#!/usr/bin/env bash
#  vim:ts=4:sts=4:sw=4:et
#
#  Author: Hari Sekhon
#  Date: 2021-06-18 11:43:50 +0100 (Fri, 18 Jun 2021)
#
#  https://github.com/HariSekhon/DevOps-Bash-tools
#
#  License: see accompanying Hari Sekhon LICENSE file
#
#  If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
#
#  https://www.linkedin.com/in/HariSekhon
#

set -euo pipefail
[ -n "${DEBUG:-}" ] && set -x
srcdir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

# shellcheck disable=SC1090,SC1091
. "$srcdir/lib/utils.sh"

# shellcheck disable=SC2034,SC2154
usage_description="
Filter program to generate ArgoCD namespace resource whitelist from a given Kubernetes YAML or Kustomize build output

YAML can be supplied as a file argument or via standard input. If no file is given, waits for stdin like a standard unix filter program

Outputs YAML for the namespaceResourceWhitelist section of argocd-project.yaml

A full argocd-project.yaml is already provided at the URL below with all the most common object permissions already populated via the output from this script against my production environment

    https://github.com/HariSekhon/Kubernetes-configs

Uses adjacent script kubernetes_resource_types.sh

Tested on ArgoCD 2.0.3
"

# used by usage() in lib/utils.sh
# shellcheck disable=SC2034
usage_args="[<file.yaml> <file2.yaml> ...]"

help_usage "$@"

#min_args 1 "$@"

echo "  namespaceResourceWhitelist:"
"$srcdir/kubernetes_resource_types.sh" "$@" |
while read -r group kind; do
    # Cluster resources, ignore these
    if [[ "$kind" =~ Namespace|PriorityClass|StorageClass ]]; then
        continue
    fi
    group="${group%/*}"
    if [ "$group" = v1 ]; then
        group=""
    fi
    if [ "$group" = "" ]; then
        group="''"
    fi
    echo "  - group: $group"
    echo "    kind: $kind"
done