feat: make cleaner delete full namespace

Signed-off-by: osamamagdy <[email protected]>

Author: osamamagdy

cleaner/.jest/setEnvVars.js

@@ -0,0 +1,2 @@
+process.env.MAX_INACTIVE_DURATION = '2d';
+process.env.SHOULD_DELETE = true;

cleaner/jest.config.js

@@ -0,0 +1,4 @@
+module.exports = {
+  setupFiles: ['./.jest/setEnvVars.js'],
+  // ... other configurations
+};

cleaner/package-lock.json

@@ -10,12 +10,15 @@
   "author": "iteratec GmbH",
   "license": "Apache-2.0",
   "dependencies": {
-    "@kubernetes/client-node": "^0.18.1"
+    "@kubernetes/client-node": "^0.18.1",
+    "jest-date-mock": "^1.0.8",
+    "supertest": "^6.3.3",
+    "winston": "^3.8.2"
   },
   "devDependencies": {
     "eslint": "^8.33.0",
     "eslint-plugin-prettier": "^4.2.1",
-    "jest": "^29.4.2",
+    "jest": "^29.4.3",
     "prettier": "^2.8.4"
   },
   "overrides": {

cleaner/package.json

@@ -0,0 +1,45 @@
+const { KubeConfig, AppsV1Api, CoreV1Api } = require('@kubernetes/client-node');
+const kc = new KubeConfig();
+kc.loadFromCluster();
+
+const k8sAppsApi = kc.makeApiClient(AppsV1Api);
+const k8sCoreApi = kc.makeApiClient(CoreV1Api);
+
+const { logger } = require('./logger');
+
+const getTeamInstances = (namespaceName) =>
+  k8sAppsApi.listNamespacedDeployment(namespaceName).catch((error) => {
+    logger.info(error);
+    throw new Error(error.response.body.message);
+  });
+module.exports.getTeamInstances = getTeamInstances;
+
+const getTeamJuiceShopInstances = (namespaceName) =>
+  k8sAppsApi
+    .listNamespacedDeployment(
+      namespaceName,
+      false,
+      true,
+      undefined,
+      undefined,
+      'app in (wrongsecrets, virtualdesktop)'
+    )
+    .catch((error) => {
+      logger.info(error);
+      throw new Error(error.response.body.message);
+    });
+module.exports.getTeamJuiceShopInstances = getTeamJuiceShopInstances;
+
+const getNamespaces = () =>
+  k8sCoreApi.listNamespace(undefined, true, undefined, undefined, undefined, 200).catch((error) => {
+    logger.info(error);
+    throw new Error(error.response.body.message);
+  });
+module.exports.getNamespaces = getNamespaces;
+
+const deleteNamespaceForTeam = async (namespaceName) => {
+  await k8sCoreApi.deleteNamespace(namespaceName).catch((error) => {
+    throw new Error(error.response.body.message);
+  });
+};
+module.exports.deleteNamespaceForTeam = deleteNamespaceForTeam;

cleaner/src/kubernetes.js

@@ -0,0 +1,23 @@
+const winston = require('winston');
+
+const myFormat = winston.format.printf(({ level, message, timestamp }) => {
+  return `time="${timestamp}" level="${level}" msg="${message}"`;
+});
+
+const getLogLevelForEnvironment = (env) => {
+  switch (env) {
+    case 'development':
+      return 'debug';
+    case 'test':
+      return 'emerg';
+    default:
+      return 'info';
+  }
+};
+
+const logger = winston.createLogger({
+  level: getLogLevelForEnvironment(process.env['NODE_ENV']),
+  format: winston.format.combine(winston.format.timestamp(), myFormat),
+  transports: [new winston.transports.Console()],
+});
+module.exports.logger = logger;

cleaner/src/logger.js

@@ -1,13 +1,14 @@
-const { KubeConfig, AppsV1Api } = require('@kubernetes/client-node');
-
 const { parseTimeDurationString, msToHumanReadable } = require('./time');
 
