kube-tools/overlay/usr/local/bin/flux-audit

#!/usr/bin/env bash
set -eo pipefail

KUSTOMIZE_FLAGS=("--load-restrictor=LoadRestrictionsNone")
KUSTOMIZE_CONFIG="**/overlays/**/kustomization.yaml"

FLUX_PATH="${1:-.}"
POLARIS_EXCLUDE_PATHS=(
    "flux/clusters/cloud-infra/flux-system/"
)

if [ -z "$POLARIS_CONFIG" ]; then
    POLARIS_CONFIG=(
        "--format=pretty"
        "--set-exit-code-on-danger"
        "--set-exit-code-below-score=80"
        "--only-show-failed-tests=true"
        "--audit-path=-"
    )
else
    # shellcheck disable=SC2128
    IFS=', ' read -r -a POLARIS_CONFIG <<<"$POLARIS_CONFIG"
fi

printf "\nINFO - Auditing kustomize overlays\n"
find "${FLUX_PATH%/}" -type f -name $KUSTOMIZE_CONFIG -print0 | while IFS= read -r -d $'\0' file; do
    printf "INFO - Auditing kustomization %s\n" "${file/%$KUSTOMIZE_CONFIG/}"
    for EXCLUDE in "${POLARIS_EXCLUDE_PATHS[@]}"; do
        if [ "$EXCLUDE" == "${file/%$KUSTOMIZE_CONFIG/}" ]; then
            continue 2
        fi
    done

    kustomize build "${file/%$KUSTOMIZE_CONFIG/}" "${KUSTOMIZE_FLAGS[@]}" |
        polaris audit "${POLARIS_CONFIG[@]}"
    echo
    if [[ ${PIPESTATUS[0]} != 0 ]]; then
        exit 1
    fi
done
feat: add fairwinds polaris 2023-06-25 13:56:41 +00:00			`#!/usr/bin/env bash`
			`set -eo pipefail`

			`KUSTOMIZE_FLAGS=("--load-restrictor=LoadRestrictionsNone")`
feat: add fairwinds polaris 2023-06-25 13:59:01 +00:00			`KUSTOMIZE_CONFIG="/overlays//kustomization.yaml"`
feat: add fairwinds polaris 2023-06-25 13:56:41 +00:00
			`FLUX_PATH="${1:-.}"`
			`POLARIS_EXCLUDE_PATHS=(`
			`"flux/clusters/cloud-infra/flux-system/"`
			`)`

			`if [ -z "$POLARIS_CONFIG" ]; then`
			`POLARIS_CONFIG=(`
			`"--format=pretty"`
			`"--set-exit-code-on-danger"`
			`"--set-exit-code-below-score=80"`
			`"--only-show-failed-tests=true"`
			`"--audit-path=-"`
			`)`
			`else`
			`# shellcheck disable=SC2128`
			`IFS=', ' read -r -a POLARIS_CONFIG <<<"$POLARIS_CONFIG"`
			`fi`

			`printf "\nINFO - Auditing kustomize overlays\n"`
			`find "${FLUX_PATH%/}" -type f -name $KUSTOMIZE_CONFIG -print0 \| while IFS= read -r -d $'\0' file; do`
			`printf "INFO - Auditing kustomization %s\n" "${file/%$KUSTOMIZE_CONFIG/}"`
			`for EXCLUDE in "${POLARIS_EXCLUDE_PATHS[@]}"; do`
			`if [ "$EXCLUDE" == "${file/%$KUSTOMIZE_CONFIG/}" ]; then`
			`continue 2`
			`fi`
			`done`

			`kustomize build "${file/%$KUSTOMIZE_CONFIG/}" "${KUSTOMIZE_FLAGS[@]}" \|`
			`polaris audit "${POLARIS_CONFIG[@]}"`
			`echo`
			`if [[ ${PIPESTATUS[0]} != 0 ]]; then`
			`exit 1`
			`fi`
			`done`