From 1841b7441dc16b7b4e0524ae5ac8b2090736afd3 Mon Sep 17 00:00:00 2001 From: Ken Kaizu Date: Thu, 7 Apr 2022 22:11:51 +0900 Subject: [PATCH] audit check specific checks when passing checks args (#737) Signed-off-by: krrrr38 Co-authored-by: Robert Brennan --- cmd/polaris/audit.go | 16 ++++++++++++++-- docs/cli.md | 1 + 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/cmd/polaris/audit.go b/cmd/polaris/audit.go index eeeb9b526..0618038f5 100644 --- a/cmd/polaris/audit.go +++ b/cmd/polaris/audit.go @@ -24,6 +24,7 @@ import ( "os" "os/exec" + cfg "github.com/fairwindsops/polaris/pkg/config" "github.com/fairwindsops/polaris/pkg/kube" "github.com/fairwindsops/polaris/pkg/validator" "github.com/sirupsen/logrus" @@ -41,7 +42,7 @@ var resourceToAudit string var useColor bool var helmChart string var helmValues string -var checks string +var checks []string func init() { rootCmd.AddCommand(auditCmd) @@ -57,7 +58,7 @@ func init() { auditCmd.PersistentFlags().StringVar(&resourceToAudit, "resource", "", "Audit a specific resource, in the format namespace/kind/version/name, e.g. nginx-ingress/Deployment.apps/v1/default-backend.") auditCmd.PersistentFlags().StringVar(&helmChart, "helm-chart", "", "Will fill out Helm template") auditCmd.PersistentFlags().StringVar(&helmValues, "helm-values", "", "Optional flag to add helm values") - auditCmd.PersistentFlags().StringVar(&checks, "checks", "", "Optional flag to specify specific checks to check") + auditCmd.PersistentFlags().StringSliceVar(&checks, "checks", []string{}, "Optional flag to specify specific checks to check") } var auditCmd = &cobra.Command{ @@ -68,6 +69,17 @@ var auditCmd = &cobra.Command{ if displayName != "" { config.DisplayName = displayName } + if len(checks) > 0 { + targetChecks := make(map[string]bool) + for _, check := range checks { + targetChecks[check] = true + } + for key := range config.Checks { + if isTarget := targetChecks[key]; !isTarget { + config.Checks[key] = cfg.SeverityIgnore + } + } + } if helmChart != "" { var err error auditPath, err = ProcessHelmTemplates(helmChart, helmValues) diff --git a/docs/cli.md b/docs/cli.md index 159cb4075..013ffeb56 100644 --- a/docs/cli.md +++ b/docs/cli.md @@ -38,6 +38,7 @@ webhook # audit flags --audit-path string If specified, audits one or more YAML files instead of a cluster. + --checks stringArray Optional flag to specify specific checks to check --color Whether to use color in pretty format. (default true) --display-name string An optional identifier for the audit. -f, --format string Output format for results - json, yaml, pretty, or score. (default "json")