From 8cb6824f3c8da74c35f26136796e3c54b5bb6717 Mon Sep 17 00:00:00 2001
From: dwertent <dwertent@cyberarmor.io>
Date: Wed, 1 Sep 2021 13:29:44 +0300
Subject: [PATCH] ignore k8s config when running local yamls

---
 cautils/k8sinterface/k8sconfig.go             |  5 +++--
 cautils/opapolicy/resources/resourcesutils.go | 19 ++++++-------------
 cautils/scaninfo.go                           |  4 ++++
 cmd/framework.go                              |  5 ++++-
 install.sh                                    |  2 +-
 opaprocessor/processorhandler.go              |  2 +-
 policyhandler/handlenotification.go           |  7 +++----
 7 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/cautils/k8sinterface/k8sconfig.go b/cautils/k8sinterface/k8sconfig.go
index 84c5ab6b..79fda28a 100644
--- a/cautils/k8sinterface/k8sconfig.go
+++ b/cautils/k8sinterface/k8sconfig.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"strings"
 
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
@@ -52,7 +53,7 @@ var RunningIncluster bool
 func LoadK8sConfig() error {
 	kubeconfig, err := config.GetConfig()
 	if err != nil {
-		return fmt.Errorf("Failed to load kubernetes config: %s\n", err)
+		return fmt.Errorf("failed to load kubernetes config: %s\n", strings.ReplaceAll(err.Error(), "KUBERNETES_MASTER", "KUBECONFIG"))
 	}
 	if _, err := restclient.InClusterConfig(); err == nil {
 		RunningIncluster = true
@@ -61,7 +62,7 @@ func LoadK8sConfig() error {
 	return nil
 }
 
-// GetK8sConfig get config. load if not loaded yer
+// GetK8sConfig get config. load if not loaded yet
 func GetK8sConfig() *restclient.Config {
 	if K8SConfig == nil {
 		if err := LoadK8sConfig(); err != nil {
diff --git a/cautils/opapolicy/resources/resourcesutils.go b/cautils/opapolicy/resources/resourcesutils.go
index bcd9f572..3b43ec9f 100644
--- a/cautils/opapolicy/resources/resourcesutils.go
+++ b/cautils/opapolicy/resources/resourcesutils.go
@@ -42,9 +42,12 @@ func NewRegoDependenciesDataMock() *RegoDependenciesData {
 
 func NewRegoDependenciesData(k8sConfig *rest.Config) *RegoDependenciesData {
 
-	regoDependenciesData := RegoDependenciesData{
-		K8sConfig: *NewRegoK8sConfig(k8sConfig),
+	regoDependenciesData := RegoDependenciesData{}
+
+	if k8sConfig != nil {
+		regoDependenciesData.K8sConfig = *NewRegoK8sConfig(k8sConfig)
 	}
+
 	return &regoDependenciesData
 }
 func NewRegoK8sConfig(k8sConfig *rest.Config) *RegoK8sConfig {
@@ -61,19 +64,9 @@ func NewRegoK8sConfig(k8sConfig *rest.Config) *RegoK8sConfig {
 		token = fmt.Sprintf("Bearer %s", k8sConfig.BearerToken)
 	}
 
-	// crtFile := os.Getenv("KUBERNETES_CRT_PATH")
-	// if crtFile == "" {
-	// 	crtFile = k8sConfig.CAFile
-	// 	// crtFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
-	// }
-
-	// glog.Infof("===========================================================================")
-	// glog.Infof(fmt.Sprintf("%v", k8sConfig.String()))
-	// glog.Infof("===========================================================================")
-
 	regoK8sConfig := RegoK8sConfig{
 		Token:         token,
-		Host:          k8sConfig.Host,
+		Host:          host,
 		CrtFile:       k8sConfig.CAFile,
 		ClientCrtFile: k8sConfig.CertFile,
 		ClientKeyFile: k8sConfig.KeyFile,
diff --git a/cautils/scaninfo.go b/cautils/scaninfo.go
index 32545c5f..0718deb8 100644
--- a/cautils/scaninfo.go
+++ b/cautils/scaninfo.go
@@ -50,3 +50,7 @@ func (scanInfo *ScanInfo) setOutputFile() {
 		}
 	}
 }
+
+func (scanInfo *ScanInfo) ScanRunningCluster() bool {
+	return len(scanInfo.InputPatterns) == 0
+}
diff --git a/cmd/framework.go b/cmd/framework.go
index 5e334d13..3ba33575 100644
--- a/cmd/framework.go
+++ b/cmd/framework.go
@@ -84,7 +84,10 @@ func init() {
 func CliSetup() error {
 	flag.Parse()
 
-	k8s := k8sinterface.NewKubernetesApi()
+	var k8s *k8sinterface.KubernetesApi
+	if scanInfo.ScanRunningCluster() {
+		k8s = k8sinterface.NewKubernetesApi()
+	}
 
 	processNotification := make(chan *cautils.OPASessionObj)
 	reportResults := make(chan *cautils.OPASessionObj)
diff --git a/install.sh b/install.sh
index dfc0c4c0..614141a7 100755
--- a/install.sh
+++ b/install.sh
@@ -32,7 +32,7 @@ echo -e "\033[32m[V] Downloaded Kubescape"
 sudo chmod +x $OUTPUT
 sudo rm -f /usr/local/bin/$KUBESCAPE_EXEC
 sudo cp $OUTPUT /usr/local/bin
-rm -rf $BASE_DIR
+rm -rf $OUTPUT
 
 echo -e "[V] Finished Installation"
 echo
diff --git a/opaprocessor/processorhandler.go b/opaprocessor/processorhandler.go
index 0aff7cc3..8ee4a475 100644
--- a/opaprocessor/processorhandler.go
+++ b/opaprocessor/processorhandler.go
@@ -26,7 +26,7 @@ type OPAProcessor struct {
 
 func NewOPAProcessor(processedPolicy, reportResults *chan *cautils.OPASessionObj) *OPAProcessor {
 
-	regoDependenciesData := resources.NewRegoDependenciesData(k8sinterface.GetK8sConfig())
+	regoDependenciesData := resources.NewRegoDependenciesData(k8sinterface.K8SConfig)
 	store, err := regoDependenciesData.TOStorage()
 	if err != nil {
 		panic(err)
diff --git a/policyhandler/handlenotification.go b/policyhandler/handlenotification.go
index f63c303b..5b906193 100644
--- a/policyhandler/handlenotification.go
+++ b/policyhandler/handlenotification.go
@@ -77,11 +77,10 @@ func (policyHandler *PolicyHandler) getPolicies(notification *opapolicy.PolicyNo
 func (policyHandler *PolicyHandler) getResources(notification *opapolicy.PolicyNotification, opaSessionObj *cautils.OPASessionObj, scanInfo *cautils.ScanInfo) (*cautils.K8SResources, error) {
 	var k8sResources *cautils.K8SResources
 	var err error
-	if len(scanInfo.InputPatterns) > 0 {
-		k8sResources, err = policyHandler.loadResources(opaSessionObj.Frameworks, scanInfo)
-	} else {
+	if scanInfo.ScanRunningCluster() {
 		k8sResources, err = policyHandler.getK8sResources(opaSessionObj.Frameworks, &notification.Designators, scanInfo.ExcludedNamespaces)
-
+	} else {
+		k8sResources, err = policyHandler.loadResources(opaSessionObj.Frameworks, scanInfo)
 	}
 
 	return k8sResources, err