...]
  ×  cis-gke-5.4.2-node-metadata: [NODE-METADATA] Ensure the GKE Metadata Server is Enabled
     ×  [twicapp-production] Cluster us-west2/prod-cluster-01, Node Pool: default-node-pool config.workload_meta_config.mode is expected to be in "GCE_METADATA" and "GKE_METADATA"
     expected `` to be in the list: `["GCE_METADATA", "GKE_METADATA"]`

dumping out the config object, it's got:

     +     "workloadMetadataConfig"=>{"mode"=>"GKE_METADATA"},

the GCP CLI also shows

config:
  workloadMetadataConfig:
    mode: GKE_METADATA

I'm guessing this is either an upstream issue with https://github.com/inspec/inspec-gcp, or with the old version of it vendored in at https://github.com/GoogleCloudPlatform/inspec-gcp-helpers/, but this is all nested enough that it's hard to know exactly where to file a report, or what's to blame.

I verified that the workload_meta_config.mode (vs metadata) is supposed to be the right attribute name.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wyardley