feat: add regex in resource exceptions (#277)

* fix(formatOutput): fix spacing between tables (#269)

* fix(formatOutput): fix spacing between tables

* fix

* refactor

* refactor

---------

Co-authored-by: Phil Brocker <phil.brocker@gmail.com>

* feat: added regex support

* feat: updated exceptions to regex

* fix: converted all existing exceptions to be regex compatible

* fix: added support for configmaps and serviceaccounts

* fix: Configmaps and serviceaccounts are now filtered using the same methods

* fix: exceptiontype

* fix: once again wrong file

* feat: add K3S exceptions (#270)

* feat: added clusterroles

* feat: added k3s configmaps

* feat: added k3s crds

* feat: added k3s secrets

* feat: added k3s StorageClass

* feat: added job resource exceptions

* feat: added job exceptions

* fix: importing embed

* fix: fixed sa test

* fix: regex-ified job exceptions

* fix: fixed resource exception for jobs

* fix: removed kube-root-ca from test

* fix: removed default from TestRetrieveUsedSA

* fix: added regex flag to jsons

* added MatchRegex flag

* sorted all exceptoins

* fix: wrong regex expressions

* feat: added resource exception test

* fix: removed binary

---------

Co-authored-by: Phil Brocker <5331286+pbr0ck3r@users.noreply.github.com>
Co-authored-by: Phil Brocker <phil.brocker@gmail.com>

pkg/kor/clusterroles.go

@@ -142,7 +142,12 @@ func retrieveClusterRoleNames(clientset kubernetes.Interface, filterOpts *filter
 			return nil, nil, err
 		}
 
-		if isResourceException(clusterRole.Name, "", config.ExceptionClusterRoles) {
+		exceptionFound, err := isResourceException(clusterRole.Name, clusterRole.Namespace, config.ExceptionClusterRoles)
+		if err != nil {
+			return nil, nil, err
+		}
+
+		if exceptionFound {
 			continue
 		}
 

pkg/kor/configmaps.go

@@ -74,17 +74,6 @@ func retrieveUsedCM(clientset kubernetes.Interface, namespace string) ([]string,
 		}
 	}
 
-	config, err := unmarshalConfig(configMapsConfig)
-	if err != nil {
-		return nil, nil, nil, nil, nil, err
-	}
-
-	for _, resource := range config.ExceptionConfigMaps {
-		if resource.Namespace == namespace || resource.Namespace == "*" {
-			volumesCM = append(volumesCM, resource.ResourceName)
-		}
-	}
-
 	return volumesCM, envCM, envFromCM, envFromContainerCM, envFromInitContainerCM, nil
 }
 
@@ -117,6 +106,10 @@ func processNamespaceCM(clientset kubernetes.Interface, namespace string, filter
 	if err != nil {
 		return nil, err
 	}
+	config, err := unmarshalConfig(configMapsConfig)
+	if err != nil {
+		return nil, err
+	}
 
 	volumesCM = RemoveDuplicatesAndSort(volumesCM)
 	envCM = RemoveDuplicatesAndSort(envCM)
@@ -145,8 +138,20 @@ func processNamespaceCM(clientset kubernetes.Interface, namespace string, filter
 	diff := CalculateResourceDifference(usedConfigMaps, configMapNames)
 	diff = append(diff, unusedConfigmapNames...)
 
-	return diff, nil
+	var result []string
+	for _, cmName := range diff {
+		exceptionFound, err := isResourceException(cmName, namespace, config.ExceptionConfigMaps)
+		if err != nil {
+			return nil, err
+		}
+
+		if exceptionFound {
+			continue
+		}
+		result = append(result, cmName)
+	}
 
+	return result, nil
 }
 
 func GetUnusedConfigmaps(filterOpts *filters.Options, clientset kubernetes.Interface, outputFormat string, opts Opts) (string, error) {

pkg/kor/configmaps_test.go

@@ -167,7 +167,6 @@ func TestRetrieveUsedCM(t *testing.T) {
 
 	expectedVolumesCM := []string{
 		"configmap-1",
-		"kube-root-ca.crt",
 	}
 	if !equalSlices(volumesCM, expectedVolumesCM) {
 		t.Errorf("Expected volume configmaps %v, got %v", expectedVolumesCM, volumesCM)

pkg/kor/crds.go

@@ -39,7 +39,12 @@ func processCrds(apiExtClient apiextensionsclientset.Interface, dynamicClient dy
 			return nil, err
 		}
 
