Client Certificate Disabled

  • Query id: dd690686-2bf9-4012-a821-f61912dd77be
  • Query name: Client Certificate Disabled
  • Platform: GoogleDeploymentManager
  • Severity: High
  • Category: Insecure Configurations
  • CWE: 1188
  • URL: Github

Description

Kubernetes Clusters must be created with Client Certificate enabled, which means 'masterAuth' must have 'clientCertificateConfig' with the attribute 'issueClientCertificate' equal to true
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      name: my-cluster
Positive test num. 2 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      name: my-cluster
      masterAuth:
        clientKey: key
Positive test num. 3 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      name: my-cluster
      masterAuth:
        clientCertificateConfig:
          issueClientCertificate: false

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      name: my-cluster
      masterAuth:
        clientCertificateConfig:
          issueClientCertificate: true