From 16d988813a7d7a847ad0f96451b9589cdffadce3 Mon Sep 17 00:00:00 2001 From: fujiwara Date: Sat, 7 Sep 2024 01:07:15 +0900 Subject: [PATCH 01/10] Add scan command. ecrm scan only scans existing resources, and outputs image URIs in use. --- cli.go | 105 +++++++++++++++++++++++++++++++++++++++--------------- config.go | 1 + ecrm.go | 94 +++++++++++++++++++++++++++++++++++++----------- ecrm.yaml | 1 + images.go | 53 ++++++++++++++++++++++++++- lambda.go | 2 +- 6 files changed, 205 insertions(+), 51 deletions(-) diff --git a/cli.go b/cli.go index c4ecbff..86096bc 100644 --- a/cli.go +++ b/cli.go @@ -46,30 +46,82 @@ func SetLogLevel(level string) { } type CLI struct { - Config string `help:"Load configuration from FILE" short:"c" default:"ecrm.yaml" env:"ECRM_CONFIG"` - LogLevel string `help:"Set log level (debug, info, notice, warn, error)" default:"info" env:"ECRM_LOG_LEVEL"` - Format string `help:"Output format for plan(table, json)" default:"table" enum:"table,json" env:"ECRM_FORMAT"` - Color bool `help:"Whether or not to color the output" default:"true" env:"ECRM_COLOR" negatable:""` - Version bool `help:"Show version"` - - Plan *PlanCLI `cmd:"" help:"Scan ECS/Lambda resources and find unused ECR images to delete safety."` - Generate *GenerateCLI `cmd:"" help:"Generate ecrm.yaml"` + Config string `help:"Load configuration from FILE" short:"c" default:"ecrm.yaml" env:"ECRM_CONFIG"` + LogLevel string `help:"Set log level (debug, info, notice, warn, error)" default:"info" env:"ECRM_LOG_LEVEL"` + Color bool `help:"Whether or not to color the output" default:"true" env:"ECRM_COLOR" negatable:""` + ShowVersion bool `help:"Show version." name:"version"` + + Generate *GenerateCLI `cmd:"" help:"Generate a configuration file."` + Scan *ScanCLI `cmd:"" help:"Scan ECS/Lambda resources. Output image URIs in use."` + Plan *PlanCLI `cmd:"" help:"Scan ECS/Lambda resources and find unused ECR images that can be deleted safely."` Delete *DeleteCLI `cmd:"" help:"Scan ECS/Lambda resources and delete unused ECR images."` + Version struct{} `cmd:"" default:"1" help:"Show version."` command string app *App } +type GenerateCLI struct { +} + +func (c *GenerateCLI) Option() Option { + return Option{} +} + type PlanCLI struct { - Repository string `short:"r" help:"plan for only images in REPOSITORY" env:"ECRM_REPOSITORY"` + PlanOrDelete } -type GenerateCLI struct { +func (c *PlanCLI) Option() Option { + return Option{ + OutputFile: c.Output, + Format: newOutputFormatFrom(c.Format), + Scan: c.Scan, + ScannedFiles: c.ScannedFiles, + Delete: false, + Repository: c.Repository, + } } type DeleteCLI struct { - Force bool `help:"force delete images without confirmation" env:"ECRM_FORCE"` - Repository string `short:"r" help:"delete only images in REPOSITORY" env:"ECRM_REPOSITORY"` + PlanOrDelete + Force bool `help:"force delete images without confirmation" env:"ECRM_FORCE"` +} + +func (c *DeleteCLI) Option() Option { + return Option{ + OutputFile: c.Output, + Format: newOutputFormatFrom(c.Format), + Scan: c.Scan, + ScannedFiles: c.ScannedFiles, + Delete: true, + Force: c.Force, + Repository: c.Repository, + } +} + +type PlanOrDelete struct { + OutputCLI + Format string `help:"Output format of plan(table, json)" default:"table" enum:"table,json" env:"ECRM_FORMAT"` + Scan bool `help:"Scan ECS/Lambda resources that in use." default:"true" negatable:"" env:"ECRM_SCAN"` + ScannedFiles []string `help:"Files of the scan result. ecrm does not delete images in these files." env:"ECRM_SCANNED_FILES"` + Repository string `help:"Delete only images in the repository." short:"r" env:"ECRM_REPOSITORY"` +} + +type OutputCLI struct { + Output string `help:"File name of the output. The default is STDOUT." short:"o" default:"-" env:"ECRM_OUTPUT"` +} + +type ScanCLI struct { + OutputCLI +} + +func (c *ScanCLI) Option() Option { + return Option{ + OutputFile: c.Output, + Scan: true, + ScanOnly: true, + } } func (app *App) NewCLI() *CLI { @@ -81,30 +133,25 @@ func (app *App) NewCLI() *CLI { } func (c *CLI) Run(ctx context.Context) error { - if c.Version { - log.Println(c.app.Version) - return nil - } color.NoColor = !c.Color SetLogLevel(c.LogLevel) log.Println("[debug] region:", c.app.region) switch c.command { - case "plan": - return c.app.Run(ctx, c.Config, Option{ - Delete: false, - Repository: c.Plan.Repository, - Format: newOutputFormatFrom(c.Format), - }) case "generate": - return c.app.GenerateConfig(ctx, c.Config, Option{}) + return c.app.GenerateConfig(ctx, c.Config, c.Generate.Option()) + case "scan": + return c.app.Run(ctx, c.Config, c.Scan.Option()) + case "plan": + return c.app.Run(ctx, c.Config, c.Plan.Option()) case "delete": - return c.app.Run(ctx, c.Config, Option{ - Delete: true, - Force: c.Delete.Force, - Repository: c.Delete.Repository, - Format: newOutputFormatFrom(c.Format), - }) + return c.app.Run(ctx, c.Config, c.Delete.Option()) + case "version": + fmt.Printf("ecrm version %s\n", c.app.Version) + if !c.ShowVersion { + fmt.Println("Run with --help for usage.") + } + return nil default: return fmt.Errorf("unknown command: %s", c.command) } diff --git a/config.go b/config.go index ef9d09b..ad42684 100644 --- a/config.go +++ b/config.go @@ -140,6 +140,7 @@ func (r *RepositoryConfig) IsExpired(at time.Time) bool { } func LoadConfig(path string) (*Config, error) { + log.Println("[info] loading config file:", path) f, err := os.Open(path) if err != nil { return nil, err diff --git a/ecrm.go b/ecrm.go index c1f7c93..4d1fc05 100644 --- a/ecrm.go +++ b/ecrm.go @@ -42,10 +42,21 @@ type App struct { } type Option struct { - Delete bool - Force bool - Repository string - Format outputFormat + ScanOnly bool + Scan bool + Delete bool + Force bool + Repository string + OutputFile string + Format outputFormat + ScannedFiles []string +} + +func (opt Option) Validate() error { + if len(opt.ScannedFiles) == 0 && !opt.Scan { + return fmt.Errorf("no --scanned-files and --no-scan provided. specify at least one") + } + return nil } func New(ctx context.Context) (*App, error) { @@ -89,40 +100,83 @@ func (app *App) taskDefinitionFamilies(ctx context.Context) ([]string, error) { } func (app *App) Run(ctx context.Context, path string, opt Option) error { + if err := opt.Validate(); err != nil { + return err + } + c, err := LoadConfig(path) if err != nil { return err } + keepImages := make(Images) + if len(opt.ScannedFiles) > 0 { + for _, f := range opt.ScannedFiles { + log.Println("[info] loading scanned image URIs from", f) + imgs := make(Images) + if err := imgs.LoadFile(f); err != nil { + return err + } + log.Println("[info] loaded", len(imgs), "image URIs") + keepImages.Merge(imgs) + } + } + if opt.Scan { + imgs, err := app.DoScan(ctx, c, opt) + if err != nil { + return err + } + keepImages.Merge(imgs) + } + log.Println("[info] total", len(keepImages), "image URIs in use") + if opt.ScanOnly { + if err := keepImages.PrintFile(opt.OutputFile); err != nil { + return err + } + if opt.OutputFile != "" && opt.OutputFile != "-" { + log.Println("[info] saved scanned image URIs to", opt.OutputFile) + } + return nil + } + + return app.DoDelete(ctx, c, opt, keepImages) +} + +func (app *App) DoScan(ctx context.Context, c *Config, opt Option) (Images, error) { + log.Println("[info] scanning resources") // collect images in use by ECS tasks / task definitions var taskdefs []taskdef - holdImages := make(Images) + keepImages := make(Images) if tds, imgs, err := app.scanClusters(ctx, c.Clusters); err != nil { - return err + return nil, err } else { taskdefs = append(taskdefs, tds...) - holdImages.Merge(imgs) + keepImages.Merge(imgs) } if tds, err := app.collectTaskdefs(ctx, c.TaskDefinitions); err != nil { - return err + return nil, err } else { taskdefs = append(taskdefs, tds...) } if imgs, err := app.collectImages(ctx, taskdefs); err != nil { - return err + return nil, err } else { - holdImages.Merge(imgs) + keepImages.Merge(imgs) } // collect images in use by lambda functions if imgs, err := app.scanLambdaFunctions(ctx, c.LambdaFunctions); err != nil { - return err + return nil, err } else { - holdImages.Merge(imgs) + keepImages.Merge(imgs) } + return keepImages, nil +} +func (app *App) DoDelete(ctx context.Context, c *Config, opt Option, keepImages Images) error { + log.Println("[info] finding expired images") // find candidates to delete - candidates, err := app.scanRepositories(ctx, c.Repositories, holdImages, opt) + candidates, err := app.scanRepositories(ctx, c.Repositories, keepImages, opt) if err != nil { return err } @@ -155,7 +209,7 @@ func (app *App) collectImages(ctx context.Context, taskdefs []taskdef) (Images, } for _, id := range ids { if images.Add(id, tds) { - log.Printf("[info] image %s is in use by taskdef %s", id.Short(), tds) + log.Printf("[info] image %s is in use by taskdef %s", id.String(), tds) } } } @@ -178,9 +232,9 @@ func (app *App) repositories(ctx context.Context) ([]ecrTypes.Repository, error) type deletableImageIDs map[RepositoryName][]ecrTypes.ImageIdentifier // scanRepositories scans repositories and find expired images -// holdImages is a set of images in use by ECS tasks / task definitions / lambda functions +// keepImages is a set of images in use by ECS tasks / task definitions / lambda functions // so that they are not deleted -func (app *App) scanRepositories(ctx context.Context, rcs []*RepositoryConfig, holdImages Images, opt Option) (deletableImageIDs, error) { +func (app *App) scanRepositories(ctx context.Context, rcs []*RepositoryConfig, keepImages Images, opt Option) (deletableImageIDs, error) { idsMaps := make(deletableImageIDs) sums := SummaryTable{} in := &ecr.DescribeRepositoriesInput{} @@ -206,7 +260,7 @@ func (app *App) scanRepositories(ctx context.Context, rcs []*RepositoryConfig, h if rc == nil { continue REPO } - imageIDs, sum, err := app.unusedImageIdentifiers(ctx, name, rc, holdImages) + imageIDs, sum, err := app.unusedImageIdentifiers(ctx, name, rc, keepImages) if err != nil { return nil, err } @@ -264,7 +318,7 @@ func (app *App) DeleteImages(ctx context.Context, repo RepositoryName, ids []ecr } // unusedImageIdentifiers finds image identifiers(by image digests) from the repository. -func (app *App) unusedImageIdentifiers(ctx context.Context, repo RepositoryName, rc *RepositoryConfig, holdImages Images) ([]ecrTypes.ImageIdentifier, RepoSummary, error) { +func (app *App) unusedImageIdentifiers(ctx context.Context, repo RepositoryName, rc *RepositoryConfig, keepImages Images) ([]ecrTypes.ImageIdentifier, RepoSummary, error) { sums := NewRepoSummary(repo) images, imageIndexes, sociIndexes, idByTags, err := app.listImageDetails(ctx, repo) if err != nil { @@ -283,7 +337,7 @@ IMAGE: // Check if the image is in use (digest) imageURISha256 := ImageURI(fmt.Sprintf("%s.dkr.ecr.%s.amazonaws.com/%s@%s", *d.RegistryId, app.region, *d.RepositoryName, *d.ImageDigest)) log.Printf("[debug] checking %s", imageURISha256) - if holdImages.Contains(imageURISha256) { + if keepImages.Contains(imageURISha256) { log.Printf("[info] %s@%s is in used, keep it", repo, *d.ImageDigest) continue IMAGE } @@ -296,7 +350,7 @@ IMAGE: } imageURI := ImageURI(fmt.Sprintf("%s.dkr.ecr.