kubeaudit icon indicating copy to clipboard operation
kubeaudit copied to clipboard

Published 20 hours ago verified publisher icon Shopify

Scan multiple files at once

Open danthegoodman1 opened this issue 3 years ago • 5 comments

ISSUE TYPE
  • [x] Feature Idea

BUG REPORT

SUMMARY

It would be great if there was a way to pass multiple files to kubeaudit so that it could do many at once, specifically for the docker container

ENVIRONMENT
  • latest docker version

Proposal:

Being able to run a command like: docker run -v $(pwd):/app shopify/kubeaudit all -f /app/*.y\*ml would be sublime. The above command spits out:

time="2021-05-25T14:45:41Z" level=fatal msg="Error opening manifest file" error="open /app/*.y\\*ml): no such file or directory"

If I manually pass multiple files in with working paths that I've tested individually, it only scans the first file, all others are ignored.

danthegoodman1 avatar May 25 '21 14:05 danthegoodman1

Thanks for opening your first issue here! Be sure to follow the issue template!

ghost avatar May 25 '21 14:05 ghost

Thanks for your suggestion @danthegoodman1. The team will triage this issue in the next meeting. Also, feel free to open a PR if you have time/want to contribute! :)

dani-santos-code avatar May 25 '21 15:05 dani-santos-code

Agreed that support for multiple files would be really awesome. We've thought about implementing this before but got kind of stuck choosing the right approach. We could either

  1. Include the filename in each result (in the metadata) Pro: This wouldn't change any exposed structures since the metadata where we would be adding the filename is just a map that can contain any data Con: Results from the same file wouldn't necessarily be grouped together Con: We would need to pass the filename around through a lot of the codebase, or modify results at the end by inserting the filename

  2. Run the audit (as it works currently) for each file in the provided glob / directory and group the results by filename Pro: Results from the same file would be grouped together Pro: This would require very little change to the code since it would happen at basically the entrypoint Con: This would be a breaking change for both the package and for any programs consuming the JSON output

We could potentially get around the the con for option 2 by

  1. Providing a new function in the package like AuditGlob that returns results in the new structure (eg. a map where the key is the filename and the value is an array of results)
  2. For the cli, if the param passed into -f is a file, produce results as they are today, or if it's a glob / directory, group results by filename. This might result in kind of confusing behaviour, so a separate flag for like group-by-filename might be better?

genevieveluyt avatar Jun 15 '21 16:06 genevieveluyt

a cheap solution is to use xargs, for example ls *.yaml | xargs kubeaudit all -f

nobletrout avatar Nov 06 '21 17:11 nobletrout

I've come up with this if someone need, it finds all files recursively. This might be useful for CI for example. find ./ | grep .yaml | xargs -I{} -d'\n' kubeaudit all -f {}

MikeDevresse avatar Dec 22 '22 10:12 MikeDevresse