chore: add missing filters to service and SA

Fixes #145

charts/kor/Chart.yaml

@@ -21,4 +21,4 @@ version: 0.1.2
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.2.7"
+appVersion: "0.2.8"

charts/kor/README.md

@@ -1,6 +1,6 @@
 # kor
 
-![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.7](https://img.shields.io/badge/AppVersion-0.2.7-informational?style=flat-square)
+![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.8](https://img.shields.io/badge/AppVersion-0.2.8-informational?style=flat-square)
 
 A Helm chart for Kubernetes
 

cmd/kor/serviceaccounts.go

@@ -15,7 +15,7 @@ var serviceAccountCmd = &cobra.Command{
 	Run: func(cmd *cobra.Command, args []string) {
 		clientset := kor.GetKubeClient(kubeconfig)
 
-		if response, err := kor.GetUnusedServiceAccounts(includeExcludeLists, clientset, outputFormat, opts); err != nil {
+		if response, err := kor.GetUnusedServiceAccounts(includeExcludeLists, filterOptions, clientset, outputFormat, opts); err != nil {
 			fmt.Println(err)
 		} else {
 			fmt.Println(response)

cmd/kor/services.go

@@ -15,7 +15,7 @@ var serviceCmd = &cobra.Command{
 	Run: func(cmd *cobra.Command, args []string) {
 		clientset := kor.GetKubeClient(kubeconfig)
 
-		if response, err := kor.GetUnusedServices(includeExcludeLists, clientset, outputFormat, opts); err != nil {
+		if response, err := kor.GetUnusedServices(includeExcludeLists, filterOptions, clientset, outputFormat, opts); err != nil {
 			fmt.Println(err)
 		} else {
 			fmt.Println(response)

pkg/kor/all.go

@@ -30,8 +30,8 @@ func getUnusedCMs(clientset kubernetes.Interface, namespace string, filterOpts *
 	return namespaceCMDiff
 }
 
-func getUnusedSVCs(clientset kubernetes.Interface, namespace string) ResourceDiff {
-	svcDiff, err := ProcessNamespaceServices(clientset, namespace)
+func getUnusedSVCs(clientset kubernetes.Interface, namespace string, filterOpts *FilterOptions) ResourceDiff {
+	svcDiff, err := ProcessNamespaceServices(clientset, namespace, filterOpts)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Failed to get %s namespace %s: %v\n", "services", namespace, err)
 	}
@@ -48,8 +48,8 @@ func getUnusedSecrets(clientset kubernetes.Interface, namespace string, filterOp
 	return namespaceSecretDiff
 }
 
-func getUnusedServiceAccounts(clientset kubernetes.Interface, namespace string) ResourceDiff {
-	saDiff, err := processNamespaceSA(clientset, namespace)
+func getUnusedServiceAccounts(clientset kubernetes.Interface, namespace string, filterOpts *FilterOptions) ResourceDiff {
+	saDiff, err := processNamespaceSA(clientset, namespace, filterOpts)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Failed to get %s namespace %s: %v\n", "serviceaccounts", namespace, err)
 	}
@@ -139,11 +139,11 @@ func GetUnusedAll(includeExcludeLists IncludeExcludeLists, filterOpts *FilterOpt
 		var allDiffs []ResourceDiff
 		namespaceCMDiff := getUnusedCMs(clientset, namespace, filterOpts)
 		allDiffs = append(allDiffs, namespaceCMDiff)
-		namespaceSVCDiff := getUnusedSVCs(clientset, namespace)
+		namespaceSVCDiff := getUnusedSVCs(clientset, namespace, filterOpts)
 		allDiffs = append(allDiffs, namespaceSVCDiff)
 		namespaceSecretDiff := getUnusedSecrets(clientset, namespace, filterOpts)
 		allDiffs = append(allDiffs, namespaceSecretDiff)
-		namespaceSADiff := getUnusedServiceAccounts(clientset, namespace)
+		namespaceSADiff := getUnusedServiceAccounts(clientset, namespace, filterOpts)
 		allDiffs = append(allDiffs, namespaceSADiff)
 		namespaceDeploymentDiff := getUnusedDeployments(clientset, namespace, filterOpts)
 		allDiffs = append(allDiffs, namespaceDeploymentDiff)