%s.amazonaws.com/%s:%s", *d.RegistryId, app.region, *d.RepositoryName, tag)) log.Printf("[debug] checking %s", imageURI) - if holdImages.Contains(imageURI) { + if keepImages.Contains(imageURI) { log.Printf("[info] image %s:%s is in used, keep it", repo, tag) continue IMAGE } diff --git a/ecrm.yaml b/ecrm.yaml index 913c1c9..71f2434 100644 --- a/ecrm.yaml +++ b/ecrm.yaml @@ -11,3 +11,4 @@ repositories: expires: 30 days keep_tag_patterns: - latest + keep_count: 3 diff --git a/images.go b/images.go index 66025a6..1a2e5fc 100644 --- a/images.go +++ b/images.go @@ -1,6 +1,13 @@ package ecrm -import "strings" +import ( + "encoding/json" + "fmt" + "io" + "os" + "sort" + "strings" +) // ImageURI represents an image URI. type ImageURI string @@ -46,6 +53,50 @@ func (u ImageURI) Short() string { type Images map[ImageURI]set +func (i Images) PrintFile(filename string) error { + var w io.WriteCloser + if filename == "" || filename == "-" { + w = os.Stdout + } else { + f, err := os.Create(filename) + if err != nil { + return fmt.Errorf("failed to create file: %w", err) + } + w = f + } + defer w.Close() + + m := make([]string, 0, len(i)) + for k := range i { + m = append(m, string(k)) + } + sort.Strings(m) + enc := json.NewEncoder(w) + enc.SetIndent("", " ") + if err := enc.Encode(m); err != nil { + return fmt.Errorf("failed to encode image uris: %w", err) + } + return nil +} + +func (i Images) LoadFile(filename string) error { + f, err := os.Open(filename) + if err != nil { + return fmt.Errorf("failed to open file: %w", err) + } + defer f.Close() + in := []string{} + if err := json.NewDecoder(f).Decode(&in); err != nil { + return fmt.Errorf("failed to decode images: %w", err) + } + for _, u := range in { + s := newSet() + s.add(filename) + i[ImageURI(u)] = s + } + return nil +} + func (i Images) Add(u ImageURI, usedBy string) bool { if _, ok := i[u]; !ok { i[u] = newSet() diff --git a/lambda.go b/lambda.go index 873cbc1..a315968 100644 --- a/lambda.go +++ b/lambda.go @@ -88,7 +88,7 @@ func (app *App) scanLambdaFunctions(ctx context.Context, lcs []*LambdaConfig) (I } log.Println("[debug] ImageUri", u) if images.Add(u, aws.ToString(v.FunctionArn)) { - log.Printf("[info] %s is in use by Lambda function %s:%s", u.Short(), *v.FunctionName, *v.Version) + log.Printf("[info] %s is in use by Lambda function %s:%s", u.String(), *v.FunctionName, *v.Version) } } } From fd10ed7f8e665c17fdf42d37a5fd0423fe274b3b Mon Sep 17 00:00:00 2001 From: fujiwara Date: Sat, 7 Sep 2024 01:30:40 +0900 Subject: [PATCH 02/10] refactoring --- cli.go | 16 ++++++++-------- ecrm.go | 34 ++++++++++++++++++++++++++-------- generate.go | 2 +- images.go | 14 +------------- 4 files changed, 36 insertions(+), 30 deletions(-) diff --git a/cli.go b/cli.go index 86096bc..eca2c3f 100644 --- a/cli.go +++ b/cli.go @@ -64,16 +64,16 @@ type CLI struct { type GenerateCLI struct { } -func (c *GenerateCLI) Option() Option { - return Option{} +func (c *GenerateCLI) Option() *Option { + return &Option{} } type PlanCLI struct { PlanOrDelete } -func (c *PlanCLI) Option() Option { - return Option{ +func (c *PlanCLI) Option() *Option { + return &Option{ OutputFile: c.Output, Format: newOutputFormatFrom(c.Format), Scan: c.Scan, @@ -88,8 +88,8 @@ type DeleteCLI struct { Force bool `help:"force delete images without confirmation" env:"ECRM_FORCE"` } -func (c *DeleteCLI) Option() Option { - return Option{ +func (c *DeleteCLI) Option() *Option { + return &Option{ OutputFile: c.Output, Format: newOutputFormatFrom(c.Format), Scan: c.Scan, @@ -116,8 +116,8 @@ type ScanCLI struct { OutputCLI } -func (c *ScanCLI) Option() Option { - return Option{ +func (c *ScanCLI) Option() *Option { + return &Option{ OutputFile: c.Output, Scan: true, ScanOnly: true, diff --git a/ecrm.go b/ecrm.go index 4d1fc05..0b1b32e 100644 --- a/ecrm.go +++ b/ecrm.go @@ -5,6 +5,7 @@ import ( "encoding/json" "errors" "fmt" + "io" "log" "os" "sort" @@ -52,13 +53,20 @@ type Option struct { ScannedFiles []string } -func (opt Option) Validate() error { +func (opt *Option) Validate() error { if len(opt.ScannedFiles) == 0 && !opt.Scan { return fmt.Errorf("no --scanned-files and --no-scan provided. specify at least one") } return nil } +func (opt *Option) OutputWriter() (io.WriteCloser, error) { + if opt.OutputFile == "" || opt.OutputFile == "-" { + return os.Stdout, nil + } + return os.Create(opt.OutputFile) +} + func New(ctx context.Context) (*App, error) { cfg, err := awsConfig.LoadDefaultConfig(ctx) if err != nil { @@ -99,7 +107,7 @@ func (app *App) taskDefinitionFamilies(ctx context.Context) ([]string, error) { return tds, nil } -func (app *App) Run(ctx context.Context, path string, opt Option) error { +func (app *App) Run(ctx context.Context, path string, opt *Option) error { if err := opt.Validate(); err != nil { return err } @@ -130,7 +138,12 @@ func (app *App) Run(ctx context.Context, path string, opt Option) error { } log.Println("[info] total", len(keepImages), "image URIs in use") if opt.ScanOnly { - if err := keepImages.PrintFile(opt.OutputFile); err != nil { + w, err := opt.OutputWriter() + if err != nil { + return fmt.Errorf("failed to open output: %w", err) + } + defer w.Close() + if err := keepImages.Print(w); err != nil { return err } if opt.OutputFile != "" && opt.OutputFile != "-" { @@ -142,7 +155,7 @@ func (app *App) Run(ctx context.Context, path string, opt Option) error { return app.DoDelete(ctx, c, opt, keepImages) } -func (app *App) DoScan(ctx context.Context, c *Config, opt Option) (Images, error) { +func (app *App) DoScan(ctx context.Context, c *Config, opt *Option) (Images, error) { log.Println("[info] scanning resources") // collect images in use by ECS tasks / task definitions var taskdefs []taskdef @@ -173,7 +186,7 @@ func (app *App) DoScan(ctx context.Context, c *Config, opt Option) (Images, erro return keepImages, nil } -func (app *App) DoDelete(ctx context.Context, c *Config, opt Option, keepImages Images) error { +func (app *App) DoDelete(ctx context.Context, c *Config, opt *Option, keepImages Images) error { log.Println("[info] finding expired images") // find candidates to delete candidates, err := app.scanRepositories(ctx, c.Repositories, keepImages, opt) @@ -234,7 +247,7 @@ type deletableImageIDs map[RepositoryName][]ecrTypes.ImageIdentifier // scanRepositories scans repositories and find expired images // keepImages is a set of images in use by ECS tasks / task definitions / lambda functions // so that they are not deleted -func (app *App) scanRepositories(ctx context.Context, rcs []*RepositoryConfig, keepImages Images, opt Option) (deletableImageIDs, error) { +func (app *App) scanRepositories(ctx context.Context, rcs []*RepositoryConfig, keepImages Images, opt *Option) (deletableImageIDs, error) { idsMaps := make(deletableImageIDs) sums := SummaryTable{} in := &ecr.DescribeRepositoriesInput{} @@ -271,7 +284,12 @@ func (app *App) scanRepositories(ctx context.Context, rcs []*RepositoryConfig, k sort.SliceStable(sums, func(i, j int) bool { return sums[i].Repo < sums[j].Repo }) - if err := sums.print(os.Stdout, opt.Format); err != nil { + w, err := opt.OutputWriter() + if err != nil { + return nil, fmt.Errorf("failed to open output: %w", err) + } + defer w.Close() + if err := sums.print(w, opt.Format); err != nil { return nil, err } return idsMaps, nil @@ -281,7 +299,7 @@ const batchDeleteImageIdsLimit = 100 const batchGetImageLimit = 100 // DeleteImages deletes images from the repository -func (app *App) DeleteImages(ctx context.Context, repo RepositoryName, ids []ecrTypes.ImageIdentifier, opt Option) error { +func (app *App) DeleteImages(ctx context.Context, repo RepositoryName, ids []ecrTypes.ImageIdentifier, opt *Option) error { if len(ids) == 0 { log.Println("[info] no need to delete images on", repo) return nil diff --git a/generate.go b/generate.go index fd30cc2..64edb17 100644 --- a/generate.go +++ b/generate.go @@ -25,7 +25,7 @@ func nameToPattern(s string) string { return s } -func (app *App) GenerateConfig(ctx context.Context, configFile string, opt Option) error { +func (app *App) GenerateConfig(ctx context.Context, configFile string, opt *Option) error { config := Config{} if err := app.generateClusterConfig(ctx, &config); err != nil { return err diff --git a/images.go b/images.go index 1a2e5fc..8d2eac1 100644 --- a/images.go +++ b/images.go @@ -53,19 +53,7 @@ func (u ImageURI) Short() string { type Images map[ImageURI]set -func (i Images) PrintFile(filename string) error { - var w io.WriteCloser - if filename == "" || filename == "-" { - w = os.Stdout - } else { - f, err := os.Create(filename) - if err != nil { - return fmt.Errorf("failed to create file: %w", err) - } - w = f - } - defer w.Close() - +func (i Images) Print(w io.Writer) error { m := make([]string, 0, len(i)) for k := range i { m = append(m, string(k)) From 21ee6af7760405d89a1ff2fd0ddbc54852c4c3b9 Mon Sep 17 00:00:00 2001 From: fujiwara Date: Sat, 7 Sep 2024 01:33:25 +0900 Subject: [PATCH 03/10] add log --- ecrm.go | 1 + 1 file changed, 1 insertion(+) diff --git a/ecrm.go b/ecrm.go index 0b1b32e..5cd03bd 100644 --- a/ecrm.go +++ b/ecrm.go @@ -284,6 +284,7 @@ func (app *App) scanRepositories(ctx context.Context, rcs []*RepositoryConfig, k sort.SliceStable(sums, func(i, j int) bool { return sums[i].Repo < sums[j].Repo }) + log.Printf("[info] output summary to %s as %s", opt.OutputFile, opt.Format) w, err := opt.OutputWriter() if err != nil { return nil, fmt.Errorf("failed to open output: %w", err) From a85a0d155fe7dee64dde524e7a5a096f6f842a9d Mon Sep 17 00:00:00 2001 From: fujiwara Date: Sat, 7 Sep 2024 01:38:54 +0900 Subject: [PATCH 04/10] simplify newSet() --- set.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/set.go b/set.go index f6dd3bf..bb8a315 100644 --- a/set.go +++ b/set.go @@ -2,8 +2,12 @@ package ecrm type set map[string]struct{} -func newSet() set { - return make(map[string]struct{}) +func newSet(members ...string) set { + s := make(map[string]struct{}) + for _, m := range members { + s[m] = struct{}{} + } + return s } func (s set) add(v string) bool { @@ -42,10 +46,7 @@ func (s set) union(o set) set { if o == nil { return s } - u := newSet() - for k := range s { - u.add(k) - } + u := newSet(s.members()...) for k := range o { u.add(k) } From e944663fbd6220ec29bc97a98084272412a1f2ae Mon Sep 17 00:00:00 2001 From: fujiwara Date: Sat, 7 Sep 2024 02:55:46 +0900 Subject: [PATCH 05/10] add images tests. --- images.go | 4 +--- images_test.go | 38 ++++++++++++++++++++++++++++++++++++++ testdata/images.json | 5 +++++ 3 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 testdata/images.json diff --git a/images.go b/images.go index 8d2eac1..f78712c 100644 --- a/images.go +++ b/images.go @@ -78,9 +78,7 @@ func (i Images) LoadFile(filename string) error { return fmt.Errorf("failed to decode images: %w", err) } for _, u := range in { - s := newSet() - s.add(filename) - i[ImageURI(u)] = s + i[ImageURI(u)] = newSet(filename) } return nil } diff --git a/images_test.go b/images_test.go index e85cb6f..7a0d3af 100644 --- a/images_test.go +++ b/images_test.go @@ -1,9 +1,12 @@ package ecrm_test import ( + "bytes" + "encoding/json" "testing" "github.com/fujiwara/ecrm" + "github.com/google/go-cmp/cmp" ) func TestImageURI(t *testing.T) { @@ -78,3 +81,38 @@ func TestImages(t *testing.T) { } t.Logf("images: %#v", images) } + +func TestLoadImages(t *testing.T) { + images := make(ecrm.Images) + images.Add("9876543210987.dkr.ecr.ap-northeast-1.amazonaws.com/foo/bar:fe668fb9", "baz") + images.Add("0123456789012.dkr.ecr.ap-northeast-1.amazonaws.com/foo/bar:fe668fb9", "baz") + err := images.LoadFile("testdata/images.json") + if err != nil { + t.Fatal(err) + } + if len(images) != 4 { + t.Errorf("unexpected images: %d", len(images)) + } + t.Logf("images: %#v", images) +} + +func TestPrintImages(t *testing.T) { + images := make(ecrm.Images) + images.Add("9876543210987.dkr.ecr.ap-northeast-1.amazonaws.com/foo/bar:fe668fb9", "baz") + images.Add("0123456789012.dkr.ecr.ap-northeast-1.amazonaws.com/foo/bar:fe668fb9", "baz") + b := &bytes.Buffer{} + err := images.Print(b) + if err != nil { + t.Fatal(err) + } + restored := []string{} + if err := json.NewDecoder(b).Decode(&restored); err != nil { + t.Fatal(err) + } + if diff := cmp.Diff([]string{ + "0123456789012.dkr.ecr.ap-northeast-1.amazonaws.com/foo/bar:fe668fb9", + "9876543210987.dkr.ecr.ap-northeast-1.amazonaws.com/foo/bar:fe668fb9", + }, restored); diff != "" { + t.Errorf("unexpected images: %s", diff) + } +} diff --git