feat(k8s): add --context flag (#2171)

Signed-off-by: Jose Donizetti <jdbjunior@gmail.com>

go.mod

@@ -197,7 +197,7 @@ require (
 
 require (
 	github.com/aquasecurity/table v1.5.1
-	github.com/aquasecurity/trivy-kubernetes v0.2.2
+	github.com/aquasecurity/trivy-kubernetes v0.2.3-0.20220523142917-375e14b1a7c8
 )
 
 require (

go.sum

@@ -197,8 +197,8 @@ github.com/aquasecurity/table v1.5.1/go.mod h1:1MFKrEPJ8NchM917BrVGvsqoXJo1OL1Ja
 github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbpLo5dxHQCyEhqzizsDSNrNhn/7uRTCZzo4A1o=
 github.com/aquasecurity/trivy-db v0.0.0-20220510190819-8ca06716f46e h1:NLm5KWGcnkwaUR1GODPePyhNsbuFiT6lgKYcCcW9c10=
 github.com/aquasecurity/trivy-db v0.0.0-20220510190819-8ca06716f46e/go.mod h1:/nULgnDeq/JMPMVwE1dmf4kWlYn++7VrM3O2naj4BHA=
-github.com/aquasecurity/trivy-kubernetes v0.2.2 h1:j7jdALJ+NuuRm/q2s60eH1FfvFfvheEtPgfmSArU7Ww=
+github.com/aquasecurity/trivy-kubernetes v0.2.3-0.20220523142917-375e14b1a7c8 h1:y9Lw1s3SeGrC9uk1MAWc60FwXX2UrIOBpVwEkf5SJ8w=
-github.com/aquasecurity/trivy-kubernetes v0.2.2/go.mod h1:+AIWIhAXnx3YBDQPrtVNfw5C2DHQ0raehMz5Uhwt/yc=
+github.com/aquasecurity/trivy-kubernetes v0.2.3-0.20220523142917-375e14b1a7c8/go.mod h1:+AIWIhAXnx3YBDQPrtVNfw5C2DHQ0raehMz5Uhwt/yc=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=

pkg/commands/app.go

@@ -218,6 +218,14 @@ var (
 		EnvVars: []string{"TRIVY_K8S_NAMESPACE"},
 	}
 
+	contextFlag = cli.StringFlag{
+		Name:    "context",
+		Aliases: []string{"ctx"},
+		Value:   "",
+		Usage:   "specify a context to scan",
+		EnvVars: []string{"TRIVY_K8S_CONTEXT"},
+	}
+
 	reportFlag = cli.StringFlag{
 		Name:  "report",
 		Value: "all",
@@ -829,6 +837,7 @@ func NewK8sCommand() *cli.Command {
 `,
 		Action: k8s.Run,
 		Flags: []cli.Flag{
+			&contextFlag,
 			&namespaceFlag,
 			&reportFlag,
 			&formatFlag,

pkg/commands/option/kubernetes.go

@@ -6,14 +6,16 @@ import (
 
 // KubernetesOption holds the options for Kubernetes scanning
 type KubernetesOption struct {
-	Namespace    string
+	ClusterContext string
-	ReportFormat string
+	Namespace      string
+	ReportFormat   string
 }
 
 // NewKubernetesOption is the factory method to return Kubernetes options
 func NewKubernetesOption(c *cli.Context) KubernetesOption {
 	return KubernetesOption{
-		Namespace:    c.String("namespace"),
+		ClusterContext: c.String("context"),
-		ReportFormat: c.String("report"),
+		Namespace:      c.String("namespace"),
+		ReportFormat:   c.String("report"),
 	}
 }

pkg/k8s/run.go

@@ -69,7 +69,7 @@ func Run(cliCtx *cli.Context) error {
 		}
 	}()
 
-	cluster, err := k8s.GetCluster()
+	cluster, err := k8s.GetCluster(opt.KubernetesOption.ClusterContext)
 	if err != nil {
 		return xerrors.Errorf("get k8s cluster: %w", err)
 	}
@@ -80,8 +80,14 @@ func Run(cliCtx *cli.Context) error {
 		return xerrors.Errorf("get k8s artifacts error: %w", err)
 	}
 
+	currentContext := opt.KubernetesOption.ClusterContext
+	if len(currentContext) == 0 {
+		// if context is empty, the default one was scanned
+		currentContext = cluster.GetCurrentContext()
+	}
+
 	s := &scanner{
-		cluster: cluster.GetCurrentContext(),
+		cluster: currentContext,
 		runner:  runner,
 		opt:     opt,
 	}