From ab123344030a42e4662f28b1d03fe96bad7612aa Mon Sep 17 00:00:00 2001
From: Aleksandar Milanov <amilanov@vmware.com>
Date: Tue, 3 Dec 2024 16:11:52 +0200
Subject: [PATCH 1/2] Check initContainers if they have env vars from a
 configmap or a secret

---
 pkg/kor/configmaps.go      |  5 +++++
 pkg/kor/configmaps_test.go | 15 +++++++++++++--
 pkg/kor/secrets.go         |  5 +++++
 pkg/kor/secrets_test.go    | 15 ++++++++++++---
 4 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/pkg/kor/configmaps.go b/pkg/kor/configmaps.go
index 44b57fd9..9a3db246 100644
--- a/pkg/kor/configmaps.go
+++ b/pkg/kor/configmaps.go
@@ -72,6 +72,11 @@ func retrieveUsedCM(clientset kubernetes.Interface, namespace string) ([]string,
 					envFromInitContainerCM = append(envFromInitContainerCM, env.ValueFrom.ConfigMapKeyRef.Name)
 				}
 			}
+			for _, envFrom := range initContainer.EnvFrom {
+				if envFrom.ConfigMapRef != nil {
+					envFromInitContainerCM = append(envFromInitContainerCM, envFrom.ConfigMapRef.Name)
+				}
+			}
 		}
 	}
 
diff --git a/pkg/kor/configmaps_test.go b/pkg/kor/configmaps_test.go
index a0d8f410..a1793e5c 100644
--- a/pkg/kor/configmaps_test.go
+++ b/pkg/kor/configmaps_test.go
@@ -58,6 +58,12 @@ func createTestConfigmaps(t *testing.T) *fake.Clientset {
 		t.Fatalf("Error creating fake configmap: %v", err)
 	}
 
+	configmap6 := CreateTestConfigmap(testNamespace, "configmap-6", AppLabels)
+	_, err = clientset.CoreV1().ConfigMaps(testNamespace).Create(context.TODO(), configmap6, metav1.CreateOptions{})
+	if err != nil {
+		t.Fatalf("Error creating fake configmap: %v", err)
+	}
+
 	pod1 := CreateTestPod(testNamespace, "pod-1", "", []corev1.Volume{
 		{
 			Name:         "vol-1",
@@ -95,6 +101,11 @@ func createTestConfigmaps(t *testing.T) *fake.Clientset {
 					ValueFrom: &corev1.EnvVarSource{ConfigMapKeyRef: &corev1.ConfigMapKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: configmap2.ObjectMeta.Name}}},
 				},
 			},
+			EnvFrom: []corev1.EnvFromSource{
+				{
+					ConfigMapRef: &corev1.ConfigMapEnvSource{LocalObjectReference: corev1.LocalObjectReference{Name: configmap6.ObjectMeta.Name}},
+				},
+			},
 		},
 	}
 
@@ -134,6 +145,7 @@ func TestRetrieveConfigMapNames(t *testing.T) {
 		"configmap-1",
 		"configmap-2",
 		"configmap-3",
+		"configmap-6",
 	}
 	if !equalSlices(configMapNames, expectedConfigMapNames) {
 		t.Errorf("Expected configmap names %v, got %v", expectedConfigMapNames, configMapNames)
@@ -188,11 +200,10 @@ func TestRetrieveUsedCM(t *testing.T) {
 		t.Errorf("Expected envFrom configmaps %v, got %v", expectedEnvFromContainerCM, envFromContainerCM)
 	}
 