a/testdata/images.json b/testdata/images.json new file mode 100644 index 0000000..05f653c --- /dev/null +++ b/testdata/images.json @@ -0,0 +1,5 @@ +[ + "0123456789012.dkr.ecr.ap-northeast-1.amazonaws.com/foo/bar:fe668fb9", + "0123456789012.dkr.ecr.ap-northeast-1.amazonaws.com/foo/bar:bdbfd1f697393756cddf7f8f5726ad80d1e26c37", + "123456789012.dkr.ecr.us-east-1.amazonaws.com/foo/bar@sha256:c5f65c7e2263b3e9ccc9ce7eb1623dc602c45e5e9871decbe0d221b75777bc2d" +] From 8ebcb0fa1fc0b0d6d2766a5f093966941576486c Mon Sep 17 00:00:00 2001 From: fujiwara Date: Sat, 7 Sep 2024 03:30:53 +0900 Subject: [PATCH 06/10] add Scanner --- ecrm.go | 311 ++-------------------------------------------------- generate.go | 8 +- go.mod | 1 + go.sum | 3 +- lambda.go | 38 ++----- scanner.go | 290 ++++++++++++++++++++++++++++++++++++++++++++++++ util.go | 52 +++++++++ 7 files changed, 368 insertions(+), 335 deletions(-) create mode 100644 scanner.go diff --git a/ecrm.go b/ecrm.go index 5cd03bd..c6b36f5 100644 --- a/ecrm.go +++ b/ecrm.go @@ -18,9 +18,6 @@ import ( awsConfig "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/ecr" ecrTypes "github.com/aws/aws-sdk-go-v2/service/ecr/types" - "github.com/aws/aws-sdk-go-v2/service/ecs" - ecsTypes "github.com/aws/aws-sdk-go-v2/service/ecs/types" - "github.com/aws/aws-sdk-go-v2/service/lambda" "github.com/samber/lo" oci "github.com/google/go-containerregistry/pkg/v1" @@ -36,9 +33,8 @@ var untaggedStr = "__UNTAGGED__" type App struct { Version string + awsCfg aws.Config ecr *ecr.Client - ecs *ecs.Client - lambda *lambda.Client region string } @@ -74,39 +70,11 @@ func New(ctx context.Context) (*App, error) { } return &App{ region: cfg.Region, + awsCfg: cfg, ecr: ecr.NewFromConfig(cfg), - ecs: ecs.NewFromConfig(cfg), - lambda: lambda.NewFromConfig(cfg), }, nil } -func (app *App) clusterArns(ctx context.Context) ([]string, error) { - clusters := make([]string, 0) - p := ecs.NewListClustersPaginator(app.ecs, &ecs.ListClustersInput{}) - for p.HasMorePages() { - co, err := p.NextPage(ctx) - if err != nil { - return nil, err - } - clusters = append(clusters, co.ClusterArns...) - } - return clusters, nil -} - -func (app *App) taskDefinitionFamilies(ctx context.Context) ([]string, error) { - tds := make([]string, 0) - p := ecs.NewListTaskDefinitionFamiliesPaginator(app.ecs, &ecs.ListTaskDefinitionFamiliesInput{}) - for p.HasMorePages() { - td, err := p.NextPage(ctx) - if err != nil { - return nil, err - } - log.Println("[debug] task definition families:", td.Families) - tds = append(tds, td.Families...) - } - return tds, nil -} - func (app *App) Run(ctx context.Context, path string, opt *Option) error { if err := opt.Validate(); err != nil { return err @@ -117,73 +85,29 @@ func (app *App) Run(ctx context.Context, path string, opt *Option) error { return err } - keepImages := make(Images) - if len(opt.ScannedFiles) > 0 { - for _, f := range opt.ScannedFiles { - log.Println("[info] loading scanned image URIs from", f) - imgs := make(Images) - if err := imgs.LoadFile(f); err != nil { - return err - } - log.Println("[info] loaded", len(imgs), "image URIs") - keepImages.Merge(imgs) - } + scanner := NewScanner(app.awsCfg) + if err := scanner.LoadFiles(opt.ScannedFiles); err != nil { + return err } if opt.Scan { - imgs, err := app.DoScan(ctx, c, opt) - if err != nil { + if err := scanner.Scan(ctx, c); err != nil { return err } - keepImages.Merge(imgs) } - log.Println("[info] total", len(keepImages), "image URIs in use") + log.Println("[info] total", len(scanner.Images), "image URIs in use") if opt.ScanOnly { w, err := opt.OutputWriter() if err != nil { return fmt.Errorf("failed to open output: %w", err) } defer w.Close() - if err := keepImages.Print(w); err != nil { + if err := scanner.Save(w); err != nil { return err } - if opt.OutputFile != "" && opt.OutputFile != "-" { - log.Println("[info] saved scanned image URIs to", opt.OutputFile) - } return nil } - return app.DoDelete(ctx, c, opt, keepImages) -} - -func (app *App) DoScan(ctx context.Context, c *Config, opt *Option) (Images, error) { - log.Println("[info] scanning resources") - // collect images in use by ECS tasks / task definitions - var taskdefs []taskdef - keepImages := make(Images) - if tds, imgs, err := app.scanClusters(ctx, c.Clusters); err != nil { - return nil, err - } else { - taskdefs = append(taskdefs, tds...) - keepImages.Merge(imgs) - } - if tds, err := app.collectTaskdefs(ctx, c.TaskDefinitions); err != nil { - return nil, err - } else { - taskdefs = append(taskdefs, tds...) - } - if imgs, err := app.collectImages(ctx, taskdefs); err != nil { - return nil, err - } else { - keepImages.Merge(imgs) - } - - // collect images in use by lambda functions - if imgs, err := app.scanLambdaFunctions(ctx, c.LambdaFunctions); err != nil { - return nil, err - } else { - keepImages.Merge(imgs) - } - return keepImages, nil + return app.DoDelete(ctx, c, opt, scanner.Images) } func (app *App) DoDelete(ctx context.Context, c *Config, opt *Option, keepImages Images) error { @@ -205,30 +129,6 @@ func (app *App) DoDelete(ctx context.Context, c *Config, opt *Option, keepImages return nil } -// collectImages collects images in use by ECS tasks / task definitions -func (app *App) collectImages(ctx context.Context, taskdefs []taskdef) (Images, error) { - images := make(Images) - dup := newSet() - for _, td := range taskdefs { - tds := td.String() - if dup.contains(tds) { - continue - } - dup.add(tds) - - ids, err := app.extractECRImages(ctx, tds) - if err != nil { - return nil, err - } - for _, id := range ids { - if images.Add(id, tds) { - log.Printf("[info] image %s is in use by taskdef %s", id.String(), tds) - } - } - } - return images, nil -} - func (app *App) repositories(ctx context.Context) ([]ecrTypes.Repository, error) { repos := make([]ecrTypes.Repository, 0) p := ecr.NewDescribeRepositoriesPaginator(app.ecr, &ecr.DescribeRepositoriesInput{}) @@ -524,199 +424,6 @@ func imageTag(d ecrTypes.ImageDetail) (string, bool) { } } -// scanClusters scans ECS clusters and returns task definitions and images in use -func (app *App) scanClusters(ctx context.Context, clustersConfigs []*ClusterConfig) ([]taskdef, Images, error) { - tds := make([]taskdef, 0) - images := make(Images) - clusterArns, err := app.clusterArns(ctx) - if err != nil { - return tds, nil, err - } - - for _, a := range clusterArns { - var clusterArn string - for _, cc := range clustersConfigs { - if cc.Match(a) { - clusterArn = a - break - } - } - if clusterArn == "" { - continue - } - - log.Printf("[debug] Checking cluster %s", clusterArn) - if _tds, _imgs, err := app.availableResourcesInCluster(ctx, clusterArn); err != nil { - return tds, nil, err - } else { - tds = append(tds, _tds...) - images.Merge(_imgs) - } - } - return tds, images, nil -} - -// collectTaskdefs collects task definitions by configurations -func (app *App) collectTaskdefs(ctx context.Context, tcs []*TaskdefConfig) ([]taskdef, error) { - tds := make([]taskdef, 0) - families, err := app.taskDefinitionFamilies(ctx) - if err != nil { - return tds, err - } - - for _, family := range families { - var name string - var keepCount int64 - for _, tc := range tcs { - if tc.Match(family) { - name = family - keepCount = tc.KeepCount - break - } - } - if name == "" { - continue - } - log.Printf("[debug] Checking task definitions %s latest %d revisions", name, keepCount) - res, err := app.ecs.ListTaskDefinitions(ctx, &ecs.ListTaskDefinitionsInput{ - FamilyPrefix: &name, - MaxResults: aws.Int32(int32(keepCount)), - Sort: ecsTypes.SortOrderDesc, - }) - if err != nil { - return tds, err - } - for _, tdArn := range res.TaskDefinitionArns { - td, err := parseTaskdefArn(tdArn) - if err != nil { - return tds, err - } - tds = append(tds, td) - } - } - return tds, nil -} - -// extractECRImages extracts images (only in ECR) from the task definition -// returns image URIs -func (app App) extractECRImages(ctx context.Context, tdName string) ([]ImageURI, error) { - images := make([]ImageURI, 0) - out, err := app.ecs.DescribeTaskDefinition(ctx, &ecs.DescribeTaskDefinitionInput{ - TaskDefinition: &tdName, - }) - if err != nil { - return nil, err - } - for _, container := range out.TaskDefinition.ContainerDefinitions { - u := ImageURI(*container.Image) - if u.IsECRImage() { - images = append(images, u) - } else { - log.Printf("[debug] Skipping non ECR image %s", u) - } - } - return images, nil -} - -// availableResourcesInCluster scans task definitions and images in use in the cluster -func (app *App) availableResourcesInCluster(ctx context.Context, clusterArn string) ([]taskdef, Images, error) { - clusterName := clusterArnToName(clusterArn) - tdArns := make(set) - images := make(Images) - - log.Printf("[debug] Checking tasks in %s", clusterArn) - tp := ecs.NewListTasksPaginator(app.ecs, &ecs.ListTasksInput{Cluster: &clusterArn}) - for tp.HasMorePages() { - to, err := tp.NextPage(ctx) - if err != nil { - return nil, nil, err - } - if len(to.TaskArns) == 0 { - continue - } - tasks, err := app.ecs.DescribeTasks(ctx, &ecs.DescribeTasksInput{ - Cluster: &clusterArn, - Tasks: to.TaskArns, - }) - if err != nil { - return nil, nil, err - } - for _, task := range tasks.Tasks { - tdArn := aws.ToString(task.TaskDefinitionArn) - td, err := parseTaskdefArn(tdArn) - if err != nil { - return nil, nil, err - } - ts, err := arn.Parse(*task.TaskArn) - if err != nil { - return nil, nil, err - } - if tdArns.add(tdArn) { - log.Printf("[info] taskdef %s is used by %s", td.String(), ts.Resource) - } - for _, c := range task.Containers { - u := ImageURI(aws.ToString(c.Image)) - if !u.IsECRImage() { - continue - } - // ECR image - if u.IsDigestURI() { - if images.Add(u, tdArn) { - log.Printf("[info] image %s is used by %s container on %s", u.String(), *c.Name, ts.Resource) - } - } else { - base := u.Base() - digest := aws.ToString(c.ImageDigest) - u := ImageURI(base + "@" + digest) - if images.Add(u, tdArn) { - log.Printf("[info] image %s is used by %s container on %s", u.String(), *c.Name, ts.Resource) - } - } - } - } - } - - sp := ecs.NewListServicesPaginator(app.ecs, &ecs.ListServicesInput{Cluster: &clusterArn}) - for sp.HasMorePages() { - so, err := sp.NextPage(ctx) - if err != nil { - return nil, nil, err - } - if len(so.ServiceArns) == 0 { - continue - } - svs, err := app.ecs.DescribeServices(ctx, &ecs.DescribeServicesInput{ - Cluster: &clusterArn, - Services: so.ServiceArns, - }) - if err != nil { - return nil, nil, err - } - for _, sv := range svs.Services { - log.Printf("[debug] Checking service %s", *sv.ServiceName) - for _, dp := range sv.Deployments { - tdArn := aws.ToString(dp.TaskDefinition) - td, err := parseTaskdefArn(tdArn) - if err != nil { - return nil, nil, err - } - if tdArns.add(tdArn) { - log.Printf("[info] taskdef %s is used by %s deployment on service %s/%s", td.String(), *dp.Status, *sv.ServiceName, clusterName) - } - } - } - } - var tds []taskdef - for a := range tdArns { - td, err := parseTaskdefArn(a) - if err != nil { - return nil, nil, err - } - tds = append(tds, td) - } - return tds, images, nil -} - func arnToName(name, removePrefix string) string { if arn.IsARN(name) { a, _ := arn.Parse(name) diff --git a/generate.go b/generate.go index 64edb17..8d70ca4 100644 --- a/generate.go +++ b/generate.go @@ -12,6 +12,8 @@ import ( "strings" "github.com/Songmu/prompter" + "github.com/aws/aws-sdk-go-v2/service/ecs" + "github.com/aws/aws-sdk-go-v2/service/lambda" "github.com/goccy/go-yaml" ) @@ -60,7 +62,7 @@ func (app *App) GenerateConfig(ctx context.Context, configFile string, opt *Opti } func (app *App) generateClusterConfig(ctx context.Context, config *Config) error { - clusters, err := app.clusterArns(ctx) + clusters, err := clusterArns(ctx, ecs.NewFromConfig(app.awsCfg)) if err != nil { return err } @@ -90,7 +92,7 @@ func (app *App) generateClusterConfig(ctx