feat: audit multiple local files based off regex

[eggfoobar]

With this feature you should be able to point at a local directory of an un-tar audit directory and with a matching regex to scoop up and check against many files with out needing to dig into the specific file names or if no regex is provided it will default to any audit log file in that directory.

Example use

kubectl-dev_tool audit --artifact-dir "my_artifacts" --artifact-regex="kube-apiserver\/.*audit.*.log(.gz)?" --verb update
--failed-only --namespace openshift-monitoring

[eggfoobar]

/assign @deads2k

[DennisPeriquet]

The command in the summary shows:

...
kubectl-dev_tool --artifact-dir "my_artifacts" --artifact-regex="kube-apiserver\/.*audit.*.log(.gz)?" --verb update
--failed-only --namespace openshift-monitoring

I think you're missing the kubectl-dev_tool audit --artifact-dir.

I got this:

$ kubectl-dev_tool-eggfoo-regex audit --artifact-dir . --artifact-regex=".*.log" --verb update --output=top
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x90 pc=0x42c2970]

goroutine 1 [running]:
regexp.(*Regexp).doExecute(0x400fa65?, {0x0?, 0x0?}, {0x0?, 0x300000002?, 0xc0000021a0?}, {0xc000048dc0?, 0x4062f9b?}, 0xc0000021a0?, 0x0, ...)
    regexp/exec.go:527 +0x90
regexp.(*Regexp).doMatch(...)
    regexp/exec.go:514
regexp.(*Regexp).MatchString(...)
    regexp/regexp.go:531
github.com/openshift/cluster-debug-tools/pkg/util.RegexFilter.func1({0xc000048dc0?, 0xc000235830?})
    github.com/openshift/cluster-debug-tools/pkg/util/fs.go:14 +0x45
github.com/openshift/cluster-debug-tools/pkg/util.ListFilesInDir.func1({0xc000048dc0, 0x4c}, {0x54a26a0?, 0xc00059c5b0?}, {0x0?, 0xc000048dc0?})
    github.com/openshift/cluster-debug-tools/pkg/util/fs.go:26 +0x63
path/filepath.walk({0xc000048dc0, 0x4c}, {0x54a26a0, 0xc00059c5b0}, 0xc000235a40)
    path/filepath/path.go:418 +0x123
path/filepath.walk({0x7ff7bfeffb3b, 0x1}, {0x54a26a0, 0xc00059c4e0}, 0xc000235a40)
    path/filepath/path.go:442 +0x285
path/filepath.Walk({0x7ff7bfeffb3b, 0x1}, 0xc000235a40)
    path/filepath/path.go:505 +0x6c
github.com/openshift/cluster-debug-tools/pkg/util.ListFilesInDir({0x7ff7bfeffb3b, 0x1}, 0x400fa65?)
    github.com/openshift/cluster-debug-tools/pkg/util/fs.go:34 +0x95
github.com/openshift/cluster-debug-tools/pkg/cmd/audit.(*AuditOptions).Run(0xc0000001e0)
    github.com/openshift/cluster-debug-tools/pkg/cmd/audit/audit.go:199 +0x72
github.com/openshift/cluster-debug-tools/pkg/cmd/audit.NewCmdAudit.func1(0xc000189340?, {0x525950b?, 0x6?, 0x6?})
    github.com/openshift/cluster-debug-tools/pkg/cmd/audit/audit.go:96 +0x34
github.com/spf13/cobra.(*Command).execute(0xc000189340, {0xc0004663c0, 0x6, 0x6})
    github.com/spf13/cobra@v1.1.1/command.go:850 +0x67c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0001882c0)
    github.com/spf13/cobra@v1.1.1/command.go:958 +0x39c
github.com/spf13/cobra.(*Command).Execute(...)
    github.com/spf13/cobra@v1.1.1/command.go:895
main.main()
    github.com/openshift/cluster-debug-tools/cmd/kubectl-dev_tool/main.go:77 +0xed

Apparently, we need the --by verb.

[eggfoobar]

Thanks @DennisPeriquet ! Forgot to add the sub command in the example, but the panic you got is interesting, can you link the prow job you used for that?

[DennisPeriquet]

@eggfoobar I believe this is the prow job: https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-ci-4.12-upgrade-from-stable-4.11-e2e-aws-ovn-upgrade/1564989293196218368

[eggfoobar]

Yeah seems like we were just accidentally eating an error, should be good to report back if you're missing the flag now

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[openshift-merge-robot]

@eggfoobar: PR needs rebase.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[openshift-bot]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

[openshift-bot]

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

[openshift-ci[bot]]

@openshift-bot: Closed this PR.

In response to [this](https://github.com/openshift/cluster-debug-tools/pull/33#issuecomment-1411236331): >Rotten issues close after 30d of inactivity. > >Reopen the issue by commenting `/reopen`. >Mark the issue as fresh by commenting `/remove-lifecycle rotten`. >Exclude this issue from closing again by commenting `/lifecycle frozen`. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.