-	expectedEnvFromInitContainerCM := []string{"configmap-2"}
+	expectedEnvFromInitContainerCM := []string{"configmap-2", "configmap-6"}
 	if !equalSlices(envFromInitContainerCM, expectedEnvFromInitContainerCM) {
 		t.Errorf("Expected initContainer env configmaps %v, got %v", expectedEnvFromInitContainerCM, envFromInitContainerCM)
 	}
-
 }
 
 func TestGetUnusedConfigmapsStructured(t *testing.T) {
diff --git a/pkg/kor/secrets.go b/pkg/kor/secrets.go
index 270e7b94..d4908297 100644
--- a/pkg/kor/secrets.go
+++ b/pkg/kor/secrets.go
@@ -79,6 +79,11 @@ func retrieveUsedSecret(clientset kubernetes.Interface, namespace string) ([]str
 					initContainerEnvSecrets = append(initContainerEnvSecrets, env.ValueFrom.SecretKeyRef.Name)
 				}
 			}
+			for _, envFrom := range initContainer.EnvFrom {
+				if envFrom.SecretRef != nil {
+					initContainerEnvSecrets = append(initContainerEnvSecrets, envFrom.SecretRef.Name)
+				}
+			}
 		}
 
 		for _, volume := range pod.Spec.Volumes {
diff --git a/pkg/kor/secrets_test.go b/pkg/kor/secrets_test.go
index 7873b113..c8164faa 100644
--- a/pkg/kor/secrets_test.go
+++ b/pkg/kor/secrets_test.go
@@ -33,6 +33,7 @@ func createTestSecrets(t *testing.T) *fake.Clientset {
 	secret3 := CreateTestSecret(testNamespace, "test-secret3", AppLabels)
 	secret4 := CreateTestSecret(testNamespace, "test-secret4", UsedLabels)
 	secret5 := CreateTestSecret(testNamespace, "test-secret5", UnusedLabels)
+	secret6 := CreateTestSecret(testNamespace, "test-secret6", AppLabels)
 
 	pod1 := CreateTestPod(testNamespace, "pod-1", "", []corev1.Volume{
 		{
@@ -78,6 +79,9 @@ func createTestSecrets(t *testing.T) *fake.Clientset {
 					ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: secret1.ObjectMeta.Name}}},
 				},
 			},
+			EnvFrom: []corev1.EnvFromSource{
+				{SecretRef: &corev1.SecretEnvSource{LocalObjectReference: corev1.LocalObjectReference{Name: secret6.ObjectMeta.Name}}},
+			},
 		},
 	}
 
@@ -142,6 +146,11 @@ func createTestSecrets(t *testing.T) *fake.Clientset {
 		t.Fatalf("Error creating fake %s: %v", "Secret", err)
 	}
 
+	_, err = clientset.CoreV1().Secrets(testNamespace).Create(context.TODO(), secret6, v1.CreateOptions{})
+	if err != nil {
+		t.Fatalf("Error creating fake %s: %v", "Secret", err)
+	}
+
 	return clientset
 }
 
@@ -209,7 +218,7 @@ func TestRetrieveUsedSecret(t *testing.T) {
 		t.Errorf("Expected envFrom secrets %v, got %v", expectedEnvSecrets2, envSecrets2)
 	}
 
-	expectedInitContainerEnvSecrets := []string{"test-secret1"}
+	expectedInitContainerEnvSecrets := []string{"test-secret1", "test-secret6"}
 	if !equalSlices(initContainerEnvSecrets, expectedInitContainerEnvSecrets) {
 		t.Errorf("Expected initContainer env secrets %v, got %v", expectedInitContainerEnvSecrets, initContainerEnvSecrets)
 	}
@@ -265,11 +274,11 @@ func TestProcessNamespaceSecret(t *testing.T) {
 	}
 
 	if len(unusedSecrets) != 2 {
-		t.Errorf("Expected 2 used Secret objects, got %d", len(unusedSecrets))
+		t.Errorf("Expected 2 unused Secret objects, got %d", len(unusedSecrets))
 	}
 
 	if !resourceInfoContains(unusedSecrets, "test-secret3") {
-		t.Error("Expected specific Secret  in the list")
+		t.Error("Expected specific Secret in the list")
 	}
 