context.Context, config *Config) error } func (app *App) generateTaskdefConfig(ctx context.Context, config *Config) error { - taskdefs, err := app.taskDefinitionFamilies(ctx) + taskdefs, err := taskDefinitionFamilies(ctx, ecs.NewFromConfig(app.awsCfg)) if err != nil { return err } @@ -122,7 +124,7 @@ func (app *App) generateTaskdefConfig(ctx context.Context, config *Config) error } func (app *App) generateLambdaConfig(ctx context.Context, config *Config) error { - lambdas, err := app.lambdaFunctions(ctx) + lambdas, err := lambdaFunctions(ctx, lambda.NewFromConfig(app.awsCfg)) if err != nil { return err } diff --git a/go.mod b/go.mod index 2cef183..3ceb969 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( github.com/fatih/color v1.17.0 github.com/fujiwara/logutils v1.1.0 github.com/goccy/go-yaml v1.9.4 + github.com/google/go-cmp v0.6.0 github.com/google/go-containerregistry v0.20.0 github.com/k1LoW/duration v1.1.0 github.com/olekukonko/tablewriter v0.0.5 diff --git a/go.sum b/go.sum index 7ed53cf..2476cd6 100644 --- a/go.sum +++ b/go.sum @@ -58,7 +58,8 @@ github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7a github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= github.com/goccy/go-yaml v1.9.4 h1:S0GCYjwHKVI6IHqio7QWNKNThUl6NLzFd/g8Z65Axw8= github.com/goccy/go-yaml v1.9.4/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.20.0 h1:wRqHpOeVh3DnenOrPy9xDOLdnLatiGuuNRVelR2gSbg= github.com/google/go-containerregistry v0.20.0/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= diff --git a/lambda.go b/lambda.go index a315968..fc7fd3d 100644 --- a/lambda.go +++ b/lambda.go @@ -12,31 +12,11 @@ import ( lambdaTypes "github.com/aws/aws-sdk-go-v2/service/lambda/types" ) -func (app *App) lambdaFunctions(ctx context.Context) ([]lambdaTypes.FunctionConfiguration, error) { - fns := make([]lambdaTypes.FunctionConfiguration, 0) - p := lambda.NewListFunctionsPaginator(app.lambda, &lambda.ListFunctionsInput{}) - for p.HasMorePages() { - r, err := p.NextPage(ctx) - if err != nil { - return nil, err - } - for _, fn := range r.Functions { - if fn.PackageType != "Image" { - continue - } - log.Printf("[debug] lambda function %s PackageType %s", *fn.FunctionName, fn.PackageType) - fns = append(fns, fn) - } - } - return fns, nil -} - -func (app *App) scanLambdaFunctions(ctx context.Context, lcs []*LambdaConfig) (Images, error) { - funcs, err := app.lambdaFunctions(ctx) +func (s *Scanner) scanLambdaFunctions(ctx context.Context, lcs []*LambdaConfig) error { + funcs, err := lambdaFunctions(ctx, s.lambda) if err != nil { - return nil, err + return err } - images := make(Images) for _, fn := range funcs { var name string @@ -54,7 +34,7 @@ func (app *App) scanLambdaFunctions(ctx context.Context, lcs []*LambdaConfig) (I } log.Printf("[debug] Checking Lambda function %s latest %d versions", name, keepCount) p := lambda.NewListVersionsByFunctionPaginator( - app.lambda, + s.lambda, &lambda.ListVersionsByFunctionInput{ FunctionName: fn.FunctionName, MaxItems: aws.Int32(int32(keepCount)), @@ -64,7 +44,7 @@ func (app *App) scanLambdaFunctions(ctx context.Context, lcs []*LambdaConfig) (I for p.HasMorePages() { r, err := p.NextPage(ctx) if err != nil { - return nil, err + return err } versions = append(versions, r.Versions...) } @@ -76,23 +56,23 @@ func (app *App) scanLambdaFunctions(ctx context.Context, lcs []*LambdaConfig) (I } for _, v := range versions { log.Println("[debug] Getting Lambda function ", *v.FunctionArn) - f, err := app.lambda.GetFunction(ctx, &lambda.GetFunctionInput{ + f, err := s.lambda.GetFunction(ctx, &lambda.GetFunctionInput{ FunctionName: v.FunctionArn, }) if err != nil { - return nil, err + return err } u := ImageURI(aws.ToString(f.Code.ImageUri)) if u == "" { continue } log.Println("[debug] ImageUri", u) - if images.Add(u, aws.ToString(v.FunctionArn)) { + if s.Images.Add(u, aws.ToString(v.FunctionArn)) { log.Printf("[info] %s is in use by Lambda function %s:%s", u.String(), *v.FunctionName, *v.Version) } } } - return images, nil + return nil } func lambdaVersionInt64(v string) int64 { diff --git a/scanner.go b/scanner.go new file mode 100644 index 0000000..bcf2783 --- /dev/null +++ b/scanner.go @@ -0,0 +1,290 @@ +package ecrm + +import ( + "context" + "io" + "log" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/aws/arn" + "github.com/aws/aws-sdk-go-v2/service/ecs" + ecsTypes "github.com/aws/aws-sdk-go-v2/service/ecs/types" + "github.com/aws/aws-sdk-go-v2/service/lambda" +) + +type Scanner struct { + Images Images + + ecs *ecs.Client + lambda *lambda.Client +} + +func NewScanner(cfg aws.Config) *Scanner { + return &Scanner{ + Images: make(Images), + ecs: ecs.NewFromConfig(cfg), + lambda: lambda.NewFromConfig(cfg), + } +} + +func (s *Scanner) Scan(ctx context.Context, c *Config) error { + log.Println("[info] scanning resources") + + // collect images in use by ECS tasks / task definitions + var taskdefs []taskdef + if tds, err := s.scanClusters(ctx, c.Clusters); err != nil { + return err + } else { + taskdefs = append(taskdefs, tds...) + } + if tds, err := s.collectTaskdefs(ctx, c.TaskDefinitions); err != nil { + return err + } else { + taskdefs = append(taskdefs, tds...) + } + if err := s.collectImages(ctx, taskdefs); err != nil { + return err + } + + // collect images in use by lambda functions + if err := s.scanLambdaFunctions(ctx, c.LambdaFunctions); err != nil { + return err + } + + return nil +} + +func (s *Scanner) LoadFiles(files []string) error { + for _, f := range files { + log.Println("[info] loading scanned image URIs from", f) + imgs := make(Images) + if err := imgs.LoadFile(f); err != nil { + return err + } + log.Println("[info] loaded", len(imgs), "image URIs") + s.Images.Merge(imgs) + } + return nil +} + +func (s *Scanner) Save(w io.Writer) error { + log.Println("[info] saving scanned image URIs") + if err := s.Images.Print(w); err != nil { + return err + } + log.Println("[info] saved", len(s.Images), "image URIs") + return nil +} + +// collectImages collects images in use by ECS tasks / task definitions +func (s *Scanner) collectImages(ctx context.Context, taskdefs []taskdef) error { + dup := newSet() + for _, td := range taskdefs { + tds := td.String() + if dup.contains(tds) { + continue + } + dup.add(tds) + + ids, err := s.extractECRImages(ctx, tds) + if err != nil { + return err + } + for _, id := range ids { + if s.Images.Add(id, tds) { + log.Printf("[info] image %s is in use by taskdef %s", id.String(), tds) + } + } + } + return nil +} + +// extractECRImages extracts images (only in ECR) from the task definition +// returns image URIs +func (s *Scanner) extractECRImages(ctx context.Context, tdName string) ([]ImageURI, error) { + images := make([]ImageURI, 0) + out, err := s.ecs.DescribeTaskDefinition(ctx, &ecs.DescribeTaskDefinitionInput{ + TaskDefinition: &tdName, + }) + if err != nil { + return nil, err + } + for _, container := range out.TaskDefinition.ContainerDefinitions { + u := ImageURI(*container.Image) + if u.IsECRImage() { + images = append(images, u) + } else { + log.Printf("[debug] Skipping non ECR image %s", u) + } + } + return images, nil +} + +// scanClusters scans ECS clusters and returns task definitions and images in use +func (s *Scanner) scanClusters(ctx context.Context, clustersConfigs []*ClusterConfig) ([]taskdef, error) { + tds := make([]taskdef, 0) + clusterArns, err := clusterArns(ctx, s.ecs) + if err != nil { + return nil, err + } + + for _, a := range clusterArns { + var clusterArn string + for _, cc := range clustersConfigs { + if cc.Match(a) { + clusterArn = a + break + } + } + if clusterArn == "" { + continue + } + + log.Printf("[debug] Checking cluster %s", clusterArn) + if _tds, err := s.availableResourcesInCluster(ctx, clusterArn); err != nil { + return tds, err + } else { + tds = append(tds, _tds...) + } + } + return tds, nil +} + +// collectTaskdefs collects task definitions by configurations +func (s *Scanner) collectTaskdefs(ctx context.Context, tcs []*TaskdefConfig) ([]taskdef, error) { + tds := make([]taskdef, 0) + families, err := taskDefinitionFamilies(ctx, s.ecs) + if err != nil { + return tds, err + } + + for _, family := range families { + var name string + var keepCount int64 + for _, tc := range tcs { + if tc.Match(family) { + name = family + keepCount = tc.KeepCount + break + } + } + if name == "" { + continue + } + log.Printf("[debug] Checking task definitions %s latest %d revisions", name, keepCount) + res, err := s.ecs.ListTaskDefinitions(ctx, &ecs.ListTaskDefinitionsInput{ + FamilyPrefix: &name, + MaxResults: aws.Int32(int32(keepCount)), + Sort: ecsTypes.SortOrderDesc, + }) + if err != nil { + return tds, err + } + for _, tdArn := range res.TaskDefinitionArns { + td, err := parseTaskdefArn(tdArn) + if err != nil { + return tds, err + } + tds = append(tds, td) + } + } + return tds, nil +} + +// availableResourcesInCluster scans task definitions and images in use in the cluster +func (s *Scanner) availableResourcesInCluster(ctx context.Context, clusterArn string) ([]taskdef, error) { + clusterName := clusterArnToName(clusterArn) + tdArns := make(set) + + log.Printf("[debug] Checking tasks in %s", clusterArn) + tp := ecs.NewListTasksPaginator(s.ecs, &ecs.ListTasksInput{Cluster: &clusterArn}) + for tp.HasMorePages() { + to, err := tp.NextPage(ctx) + if err != nil { + return nil, err + } + if len(to.TaskArns) == 0 { + continue + } + tasks, err := s.ecs.DescribeTasks(ctx, &ecs.DescribeTasksInput{ + Cluster: &clusterArn, + Tasks: to.TaskArns, + }) + if err != nil { + return nil, err + } + for _, task := range tasks.Tasks { + tdArn := aws.ToString(task.TaskDefinitionArn) + td, err := parseTaskdefArn(tdArn) + if err != nil { + return nil, err + } + ts, err := arn.Parse(*task.TaskArn) + if err != nil { + return nil, err + } + if tdArns.add(tdArn) { + log.Printf("[info] taskdef %s is used by %s", td.String(), ts.Resource) + } + for _, c := range task.Containers { + u := ImageURI(aws.ToString(c.Image)) + if !u.IsECRImage() { + continue + } + // ECR image + if u.IsDigestURI() { + if s.Images.Add(u, tdArn) { + log.Printf("[info] image %s is used by %s container on %s", u.String(), *c.Name, ts.Resource) + } + } else { + base := u.Base() + digest := aws.ToString(c.ImageDigest) + u := ImageURI(base + "@" + digest) + if s.Images.Add(u, tdArn) { + log.Printf("[info] image %s is used by %s container on %s", u.String(), *c.Name, ts.Resource) + } + } + } + } + } + + sp := ecs.NewListServicesPaginator(s.ecs, &ecs.ListServicesInput{Cluster: &clusterArn}) + for sp.HasMorePages() { + so, err := sp.NextPage(ctx) + if err != nil { + return nil, err + } + if len(so.ServiceArns) == 0 { + continue + } + svs, err := s.ecs.DescribeServices(ctx, &ecs.DescribeServicesInput{ + Cluster: &clusterArn, + Services: so.ServiceArns, + }) + if err != nil { + return nil, err + } + for _, sv := range svs.Services { + log.Printf("[debug] Checking service %s", *sv.ServiceName) + for _, dp := range sv.Deployments { + tdArn := aws.ToString(dp.TaskDefinition) + td, err := parseTaskdefArn(tdArn) + if err != nil { + return nil, err + } + if tdArns.add(tdArn) { + log.Printf("[info] taskdef %s is used by %s deployment on service %s/%s", td.String(), *dp.Status, *sv.ServiceName, clusterName) + } + } + } + } + var tds []taskdef + for a := range tdArns { + td, err := parseTaskdefArn(a) + if err != nil { + return nil, err + } + tds = append(tds, td) + } + return tds, nil +} diff --git a/util.go b/util.go index b71f624..5593440 100644 --- a/util.go +++ b/util.go @@ -1,8 +1,14 @@ package ecrm import ( + "context" + "log" + "github.com/aws/aws-sdk-go-v2/aws" ecrTypes "github.com/aws/aws-sdk-go-v2/service/ecr/types" + "github.com/aws/aws-sdk-go-v2/service/ecs" + "github.com/aws/aws-sdk-go-v2/service/lambda" + lambdaTypes "github.com/aws/aws-sdk-go-v2/service/lambda/types" ociTypes "github.com/google/go-containerregistry/pkg/v1/types" ) @@ -27,3 +33,49 @@ func isImageIndex(d ecrTypes.ImageDetail) bool { func isSociIndex(d ecrTypes.ImageDetail) bool { return ociTypes.MediaType(aws.ToString(d.ArtifactMediaType)) == MediaTypeSociIndex } + +func taskDefinitionFamilies(ctx context.Context, client *ecs.Client) ([]string, error) { + tds := make([]string, 0) + p := ecs.NewListTaskDefinitionFamiliesPaginator(client, &ecs.ListTaskDefinitionFamiliesInput{}) + for p.HasMorePages() { + td, err := p.NextPage(ctx) + if err != nil { + return nil, err + } + log.Println("[debug] task definition families:", td.Families) + tds = append(tds, td.Families...) + } + return tds, nil +} + +func clusterArns(ctx context.Context, client *ecs.Client) ([]string, error) { + clusters := make([]string, 0) + p := ecs.NewListClustersPaginator(client, &ecs.ListClustersInput{}) + for p.HasMorePages() { + co, err := p.NextPage(ctx) + if err != nil { + return nil, err + } + clusters = append(clusters, co.ClusterArns...) + } + return clusters, nil +} + +func lambdaFunctions(ctx context.Context, client *lambda.Client) ([]lambdaTypes.FunctionConfiguration, error) { + fns := make([]lambdaTypes.FunctionConfiguration, 0) + p := lambda.NewListFunctionsPaginator(client, &lambda.ListFunctionsInput{}) + for p.HasMorePages() { + r, err := p.NextPage(ctx) + if err != nil { + return nil, err + } + for _, fn := range r.Functions { + if fn.PackageType != "Image" { + continue + } + log.Printf("[debug] lambda function %s PackageType %s", *fn.FunctionName, fn.PackageType) + fns = append(fns, fn) + } + } + return fns, nil +} From 5bfd1d375fc0579819fd13c678d2a66f3163b369 Mon Sep 17 00:00:00 2001 From: fujiwara Date: Fri, 13 Sep 2024 17:09:04 +0900 Subject: [PATCH 07/10] add Planner, Genrator --- cli.go | 6 +- ecrm.go | 330 +++++----------------------------------------------- generate.go | 52 ++++++--- option.go | 39 +++++++ planner.go | 260 +++++++++++++++++++++++++++++++++++++++++ summary.go | 9 +- 6 files changed, 381 insertions(+), 315 deletions(-) create mode 100644 option.go create mode 100644 planner.go diff --git a/cli.go b/cli.go index eca2c3f..1936bb0 100644 --- a/cli.go +++ b/cli.go @@ -79,7 +79,7 @@ func (c *PlanCLI) Option() *Option { Scan: c.Scan, ScannedFiles: c.ScannedFiles, Delete: false, - Repository: c.Repository, + Repository: RepositoryName(c.Repository), } } @@ -96,7 +96,7 @@ func (c *DeleteCLI) Option() *Option { ScannedFiles: c.ScannedFiles, Delete: true, Force: c.Force, - Repository: c.Repository, + Repository: RepositoryName(c.Repository), } } @@ -139,7 +139,7 @@ func (c *CLI) Run(ctx context.Context) error { switch c.command { case "generate": - return c.app.GenerateConfig(ctx, c.Config, c.Generate.Option()) + return c.app.GenerateConfig(ctx, c.Config) case "scan": return c.app.Run(ctx, c.Config, c.Scan.Option()) case "plan": diff --git a/ecrm.go b/ecrm.go index c6b36f5..4d67e5d 100644 --- a/ecrm.go +++ b/ecrm.go @@ -2,15 +2,10 @@ package ecrm import ( "context" - "encoding/json" "errors" "fmt" - "io" "log" - "os" - "sort" "strings" - "time" "github.com/Songmu/prompter" "github.com/aws/aws-sdk-go-v2/aws" @@ -19,9 +14,6 @@ import ( "github.com/aws/aws-sdk-go-v2/service/ecr" ecrTypes "github.com/aws/aws-sdk-go-v2/service/ecr/types" "github.com/samber/lo" - - oci "github.com/google/go-containerregistry/pkg/v1" - ociTypes "github.com/google/go-containerregistry/pkg/v1/types" ) const ( @@ -38,31 +30,6 @@ type App struct { region string } -type Option struct { - ScanOnly bool - Scan bool - Delete bool - Force bool - Repository string - OutputFile string - Format outputFormat - ScannedFiles []string -} - -func (opt *Option) Validate() error { - if len(opt.ScannedFiles) == 0 && !opt.Scan { - return fmt.Errorf("no --scanned-files and --no-scan provided. specify at least one") - } - return nil -} - -func (opt *Option) OutputWriter() (io.WriteCloser, error) { - if opt.OutputFile == "" || opt.OutputFile == "-" { - return os.Stdout, nil - } - return os.Create(opt.OutputFile) -} - func New(ctx context.Context) (*App, error) { cfg, err := awsConfig.LoadDefaultConfig(ctx) if err != nil { @@ -77,139 +44,79 @@ func New(ctx context.Context) (*App, error) { func (app *App) Run(ctx context.Context, path string, opt *Option) error { if err := opt.Validate(); err != nil { - return err + return fmt.Errorf("invalid option: %w", err) } c, err := LoadConfig(path) if err != nil { - return err + return fmt.Errorf("failed to load config: %w", err) } scanner := NewScanner(app.awsCfg) if err := scanner.LoadFiles(opt.ScannedFiles); err != nil { - return err + return fmt.Errorf("failed to load scanned image URIs: %w", err) } if opt.Scan { if err := scanner.Scan(ctx, c); err != nil { - return err + return fmt.Errorf("failed to scan: %w", err) } } log.Println("[info] total", len(scanner.Images), "image URIs in use") if opt.ScanOnly { - w, err := opt.OutputWriter() - if err != nil { - return fmt.Errorf("failed to open output: %w", err) - } - defer w.Close() - if err := scanner.Save(w); err != nil { - return err - } - return nil + return ShowScanResult(scanner, opt) } - return app.DoDelete(ctx, c, opt, scanner.Images) -} - -func (app *App) DoDelete(ctx context.Context, c *Config, opt *Option, keepImages Images) error { - log.Println("[info] finding expired images") - // find candidates to delete - candidates, err := app.scanRepositories(ctx, c.Repositories, keepImages, opt) + planner := NewPlanner(app.awsCfg) + sums, candidates, err := planner.Plan(ctx, c.Repositories, scanner.Images, opt.Repository) if err != nil { - return err + return fmt.Errorf("failed to plan: %w", err) + } + if err := ShowSummary(sums, opt); err != nil { + return fmt.Errorf("failed to show summary: %w", err) } + if !opt.Delete { return nil } - for name, ids := range candidates { - if err := app.DeleteImages(ctx, name, ids, opt); err != nil { - return err + for _, name := range candidates.RepositoryNames() { + if err := app.DeleteImages(ctx, name, candidates[name], opt.Force); err != nil { + return fmt.Errorf("failed to delete images: %w", err) } } - return nil } -func (app *App) repositories(ctx context.Context) ([]ecrTypes.Repository, error) { - repos := make([]ecrTypes.Repository, 0) - p := ecr.NewDescribeRepositoriesPaginator(app.ecr, &ecr.DescribeRepositoriesInput{}) - for p.HasMorePages() { - repo, err := p.NextPage(ctx) - if err != nil { - return nil, err - } - repos = append(repos, repo.Repositories...) +func ShowScanResult(s *Scanner, opt *Option) error { + w, err := opt.OutputWriter() + if err != nil { + return fmt.Errorf("failed to open output: %w", err) } - return repos, nil + defer w.Close() + if err := s.Save(w); err != nil { + return fmt.Errorf("failed to save scanned image URIs: %w", err) + } + return nil } -type deletableImageIDs map[RepositoryName][]ecrTypes.ImageIdentifier - -// scanRepositories scans repositories and find expired images -// keepImages is a set of images in use by ECS tasks / task definitions / lambda functions -// so that they are not deleted -func (app *App) scanRepositories(ctx context.Context, rcs []*RepositoryConfig, keepImages Images, opt *Option) (deletableImageIDs, error) { - idsMaps := make(deletableImageIDs) - sums := SummaryTable{} - in := &ecr.DescribeRepositoriesInput{} - if opt.Repository != "" { - in.RepositoryNames = []string{opt.Repository} - } - p := ecr.NewDescribeRepositoriesPaginator(app.ecr, in) - for p.HasMorePages() { - repos, err := p.NextPage(ctx) - if err != nil { - return nil, err - } - REPO: - for _, repo := range repos.Repositories { - name := RepositoryName(*repo.RepositoryName) - var rc *RepositoryConfig - for _, _rc := range rcs { - if _rc.MatchName(name) { - rc = _rc - break - } - } - if rc == nil { - continue REPO - } - imageIDs, sum, err := app.unusedImageIdentifiers(ctx, name, rc, keepImages) - if err != nil { - return nil, err - } - sums = append(sums, sum...) - idsMaps[name] = imageIDs - } - } - sort.SliceStable(sums, func(i, j int) bool { - return sums[i].Repo < sums[j].Repo - }) - log.Printf("[info] output summary to %s as %s", opt.OutputFile, opt.Format) +func ShowSummary(s SummaryTable, opt *Option) error { w, err := opt.OutputWriter() if err != nil { - return nil, fmt.Errorf("failed to open output: %w", err) + return fmt.Errorf("failed to open output: %w", err) } defer w.Close() - if err := sums.print(w, opt.Format); err != nil { - return nil, err - } - return idsMaps, nil + return s.Print(w, opt.Format) } const batchDeleteImageIdsLimit = 100 const batchGetImageLimit = 100 // DeleteImages deletes images from the repository -func (app *App) DeleteImages(ctx context.Context, repo RepositoryName, ids []ecrTypes.ImageIdentifier, opt *Option) error { +func (app *App) DeleteImages(ctx context.Context, repo RepositoryName, ids []ecrTypes.ImageIdentifier, force bool) error { if len(ids) == 0 { log.Println("[info] no need to delete images on", repo) return nil } - if !opt.Delete { - log.Printf("[notice] Expired %d image(s) found on %s. Run delete command to delete them.", len(ids), repo) - return nil - } - if !opt.Force { + if !force { if !prompter.YN(fmt.Sprintf("Do you delete %d images on %s?", len(ids), repo), false) { return errors.New("aborted") } @@ -236,182 +143,9 @@ func (app *App) DeleteImages(ctx context.Context, repo RepositoryName, ids []ecr return nil } -// unusedImageIdentifiers finds image identifiers(by image digests) from the repository. -func (app *App) unusedImageIdentifiers(ctx context.Context, repo RepositoryName, rc *RepositoryConfig, keepImages Images) ([]ecrTypes.ImageIdentifier, RepoSummary, error) { - sums := NewRepoSummary(repo) - images, imageIndexes, sociIndexes, idByTags, err := app.listImageDetails(ctx, repo) - if err != nil { - return nil, sums, err - } - log.Printf("[info] %s has %d images, %d image indexes, %d soci indexes", repo, len(images), len(imageIndexes), len(sociIndexes)) - expiredIds := make([]ecrTypes.ImageIdentifier, 0) - expiredImageIndexes := newSet() - var keepCount int64 -IMAGE: - for _, d := range images { - tag, tagged := imageTag(d) - displayName := string(repo) + ":" + tag - sums.Add(d) - - // Check if the image is in use (digest) - imageURISha256 := ImageURI(fmt.Sprintf("%s.dkr.ecr.%s.amazonaws.com/%s@%s", *d.RegistryId, app.region, *d.RepositoryName, *d.ImageDigest)) - log.Printf("[debug] checking %s", imageURISha256) - if keepImages.Contains(imageURISha256) { - log.Printf("[info] %s@%s is in used, keep it", repo, *d.ImageDigest) - continue IMAGE - } - - // Check if the image is in use or conditions (tag) - for _, tag := range d.ImageTags { - if rc.MatchTag(tag) { - log.Printf("[info] image %s:%s is matched by tag condition, keep it", repo, tag) - continue IMAGE - } - imageURI := ImageURI(fmt.Sprintf("%s.dkr.ecr.