kubernetes-retired · k8s-ci-robot · Jun 18, 2020 · Jun 17, 2020 · Jun 17, 2020
diff --git a/benchmarks/kubectl-mtb/Makefile b/benchmarks/kubectl-mtb/Makefile
@@ -23,4 +23,8 @@ kubectl: build
 
 generate:
 	@go generate ./...
-	@echo "[OK] Files added to embed box!"
+	@echo "[OK] Files added to embed box!"
+
+.PHONY: readme
+readme: 
+	go run docs/main.go
diff --git a/benchmarks/kubectl-mtb/docs/main.go b/benchmarks/kubectl-mtb/docs/main.go
@@ -0,0 +1,95 @@
+package main
+
+import (
+	"fmt"
+	"html/template"
+	"io/ioutil"
+	"log"
+	"os"
+	"path/filepath"
+
+	"gopkg.in/yaml.v2"
+	"sigs.k8s.io/multi-tenancy/benchmarks/kubectl-mtb/test/util"
+)
+
+const (
+	// Location of the config files
+	embedFolder string = "./test/benchmarks/"
+)
+
+// Structure of yaml (Used for README generation)
+type Doc struct {
+	ID            string `yaml:"id"`
+	Title         string `yaml:"title"`
+	BenchmarkType string `yaml:"benchmarkType"`
+	Category      string `yaml:"category"`
+	Description   string `yaml:"description"`
+	Remediation   string `yaml:"remediation"`
+	ProfileLevel  int    `yaml:"profileLevel"`
+}
+
+// README template
+const templ = `
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>README</title>
+  </head>
+  <body>
+  <h2> {{.Title}} [{{.ID}}] </h2>
+	<p>
+		<b> Profile Applicability: </b> {{.ProfileLevel}} <br>
+		<b> Type: </b> {{.BenchmarkType}} <br>
+		<b> Category: </b> {{.Category}} <br>
+		<b> Description: </b> {{.Description}} <br>
+		<b> Remediation: </b> {{.Remediation}} <br>
+	</p>
+
+  </body>
+</html>
+`
+
+func main() {
+
+	err := filepath.Walk(embedFolder, func(path string, info os.FileInfo, err error) error {
+		if !info.IsDir() {
+			extension := filepath.Ext(path)
+			if extension == ".yml" || extension == ".yaml" {
+				b, err := ioutil.ReadFile(path)
+				util.CheckError(err)
+				d := Doc{}
+				err = yaml.Unmarshal(b, &d)
+				util.CheckError(err)
+				t := template.New("README template")
+				t, err = t.Parse(templ)
+
+				// Get directory of the config file
+				dirPath := util.GetDirectory(path, "/")
+
+				//Check if Path exists
+				_, err = util.Exists(dirPath)
+				util.CheckError(err)
+
+				f, err := os.Create(dirPath + "/README.md")
+				util.CheckError(err)
+
+				// Write the output to the README file
+				err = t.Execute(f, d)
+				util.CheckError(err)
+				if err == nil {
+					fmt.Println("README.md generated successfully")
+				}
+
+				err = f.Close()
+				util.CheckError(err)
+
+			}
+		}
+
+		return nil
+	})
+	if err != nil {
+		log.Fatal("Error walking through embed directory:", err)
+	}
+
+}
diff --git a/benchmarks/kubectl-mtb/go.mod b/benchmarks/kubectl-mtb/go.mod
@@ -6,7 +6,9 @@ require (
 	github.com/creasty/defaults v1.3.0
 	github.com/gobuffalo/packr/v2 v2.5.1
 	github.com/golang/protobuf v1.4.2 // indirect
+	github.com/kr/fs v0.1.0
 	github.com/phoenixking25/kubectl-mtb v0.0.0-20200607051717-90ca51647eb6 // indirect
+	github.com/russross/blackfriday/v2 v2.0.1
 	github.com/spf13/cobra v1.0.0
 	golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 // indirect
 	golang.org/x/net v0.0.0-20200602114024-627f9648deb9 // indirect

diff --git a/benchmarks/kubectl-mtb/go.sum b/benchmarks/kubectl-mtb/go.sum
@@ -347,6 +347,8 @@ github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgo
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
+github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -480,6 +482,7 @@ github.com/rubiojr/go-vhd v0.0.0-20160810183302-0bfd3b39853c/go.mod h1:DM5xW0nvf
 github.com/russross/blackfriday v0.0.0-20170610170232-067529f716f4/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
+github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
@@ -489,6 +492,7 @@ github.com/shirou/gopsutil v0.0.0-20180427012116-c95755e4bcd7/go.mod h1:5b4v6he4
 github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
 github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
 github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
+github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.0.5/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=

diff --git a/benchmarks/kubectl-mtb/pkg/benchmark/benchmark.go b/benchmarks/kubectl-mtb/pkg/benchmark/benchmark.go
@@ -28,5 +28,6 @@ func (b *Benchmark) ReadConfig(file []byte) error {
 	if b == nil {
 		return errors.New("Please fill in a valid/non-empty yaml file")
 	}
+
 	return nil
 }
diff --git a/benchmarks/kubectl-mtb/test/benchmarks/block_privileged_containers/README.md b/benchmarks/kubectl-mtb/test/benchmarks/block_privileged_containers/README.md
@@ -0,0 +1,18 @@
+
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>README</title>
+  </head>
+  <body>
+  <h2> Block privileged containers [MTB-PL1-BC-CPI-5] </h2>
+	<p>
+		<b> Profile Applicability: </b> 1 <br>
+		<b> Type: </b> Behavioral Check <br>
+		<b> Category: </b> Control Plane Isolation <br>
+		<b> Description: </b> By default a container is not allowed to access any devices on the host, but a “privileged” container can access all devices on the host. A process within a privileged container can also get unrestricted host access. Hence, tenants should not be allowed to run privileged containers. <br>
+		<b> Remediation: </b> Define a `PodSecurityPolicy` with `privileged` set to `false` and map the policy to each tenant&#39;s namespace, or use a policy engine such as [OPA/Gatekeeper](https://github.com/open-policy-agent/gatekeeper) or [Kyverno](https://kyverno.io) to prevent tenants from running privileged containers. <br>
+	</p>
+
+  </body>
+</html>
diff --git a/benchmarks/kubectl-mtb/test/util/util.go b/benchmarks/kubectl-mtb/test/util/util.go
@@ -0,0 +1,35 @@
+package util
+
+import (
+	"fmt"
+	"os"
+	"strings"
+)
+
+func Exists(path string) (bool, error) {
+
+	_, err := os.Stat(path)
+	fmt.Println(err)
+	if err == nil {
+		return true, nil
+	}
+
+	return false, err
+
+}
+
+func GetDirectory(path string, delimiter string) string {
+
+	dir := strings.Split(path, delimiter)
+	dir = dir[0 : len(dir)-1]
+	dirPath := strings.Join(dir[:], "/")
+
+	return dirPath
+}
+
+func CheckError(err error) {
+	if err != nil {
+		fmt.Println("Fatal error ", err.Error())
+		os.Exit(1)
+	}
+}