1
1
use clap:: builder:: PossibleValue ;
2
- use clap:: { crate_authors, crate_description, crate_name, crate_version, Arg , Command } ;
2
+ use clap:: { crate_authors, crate_description, crate_name, crate_version, Arg , ArgAction , Command } ;
3
3
use itertools:: Itertools ;
4
4
use lazy_static:: lazy_static;
5
5
use policy_evaluator:: burrego;
@@ -21,11 +21,7 @@ lazy_static! {
21
21
}
22
22
23
23
pub ( crate ) fn build_cli ( ) -> Command {
24
- Command :: new ( crate_name ! ( ) )
25
- . author ( crate_authors ! ( ) )
26
- . version ( crate_version ! ( ) )
27
- . about ( crate_description ! ( ) )
28
- . arg (
24
+ let mut args = vec ! [
29
25
Arg :: new( "log-level" )
30
26
. long( "log-level" )
31
27
. value_name( "LOG_LEVEL" )
@@ -39,8 +35,6 @@ pub(crate) fn build_cli() -> Command {
39
35
PossibleValue :: new( "error" ) ,
40
36
] )
41
37
. help( "Log level" ) ,
42
- )
43
- . arg (
44
38
Arg :: new( "log-fmt" )
45
39
. long( "log-fmt" )
46
40
. value_name( "LOG_FMT" )
@@ -52,169 +46,132 @@ pub(crate) fn build_cli() -> Command {
52
46
PossibleValue :: new( "otlp" ) ,
53
47
] )
54
48
. help( "Log output format" ) ,
55
- )
56
- . arg (
57
49
Arg :: new( "log-no-color" )
58
50
. long( "log-no-color" )
59
51
. env( "NO_COLOR" )
60
- . required ( false )
52
+ . action ( ArgAction :: SetTrue )
61
53
. help( "Disable colored output for logs" ) ,
62
- )
63
- . arg (
64
54
Arg :: new( "address" )
65
55
. long( "addr" )
66
56
. value_name( "BIND_ADDRESS" )
67
57
. default_value( "0.0.0.0" )
68
58
. env( "KUBEWARDEN_BIND_ADDRESS" )
69
59
. help( "Bind against ADDRESS" ) ,
70
- )
71
- . arg (
72
60
Arg :: new( "port" )
73
61
. long( "port" )
74
62
. value_name( "PORT" )
75
63
. default_value( "3000" )
76
64
. env( "KUBEWARDEN_PORT" )
77
65
. help( "Listen on PORT" ) ,
78
- )
79
- . arg (
80
66
Arg :: new( "workers" )
81
67
. long( "workers" )
82
68
. value_name( "WORKERS_NUMBER" )
83
69
. env( "KUBEWARDEN_WORKERS" )
84
70
. help( "Number of workers thread to create" ) ,
85
- )
86
- . arg (
87
71
Arg :: new( "cert-file" )
88
72
. long( "cert-file" )
89
73
. value_name( "CERT_FILE" )
90
74
. default_value( "" )
91
75
. env( "KUBEWARDEN_CERT_FILE" )
92
76
. help( "Path to an X.509 certificate file for HTTPS" ) ,
93
- )
94
- . arg (
95
77
Arg :: new( "key-file" )
96
78
. long( "key-file" )
97
79
. value_name( "KEY_FILE" )
98
80
. default_value( "" )
99
81
. env( "KUBEWARDEN_KEY_FILE" )
100
82
. help( "Path to an X.509 private key file for HTTPS" ) ,
101
- )
102
- . arg (
103
83
Arg :: new( "policies" )
104
84
. long( "policies" )
105
85
. value_name( "POLICIES_FILE" )
106
86
. env( "KUBEWARDEN_POLICIES" )
107
87
. default_value( "policies.yml" )
108
88
. help( "YAML file holding the policies to be loaded and their settings" ) ,
109
- )
110
- . arg (
111
89
Arg :: new( "policies-download-dir" )
112
90
. long( "policies-download-dir" )
113
91
. value_name( "POLICIES_DOWNLOAD_DIR" )
114
92
. default_value( "." )
115
93
. env( "KUBEWARDEN_POLICIES_DOWNLOAD_DIR" )
116
94
. help( "Download path for the policies" ) ,
117
- )
118
- . arg (
119
95
Arg :: new( "sigstore-cache-dir" )
120
96
. long( "sigstore-cache-dir" )
121
97
. value_name( "SIGSTORE_CACHE_DIR" )
122
98
. default_value( "sigstore-data" )
123
99
. env( "KUBEWARDEN_SIGSTORE_CACHE_DIR" )
124
100
. help( "Directory used to cache sigstore data" ) ,
125
- )
126
- . arg (
127
101
Arg :: new( "sources-path" )
128
102
. long( "sources-path" )
129
103
. value_name( "SOURCES_PATH" )
130
104
. env( "KUBEWARDEN_SOURCES_PATH" )
131
105
. help( "YAML file holding source information (https, registry insecure hosts, custom CA's...)" ) ,
132
- )
133
- . arg (
134
106
Arg :: new( "verification-path" )
135
107
. long( "verification-path" )
136
108
. value_name( "VERIFICATION_CONFIG_PATH" )
137
109
. env( "KUBEWARDEN_VERIFICATION_CONFIG_PATH" )
138
110
. help( "YAML file holding verification information (URIs, keys, annotations...)" ) ,
