kube-tools/overlay/usr/local/bin/flux-audit

47 lines
1.3 KiB
Plaintext
Raw Normal View History

2023-06-25 13:56:41 +00:00
#!/usr/bin/env bash
set -eo pipefail
KUSTOMIZE_FLAGS=("--load-restrictor=LoadRestrictionsNone")
2023-06-25 13:59:01 +00:00
KUSTOMIZE_CONFIG="**/overlays/**/kustomization.yaml"
2023-06-25 13:56:41 +00:00
FLUX_PATH="${1:-.}"
2023-06-25 14:26:54 +00:00
# shellcheck disable=SC2128
IFS=', ' read -r -a POLARIS_EXCLUDE_PATHS <<<"$POLARIS_EXCLUDE_PATHS"
echo "${POLARIS_EXCLUDE_PATHS[@]}"
2023-06-25 13:56:41 +00:00
if [ -z "$POLARIS_CONFIG" ]; then
POLARIS_CONFIG=(
"--format=pretty"
"--set-exit-code-on-danger"
"--set-exit-code-below-score=80"
"--only-show-failed-tests=true"
"--audit-path=-"
)
else
# shellcheck disable=SC2128
IFS=', ' read -r -a POLARIS_CONFIG <<<"$POLARIS_CONFIG"
fi
printf "\nINFO - Auditing kustomize overlays\n"
2023-06-25 14:26:54 +00:00
find "${FLUX_PATH%/}" -type f -iwholename "$KUSTOMIZE_CONFIG" -print0 | while IFS= read -r -d $'\0' file; do
KUSTOMIZE_BASENAME=$(basename "$KUSTOMIZE_CONFIG")
KUSTOMIZE_BUILD="${file/%$KUSTOMIZE_BASENAME/}"
2023-06-25 13:56:41 +00:00
for EXCLUDE in "${POLARIS_EXCLUDE_PATHS[@]}"; do
2023-06-25 14:26:54 +00:00
if [ "$EXCLUDE" == "$KUSTOMIZE_BUILD" ]; then
printf "INFO - Skipping kustomization %s\n" "$KUSTOMIZE_BUILD"
2023-06-25 13:56:41 +00:00
continue 2
fi
done
2023-06-25 14:26:54 +00:00
printf "INFO - Auditing kustomization %s\n" "$KUSTOMIZE_BUILD"
kustomize build "$KUSTOMIZE_BUILD" "${KUSTOMIZE_FLAGS[@]}" |
2023-06-25 13:56:41 +00:00
polaris audit "${POLARIS_CONFIG[@]}"
echo
if [[ ${PIPESTATUS[0]} != 0 ]]; then
exit 1
fi
done