#!/usr/bin/env ruby require 'kube_auto_analyzer' require 'ostruct' require 'optparse' options = OpenStruct.new options.report_directory = Dir.pwd options.report_file = 'kube-parse-report' options.target_server = 'http://127.0.0.1:8080' options.html_report = true options.json_report = false options.token = '' options.token_file = '' options.config_file = false options.agent_checks = false options.insecure = false options.context = false options.nosslverify = false options.dump_config = false options.audit_rbac = false options.cluster_version = '1.11' options.cis_audit = false opts = OptionParser.new do |opts| opts.banner = "Kubernetes Auto Analyzer #{KubeAutoAnalyzer::VERSION}" #TODO: Need options for different authentication mechanisms opts.on("-c", "--config [CONFIG]", "kubeconfig file to load") do |file| options.config_file = file end opts.on("-d", "--dump [DUMP]", "Dump cluster config into report") do |dump| options.dump_config = true end opts.on("--context [CONTEXT]", "context to use from kubeconfig") do |context| options.context = context end opts.on("--rbac", "Audit RBAC") do |rbac| options.audit_rbac = true end opts.on("--nosslverify [NOVERIFY]", "disable SSL verification") do |noverify| options.nosslverify = true end opts.on("-s", "--server [SERVER]", "Target Server") do |serv| options.target_server = serv end opts.on("-i", "--insecure", "Use the Insecure API Server Port") do |insecure| options.insecure = true end opts.on("-t", "--token [TOKEN]", "Bearer Token to Use") do |token| options.token = token end opts.on("-a", "--audit [AUDIT]", "CIS Audit against 1.8 Standard") do |audit| options.cis_audit = true end opts.on("-j", "--json", "Create a JSON report") do |json| options.json_report = true end opts.on("--html", "Create an HTML report") do |html| options.html_report = true end opts.on("-f", "--token_file [TOKENFILE]", "Token file to use (provide full path)") do |token_file| options.token = token_file end opts.on("-r", "--report [REPORT]", "Report Base name") do |rep| options.report_file = rep + '_kube' end opts.on("--reportDirectory [REPORTDIRECTORY]", "Report Directory") do |rep| options.report_directory = rep end opts.on("--agentChecks","Carry out Agent Based Checks ") do |fc| options.agent_checks = true end opts.on("-h", "--help", "-?", "--?", "Get Help") do |help| puts opts exit end opts.on("-v", "--version", "get Version") do |ver| puts "Kubernetes Analyzer Version #{KubernetesAnalyzer::VERSION}" exit end end opts.parse!(ARGV) unless (options.token.length > 1 || options.config_file || options.token_file.length > 1 || options.insecure ) puts "No valid auth mechanism specified" puts opts exit end unless (options.json_report || options.html_report) puts "You need to ask for either an HTML report or a JSON one (or both)" puts opts exit end KubeAutoAnalyzer.execute(options)