%s.amazonaws.com/%s:%s", *d.RegistryId, app.region, *d.RepositoryName, tag)) - log.Printf("[debug] checking %s", imageURI) - if keepImages.Contains(imageURI) { - log.Printf("[info] image %s:%s is in used, keep it", repo, tag) - continue IMAGE - } - } - - // Check if the image is expired - pushedAt := *d.ImagePushedAt - if !rc.IsExpired(pushedAt) { - log.Printf("[info] image %s is not expired, keep it", displayName) - continue IMAGE - } - - if tagged { - keepCount++ - if keepCount <= rc.KeepCount { - log.Printf("[info] image %s is in keep_count %d <= %d, keep it", displayName, keepCount, rc.KeepCount) - continue IMAGE - } - } - - // Don't match any conditions, so expired - log.Printf("[notice] image %s is expired %s %s", displayName, *d.ImageDigest, pushedAt.Format(time.RFC3339)) - expiredIds = append(expiredIds, ecrTypes.ImageIdentifier{ImageDigest: d.ImageDigest}) - sums.Expire(d) - - tagSha256 := strings.Replace(*d.ImageDigest, "sha256:", "sha256-", 1) - if _, found := idByTags[tagSha256]; found { - expiredImageIndexes.add(tagSha256) - } - } - -IMAGE_INDEX: - for _, d := range imageIndexes { - log.Printf("[debug] is an image index %s", *d.ImageDigest) - sums.Add(d) - for _, tag := range d.ImageTags { - if expiredImageIndexes.contains(tag) { - log.Printf("[notice] %s:%s is expired (image index)", repo, tag) - sums.Expire(d) - expiredIds = append(expiredIds, ecrTypes.ImageIdentifier{ImageDigest: d.ImageDigest}) - continue IMAGE_INDEX - } - } - } - - sociIds, err := app.findSociIndex(ctx, repo, expiredImageIndexes.members()) - if err != nil { - return nil, sums, err - } - -SOCI_INDEX: - for _, d := range sociIndexes { - log.Printf("[debug] is soci index %s", *d.ImageDigest) - sums.Add(d) - for _, id := range sociIds { - if aws.ToString(id.ImageDigest) == aws.ToString(d.ImageDigest) { - log.Printf("[notice] %s@%s is expired (soci index)", repo, *d.ImageDigest) - sums.Expire(d) - expiredIds = append(expiredIds, ecrTypes.ImageIdentifier{ImageDigest: d.ImageDigest}) - continue SOCI_INDEX - } - } - } - - return expiredIds, sums, nil -} - -func (app *App) listImageDetails(ctx context.Context, repo RepositoryName) ([]ecrTypes.ImageDetail, []ecrTypes.ImageDetail, []ecrTypes.ImageDetail, map[string]ecrTypes.ImageIdentifier, error) { - var images, imageIndexes, sociIndexes []ecrTypes.ImageDetail - foundTags := make(map[string]ecrTypes.ImageIdentifier, 0) - - p := ecr.NewDescribeImagesPaginator(app.ecr, &ecr.DescribeImagesInput{ - RepositoryName: aws.String(string(repo)), - }) - for p.HasMorePages() { - imgs, err := p.NextPage(ctx) - if err != nil { - return nil, nil, nil, nil, err - } - for _, img := range imgs.ImageDetails { - if isContainerImage(img) { - images = append(images, img) - } else if isImageIndex(img) { - imageIndexes = append(imageIndexes, img) - } else if isSociIndex(img) { - sociIndexes = append(sociIndexes, img) - } - for _, tag := range img.ImageTags { - foundTags[tag] = ecrTypes.ImageIdentifier{ImageDigest: img.ImageDigest} - } - } - } - - sort.SliceStable(images, func(i, j int) bool { - return images[i].ImagePushedAt.After(*images[j].ImagePushedAt) - }) - sort.SliceStable(imageIndexes, func(i, j int) bool { - return imageIndexes[i].ImagePushedAt.After(*imageIndexes[j].ImagePushedAt) - }) - sort.SliceStable(sociIndexes, func(i, j int) bool { - return sociIndexes[i].ImagePushedAt.After(*sociIndexes[j].ImagePushedAt) - }) - return images, imageIndexes, sociIndexes, foundTags, nil -} - -func (app *App) findSociIndex(ctx context.Context, repo RepositoryName, imageTags []string) ([]ecrTypes.ImageIdentifier, error) { - ids := make([]ecrTypes.ImageIdentifier, 0, len(imageTags)) - - for _, c := range lo.Chunk(imageTags, batchGetImageLimit) { - imageIds := make([]ecrTypes.ImageIdentifier, 0, len(c)) - for _, tag := range c { - imageIds = append(imageIds, ecrTypes.ImageIdentifier{ImageTag: aws.String(tag)}) - } - res, err := app.ecr.BatchGetImage(ctx, &ecr.BatchGetImageInput{ - ImageIds: imageIds, - RepositoryName: aws.String(string(repo)), - AcceptedMediaTypes: []string{ - string(ociTypes.OCIManifestSchema1), - string(ociTypes.DockerManifestSchema1), - string(ociTypes.DockerManifestSchema2), - }, - }) - if err != nil { - return nil, err - } - for _, img := range res.Images { - if img.ImageManifest == nil { - continue - } - var m oci.IndexManifest - if err := json.Unmarshal([]byte(*img.ImageManifest), &m); err != nil { - log.Printf("[warn] failed to parse manifest: %s %s", *img.ImageManifest, err) - continue - } - for _, d := range m.Manifests { - if d.ArtifactType == MediaTypeSociIndex { - ids = append(ids, ecrTypes.ImageIdentifier{ImageDigest: aws.String(d.Digest.String())}) - } - } - } - } - return ids, nil +func (app *App) GenerateConfig(ctx context.Context, path string) error { + g := NewGenerator(app.awsCfg) + return g.GenerateConfig(ctx, path) } func imageTag(d ecrTypes.ImageDetail) (string, bool) { diff --git a/generate.go b/generate.go index 8d70ca4..0f8b043 100644 --- a/generate.go +++ b/generate.go @@ -12,6 +12,9 @@ import ( "strings" "github.com/Songmu/prompter" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/ecr" + ecrTypes "github.com/aws/aws-sdk-go-v2/service/ecr/types" "github.com/aws/aws-sdk-go-v2/service/ecs" "github.com/aws/aws-sdk-go-v2/service/lambda" "github.com/goccy/go-yaml" @@ -27,18 +30,28 @@ func nameToPattern(s string) string { return s } -func (app *App) GenerateConfig(ctx context.Context, configFile string, opt *Option) error { +type Generator struct { + awsCfg aws.Config +} + +func NewGenerator(cfg aws.Config) *Generator { + return &Generator{ + awsCfg: cfg, + } +} + +func (g *Generator) GenerateConfig(ctx context.Context, configFile string) error { config := Config{} - if err := app.generateClusterConfig(ctx, &config); err != nil { + if err := g.generateClusterConfig(ctx, &config); err != nil { return err } - if err := app.generateTaskdefConfig(ctx, &config); err != nil { + if err := g.generateTaskdefConfig(ctx, &config); err != nil { return err } - if err := app.generateLambdaConfig(ctx, &config); err != nil { + if err := g.generateLambdaConfig(ctx, &config); err != nil { return err } - if err := app.generateRepositoryConfig(ctx, &config); err != nil { + if err := g.generateRepositoryConfig(ctx, &config); err != nil { return err } @@ -61,8 +74,8 @@ func (app *App) GenerateConfig(ctx context.Context, configFile string, opt *Opti return nil } -func (app *App) generateClusterConfig(ctx context.Context, config *Config) error { - clusters, err := clusterArns(ctx, ecs.NewFromConfig(app.awsCfg)) +func (g *Generator) generateClusterConfig(ctx context.Context, config *Config) error { + clusters, err := clusterArns(ctx, ecs.NewFromConfig(g.awsCfg)) if err != nil { return err } @@ -91,8 +104,8 @@ func (app *App) generateClusterConfig(ctx context.Context, config *Config) error return nil } -func (app *App) generateTaskdefConfig(ctx context.Context, config *Config) error { - taskdefs, err := taskDefinitionFamilies(ctx, ecs.NewFromConfig(app.awsCfg)) +func (g *Generator) generateTaskdefConfig(ctx context.Context, config *Config) error { + taskdefs, err := taskDefinitionFamilies(ctx, ecs.NewFromConfig(g.awsCfg)) if err != nil { return err } @@ -123,8 +136,8 @@ func (app *App) generateTaskdefConfig(ctx context.Context, config *Config) error return nil } -func (app *App) generateLambdaConfig(ctx context.Context, config *Config) error { - lambdas, err := lambdaFunctions(ctx, lambda.NewFromConfig(app.awsCfg)) +func (g *Generator) generateLambdaConfig(ctx context.Context, config *Config) error { + lambdas, err := lambdaFunctions(ctx, lambda.NewFromConfig(g.awsCfg)) if err != nil { return err } @@ -156,8 +169,8 @@ func (app *App) generateLambdaConfig(ctx context.Context, config *Config) error return nil } -func (app *App) generateRepositoryConfig(ctx context.Context, config *Config) error { - repos, err := app.repositories(ctx) +func (g *Generator) generateRepositoryConfig(ctx context.Context, config *Config) error { + repos, err := g.repositories(ctx) if err != nil { return err } @@ -189,3 +202,16 @@ func (app *App) generateRepositoryConfig(ctx context.Context, config *Config) er }) return nil } + +func (g *Generator) repositories(ctx context.Context) ([]ecrTypes.Repository, error) { + repos := make([]ecrTypes.Repository, 0) + p := ecr.NewDescribeRepositoriesPaginator(ecr.NewFromConfig(g.awsCfg), &ecr.DescribeRepositoriesInput{}) + for p.HasMorePages() { + repo, err := p.NextPage(ctx) + if err != nil { + return nil, err + } + repos = append(repos, repo.Repositories...) + } + return repos, nil +} diff --git a/option.go b/option.go new file mode 100644 index 0000000..9fec84e --- /dev/null +++ b/option.go @@ -0,0 +1,39 @@ +package ecrm + +import ( + "fmt" + "io" + "os" +) + +type Option struct { + ScanOnly bool + Scan bool + Delete bool + Force bool + Repository RepositoryName + OutputFile string + Format outputFormat + ScannedFiles []string +} + +func (opt *Option) Validate() error { + if len(opt.ScannedFiles) == 0 && !opt.Scan { + return fmt.Errorf("no --scanned-files and --no-scan provided. specify at least one") + } + return nil +} + +// NopCloserWriter is a writer that does nothing on Close +type NopCloserWriter struct { + io.Writer +} + +func (NopCloserWriter) Close() error { return nil } + +func (opt *Option) OutputWriter() (io.WriteCloser, error) { + if opt.OutputFile == "" || opt.OutputFile == "-" { + return NopCloserWriter{os.Stdout}, nil + } + return os.Create(opt.OutputFile) +} diff --git a/planner.go b/planner.go new file mode 100644 index 0000000..c3eac9a --- /dev/null +++ b/planner.go @@ -0,0 +1,260 @@ +package ecrm + +import ( + "context" + "encoding/json" + "fmt" + "log" + "sort" + "strings" + "time" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/ecr" + ecrTypes "github.com/aws/aws-sdk-go-v2/service/ecr/types" + oci "github.com/google/go-containerregistry/pkg/v1" + ociTypes "github.com/google/go-containerregistry/pkg/v1/types" + "github.com/samber/lo" +) + +type Planner struct { + ecr *ecr.Client + region string +} + +func NewPlanner(cfg aws.Config) *Planner { + return &Planner{ + ecr: ecr.NewFromConfig(cfg), + region: cfg.Region, + } +} + +type DeletableImageIDs map[RepositoryName][]ecrTypes.ImageIdentifier + +func (d DeletableImageIDs) RepositoryNames() []RepositoryName { + names := lo.Keys(d) + sort.Slice(names, func(i, j int) bool { + return names[i] < names[j] + }) + return names +} + +// Plan scans repositories and find expired images, and returns a summary table and a map of deletable image identifiers. +// +// keepImages is a set of images in use by ECS tasks / task definitions / lambda functions +// so that they are not deleted +func (p *Planner) Plan(ctx context.Context, rcs []*RepositoryConfig, keepImages Images, repo RepositoryName) (SummaryTable, DeletableImageIDs, error) { + idsMaps := make(DeletableImageIDs) + sums := SummaryTable{} + in := &ecr.DescribeRepositoriesInput{} + if repo != "" { + in.RepositoryNames = []string{string(repo)} + } + pager := ecr.NewDescribeRepositoriesPaginator(p.ecr, in) + for pager.HasMorePages() { + repos, err := pager.NextPage(ctx) + if err != nil { + return nil, nil, fmt.Errorf("failed to describe repositories: %w", err) + } + REPO: + for _, repo := range repos.Repositories { + name := RepositoryName(*repo.RepositoryName) + var rc *RepositoryConfig + for _, _rc := range rcs { + if _rc.MatchName(name) { + rc = _rc + break + } + } + if rc == nil { + continue REPO + } + imageIDs, sum, err := p.unusedImageIdentifiers(ctx, name, rc, keepImages) + if err != nil { + return nil, nil, fmt.Errorf("failed to find unused image identifiers: %w", err) + } + sums = append(sums, sum...) + idsMaps[name] = imageIDs + } + } + sums.Sort() + return sums, idsMaps, nil +} + +// unusedImageIdentifiers finds image identifiers(by image digests) from the repository. +func (p *Planner) unusedImageIdentifiers(ctx context.Context, repo RepositoryName, rc *RepositoryConfig, keepImages Images) ([]ecrTypes.ImageIdentifier, RepoSummary, error) { + sums := NewRepoSummary(repo) + images, imageIndexes, sociIndexes, idByTags, err := p.listImageDetails(ctx, repo) + if err != nil { + return nil, sums, err + } + log.Printf("[info] %s has %d images, %d image indexes, %d soci indexes", repo, len(images), len(imageIndexes), len(sociIndexes)) + expiredIds := make([]ecrTypes.ImageIdentifier, 0) + expiredImageIndexes := newSet() + var keepCount int64 +IMAGE: + for _, d := range images { + tag, tagged := imageTag(d) + displayName := string(repo) + ":" + tag + sums.Add(d) + + // Check if the image is in use (digest) + imageURISha256 := ImageURI(fmt.Sprintf("%s.dkr.ecr.