-		if isResourceException(crd.Name, crd.Namespace, config.ExceptionCrds) {
+		exceptionFound, err := isResourceException(crd.Name, crd.Namespace, config.ExceptionCrds)
+		if err != nil {
+			return nil, err
+		}
+
+		if exceptionFound {
 			continue
 		}
 

pkg/kor/daemonsets.go

@@ -35,7 +35,12 @@ func processNamespaceDaemonSets(clientset kubernetes.Interface, namespace string
 			return nil, err
 		}
 
-		if isResourceException(daemonSet.Name, daemonSet.Namespace, config.ExceptionDaemonSets) {
+		exceptionFound, err := isResourceException(daemonSet.Name, daemonSet.Namespace, config.ExceptionDaemonSets)
+		if err != nil {
+			return nil, err
+		}
+
+		if exceptionFound {
 			continue
 		}
 

pkg/kor/exceptions/clusterroles/clusterroles.json

@@ -28,6 +28,10 @@
       "Namespace": "",
       "ResourceName": "system:aggregated-metrics-reader"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "system:aggregated-metrics-reader"
+    },
     {
       "Namespace": "",
       "ResourceName": "system:auth-delegator"
@@ -80,6 +84,10 @@
       "Namespace": "",
       "ResourceName": "system:node-bootstrapper"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "system:node-bootstrapper"
+    },
     {
       "Namespace": "",
       "ResourceName": "system:node-problem-detector"

pkg/kor/exceptions/configmaps/configmaps.json

@@ -1,8 +1,9 @@
 {
   "exceptionConfigMaps": [
     {
-      "Namespace": "*",
-      "ResourceName": "kube-root-ca.crt"
+      "Namespace": ".*",
+      "ResourceName": "kube-root-ca\\.crt",
+      "MatchRegex": true
     },
     {
       "Namespace": "gmp-system",
@@ -32,6 +33,10 @@
       "Namespace": "kube-system",
       "ResourceName": "cluster-dns"
     },
+    {
+      "Namespace": "kube-system",
+      "ResourceName": "cluster-dns"
+    },
     {
       "Namespace": "kube-system",
       "ResourceName": "cluster-kubestore"