-const kc = new KubeConfig();
-kc.loadFromCluster();
-
-const k8sAppsApi = kc.makeApiClient(AppsV1Api);
+const {
+  getTeamInstances,
+  getTeamJuiceShopInstances,
+  getNamespaces,
+  deleteNamespaceForTeam,
+} = require('./kubernetes');
 
 const MaxInactiveDuration = process.env['MAX_INACTIVE_DURATION'];
+const ShouldDelete = process.env['SHOULD_DELETE'];
 const MaxInactiveDurationInMs = parseTimeDurationString(MaxInactiveDuration);
 
 if (MaxInactiveDurationInMs === null) {
@@ -19,85 +20,148 @@ if (MaxInactiveDurationInMs === null) {
     "30m" for 30 minutes.
   `);
 }
-
+/**
+ * The approach is simple:
+ * 1. Get all namespaces and loop over them
+ * 2. For each namespace, get all wrongsecrets deployments and loop over them
+ * 3. For each deployment, check if it has been inactive for more than the configured duration
+ * 4. If it has, count it
+ * 5. If it hasn't, skip it
+ * 6. Repeat for all deployments
+ * 7. If the number of inactive deployments equals the number of all deployments, delete the namespace
+ * 8. Repeat for all namespaces
+ * 9. Print out some stats
+ * 10. Exit
+ */
 async function main() {
-  const counts = {
-    successful: {
-      deployments: 0,
-      services: 0,
-    },
-    failed: {
-      deployments: 0,
-      services: 0,
-    },
-  };
-
-  console.log(
-    `Looking for Instances & namespaces which have been inactive for more than ${MaxInactiveDuration}.`
-  );
-  const instances = await k8sAppsApi.listDeploymentForAllNamespaces(
-    true,
-    undefined,
-    undefined,
-    'app in (wrongsecrets, virtualdesktop)',
-    200
-  );
-
-  console.log(`Found ${instances.body.items.length} instances. Checking their activity.`);
+  console.log('Starting WrongSecrets Instance Cleanup');
+  console.log('');
+  console.log('Configuration:');
+  console.log(`  MAX_INACTIVE_DURATION: ${MaxInactiveDuration}`);
+  console.log(`  SHOULD_DELETE: ${ShouldDelete}`);
+  console.log('');
+  const namespacesNames = await listOldNamespaces();
+  const counts = await deleteNamespaces(namespacesNames);
+  console.log('');
+  console.log('Finished WrongSecrets Instance Cleanup');
+  console.log('');
+  console.log('Successful deletions:');
+  console.log(`  Namespaces: ${counts.successful.namespaces}`);
+  console.log('Failed deletions:');
+  console.log(`  Namespaces: ${counts.failed.namespaces}`);
+}
 
-  for (const instance of instances.body.items) {
-    const instanceName = instance.metadata.name;
-    const lastConnectTimestamps = parseInt(
-      instance.metadata.annotations['wrongsecrets-ctf-party/lastRequest'],
-      10
-    );
+async function listOldNamespaces() {
+  var namespacesNames = [];
+  // Get all namespaces
+  const namespaces = await getNamespaces();
+  console.log(`Found ${namespaces.body.items.length} namespaces. Checking their activity.`);
+  // Loop over all namespaces
+  for (const namespace of namespaces.body.items) {
+    console.log(`Checking ${namespace.metadata.name} namespaces activity.`);
+    // Get the name of the namespace
+    const namespaceName = namespace.metadata.name;
+    console.log('Looking for deployments in namespace ' + namespaceName);
+    // Get all deployments in the namespace
+    const deployments = await getTeamJuiceShopInstances(namespaceName);
+    // Check if deployments exist, if not, skip the namespace
+    // IMPORTANT: In case the namespace is completely empty, it will not be deleted as the user might want it as a playground
+    if (deployments === undefined || deployments.body.items.length === 0) {
+      console.log(`No wrongsecrets deployments found in namespace ${namespaceName}. Skipping...`);
+      continue;
+    }
+    // Check if the namespace is only used by the wrongsecrets instance. If not, skip the namespace
+    const AllDeployments = await getTeamInstances(namespaceName);
+    if (AllDeployments.body.items.length > deployments.body.items.length) {
+      console.log(`Namespace ${namespaceName} is used by other deployments. Skipping...`);
+      continue;
+    }
+    console.log(`Found ${deployments.body.items.length} wrongsecrets deployments
+     in namespace ${namespaceName}.`);
+    //Assume all deployments are active at first
+    var numberOfActiveDeployments = deployments.body.items.length;
+    // Loop over all deployments
+    for (const deployment of deployments.body.items) {
+      // Get the name of the deployment
+      const deploymentName = deployment.metadata.name;
+      const lastConnectTimestamps = parseInt(
+        deployment.metadata.annotations['wrongsecrets-ctf-party/lastRequest'],
+        10
+      );
 
