diff --git a/docs/user/commands/kyverno-json_scan.md b/docs/user/commands/kyverno-json_scan.md index 26060848..10c18cd6 100644 --- a/docs/user/commands/kyverno-json_scan.md +++ b/docs/user/commands/kyverno-json_scan.md @@ -14,6 +14,7 @@ kyverno-json scan [flags] ``` -h, --help help for scan + --labels strings Labels selectors for policies --payload string Path to payload (json or yaml file) --policy strings Path to kyverno-json policies --pre-process strings JmesPath expression used to pre process payload diff --git a/pkg/commands/scan/command.go b/pkg/commands/scan/command.go index b124e44f..628ca0b3 100644 --- a/pkg/commands/scan/command.go +++ b/pkg/commands/scan/command.go @@ -17,5 +17,6 @@ func Command() *cobra.Command { cmd.Flags().StringVar(&command.payload, "payload", "", "Path to payload (json or yaml file)") cmd.Flags().StringSliceVar(&command.preprocessors, "pre-process", nil, "JmesPath expression used to pre process payload") cmd.Flags().StringSliceVar(&command.policies, "policy", nil, "Path to kyverno-json policies") + cmd.Flags().StringSliceVar(&command.selectors, "labels", nil, "Labels selectors for policies") return cmd } diff --git a/pkg/commands/scan/options.go b/pkg/commands/scan/options.go index 8388e7b8..01c5ed23 100644 --- a/pkg/commands/scan/options.go +++ b/pkg/commands/scan/options.go @@ -4,7 +4,9 @@ import ( "context" "errors" "fmt" + "strings" + "github.com/kyverno/kyverno-json/pkg/apis/v1alpha1" "github.com/kyverno/kyverno-json/pkg/engine/template" jsonengine "github.com/kyverno/kyverno-json/pkg/json-engine" "github.com/kyverno/kyverno-json/pkg/payload" @@ -12,12 +14,14 @@ import ( "github.com/kyverno/kyverno/cmd/cli/kubectl-kyverno/output/pluralize" "github.com/spf13/cobra" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/labels" ) type options struct { payload string preprocessors []string policies []string + selectors []string } func (c *options) run(cmd *cobra.Command, _ []string) error { @@ -27,6 +31,23 @@ func (c *options) run(cmd *cobra.Command, _ []string) error { if err != nil { return err } + selector := labels.Everything() + if len(c.selectors) != 0 { + parsed, err := labels.Parse(strings.Join(c.selectors, ",")) + if err != nil { + return err + } + selector = parsed + } + { + var filteredPolicies []*v1alpha1.Policy + for _, policy := range policies { + if selector.Matches(labels.Set(policy.Labels)) { + filteredPolicies = append(filteredPolicies, policy) + } + } + policies = filteredPolicies + } fmt.Fprintln(out, "Loading payload ...") payload, err := payload.Load(c.payload) if err != nil { diff --git a/website/docs/commands/kyverno-json_scan.md b/website/docs/commands/kyverno-json_scan.md index 26060848..10c18cd6 100644 --- a/website/docs/commands/kyverno-json_scan.md +++ b/website/docs/commands/kyverno-json_scan.md @@ -14,6 +14,7 @@ kyverno-json scan [flags] ``` -h, --help help for scan + --labels strings Labels selectors for policies --payload string Path to payload (json or yaml file) --policy strings Path to kyverno-json policies --pre-process strings JmesPath expression used to pre process payload