pkg/kor/multi.go

@@ -36,11 +36,11 @@ func retrieveNamespaceDiffs(clientset kubernetes.Interface, namespace string, re
 		case "cm", "configmap", "configmaps":
 			diffResult = getUnusedCMs(clientset, namespace, filterOpts)
 		case "svc", "service", "services":
-			diffResult = getUnusedSVCs(clientset, namespace)
+			diffResult = getUnusedSVCs(clientset, namespace, filterOpts)
 		case "scrt", "secret", "secrets":
 			diffResult = getUnusedSecrets(clientset, namespace, filterOpts)
 		case "sa", "serviceaccount", "serviceaccounts":
-			diffResult = getUnusedServiceAccounts(clientset, namespace)
+			diffResult = getUnusedServiceAccounts(clientset, namespace, filterOpts)
 		case "deploy", "deployment", "deployments":
 			diffResult = getUnusedDeployments(clientset, namespace, filterOpts)
 		case "sts", "statefulset", "statefulsets":

pkg/kor/serviceaccounts.go

@@ -101,7 +101,7 @@ func retrieveUsedSA(clientset kubernetes.Interface, namespace string) ([]string,
 	return podServiceAccounts, roleServiceAccounts, clusterRoleServiceAccounts, nil
 }
 
-func retrieveServiceAccountNames(clientset kubernetes.Interface, namespace string) ([]string, error) {
+func retrieveServiceAccountNames(clientset kubernetes.Interface, namespace string, filterOpts *FilterOptions) ([]string, error) {
 	serviceaccounts, err := clientset.CoreV1().ServiceAccounts(namespace).List(context.TODO(), metav1.ListOptions{})
 	if err != nil {
 		return nil, err
@@ -112,12 +112,20 @@ func retrieveServiceAccountNames(clientset kubernetes.Interface, namespace strin
 			continue
 		}
 
+		if excluded, _ := HasExcludedLabel(serviceaccount.Labels, filterOpts.ExcludeLabels); excluded {
+			continue
+		}
+
+		if included, _ := HasIncludedAge(serviceaccount.CreationTimestamp, filterOpts); !included {
+			continue
+		}
+
 		names = append(names, serviceaccount.Name)
 	}
 	return names, nil
 }
 
-func processNamespaceSA(clientset kubernetes.Interface, namespace string) ([]string, error) {
+func processNamespaceSA(clientset kubernetes.Interface, namespace string, filterOpts *FilterOptions) ([]string, error) {
 	usedServiceAccounts, roleServiceAccounts, clusterRoleServiceAccounts, err := retrieveUsedSA(clientset, namespace)
 	if err != nil {
 		return nil, err
@@ -129,7 +137,7 @@ func processNamespaceSA(clientset kubernetes.Interface, namespace string) ([]str
 
 	usedServiceAccounts = append(append(usedServiceAccounts, roleServiceAccounts...), clusterRoleServiceAccounts...)
 
-	serviceAccountNames, err := retrieveServiceAccountNames(clientset, namespace)
+	serviceAccountNames, err := retrieveServiceAccountNames(clientset, namespace, filterOpts)
 	if err != nil {
 		return nil, err
 	}
@@ -139,14 +147,14 @@ func processNamespaceSA(clientset kubernetes.Interface, namespace string) ([]str
 
 }
 
-func GetUnusedServiceAccounts(includeExcludeLists IncludeExcludeLists, clientset kubernetes.Interface, outputFormat string, opts Opts) (string, error) {
+func GetUnusedServiceAccounts(includeExcludeLists IncludeExcludeLists, filterOpts *FilterOptions, clientset kubernetes.Interface, outputFormat string, opts Opts) (string, error) {
 	var outputBuffer bytes.Buffer
 
 	namespaces := SetNamespaceList(includeExcludeLists, clientset)
 	response := make(map[string]map[string][]string)
 
 	for _, namespace := range namespaces {
-		diff, err := processNamespaceSA(clientset, namespace)
+		diff, err := processNamespaceSA(clientset, namespace, filterOpts)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "Failed to process namespace %s: %v\n", namespace, err)
 			continue

pkg/kor/serviceaccounts_test.go

@@ -117,7 +117,7 @@ func TestRetrieveUsedSA(t *testing.T) {
 
 func TestRetrieveServiceAccountNames(t *testing.T) {
 	clientset := createTestServiceAccounts(t)
-	serviceAccountNames, err := retrieveServiceAccountNames(clientset, testNamespace)
+	serviceAccountNames, err := retrieveServiceAccountNames(clientset, testNamespace, &FilterOptions{})
 	if err != nil {
 		t.Fatalf("Expected no error, got %v", err)
 	}
@@ -147,7 +147,7 @@ func TestProcessNamespaceSA(t *testing.T) {
 		t.Fatalf("Error creating fake %s: %v", "Pod", err)
 	}
 
