Skip to content

Commit

Permalink
Merge pull request #5 from datreeio/allresources
Browse files Browse the repository at this point in the history 
add ability to test entire cluster
  • Loading branch information
hadar-co authored Oct 25, 2022
2 parents 56c2d2d + daa3b42 commit d274020
Showing 1 changed file with 109 additions and 23 deletions.
132 changes: 109 additions & 23 deletions kubectl-datree
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
#!/bin/bash


# Check if Datree is installed
if ! command -v datree &> /dev/null; then
printf "Datree is not installed on your machine, please run 'curl https://get.datree.io | /bin/bash' to install\n"
Expand All @@ -16,7 +17,9 @@ show_help(){
printf " This plugin supports all of the Datree CLI arguments: https://hub.datree.io/cli-arguments\n"
printf "\nOptions:\n"
printf " [-n <namespace>] Test all resources in the cluster belonging to the specified namespace\n"
printf " [<resource type> <resource name> <namespace>] Test a single given resource in the cluster\n"
printf " [--all] Test all resources in the cluster\n"
printf " When using '--all', you can specify namespaces to exclude using '--exclude <namespace> --exclude <namespace2>'\n"
printf " [<resource type> <resource name> <namespace>] Test a single resource in the cluster\n"
printf "\nRunning 'kubectl datree test' with no arguments is equivalent to 'kubectl datree test -- -n default'\n"
}

Expand All @@ -40,7 +43,9 @@ export DATREE_SCHEMA_VERSION=$SERVER_VERSION
DATREE_OPTIONS=()
EOO=0
TEST_BY_NAMESPACE=1
NAMESPACE="default"
TEST_ALL=0
NAMESPACES=()
EXCLUDED_NAMESPACES=("kube-system" "kube-public" "kube-node-lease")
RESOURCE_KIND=""
RESOURCE_NAME=""

Expand All @@ -55,25 +60,52 @@ while [[ $2 ]]; do

shift
else
if [[ $2 == "-n" ]] || [[ $2 == "--namespace" ]]; then
if [[ $2 == "--all" ]]; then
TEST_BY_NAMESPACE=0
TEST_ALL=1
shift
continue
elif [[ $2 == "--exclude" ]]; then
if [[ $TEST_ALL -ne 1 ]]; then
printf "Incorrect usage of the '--exclude' option.\n\n"
show_help
exit 1
fi

if [ ! -z "$3" ]; then
NAMESPACE="$3"
EXCLUDED_NAMESPACES+=("$3")
shift 2
continue
else
printf "Incorrect usage of the '--exclude' option.\n\n"
show_help
exit 1
fi
elif [[ $2 == "-n" ]] || [[ $2 == "--namespace" ]]; then
if [ ! -z "$3" ]; then
NAMESPACES+=("$3")
else
echo "No namespace provided, using 'default' namespace"
NAMESPACES+=("default")
fi
elif [ ! -z "$2" ]; then
if [ ! -z "$3" ]; then
TEST_BY_NAMESPACE=0
RESOURCE_KIND="$2"
RESOURCE_NAME="$3"
if [ ! -z "$4" ]; then
NAMESPACE="$4"
NAMESPACES+=("$4")
else
echo "No namespace provided, exiting..."
exit 1
fi
else
echo "No resource name provided, exiting..."
exit 1
fi
else
echo "No resource type or name provided, exiting..."
exit 1
fi

break
Expand All @@ -88,9 +120,9 @@ get_yamls(){
do
FILENAME="kubectl-${line%%/*}-${line##*/}.yaml"

kubectl apply view-last-applied $line -n $NAMESPACE > $DST_DIR/$FILENAME
kubectl apply view-last-applied $line -n "$1" > $DST_DIR/$FILENAME
if [ ! -s $DST_DIR/$FILENAME ]; then
kubectl get $line -n $NAMESPACE -o yaml > $DST_DIR/$FILENAME &
kubectl get $line -n "$1" -o yaml > $DST_DIR/$FILENAME &
fi

scanned_files+=("$line")
Expand All @@ -107,35 +139,80 @@ get_common_resources(){

