Cluster Master Authentication Disabled

  • Query id: 7ef7d141-9fbb-4679-a977-fd0883436906
  • Query name: Cluster Master Authentication Disabled
  • Platform: GoogleDeploymentManager
  • Severity: Medium
  • Category: Insecure Configurations
  • CWE: 1188
  • URL: Github

Description

Kubernetes Engine Clusters must have Master Authentication set to enabled, which means the attribute 'masterAuth' must have the subattributes 'username' and 'password' defined and not empty
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: cluster
Positive test num. 2 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      masterAuth:
        clientKey: test
Positive test num. 3 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      masterAuth:
        username:
        password:

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      masterAuth:
        username: test
        password: test