 }

From 1a2d93d0b1b01b7ce78823d0b6038ff9c07bd1b5 Mon Sep 17 00:00:00 2001
From: Aleksandar Milanov <amilanov@vmware.com>
Date: Tue, 3 Dec 2024 16:11:52 +0200
Subject: [PATCH 2/2] Check initContainers if they have env vars from a
 configmap or a secret

---
 pkg/kor/configmaps_test.go | 11 +++++++++++
 pkg/kor/secrets_test.go    | 17 ++++++++++++++---
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/pkg/kor/configmaps_test.go b/pkg/kor/configmaps_test.go
index a1793e5c..4349c105 100644
--- a/pkg/kor/configmaps_test.go
+++ b/pkg/kor/configmaps_test.go
@@ -101,6 +101,12 @@ func createTestConfigmaps(t *testing.T) *fake.Clientset {
 					ValueFrom: &corev1.EnvVarSource{ConfigMapKeyRef: &corev1.ConfigMapKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: configmap2.ObjectMeta.Name}}},
 				},
 			},
+		},
+	}
+
+	pod5 := CreateTestPod(testNamespace, "pod-5", "", nil, AppLabels)
+	pod5.Spec.InitContainers = []corev1.Container{
+		{
 			EnvFrom: []corev1.EnvFromSource{
 				{
 					ConfigMapRef: &corev1.ConfigMapEnvSource{LocalObjectReference: corev1.LocalObjectReference{Name: configmap6.ObjectMeta.Name}},
@@ -129,6 +135,11 @@ func createTestConfigmaps(t *testing.T) *fake.Clientset {
 		t.Fatalf("Error creating fake pod: %v", err)
 	}
 
+	_, err = clientset.CoreV1().Pods(testNamespace).Create(context.TODO(), pod5, metav1.CreateOptions{})
+	if err != nil {
+		t.Fatalf("Error creating fake pod: %v", err)
+	}
+
 	return clientset
 }
 
diff --git a/pkg/kor/secrets_test.go b/pkg/kor/secrets_test.go
index c8164faa..0acc2774 100644
--- a/pkg/kor/secrets_test.go
+++ b/pkg/kor/secrets_test.go
@@ -79,9 +79,6 @@ func createTestSecrets(t *testing.T) *fake.Clientset {
 					ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: secret1.ObjectMeta.Name}}},
 				},
 			},
-			EnvFrom: []corev1.EnvFromSource{
-				{SecretRef: &corev1.SecretEnvSource{LocalObjectReference: corev1.LocalObjectReference{Name: secret6.ObjectMeta.Name}}},
-			},
 		},
 	}
 
@@ -91,6 +88,15 @@ func createTestSecrets(t *testing.T) *fake.Clientset {
 		{Name: secret2.ObjectMeta.Name},
 	}
 
+	pod7 := CreateTestPod(testNamespace, "pod-7", "", nil, AppLabels)
+	pod7.Spec.InitContainers = []corev1.Container{
+		{
+			EnvFrom: []corev1.EnvFromSource{
+				{SecretRef: &corev1.SecretEnvSource{LocalObjectReference: corev1.LocalObjectReference{Name: secret6.ObjectMeta.Name}}},
+			},
+		},
+	}
+
 	_, err = clientset.CoreV1().Pods(testNamespace).Create(context.TODO(), pod1, v1.CreateOptions{})
 	if err != nil {
 		t.Fatalf("Error creating fake pod: %v", err)
@@ -121,6 +127,11 @@ func createTestSecrets(t *testing.T) *fake.Clientset {
 		t.Fatalf("Error creating fake pod: %v", err)
 	}
 
+	_, err = clientset.CoreV1().Pods(testNamespace).Create(context.TODO(), pod7, v1.CreateOptions{})
+	if err != nil {
+		t.Fatalf("Error creating fake pod: %v", err)
+	}
+
 	_, err = clientset.CoreV1().Secrets(testNamespace).Create(context.TODO(), secret1, v1.CreateOptions{})
 	if err != nil {
 		t.Fatalf("Error creating fake %s: %v", "Secret", err)