File managed-kubernetes-auditing-toolkit.spec of Package managed-kubernetes-auditing-toolkit
#
# spec file for package managed-kubernetes-auditing-toolkit
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define executable_name mkat
Name: managed-kubernetes-auditing-toolkit
Version: 0.3.1
Release: 0
Summary: Identify common security issues in managed Kubernetes environments
License: Apache-2.0
URL: https://github.com/DataDog/managed-kubernetes-auditing-toolkit
Source: %{name}-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: go >= 1.22
%description
MKAT is an all-in-one auditing toolkit for identifying common security issues
within managed Kubernetes environments. It is focused on Amazon EKS at the
moment, and will be extended to other managed Kubernetes environments in the
future.
Features:
* Identify trust relationships between K8s service accounts and AWS IAM roles -
supports both IAM Roles for Service Accounts (IRSA), and Pod Identity,
released on November 26 2023.
* Find hardcoded AWS credentials in K8s resources.
* Test if pods can access the AWS Instance Metadata Service (IMDS).
%package -n %{name}-bash-completion
Summary: Bash Completion for %{name}
Group: System/Shells
Requires: %{name} = %{version}
Requires: bash-completion
Supplements: (%{name} and bash-completion)
BuildArch: noarch
%description -n %{name}-bash-completion
Bash command line completion support for %{name}.
%package -n %{name}-fish-completion
Summary: Fish Completion for %{name}
Group: System/Shells
Requires: %{name} = %{version}
Supplements: (%{name} and fish)
BuildArch: noarch
%description -n %{name}-fish-completion
Fish command line completion support for %{name}.
%package -n %{name}-zsh-completion
Summary: Zsh Completion for %{name}
Group: System/Shells
Requires: %{name} = %{version}
Supplements: (%{name} and zsh)
BuildArch: noarch
%description -n %{name}-zsh-completion
zsh command line completion support for %{name}.
%prep
%autosetup -p 1 -a 1
%build
go build \
-mod=vendor \
-buildmode=pie \
-ldflags=" \
-X main.BuildVersion=%{version}" \
-o bin/%{executable_name} ./cmd/%{name}/main.go
%install
# Install the binary.
install -D -m 0755 bin/%{executable_name} %{buildroot}/%{_bindir}/%{executable_name}
# create the bash completion file
mkdir -p %{buildroot}%{_datarootdir}/bash-completion/completions/
%{buildroot}/%{_bindir}/%{executable_name} completion bash > %{buildroot}%{_datarootdir}/bash-completion/completions/%{executable_name}
# create the fish completion file
mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/
%{buildroot}/%{_bindir}/%{executable_name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{executable_name}.fish
# create the zsh completion file
mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/
%{buildroot}/%{_bindir}/%{executable_name} completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{executable_name}
%files
%doc README.md
%license LICENSE
%{_bindir}/%{executable_name}
%files -n %{name}-bash-completion
%dir %{_datarootdir}/bash-completion/completions/
%{_datarootdir}/bash-completion/completions/%{executable_name}
%files -n %{name}-fish-completion
%dir %{_datarootdir}/fish
%dir %{_datarootdir}/fish/vendor_completions.d
%{_datarootdir}/fish/vendor_completions.d/%{executable_name}.fish
%files -n %{name}-zsh-completion
%defattr(-,root,root)
%dir %{_datarootdir}/zsh_completion.d/
%{_datarootdir}/zsh_completion.d/_%{executable_name}
%changelog