139
- )
140
- . arg (
141
111
Arg :: new( "docker-config-json-path" )
142
112
. long( "docker-config-json-path" )
143
113
. value_name( "DOCKER_CONFIG" )
144
114
. env( "KUBEWARDEN_DOCKER_CONFIG_JSON_PATH" )
145
115
. help( "Path to a Docker config.json-like path. Can be used to indicate registry authentication details" ) ,
146
- )
147
- . arg (
148
116
Arg :: new( "enable-metrics" )
149
117
. long( "enable-metrics" )
150
118
. env( "KUBEWARDEN_ENABLE_METRICS" )
151
- . required ( false )
119
+ . action ( ArgAction :: SetTrue )
152
120
. help( "Enable metrics" ) ,
153
- )
154
- . arg (
155
- Arg :: new ( "enable-verification" )
156
- . long ( "enable-verification" )
157
- . env ( "KUBEWARDEN_ENABLE_VERIFICATION" )
158
- . required ( false )
159
- . help ( "Enable Sigstore verification" ) ,
160
- )
161
- . arg (
162
121
Arg :: new( "always-accept-admission-reviews-on-namespace" )
163
122
. long( "always-accept-admission-reviews-on-namespace" )
164
123
. value_name( "NAMESPACE" )
165
124
. env( "KUBEWARDEN_ALWAYS_ACCEPT_ADMISSION_REVIEWS_ON_NAMESPACE" )
166
125
. required( false )
167
126
. help( "Always accept AdmissionReviews that target the given namespace" ) ,
168
- )
169
- . arg (
170
127
Arg :: new( "disable-timeout-protection" )
171
128
. long( "disable-timeout-protection" )
129
+ . action( ArgAction :: SetTrue )
172
130
. env( "KUBEWARDEN_DISABLE_TIMEOUT_PROTECTION" )
173
- . required ( false )
174
131
. help( "Disable policy timeout protection" ) ,
175
- )
176
- . arg (
177
132
Arg :: new( "policy-timeout" )
178
133
. long( "policy-timeout" )
179
134
. env( "KUBEWARDEN_POLICY_TIMEOUT" )
180
135
. value_name( "MAXIMUM_EXECUTION_TIME_SECONDS" )
181
136
. default_value( "2" )
182
137
. help( "Interrupt policy evaluation after the given time" ) ,
183
- )
184
- . arg (
185
138
Arg :: new( "daemon" )
186
139
. long( "daemon" )
187
140
. env( "KUBEWARDEN_DAEMON" )
188
- . required ( false )
141
+ . action ( ArgAction :: SetTrue )
189
142
. help( "If set, runs policy-server in detached mode as a daemon" ) ,
190
- )
191
- . arg (
192
143
Arg :: new( "daemon-pid-file" )
193
144
. long( "daemon-pid-file" )
194
145
. env( "KUBEWARDEN_DAEMON_PID_FILE" )
195
146
. default_value( "policy-server.pid" )
196
147
. help( "Path to pid file, used only when running in daemon mode" ) ,
197
- )
198
- . arg (
199
148
Arg :: new( "daemon-stdout-file" )
200
149
. long( "daemon-stdout-file" )
201
150
. env( "KUBEWARDEN_DAEMON_STDOUT_FILE" )
202
151
. required( false )
203
152
. help( "Path to file holding stdout, used only when running in daemon mode" ) ,
204
- )
205
- . arg (
206
153
Arg :: new( "daemon-stderr-file" )
207
154
. long( "daemon-stderr-file" )
208
155
. env( "KUBEWARDEN_DAEMON_STDERR_FILE" )
209
156
. required( false )
210
157
. help( "Path to file holding stderr, used only when running in daemon mode" ) ,
211
- )
212
- . arg (
213
158
Arg :: new( "ignore-kubernetes-connection-failure" )
214
159
. long( "ignore-kubernetes-connection-failure" )
215
160
. env( "KUBEWARDEN_IGNORE_KUBERNETES_CONNECTION_FAILURE" )
216
- . required ( false )
161
+ . action ( ArgAction :: SetTrue )
217
162
. help( "Do not exit with an error if the Kubernetes connection fails. This will cause context aware policies to break when there's no connection with Kubernetes." ) ,
218
- )
163
+ Arg :: new( "enable-pprof" )
164
+ . long( "enable-pprof" )
165
+ . env( "KUBEWARDEN_ENABLE_PPROF" )
166
+ . action( ArgAction :: SetTrue )
167
+ . help( "Enable pprof profiling" ) ,
168
+ ] ;
169
+ args. sort_by ( |a, b| a. get_id ( ) . cmp ( b. get_id ( ) ) ) ;
170
+
171
+ Command :: new ( crate_name ! ( ) )
172
+ . author ( crate_authors ! ( ) )
173
+ . version ( crate_version ! ( ) )
174
+ . about ( crate_description ! ( ) )
219
175
. long_version ( VERSION_AND_BUILTINS . as_str ( ) )
176
+ . args ( args)
220
177
}
0 commit comments