Helm secret exception (#20)

* create list for skipping secrets used by Helm * remove helm secrets based on type --------- Co-authored-by: Yonah Dissen <ydissen@vmware.com>
yonahd · Aug 8, 2023 · c4d6194 · c4d6194
1 parent bff5d26
commit c4d6194
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/cmd/kor/root.go b/cmd/kor/root.go
@@ -12,10 +12,9 @@ var rootCmd = &cobra.Command{
 	Short: "kor - a CLI to to discover unused Kubernetes resources",
 	Long: `kor is a CLI to to discover unused Kubernetes resources 
 	kor can currently discover unused configmaps and secrets`,
+	Args: cobra.MinimumNArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
-		if len(args) == 0 {
-			cmd.Help()
-		}
+
 	},
 }
 

diff --git a/pkg/kor/secrets.go b/pkg/kor/secrets.go
@@ -9,8 +9,13 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	_ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
+	"k8s.io/utils/strings/slices"
 )
 
+var exceptionSecretTypes = []string{
+	`helm.sh/release.v1`,
+}
+
 func getSATokens(clientset *kubernetes.Clientset, namespace string) ([]string, error) {
 	// Retrieve secrets in all namespaces with type "kubernetes.io/service-account-token"
 	secrets, err := clientset.CoreV1().Secrets(namespace).List(context.TODO(), metav1.ListOptions{
@@ -106,7 +111,9 @@ func retrieveSecretNames(kubeClient *kubernetes.Clientset, namespace string) ([]
 	}
 	names := make([]string, 0, len(secrets.Items))
 	for _, secret := range secrets.Items {
-		names = append(names, secret.Name)
+		if !slices.Contains(exceptionSecretTypes, string(secret.Type)) {
+			names = append(names, secret.Name)
+		}
 	}
 	return names, nil
 }