-    console.log(`Checking instance: '${instanceName}'.`);
+      console.log(`Checking deployment: '${deploymentName}'.`);
 
-    const currentTime = new Date().getTime();
+      const currentTime = new Date().getTime();
 
-    const timeDifference = currentTime - lastConnectTimestamps;
-    var teamname = instance.metadata.labels.team;
-    if (timeDifference > MaxInactiveDurationInMs) {
-      console.log(
-        `Instance: '${instanceName}'. Instance hasn't been used in ${msToHumanReadable(
-          timeDifference
-        )}.`
-      );
-      console.log(`Instance belongs to namespace ${teamname}`);
-      try {
-        console.log(`not yet implemented, but would be deleting namespace ${teamname} now`);
-        // await k8sAppsApi.deleteNamespacedDeployment(instanceName, teamname);
-        counts.successful.deployments++;
-      } catch (error) {
-        counts.failed.deployments++;
-        console.error(`Failed to delete namespace '${teamname}'`);
-        console.error(error);
+      const timeDifference = currentTime - lastConnectTimestamps;
+      var teamname = deployment.metadata.labels.team;
+      if (timeDifference > MaxInactiveDurationInMs) {
+        console.log(
+          `Instance: '${deploymentName}'. Instance hasn't been used in ${msToHumanReadable(
+            timeDifference
+          )}.`
+        );
+        console.log(`Considered inactive.`);
+        numberOfActiveDeployments--;
+      } else {
+        console.log(
+          `Instance: '${deploymentName}' from '${teamname}'. Been last active ${msToHumanReadable(
+            timeDifference
+          )} ago.`
+        );
+        console.log(`Considered active. The namespace will not be deleted.`);
+        // If the deployment is active, we can break the loop
+        break;
       }
-    } else {
-      console.log(
-        `Not deleting Instance: '${instanceName}' from '${teamname}'. Been last active ${msToHumanReadable(
-          timeDifference
-        )} ago.`
-      );
+    }
+    // If all deployments are inactive, add the namespace to the list
+    if (numberOfActiveDeployments === 0) {
+      console.log(`All deployments in namespace ${namespaceName} are inactive. Should be deleted.`);
+      namespacesNames.push(namespaceName);
     }
   }
+  return namespacesNames;
+}
 
+async function deleteNamespaces(namespaceNames) {
+  const counts = {
+    successful: {
+      namespaces: 0,
+    },
+    failed: {
+      namespaces: 0,
+    },
+  };
+  // Check if the list is empty
+  if (namespaceNames === undefined || namespaceNames.length === 0) {
+    console.log('No namespaces to delete.');
+    return counts;
+  }
+  // Check for the SHOULD_DELETE environment variable
+  if (ShouldDelete === 'false') {
+    console.log('SHOULD_DELETE is set to false. Skipping deletion.');
+    return counts;
+  }
+  // Loop over all namespaces
+  for (const namespaceName of namespaceNames) {
+    console.log(`Deleting namespace ${namespaceName}...`);
+    try {
+      await deleteNamespaceForTeam(namespaceName);
+      counts.successful.namespaces++;
+    } catch (err) {
+      counts.failed.namespaces++;
+      console.error(`Failed to delete namespace ${namespaceName}.`);
+      // console.error(err);
+    }
+  }
   return counts;
 }
+module.exports = {
+  listOldNamespaces,
+  deleteNamespaces,
+};
 
-main()
-  .then((counts) => {
-    console.log('Finished WrongSecrets Instance Cleanup');
-    console.log('');
-    console.log('Successful deletions:');
-    console.log(`  Deployments: ${counts.successful.deployments}`);
-    console.log(`  Services: ${counts.successful.services}`);
-    console.log('Failed deletions:');
-    console.log(`  Deployments: ${counts.failed.deployments}`);
-    console.log(`  Services: ${counts.failed.services}`);
-  })
-  .catch((err) => {
-    console.error('Failed deletion tasks');
-    console.error(err);
-  });
+main().catch((err) => {
+  console.error('Failed deletion tasks');
+  console.error(err);
+});