From af701c3a1b8f971d434d63219e1a9551c7ec26ff Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Sun, 25 Jun 2023 16:26:54 +0200
Subject: [PATCH] add excludes

---
 Dockerfile                       |  2 +-
 overlay/usr/local/bin/flux-audit | 20 +++++++++++++-------
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 00dc4c6..c3e50f4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,7 +27,7 @@ ENV KUBECONFORM_VERSION="${KUBECONFORM_VERSION:-v0.6.2}"
 # renovate: datasource=github-releases depName=FairwindsOps/polaris
 ENV POLARIS_VERSION="${POLARIS_VERSION:-8.2.3}"
 
-RUN apk --update add curl tar bash python3 py3-yaml && \
+RUN apk --update add curl tar bash python3 py3-yaml findutils && \
     curl -SsfL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl" && \
     curl -SsfL -o /usr/local/bin/kubectl-convert "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl-convert" && \
     curl -SsfL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" && \
diff --git a/overlay/usr/local/bin/flux-audit b/overlay/usr/local/bin/flux-audit
index ccdd3f0..c8664b9 100755
--- a/overlay/usr/local/bin/flux-audit
+++ b/overlay/usr/local/bin/flux-audit
@@ -5,9 +5,11 @@ KUSTOMIZE_FLAGS=("--load-restrictor=LoadRestrictionsNone")
 KUSTOMIZE_CONFIG="**/overlays/**/kustomization.yaml"
 
 FLUX_PATH="${1:-.}"
-POLARIS_EXCLUDE_PATHS=(
-    "flux/clusters/cloud-infra/flux-system/"
-)
+
+# shellcheck disable=SC2128
+IFS=', ' read -r -a POLARIS_EXCLUDE_PATHS <<<"$POLARIS_EXCLUDE_PATHS"
+
+echo "${POLARIS_EXCLUDE_PATHS[@]}"
 
 if [ -z "$POLARIS_CONFIG" ]; then
     POLARIS_CONFIG=(
@@ -23,15 +25,19 @@ else
 fi
 
 printf "\nINFO - Auditing kustomize overlays\n"
-find "${FLUX_PATH%/}" -type f -name $KUSTOMIZE_CONFIG -print0 | while IFS= read -r -d $'\0' file; do
-    printf "INFO - Auditing kustomization %s\n" "${file/%$KUSTOMIZE_CONFIG/}"
+find "${FLUX_PATH%/}" -type f -iwholename "$KUSTOMIZE_CONFIG" -print0 | while IFS= read -r -d $'\0' file; do
+    KUSTOMIZE_BASENAME=$(basename "$KUSTOMIZE_CONFIG")
+    KUSTOMIZE_BUILD="${file/%$KUSTOMIZE_BASENAME/}"
+
     for EXCLUDE in "${POLARIS_EXCLUDE_PATHS[@]}"; do
-        if [ "$EXCLUDE" == "${file/%$KUSTOMIZE_CONFIG/}" ]; then
+        if [ "$EXCLUDE" == "$KUSTOMIZE_BUILD" ]; then
+            printf "INFO - Skipping kustomization %s\n" "$KUSTOMIZE_BUILD"
             continue 2
         fi
     done
 
-    kustomize build "${file/%$KUSTOMIZE_CONFIG/}" "${KUSTOMIZE_FLAGS[@]}" |
+    printf "INFO - Auditing kustomization %s\n" "$KUSTOMIZE_BUILD"
+    kustomize build "$KUSTOMIZE_BUILD" "${KUSTOMIZE_FLAGS[@]}" |
         polaris audit "${POLARIS_CONFIG[@]}"
     echo
     if [[ ${PIPESTATUS[0]} != 0 ]]; then