🐛 Fix kubelet config control (#69)

This fixes the issue described in mondoohq/mondoo-operator#668 Signed-off-by: Ivan Milchev <[email protected]>
mondoohq · Nov 8, 2022 · 7fd5c9f · 7fd5c9f
1 parent b9e1caf
commit 7fd5c9f
Showing 1 changed file with 16 additions and 14 deletions.
diff --git a/core/mondoo-kubernetes-security.mql.yaml b/core/mondoo-kubernetes-security.mql.yaml
@@ -451,20 +451,22 @@ queries:
       chmod 600 /etc/kubernetes/kubelet.conf
       ```
   query: |
-    if (file(k8s.kubelet.configuration['config']).exists) {
-      file(k8s.kubelet.configuration['config']) {
-        user.name == "root"
-        group.name == "root"
-      }
-      file(k8s.kubelet.configuration['config']).permissions {
-        user_readable == true
-        user_executable == false
-        group_readable == false
-        group_writeable == false
-        group_executable == false
-        other_readable == false
-        other_writeable == false
-        other_executable == false
+    if (k8s.kubelet.configFile != null) {
+      if (k8s.kubelet.configFile.exists) {
+        k8s.kubelet.configFile {
+          user.name == "root"
+          group.name == "root"
+        }
+        k8s.kubelet.configFile.permissions {
+          user_readable == true
+          user_executable == false
+          group_readable == false
+          group_writeable == false
+          group_executable == false
+          other_readable == false
+          other_writeable == false
+          other_executable == false
+        }
       }
     }
 - uid: mondoo-kubernetes-security-secure-kubelet-cert-authorities