pkg/kor/exceptions/crds/crds.json

@@ -36,6 +36,10 @@
       "Namespace": "",
       "ResourceName": "etcdsnapshotfiles.k3s.cattle.io"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "etcdsnapshotfiles.k3s.cattle.io"
+    },
     {
       "Namespace": "",
       "ResourceName": "frontendconfigs.networking.gke.io"
@@ -52,6 +56,14 @@
       "Namespace": "",
       "ResourceName": "helmchartconfigs.helm.cattle.io"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "helmchartconfigs.helm.cattle.io"
+    },
+    {
+      "Namespace": "",
+      "ResourceName": "ingressroutes.traefik.containo.us"
+    },
     {
       "Namespace": "",
       "ResourceName": "ingressroutes.traefik.containo.us"
@@ -60,6 +72,14 @@
       "Namespace": "",
       "ResourceName": "ingressroutetcps.traefik.containo.us"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "ingressroutetcps.traefik.containo.us"
+    },
+    {
+      "Namespace": "",
+      "ResourceName": "ingressroutetcps.traefik.io"
+    },
     {
       "Namespace": "",
       "ResourceName": "ingressroutetcps.traefik.io"
@@ -68,6 +88,14 @@
       "Namespace": "",
       "ResourceName": "ingressrouteudps.traefik.containo.us"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "ingressrouteudps.traefik.containo.us"
+    },
+    {
+      "Namespace": "",
+      "ResourceName": "ingressrouteudps.traefik.io"
+    },
     {
       "Namespace": "",
       "ResourceName": "ingressrouteudps.traefik.io"
@@ -84,6 +112,14 @@
       "Namespace": "",
       "ResourceName": "middlewares.traefik.containo.us"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "middlewares.traefik.containo.us"
+    },
+    {
+      "Namespace": "",
+      "ResourceName": "middlewares.traefik.io"
+    },
     {
       "Namespace": "",
       "ResourceName": "middlewares.traefik.io"
@@ -92,6 +128,14 @@
       "Namespace": "",
       "ResourceName": "middlewaretcps.traefik.containo.us"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "middlewaretcps.traefik.containo.us"
+    },
+    {
+      "Namespace": "",
+      "ResourceName": "middlewaretcps.traefik.io"
+    },
     {
       "Namespace": "",
       "ResourceName": "middlewaretcps.traefik.io"
@@ -124,6 +168,14 @@
       "Namespace": "",
       "ResourceName": "serverstransports.traefik.containo.us"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "serverstransports.traefik.containo.us"
+    },
+    {
+      "Namespace": "",
+      "ResourceName": "serverstransports.traefik.io"
+    },
     {
       "Namespace": "",
       "ResourceName": "serverstransports.traefik.io"
@@ -132,6 +184,10 @@
       "Namespace": "",
       "ResourceName": "serverstransporttcps.traefik.io"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "serverstransporttcps.traefik.io"
+    },
     {
       "Namespace": "",
       "ResourceName": "serviceattachments.networking.gke.io"
@@ -144,10 +200,22 @@
       "Namespace": "",
       "ResourceName": "tlsoptions.traefik.containo.us"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "tlsoptions.traefik.containo.us"
+    },
     {
       "Namespace": "",
       "ResourceName": "tlsoptions.traefik.io"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "tlsoptions.traefik.io"
+    },
+    {
+      "Namespace": "",
+      "ResourceName": "tlsstores.traefik.containo.us"
+    },
     {
       "Namespace": "",
       "ResourceName": "tlsstores.traefik.containo.us"
@@ -156,6 +224,14 @@
       "Namespace": "",
       "ResourceName": "tlsstores.traefik.io"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "tlsstores.traefik.io"
+    },
+    {
+      "Namespace": "",
+      "ResourceName": "traefikservices.traefik.containo.us"
+    },
     {
       "Namespace": "",
       "ResourceName": "traefikservices.traefik.containo.us"
@@ -164,6 +240,10 @@
       "Namespace": "",
       "ResourceName": "traefikservices.traefik.io"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "traefikservices.traefik.io"
+    },
     {
       "Namespace": "",
       "ResourceName": "updateinfos.nodemanagement.gke.io"

pkg/kor/exceptions/secrets/secrets.json

@@ -2,11 +2,13 @@
   "exceptionSecrets": [
     {
       "Namespace": "kube-system",
-      "ResourceName": "*.node-password.k3s"
+      "ResourceName": ".*\\.node-password\\.k3s",
+      "MatchRegex": true
     },
     {
       "Namespace": "kube-system",
-      "ResourceName": "bootstrap-token-*"
+      "ResourceName": "bootstrap-token-.*",
+      "MatchRegex": true
     },
     {
       "Namespace": "kube-system",

pkg/kor/exceptions/serviceaccounts/serviceaccounts.json

@@ -1,8 +1,9 @@
 {
   "exceptionServiceAccounts": [
     {
-      "Namespace": "*",
-      "ResourceName": "default"
+      "Namespace": ".*",
+      "ResourceName": "default",
+      "MatchRegex": true
     },
     {
       "Namespace": "kube-system",

pkg/kor/exceptions/storageclasses/storageclasses.json

@@ -24,6 +24,10 @@
       "Namespace": "",
       "ResourceName": "local-path"
     },
+    {
+      "Namespace": "",
+      "ResourceName": "local-path"
+    },
     {
       "Namespace": "",
       "ResourceName": "managed"

pkg/kor/jobs.go

@@ -36,7 +36,12 @@ func processNamespaceJobs(clientset kubernetes.Interface, namespace string, filt
 			continue
 		}
 
-		if isResourceException(job.Name, job.Namespace, config.ExceptionJobs) {
+		exceptionFound, err := isResourceException(job.Name, job.Namespace, config.ExceptionJobs)
+		if err != nil {
+			return nil, err
+		}
+
+		if exceptionFound {
 			continue
 		}