From 8a2ee04bedc72dc5d283a03daa5f1522d4ad5a10 Mon Sep 17 00:00:00 2001
From: raffis <raffael.sahli@doodle.com>
Date: Fri, 10 Jun 2022 00:19:26 +0200
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Support=20dash=20as=20short=20for?=
 =?UTF-8?q?=20stdin=20(#434)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Support dash as short for stdin

Signed-off-by: Raffael Sahli <raffael.sahli@doodle.com>

* document dash stdin

Signed-off-by: Raffael Sahli <raffael.sahli@doodle.com>
---
 README.md            |  2 +-
 cmd/commands/root.go | 28 ++++++++++++++++++----------
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index b5ae355c..caeef4c1 100644
--- a/README.md
+++ b/README.md
@@ -213,7 +213,7 @@ Auditors can also be run individually.
 | :---- | :----------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------- |
 |       | --format           | The output format to use (one of "pretty", "logrus", "json") (default is "pretty")                                                                     |
 | -c    | --kubeconfig       | Path to local Kubernetes config file. Only used in local mode (default is `$HOME/.kube/config`)                                                        |
-| -f    | --manifest         | Path to the yaml configuration to audit. Only used in manifest mode.                                                                                   |
+| -f    | --manifest         | Path to the yaml configuration to audit. Only used in manifest mode. You may use `-` to read from stdin.                                               |
 | -n    | --namespace        | Only audit resources in the specified namespace. Not currently supported in manifest mode.                                                             |
 | -g    | --includegenerated | Include generated resources in scan  (such as Pods generated by deployments). If you would like kubeaudit to produce results for generated resources (for example if you have custom resources or want to catch orphaned resources where the owner resource no longer exists) you can use this flag. |
 | -m    | --minseverity      | Set the lowest severity level to report (one of "error", "warning", "info") (default "info")                                                           |
diff --git a/cmd/commands/root.go b/cmd/commands/root.go
index 6054809d..99e3e107 100644
--- a/cmd/commands/root.go
+++ b/cmd/commands/root.go
@@ -17,12 +17,12 @@ import (
 var rootConfig rootFlags
 
 type rootFlags struct {
-	format      string
-	kubeConfig  string
-	manifest    string
-	namespace   string
-	minSeverity string
-	exitCode    int
+	format           string
+	kubeConfig       string
+	manifest         string
+	namespace        string
+	minSeverity      string
+	exitCode         int
 	includeGenerated bool
 }
 
@@ -91,11 +91,19 @@ func getReport(auditors ...kubeaudit.Auditable) *kubeaudit.Report {
 	auditor := initKubeaudit(auditors...)
 
 	if rootConfig.manifest != "" {
-		manifest, err := os.Open(rootConfig.manifest)
-		if err != nil {
-			log.WithError(err).Fatal("Error opening manifest file")
+		var f *os.File
+		if rootConfig.manifest == "-" {
+			f = os.Stdin
+		} else {
+			manifest, err := os.Open(rootConfig.manifest)
+			if err != nil {
+				log.WithError(err).Fatal("Error opening manifest file")
+			}
+
+			f = manifest
 		}
-		report, err := auditor.AuditManifest(manifest)
+
+		report, err := auditor.AuditManifest(f)
 		if err != nil {
 			log.WithError(err).Fatal("Error auditing manifest")
 		}