def fetch_credentials(digest2pods):
creds = ""
for _, pods in digest2pods.items():
if creds:
break
for pod in pods:
if creds:
break
pull_secrets = pod["spec"].get("imagePullSecrets", "null")
if pull_secrets != "null":
for pull_secret in pull_secrets:
token_name = pull_secret["name"]
token = kubectl.get("secret", token_name)
secret_base64 = token["data"].get(".dockerconfigjson", "")
if not secret_base64:
continue
secret_dict = json.loads(base64.b64decode(secret_base64))
hostname = list(secret_dict["auths"].keys())[0]
username = secret_dict["auths"][hostname]["username"]
password = secret_dict["auths"][hostname]["password"]
creds = "{}:{}".format(username, password)
break
return creds
def collect_data(image_regexp, pod_selectors, verbose=False):
image2digest2pods = {}
for pod in kubectl.get("pods")["items"]:
for container in pod["status"]["containerStatuses"]:
image_name = container["image"]
if not matches_image(image_regexp, image_name, verbose):
continue
if not matches_pod(pod_selectors, pod["metadata"].get(
"labels", {}), pod["metadata"]["name"], verbose):
continue
digest = re.sub("^.*@", "", container.get("imageID", ""))
if image_name not in image2digest2pods:
image2digest2pods[image_name] = {}
if digest not in image2digest2pods[image_name]:
image2digest2pods[image_name][digest] = []
image2digest2pods[image_name][digest].append(pod)
if verbose:
for image in image2digest2pods:
print("selected: docker-image/{}".format(image))
return image2digest2pods
def _get_raw_status(self):
return api.get(self.definition_type, self.name)['status']
def get_first_owner(resource):
owners = resource["metadata"].get("ownerReferences", [])
if not owners:
return None
return kubectl.get(owners[0]["kind"], owners[0]["name"])