GKE Legacy Authorization Enabled

• Query id: df58d46c-783b-43e0-bdd0-d99164f712ee
• Query name: GKE Legacy Authorization Enabled
• Platform: GoogleDeploymentManager
• Severity: High
• Category: Insecure Configurations
• URL: Github

Description

Kubernetes Engine Clusters must have Legacy Authorization set to disabled, which means the attribute 'legacyAbac.enabled' must be false.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      legacyAbac:
        enabled: true

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster

Negative test num. 2 - yaml file

resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      legacyAbac:
        enabled: false