-	unusedServiceAccounts, err := processNamespaceSA(clientset, testNamespace)
+	unusedServiceAccounts, err := processNamespaceSA(clientset, testNamespace, &FilterOptions{})
 	if err != nil {
 		t.Fatalf("Expected no error, got %v", err)
 	}
@@ -183,7 +183,7 @@ func TestGetUnusedServiceAccountsStructured(t *testing.T) {
 		NoInteractive: true,
 	}
 
-	output, err := GetUnusedServiceAccounts(includeExcludeLists, clientset, "json", opts)
+	output, err := GetUnusedServiceAccounts(includeExcludeLists, &FilterOptions{}, clientset, "json", opts)
 	if err != nil {
 		t.Fatalf("Error calling GetUnusedServiceAccountsStructured: %v", err)
 	}

pkg/kor/services.go

@@ -11,7 +11,7 @@ import (
 	"k8s.io/client-go/kubernetes"
 )
 
-func ProcessNamespaceServices(clientset kubernetes.Interface, namespace string) ([]string, error) {
+func ProcessNamespaceServices(clientset kubernetes.Interface, namespace string, filterOpts *FilterOptions) ([]string, error) {
 	endpointsList, err := clientset.CoreV1().Endpoints(namespace).List(context.TODO(), metav1.ListOptions{})
 	if err != nil {
 		return nil, err
@@ -24,6 +24,14 @@ func ProcessNamespaceServices(clientset kubernetes.Interface, namespace string)
 			continue
 		}
 
+		if excluded, _ := HasExcludedLabel(endpoints.Labels, filterOpts.ExcludeLabels); excluded {
+			continue
+		}
+
+		if included, _ := HasIncludedAge(endpoints.CreationTimestamp, filterOpts); !included {
+			continue
+		}
+
 		if len(endpoints.Subsets) == 0 {
 			endpointsWithoutSubsets = append(endpointsWithoutSubsets, endpoints.Name)
 		}
@@ -32,14 +40,14 @@ func ProcessNamespaceServices(clientset kubernetes.Interface, namespace string)
 	return endpointsWithoutSubsets, nil
 }
 
-func GetUnusedServices(includeExcludeLists IncludeExcludeLists, clientset kubernetes.Interface, outputFormat string, opts Opts) (string, error) {
+func GetUnusedServices(includeExcludeLists IncludeExcludeLists, filterOpts *FilterOptions, clientset kubernetes.Interface, outputFormat string, opts Opts) (string, error) {
 	var outputBuffer bytes.Buffer
 
 	namespaces := SetNamespaceList(includeExcludeLists, clientset)
 	response := make(map[string]map[string][]string)
 
 	for _, namespace := range namespaces {
-		diff, err := ProcessNamespaceServices(clientset, namespace)
+		diff, err := ProcessNamespaceServices(clientset, namespace, filterOpts)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "Failed to process namespace %s: %v\n", namespace, err)
 			continue

pkg/kor/services_test.go

@@ -43,7 +43,7 @@ func createTestServices(t *testing.T) *fake.Clientset {
 func TestGetEndpointsWithoutSubsets(t *testing.T) {
 	clientset := createTestServices(t)
 
-	servicesWithoutEndpoints, err := ProcessNamespaceServices(clientset, testNamespace)
+	servicesWithoutEndpoints, err := ProcessNamespaceServices(clientset, testNamespace, &FilterOptions{})
 	if err != nil {
 		t.Errorf("Expected no error, got %v", err)
 	}
@@ -73,7 +73,7 @@ func TestGetUnusedServicesStructured(t *testing.T) {
 		NoInteractive: true,
 	}
 
-	output, err := GetUnusedServices(includeExcludeLists, clientset, "json", opts)
+	output, err := GetUnusedServices(includeExcludeLists, &FilterOptions{}, clientset, "json", opts)
 	if err != nil {
 		t.Fatalf("Error calling GetUnusedServicesStructured: %v", err)
 	}