Check initContainers if they have env vars from a configmap or a secret

yonahd · Dec 5, 2024 · ab12334 · ab12334
1 parent 050c06d
commit ab12334
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 5 deletions.
diff --git a/pkg/kor/configmaps.go b/pkg/kor/configmaps.go
@@ -72,6 +72,11 @@ func retrieveUsedCM(clientset kubernetes.Interface, namespace string) ([]string,
 					envFromInitContainerCM = append(envFromInitContainerCM, env.ValueFrom.ConfigMapKeyRef.Name)
 				}
 			}
+			for _, envFrom := range initContainer.EnvFrom {
+				if envFrom.ConfigMapRef != nil {
+					envFromInitContainerCM = append(envFromInitContainerCM, envFrom.ConfigMapRef.Name)
+				}
+			}
 		}
 	}
 

diff --git a/pkg/kor/configmaps_test.go b/pkg/kor/configmaps_test.go
@@ -58,6 +58,12 @@ func createTestConfigmaps(t *testing.T) *fake.Clientset {
 		t.Fatalf("Error creating fake configmap: %v", err)
 	}
 
+	configmap6 := CreateTestConfigmap(testNamespace, "configmap-6", AppLabels)
+	_, err = clientset.CoreV1().ConfigMaps(testNamespace).Create(context.TODO(), configmap6, metav1.CreateOptions{})
+	if err != nil {
+		t.Fatalf("Error creating fake configmap: %v", err)
+	}
+
 	pod1 := CreateTestPod(testNamespace, "pod-1", "", []corev1.Volume{
 		{
 			Name:         "vol-1",
@@ -95,6 +101,11 @@ func createTestConfigmaps(t *testing.T) *fake.Clientset {
 					ValueFrom: &corev1.EnvVarSource{ConfigMapKeyRef: &corev1.ConfigMapKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: configmap2.ObjectMeta.Name}}},
 				},
 			},
+			EnvFrom: []corev1.EnvFromSource{
+				{
+					ConfigMapRef: &corev1.ConfigMapEnvSource{LocalObjectReference: corev1.LocalObjectReference{Name: configmap6.ObjectMeta.Name}},
+				},
+			},
 		},
 	}
 
@@ -134,6 +145,7 @@ func TestRetrieveConfigMapNames(t *testing.T) {
 		"configmap-1",
 		"configmap-2",
 		"configmap-3",
+		"configmap-6",
 	}
 	if !equalSlices(configMapNames, expectedConfigMapNames) {
 		t.Errorf("Expected configmap names %v, got %v", expectedConfigMapNames, configMapNames)
@@ -188,11 +200,10 @@ func TestRetrieveUsedCM(t *testing.T) {
 		t.Errorf("Expected envFrom configmaps %v, got %v", expectedEnvFromContainerCM, envFromContainerCM)
 	}
 
-	expectedEnvFromInitContainerCM := []string{"configmap-2"}
+	expectedEnvFromInitContainerCM := []string{"configmap-2", "configmap-6"}
 	if !equalSlices(envFromInitContainerCM, expectedEnvFromInitContainerCM) {
 		t.Errorf("Expected initContainer env configmaps %v, got %v", expectedEnvFromInitContainerCM, envFromInitContainerCM)
 	}
-
 }
 
 func TestGetUnusedConfigmapsStructured(t *testing.T) {

diff --git a/pkg/kor/secrets.go b/pkg/kor/secrets.go
@@ -79,6 +79,11 @@ func retrieveUsedSecret(clientset kubernetes.Interface, namespace string) ([]str
 					initContainerEnvSecrets = append(initContainerEnvSecrets, env.ValueFrom.SecretKeyRef.Name)
 				}
 			}
+			for _, envFrom := range initContainer.EnvFrom {
+				if envFrom.SecretRef != nil {
+					initContainerEnvSecrets = append(initContainerEnvSecrets, envFrom.SecretRef.Name)
+				}
+			}
 		}
 
 		for _, volume := range pod.Spec.Volumes {

diff --git a/pkg/kor/secrets_test.go b/pkg/kor/secrets_test.go
@@ -33,6 +33,7 @@ func createTestSecrets(t *testing.T) *fake.Clientset {
 	secret3 := CreateTestSecret(testNamespace, "test-secret3", AppLabels)
 	secret4 := CreateTestSecret(testNamespace, "test-secret4", UsedLabels)
 	secret5 := CreateTestSecret(testNamespace, "test-secret5", UnusedLabels)
+	secret6 := CreateTestSecret(testNamespace, "test-secret6", AppLabels)
 
 	pod1 := CreateTestPod(testNamespace, "pod-1", "", []corev1.Volume{
 		{
@@ -78,6 +79,9 @@ func createTestSecrets(t *testing.T) *fake.Clientset {
 					ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: secret1.ObjectMeta.Name}}},
 				},
 			},
+			EnvFrom: []corev1.EnvFromSource{
+				{SecretRef: &corev1.SecretEnvSource{LocalObjectReference: corev1.LocalObjectReference{Name: secret6.ObjectMeta.Name}}},
+			},
 		},
 	}
 
@@ -142,6 +146,11 @@ func createTestSecrets(t *testing.T) *fake.Clientset {
 		t.Fatalf("Error creating fake %s: %v", "Secret", err)
 	}
 
+	_, err = clientset.CoreV1().Secrets(testNamespace).Create(context.TODO(), secret6, v1.CreateOptions{})
+	if err != nil {
+		t.Fatalf("Error creating fake %s: %v", "Secret", err)
+	}
+
 	return clientset
 }
 
@@ -209,7 +218,7 @@ func TestRetrieveUsedSecret(t *testing.T) {
 		t.Errorf("Expected envFrom secrets %v, got %v", expectedEnvSecrets2, envSecrets2)
 	}
 
-	expectedInitContainerEnvSecrets := []string{"test-secret1"}
+	expectedInitContainerEnvSecrets := []string{"test-secret1", "test-secret6"}
 	if !equalSlices(initContainerEnvSecrets, expectedInitContainerEnvSecrets) {
 		t.Errorf("Expected initContainer env secrets %v, got %v", expectedInitContainerEnvSecrets, initContainerEnvSecrets)
 	}
@@ -265,11 +274,11 @@ func TestProcessNamespaceSecret(t *testing.T) {
 	}
 
 	if len(unusedSecrets) != 2 {
-		t.Errorf("Expected 2 used Secret objects, got %d", len(unusedSecrets))
+		t.Errorf("Expected 2 unused Secret objects, got %d", len(unusedSecrets))
 	}
 
 	if !resourceInfoContains(unusedSecrets, "test-secret3") {
-		t.Error("Expected specific Secret  in the list")
+		t.Error("Expected specific Secret in the list")
 	}
 
 }