Google Container Node Pool Auto Repair Disabled
- Query id: d58c6f24-3763-4269-9f5b-86b2569a003b
- Query name: Google Container Node Pool Auto Repair Disabled
- Platform: Ansible
- Severity: Medium
- Category: Insecure Configurations
- CWE: 693
- URL: Github
Description¶
Google Container Node Pool Auto Repair should be enabled. This service periodically checks for failing nodes and repairs them to ensure a smooth running state.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: create a node pool
google.cloud.gcp_container_node_pool:
name: my-pool
initial_node_count: 4
cluster: "{{ cluster }}"
location: us-central1-a
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
management:
auto_repair: no
- name: create a node pool2
google.cloud.gcp_container_node_pool:
name: my-pool
initial_node_count: 4
cluster: "{{ cluster }}"
location: us-central1-a
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
management:
auto_repair: false
- name: create a node pool3
google.cloud.gcp_container_node_pool:
name: my-pool
initial_node_count: 4
cluster: "{{ cluster }}"
location: us-central1-a
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create a node pool
google.cloud.gcp_container_node_pool:
name: my-pool
initial_node_count: 4
cluster: '{{ cluster }}'
location: us-central1-a
project: test_project
auth_kind: serviceaccount
service_account_file: /tmp/auth.pem
state: present
management:
auto_repair: yes
- name: create a node pool
google.cloud.gcp_container_node_pool:
name: my-pool
initial_node_count: 4
cluster: '{{ cluster }}'
location: us-central1-a
project: test_project
auth_kind: serviceaccount
service_account_file: /tmp/auth.pem
state: present
management:
auto_repair: true