-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkubescape-check-helm-chart
executable file
·72 lines (58 loc) · 2.2 KB
/
kubescape-check-helm-chart
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/usr/bin/env python3
import argparse
import glob
import re
import subprocess
import sys
from typing import Any
import yaml
class GitHubLogGroup:
def __init__(self, message: str) -> None:
self.message = message
def __enter__(self) -> None:
print(f"::group::{self.message}")
sys.stdout.flush()
def __exit__(self, exc_type: Any, exc_value: Any, traceback: Any) -> None:
del traceback
print("::endgroup::")
if exc_type is not None:
print(f"With {exc_value} error.")
def main() -> None:
parser = argparse.ArgumentParser(description="Run the Kubescape scan on all the HELM charts.")
parser.parse_args()
for filename in [
# "apps/int/allianz/allianz-zppv2/helmfile.yaml"
*glob.glob("apps/int/**/helmfile.yaml", recursive=True),
*glob.glob("apps/prod/**/helmfile.yaml", recursive=True),
]:
print("Process file: ", filename)
print('"' * 80)
with open(filename, encoding="utf-8") as f:
helmfile = yaml.safe_load(f.read())
with GitHubLogGroup(f"Process file: {filename}"):
for nb, release in enumerate(helmfile["releases"]):
print("Index: ", nb)
print('"' * 80)
del release
try:
filename_match = re.match(r"apps/(int|prod)/(.+)/(.+)/helmfile.yaml", filename)
subprocess.run(
[
"scripts/template-gen",
"--debug",
"--no-sops",
f"--index={nb}",
f"--output=kubescape/{filename_match.group(1)}-{filename_match.group(2)}-{filename_match.group(3)}-{nb}.yaml",
filename,
],
check=True,
)
except subprocess.CalledProcessError:
print("Error during templating.")
exit(1)
process = subprocess.run(
["kubescape", "scan", "kubescape/", "--format=json", "--output=kubescape.json"],
)
sys.exit(process.returncode)
if __name__ == "__main__":
main()