FILENAME="kubectl-${line%%/*}-${line##*/}.yaml"

kubectl apply view-last-applied $line -n $NAMESPACE > $DST_DIR/$FILENAME
kubectl apply view-last-applied $line -n "$1" > $DST_DIR/$FILENAME
if [ ! -s $DST_DIR/$FILENAME ]; then
kubectl get $line -n $NAMESPACE -o yaml > $DST_DIR/$FILENAME &
kubectl get $line -n "$1" -o yaml > $DST_DIR/$FILENAME &
fi

scanned_files+=("$line")
done
}

additional_resources=("ingress","crds")
additional_resources=("ingress")
get_additional_resources(){
for str in ${additional_resources[@]}; do
get_yamls < <(kubectl get $str -o name -n $NAMESPACE)
get_yamls "$1" < <(kubectl get $str -o name -n $1)
done
}

get_crds(){
get_yamls "default" < <(kubectl get crd -o name)
}

get_all_namespaces(){
while read line
do
line=${line##*/}

if [[ " ${EXCLUDED_NAMESPACES[*]} " =~ " ${line} " ]]; then
# skip excluded namespace
continue;
fi

NAMESPACES+=("$line")
done < <(kubectl get ns -o name)
}

DATREE_TEST_COMMAND="datree test "${DATREE_OPTIONS[@]}""

# List all scanned files to display at end of test
scanned_files=()
wereFilesScanned=0

# Test file/s
if ((TEST_BY_NAMESPACE)); then
if ((TEST_ALL)); then
# Test all resources in the cluster
echo "Fetching resources from all namespaces, this may take some time depending on the amount of resources in your cluster..."
get_all_namespaces
for namespace in ${NAMESPACES[@]}; do
get_common_resources $namespace < <(kubectl get all -n $namespace --selector='!pod-template-hash','!controller-revision-hash','!controller-uid' -o name)
get_additional_resources $namespace
done

get_crds
wait

if [ "$(ls -A $DST_DIR)" ]; then
$DATREE_TEST_COMMAND $DST_DIR/*.yaml
if [ "$?" != 1 ]; then
wereFilesScanned=1
fi
else
echo "Invalid namespace provided, exiting..."

fi
elif ((TEST_BY_NAMESPACE)); then
# Test all resources in a given namespace
if [ ${#NAMESPACES[@]} -eq 0 ]; then
echo "No namespace provided, using 'default' namespace"
NAMESPACES+=("default")
fi

echo "Fetching resources, this may take some time depending on the amount of resources in your cluster..."

get_common_resources < <(kubectl get all -n $NAMESPACE --selector='!pod-template-hash','!controller-revision-hash','!controller-uid' -o name)
get_additional_resources
get_common_resources ${NAMESPACES[0]} < <(kubectl get all -n ${NAMESPACES[0]} --selector='!pod-template-hash','!controller-revision-hash','!controller-uid' -o name)
get_additional_resources ${NAMESPACES[0]}
get_crds
wait

if [ "$(ls -A $DST_DIR)" ]; then
Expand All @@ -144,12 +221,13 @@ if ((TEST_BY_NAMESPACE)); then
wereFilesScanned=1
fi
else
echo "Invalid namespace provided, exiting..."
echo "Directory is empty or an error occurred when writing files, exiting..."
exit 1
fi
else
# Test a single file of a given resource type
kubectl get $RESOURCE_KIND $RESOURCE_NAME -n $NAMESPACE -o yaml > $DST_DIR/"kubectl-$RESOURCE_KIND-$RESOURCE_NAME".yaml
scanned_files+=("$(kubectl get $RESOURCE_KIND $RESOURCE_NAME -n $NAMESPACE -o name)")
kubectl get $RESOURCE_KIND $RESOURCE_NAME -n ${NAMESPACES[0]} -o yaml > $DST_DIR/"kubectl-$RESOURCE_KIND-$RESOURCE_NAME".yaml
scanned_files+=("$(kubectl get $RESOURCE_KIND $RESOURCE_NAME -n ${NAMESPACES[0]} -o name)")

if [ -s $DST_DIR/"kubectl-$RESOURCE_KIND-$RESOURCE_NAME".yaml ]; then
$DATREE_TEST_COMMAND $DST_DIR/"kubectl-$RESOURCE_KIND-$RESOURCE_NAME".yaml
Expand All @@ -160,12 +238,20 @@ else
fi

if [ "$wereFilesScanned" != 0 ]; then
printf "\nThe following cluster resources in namespace '$NAMESPACE' were checked:\n\n"
for file in "${scanned_files[@]}"
do
echo "$file"
done
printf "\n"
if ((TEST_ALL)); then
printf "All supported resources in the following namespaces were checked:\n\n"
for namespace in ${NAMESPACES[@]}
do
printf "$namespace\n"
done
else
printf "The following resources in namespace '${NAMESPACES[0]}' were checked:\n\n"
for file in "${scanned_files[@]}"
do
printf "$file\n"
done
printf "\n"
fi
fi

# Cleanup
Expand Down

0 comments on commit d274020

Please sign in to comment.