%s.amazonaws.com/%s@%s", *d.RegistryId, p.region, *d.RepositoryName, *d.ImageDigest)) + log.Printf("[debug] checking %s", imageURISha256) + if keepImages.Contains(imageURISha256) { + log.Printf("[info] %s@%s is in used, keep it", repo, *d.ImageDigest) + continue IMAGE + } + + // Check if the image is in use or conditions (tag) + for _, tag := range d.ImageTags { + if rc.MatchTag(tag) { + log.Printf("[info] image %s:%s is matched by tag condition, keep it", repo, tag) + continue IMAGE + } + imageURI := ImageURI(fmt.Sprintf("%s.dkr.ecr.%s.amazonaws.com/%s:%s", *d.RegistryId, p.region, *d.RepositoryName, tag)) + log.Printf("[debug] checking %s", imageURI) + if keepImages.Contains(imageURI) { + log.Printf("[info] image %s:%s is in used, keep it", repo, tag) + continue IMAGE + } + } + + // Check if the image is expired + pushedAt := *d.ImagePushedAt + if !rc.IsExpired(pushedAt) { + log.Printf("[info] image %s is not expired, keep it", displayName) + continue IMAGE + } + + if tagged { + keepCount++ + if keepCount <= rc.KeepCount { + log.Printf("[info] image %s is in keep_count %d <= %d, keep it", displayName, keepCount, rc.KeepCount) + continue IMAGE + } + } + + // Don't match any conditions, so expired + log.Printf("[notice] image %s is expired %s %s", displayName, *d.ImageDigest, pushedAt.Format(time.RFC3339)) + expiredIds = append(expiredIds, ecrTypes.ImageIdentifier{ImageDigest: d.ImageDigest}) + sums.Expire(d) + + tagSha256 := strings.Replace(*d.ImageDigest, "sha256:", "sha256-", 1) + if _, found := idByTags[tagSha256]; found { + expiredImageIndexes.add(tagSha256) + } + } + +IMAGE_INDEX: + for _, d := range imageIndexes { + log.Printf("[debug] is an image index %s", *d.ImageDigest) + sums.Add(d) + for _, tag := range d.ImageTags { + if expiredImageIndexes.contains(tag) { + log.Printf("[notice] %s:%s is expired (image index)", repo, tag) + sums.Expire(d) + expiredIds = append(expiredIds, ecrTypes.ImageIdentifier{ImageDigest: d.ImageDigest}) + continue IMAGE_INDEX + } + } + } + + sociIds, err := p.findSociIndex(ctx, repo, expiredImageIndexes.members()) + if err != nil { + return nil, sums, fmt.Errorf("failed to find soci index: %w", err) + } + +SOCI_INDEX: + for _, d := range sociIndexes { + log.Printf("[debug] is soci index %s", *d.ImageDigest) + sums.Add(d) + for _, id := range sociIds { + if aws.ToString(id.ImageDigest) == aws.ToString(d.ImageDigest) { + log.Printf("[notice] %s@%s is expired (soci index)", repo, *d.ImageDigest) + sums.Expire(d) + expiredIds = append(expiredIds, ecrTypes.ImageIdentifier{ImageDigest: d.ImageDigest}) + continue SOCI_INDEX + } + } + } + + return expiredIds, sums, nil +} + +func (p *Planner) listImageDetails(ctx context.Context, repo RepositoryName) ([]ecrTypes.ImageDetail, []ecrTypes.ImageDetail, []ecrTypes.ImageDetail, map[string]ecrTypes.ImageIdentifier, error) { + var images, imageIndexes, sociIndexes []ecrTypes.ImageDetail + foundTags := make(map[string]ecrTypes.ImageIdentifier, 0) + + pager := ecr.NewDescribeImagesPaginator(p.ecr, &ecr.DescribeImagesInput{ + RepositoryName: aws.String(string(repo)), + }) + for pager.HasMorePages() { + imgs, err := pager.NextPage(ctx) + if err != nil { + return nil, nil, nil, nil, fmt.Errorf("failed to describe images: %w", err) + } + for _, img := range imgs.ImageDetails { + if isContainerImage(img) { + images = append(images, img) + } else if isImageIndex(img) { + imageIndexes = append(imageIndexes, img) + } else if isSociIndex(img) { + sociIndexes = append(sociIndexes, img) + } + for _, tag := range img.ImageTags { + foundTags[tag] = ecrTypes.ImageIdentifier{ImageDigest: img.ImageDigest} + } + } + } + + sort.SliceStable(images, func(i, j int) bool { + return images[i].ImagePushedAt.After(*images[j].ImagePushedAt) + }) + sort.SliceStable(imageIndexes, func(i, j int) bool { + return imageIndexes[i].ImagePushedAt.After(*imageIndexes[j].ImagePushedAt) + }) + sort.SliceStable(sociIndexes, func(i, j int) bool { + return sociIndexes[i].ImagePushedAt.After(*sociIndexes[j].ImagePushedAt) + }) + return images, imageIndexes, sociIndexes, foundTags, nil +} + +func (p *Planner) findSociIndex(ctx context.Context, repo RepositoryName, imageTags []string) ([]ecrTypes.ImageIdentifier, error) { + ids := make([]ecrTypes.ImageIdentifier, 0, len(imageTags)) + + for _, c := range lo.Chunk(imageTags, batchGetImageLimit) { + imageIds := make([]ecrTypes.ImageIdentifier, 0, len(c)) + for _, tag := range c { + imageIds = append(imageIds, ecrTypes.ImageIdentifier{ImageTag: aws.String(tag)}) + } + res, err := p.ecr.BatchGetImage(ctx, &ecr.BatchGetImageInput{ + ImageIds: imageIds, + RepositoryName: aws.String(string(repo)), + AcceptedMediaTypes: []string{ + string(ociTypes.OCIManifestSchema1), + string(ociTypes.DockerManifestSchema1), + string(ociTypes.DockerManifestSchema2), + }, + }) + if err != nil { + return nil, fmt.Errorf("failed to batch get image: %w", err) + } + for _, img := range res.Images { + if img.ImageManifest == nil { + continue + } + var m oci.IndexManifest + if err := json.Unmarshal([]byte(*img.ImageManifest), &m); err != nil { + log.Printf("[warn] failed to parse manifest: %s %s", *img.ImageManifest, err) + continue + } + for _, d := range m.Manifests { + if d.ArtifactType == MediaTypeSociIndex { + ids = append(ids, ecrTypes.ImageIdentifier{ImageDigest: aws.String(d.Digest.String())}) + } + } + } + } + return ids, nil +} diff --git a/summary.go b/summary.go index 96c7728..041389c 100644 --- a/summary.go +++ b/summary.go @@ -5,6 +5,7 @@ import ( "fmt" "io" "log" + "sort" "strings" "github.com/aws/aws-sdk-go-v2/aws" @@ -120,7 +121,13 @@ const ( type SummaryTable []*Summary -func (s *SummaryTable) print(w io.Writer, format outputFormat) error { +func (s SummaryTable) Sort() { + sort.SliceStable(s, func(i, j int) bool { + return s[i].Repo < s[j].Repo + }) +} + +func (s *SummaryTable) Print(w io.Writer, format outputFormat) error { switch format { case formatTable: return s.printTable(w) From 04212faf68e88e1e5ba3d1c13f286893e1e4f999 Mon Sep 17 00:00:00 2001 From: fujiwara Date: Fri, 13 Sep 2024 17:11:09 +0900 Subject: [PATCH 08/10] Revert "add Planner, Genrator" This reverts commit 5bfd1d375fc0579819fd13c678d2a66f3163b369. --- cli.go | 6 +- ecrm.go | 330 +++++++++++++++++++++++++++++++++++++++++++++++----- generate.go | 52 +++------ option.go | 39 ------- planner.go | 260 ----------------------------------------- summary.go | 9 +- 6 files changed, 315 insertions(+), 381 deletions(-) delete mode 100644 option.go delete mode 100644 planner.go diff --git a/cli.go b/cli.go index 1936bb0..eca2c3f 100644 --- a/cli.go +++ b/cli.go @@ -79,7 +79,7 @@ func (c *PlanCLI) Option() *Option { Scan: c.Scan, ScannedFiles: c.ScannedFiles, Delete: false, - Repository: RepositoryName(c.Repository), + Repository: c.Repository, } } @@ -96,7 +96,7 @@ func (c *DeleteCLI) Option() *Option { ScannedFiles: c.ScannedFiles, Delete: true, Force: c.Force, - Repository: RepositoryName(c.Repository), + Repository: c.Repository, } } @@ -139,7 +139,7 @@ func (c *CLI) Run(ctx context.Context) error { switch c.command { case "generate": - return c.app.GenerateConfig(ctx, c.Config) + return c.app.GenerateConfig(ctx, c.Config, c.Generate.Option()) case "scan": return c.app.Run(ctx, c.Config, c.Scan.Option()) case "plan": diff --git a/ecrm.go b/ecrm.go index 4d67e5d..c6b36f5 100644 --- a/ecrm.go +++ b/ecrm.go @@ -2,10 +2,15 @@ package ecrm import ( "context" + "encoding/json" "errors" "fmt" + "io" "log" + "os" + "sort" "strings" + "time" "github.com/Songmu/prompter" "github.com/aws/aws-sdk-go-v2/aws" @@ -14,6 +19,9 @@ import ( "github.com/aws/aws-sdk-go-v2/service/ecr" ecrTypes "github.com/aws/aws-sdk-go-v2/service/ecr/types" "github.com/samber/lo" + + oci "github.com/google/go-containerregistry/pkg/v1" + ociTypes "github.com/google/go-containerregistry/pkg/v1/types" ) const ( @@ -30,6 +38,31 @@ type App struct { region string } +type Option struct { + ScanOnly bool + Scan bool + Delete bool + Force bool + Repository string + OutputFile string + Format outputFormat + ScannedFiles []string +} + +func (opt *Option) Validate() error { + if len(opt.ScannedFiles) == 0 && !opt.Scan { + return fmt.Errorf("no --scanned-files and --no-scan provided. specify at least one") + } + return nil +} + +func (opt *Option) OutputWriter() (io.WriteCloser, error) { + if opt.OutputFile == "" || opt.OutputFile == "-" { + return os.Stdout, nil + } + return os.Create(opt.OutputFile) +} + func New(ctx context.Context) (*App, error) { cfg, err := awsConfig.LoadDefaultConfig(ctx) if err != nil { @@ -44,79 +77,139 @@ func New(ctx context.Context) (*App, error) { func (app *App) Run(ctx context.Context, path string, opt *Option) error { if err := opt.Validate(); err != nil { - return fmt.Errorf("invalid option: %w", err) + return err } c, err := LoadConfig(path) if err != nil { - return fmt.Errorf("failed to load config: %w", err) + return err } scanner := NewScanner(app.awsCfg) if err := scanner.LoadFiles(opt.ScannedFiles); err != nil { - return fmt.Errorf("failed to load scanned image URIs: %w", err) + return err } if opt.Scan { if err := scanner.Scan(ctx, c); err != nil { - return fmt.Errorf("failed to scan: %w", err) + return err } } log.Println("[info] total", len(scanner.Images), "image URIs in use") if opt.ScanOnly { - return ShowScanResult(scanner, opt) + w, err := opt.OutputWriter() + if err != nil { + return fmt.Errorf("failed to open output: %w", err) + } + defer w.Close() + if err := scanner.Save(w); err != nil { + return err + } + return nil } - planner := NewPlanner(app.awsCfg) - sums, candidates, err := planner.Plan(ctx, c.Repositories, scanner.Images, opt.Repository) + return app.DoDelete(ctx, c, opt, scanner.Images) +} + +func (app *App) DoDelete(ctx context.Context, c *Config, opt *Option, keepImages Images) error { + log.Println("[info] finding expired images") + // find candidates to delete + candidates, err := app.scanRepositories(ctx, c.Repositories, keepImages, opt) if err != nil { - return fmt.Errorf("failed to plan: %w", err) - } - if err := ShowSummary(sums, opt); err != nil { - return fmt.Errorf("failed to show summary: %w", err) + return err } - if !opt.Delete { return nil } - for _, name := range candidates.RepositoryNames() { - if err := app.DeleteImages(ctx, name, candidates[name], opt.Force); err != nil { - return fmt.Errorf("failed to delete images: %w", err) + for name, ids := range candidates { + if err := app.DeleteImages(ctx, name, ids, opt); err != nil { + return err } } + return nil } -func ShowScanResult(s *Scanner, opt *Option) error { - w, err := opt.OutputWriter() - if err != nil { - return fmt.Errorf("failed to open output: %w", err) - } - defer w.Close() - if err := s.Save(w); err != nil { - return fmt.Errorf("failed to save scanned image URIs: %w", err) +func (app *App) repositories(ctx context.Context) ([]ecrTypes.Repository, error) { + repos := make([]ecrTypes.Repository, 0) + p := ecr.NewDescribeRepositoriesPaginator(app.ecr, &ecr.DescribeRepositoriesInput{}) + for p.HasMorePages() { + repo, err := p.NextPage(ctx) + if err != nil { + return nil, err + } + repos = append(repos, repo.Repositories...) } - return nil + return repos, nil } -func ShowSummary(s SummaryTable, opt *Option) error { +type deletableImageIDs map[RepositoryName][]ecrTypes.ImageIdentifier + +// scanRepositories scans repositories and find expired images +// keepImages is a set of images in use by ECS tasks / task definitions / lambda functions +// so that they are not deleted +func (app *App) scanRepositories(ctx context.Context, rcs []*RepositoryConfig, keepImages Images, opt *Option) (deletableImageIDs, error) { + idsMaps := make(deletableImageIDs) + sums := SummaryTable{} + in := &ecr.DescribeRepositoriesInput{} + if opt.Repository != "" { + in.RepositoryNames = []string{opt.Repository} + } + p := ecr.NewDescribeRepositoriesPaginator(app.ecr, in) + for p.HasMorePages() { + repos, err := p.NextPage(ctx) + if err != nil { + return nil, err + } + REPO: + for _, repo := range repos.Repositories { + name := RepositoryName(*repo.RepositoryName) + var rc *RepositoryConfig + for _, _rc := range rcs { + if _rc.MatchName(name) { + rc = _rc + break + } + } + if rc == nil { + continue REPO + } + imageIDs, sum, err := app.unusedImageIdentifiers(ctx, name, rc, keepImages) + if err != nil { + return nil, err + } + sums = append(sums, sum...) + idsMaps[name] = imageIDs + } + } + sort.SliceStable(sums, func(i, j int) bool { + return sums[i].Repo < sums[j].Repo + }) + log.Printf("[info] output summary to %s as %s", opt.OutputFile, opt.Format) w, err := opt.OutputWriter() if err != nil { - return fmt.Errorf("failed to open output: %w", err) + return nil, fmt.Errorf("failed to open output: %w", err) } defer w.Close() - return s.Print(w, opt.Format) + if err := sums.print(w, opt.Format); err != nil { + return nil, err + } + return idsMaps, nil } const batchDeleteImageIdsLimit = 100 const batchGetImageLimit = 100 // DeleteImages deletes images from the repository -func (app *App) DeleteImages(ctx context.Context, repo RepositoryName, ids []ecrTypes.ImageIdentifier, force bool) error { +func (app *App) DeleteImages(ctx context.Context, repo RepositoryName, ids []ecrTypes.ImageIdentifier, opt *Option) error { if len(ids) == 0 { log.Println("[info] no need to delete images on", repo) return nil } - if !force { + if !opt.Delete { + log.Printf("[notice] Expired %d image(s) found on %s. Run delete command to delete them.", len(ids), repo) + return nil + } + if !opt.Force { if !prompter.YN(fmt.Sprintf("Do you delete %d images on %s?", len(ids), repo), false) { return errors.New("aborted") } @@ -143,9 +236,182 @@ func (app *App) DeleteImages(ctx context.Context, repo RepositoryName, ids []ecr return nil } -func (app *App) GenerateConfig(ctx context.Context, path string) error { - g := NewGenerator(app.awsCfg) - return g.GenerateConfig(ctx, path) +// unusedImageIdentifiers finds image identifiers(by image digests) from the repository. +func (app *App) unusedImageIdentifiers(ctx context.Context, repo RepositoryName, rc *RepositoryConfig, keepImages Images) ([]ecrTypes.ImageIdentifier, RepoSummary, error) { + sums := NewRepoSummary(repo) + images, imageIndexes, sociIndexes, idByTags, err := app.listImageDetails(ctx, repo) + if err != nil { + return nil, sums, err + } + log.Printf("[info] %s has %d images, %d image indexes, %d soci indexes", repo, len(images), len(imageIndexes), len(sociIndexes)) + expiredIds := make([]ecrTypes.ImageIdentifier, 0) + expiredImageIndexes := newSet() + var keepCount int64 +IMAGE: + for _, d := range images { + tag, tagged := imageTag(d) + displayName := string(repo) + ":" + tag + sums.Add(d) + + // Check if the image is in use (digest) + imageURISha256 := ImageURI(fmt.Sprintf("%s.dkr.ecr.%s.amazonaws.com/%s@%s", *d.RegistryId, app.region, *d.RepositoryName, *d.ImageDigest)) + log.Printf("[debug] checking %s", imageURISha256) + if keepImages.Contains(imageURISha256) { + log.Printf("[info] %s@%s is in used, keep it", repo, *d.ImageDigest) + continue IMAGE + } + + // Check if the image is in use or conditions (tag) + for _, tag := range d.ImageTags { + if rc.MatchTag(tag) { + log.Printf("[info] image %s:%s is matched by tag condition, keep it", repo, tag) + continue IMAGE + } + imageURI := ImageURI(fmt.Sprintf("%s.dkr.ecr.%s.amazonaws.com/%s:%s", *d.RegistryId, app.region, *d.RepositoryName, tag)) + log.Printf("[debug] checking %s", imageURI) + if keepImages.Contains(imageURI) { + log.Printf("[info] image %s:%s is in used, keep it", repo, tag) + continue IMAGE + } + } + + // Check if the image is expired + pushedAt := *d.ImagePushedAt + if !rc.IsExpired(pushedAt) { + log.Printf("[info] image %s is not expired, keep it", displayName) + continue IMAGE + } + + if tagged { + keepCount++ + if keepCount <= rc.KeepCount { + log.Printf("[info] image %s is in keep_count %d <= %d, keep it", displayName, keepCount, rc.KeepCount) + continue IMAGE + } + } + + // Don't match any conditions, so expired + log.Printf("[notice] image %s is expired %s %s", displayName, *d.ImageDigest, pushedAt.Format(time.RFC3339)) + expiredIds = append(expiredIds, ecrTypes.ImageIdentifier{ImageDigest: d.ImageDigest}) + sums.Expire(d) + + tagSha256 := strings.Replace(*d.ImageDigest, "sha256:", "sha256-", 1) + if _, found := idByTags[tagSha256]; found { + expiredImageIndexes.add(tagSha256) + } + } + +IMAGE_INDEX: + for _, d := range imageIndexes { + log.Printf("[debug] is an image index %s", *d.ImageDigest) + sums.Add(d) + for _, tag := range d.ImageTags { + if expiredImageIndexes.contains(tag) { + log.Printf("[notice] %s:%s is expired (image index)", repo, tag) + sums.Expire(d) + expiredIds = append(expiredIds, ecrTypes.ImageIdentifier{ImageDigest: d.ImageDigest}) + continue IMAGE_INDEX + } + } + } + + sociIds, err := app.findSociIndex(ctx, repo, expiredImageIndexes.members()) + if err != nil { + return nil, sums, err + } + +SOCI_INDEX: + for _, d := range sociIndexes { + log.Printf("[debug] is soci index %s", *d.ImageDigest) + sums.Add(d) + for _, id := range sociIds { + if aws.ToString(id.ImageDigest) == aws.ToString(d.ImageDigest) { + log.Printf("[notice] %s@%s is expired (soci index)", repo, *d.ImageDigest) + sums.Expire(d) + expiredIds = append(expiredIds, ecrTypes.ImageIdentifier{ImageDigest: d.ImageDigest}) + continue SOCI_INDEX + } + } + } + + return expiredIds, sums, nil +} + +func (app *App) listImageDetails(ctx context.Context, repo RepositoryName) ([]ecrTypes.ImageDetail, []ecrTypes.ImageDetail, []ecrTypes.ImageDetail, map[string]ecrTypes.ImageIdentifier, error) { + var images, imageIndexes, sociIndexes []ecrTypes.ImageDetail + foundTags := make(map[string]ecrTypes.ImageIdentifier, 0) + + p := ecr.NewDescribeImagesPaginator(app.ecr, &ecr.DescribeImagesInput{ + RepositoryName: aws.String(string(repo)), + }) + for p.HasMorePages() { + imgs, err := p.NextPage(ctx) + if err != nil { + return nil, nil, nil, nil, err + } + for _, img := range imgs.ImageDetails { + if isContainerImage(img) { + images = append(images, img) + } else if isImageIndex(img) { + imageIndexes = append(imageIndexes, img) + } else if isSociIndex(img) { + sociIndexes = append(sociIndexes, img) + } + for _, tag := range img.ImageTags { + foundTags[tag] = ecrTypes.ImageIdentifier{ImageDigest: img.ImageDigest} + } + } + } + + sort.SliceStable(images, func(i, j int) bool { + return images[i].ImagePushedAt.After(*images[j].ImagePushedAt) + }) + sort.SliceStable(imageIndexes, func(i, j int) bool { + return imageIndexes[i].ImagePushedAt.After(*imageIndexes[j].ImagePushedAt) + }) + sort.SliceStable(sociIndexes, func(i, j int) bool { + return sociIndexes[i].ImagePushedAt.After(*sociIndexes[j].ImagePushedAt) + }) + return images, imageIndexes, sociIndexes, foundTags, nil +} + +func (app *App) findSociIndex(ctx context.Context, repo RepositoryName, imageTags []string) ([]ecrTypes.ImageIdentifier, error) { + ids := make([]ecrTypes.ImageIdentifier, 0, len(imageTags)) + + for _, c := range lo.Chunk(imageTags, batchGetImageLimit) { + imageIds := make([]ecrTypes.ImageIdentifier, 0, len(c)) + for _, tag := range c { + imageIds = append(imageIds, ecrTypes.ImageIdentifier{ImageTag: aws.String(tag)}) + } + res, err := app.ecr.BatchGetImage(ctx, &ecr.BatchGetImageInput{ + ImageIds: imageIds, + RepositoryName: aws.String(string(repo)), + AcceptedMediaTypes: []string{ + string(ociTypes.OCIManifestSchema1), + string(ociTypes.DockerManifestSchema1), + string(ociTypes.DockerManifestSchema2), + }, + }) + if err != nil { + return nil, err + } + for _, img := range res.Images { + if img.ImageManifest == nil { + continue + } + var m oci.IndexManifest + if err := json.Unmarshal([]byte(*img.ImageManifest), &m); err != nil { + log.Printf("[warn] failed to parse manifest: %s %s", *img.ImageManifest, err) + continue + } + for _, d := range m.Manifests { + if d.ArtifactType == MediaTypeSociIndex { + ids = append(ids, ecrTypes.ImageIdentifier{ImageDigest: aws.String(d.Digest.String())}) + } + } + } + } + return ids, nil } func imageTag(d ecrTypes.ImageDetail) (string, bool) { diff --git a/generate.go b/generate.go index 0f8b043..8d70ca4 100644 --- a/generate.go +++ b/generate.go @@ -12,9 +12,6 @@ import ( "strings" "github.com/Songmu/prompter" - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ecr" - ecrTypes "github.com/aws/aws-sdk-go-v2/service/ecr/types" "github.com/aws/aws-sdk-go-v2/service/ecs" "github.com/aws/aws-sdk-go-v2/service/lambda" "github.com/goccy/go-yaml" @@ -30,28 +27,18 @@ func nameToPattern(s string) string { return s } -type Generator struct { - awsCfg aws.Config -} - -func NewGenerator(cfg aws.Config) *Generator { - return &Generator{ - awsCfg: cfg, - } -} - -func (g *Generator) GenerateConfig(ctx context.Context, configFile string) error { +func (app *App) GenerateConfig(ctx context.Context, configFile string, opt *Option) error { config := Config{} - if err := g.generateClusterConfig(ctx, &config); err != nil { + if err := app.generateClusterConfig(ctx, &config); err != nil { return err } - if err := g.generateTaskdefConfig(ctx, &config); err != nil { + if err := app.generateTaskdefConfig(ctx, &config); err != nil { return err } - if err := g.generateLambdaConfig(ctx, &config); err != nil { + if err := app.generateLambdaConfig(ctx, &config); err != nil { return err } - if err := g.generateRepositoryConfig(ctx, &config); err != nil { + if err := app.generateRepositoryConfig(ctx, &config); err != nil { return err } @@ -74,8 +61,8 @@ func (g *Generator) GenerateConfig(ctx context.Context, configFile string) error return nil } -func (g *Generator) generateClusterConfig(ctx context.Context, config *Config) error { - clusters, err := clusterArns(ctx, ecs.NewFromConfig(g.awsCfg)) +func (app *App) generateClusterConfig(ctx context.Context, config *Config) error { + clusters, err := clusterArns(ctx, ecs.NewFromConfig(app.awsCfg)) if err != nil { return err } @@ -104,8 +91,8 @@ func (g *Generator) generateClusterConfig(ctx context.Context, config *Config) e return nil } -func (g *Generator) generateTaskdefConfig(ctx context.Context, config *Config) error { - taskdefs, err := taskDefinitionFamilies(ctx, ecs.NewFromConfig(g.awsCfg)) +func (app *App) generateTaskdefConfig(ctx context.Context, config *Config) error { + taskdefs, err := taskDefinitionFamilies(ctx, ecs.NewFromConfig(app.awsCfg)) if err != nil { return err } @@ -136,8 +123,8 @@ func (g *Generator) generateTaskdefConfig(ctx context.Context, config *Config) e return nil } -func (g *Generator) generateLambdaConfig(ctx context.Context, config *Config) error { - lambdas, err := lambdaFunctions(ctx, lambda.NewFromConfig(g.awsCfg)) +func (app *App) generateLambdaConfig(ctx context.Context, config *Config) error { + lambdas, err := lambdaFunctions(ctx, lambda.NewFromConfig(app.awsCfg)) if err != nil { return err } @@ -169,8 +156,8 @@ func (g *Generator) generateLambdaConfig(ctx context.Context, config *Config) er return nil } -func (g *Generator) generateRepositoryConfig(ctx context.Context, config *Config) error { - repos, err := g.repositories(ctx) +func (app *App) generateRepositoryConfig(ctx context.Context, config *Config) error { + repos, err := app.repositories(ctx) if err != nil { return err } @@ -202,16 +189,3 @@ func (g *Generator) generateRepositoryConfig(ctx context.Context, config *Config }) return nil } - -func (g *Generator) repositories(ctx context.Context) ([]ecrTypes.Repository, error) { - repos := make([]ecrTypes.Repository, 0) - p := ecr.NewDescribeRepositoriesPaginator(ecr.NewFromConfig(g.awsCfg), &ecr.DescribeRepositoriesInput{}) - for p.HasMorePages() { - repo, err := p.NextPage(ctx) - if err != nil { - return nil, err - } - repos = append(repos, repo.Repositories...) - } - return repos, nil -} diff --git a/option.go b/option.go deleted file mode 100644 index 9fec84e..0000000 --- a/option.go +++ /dev/null @@ -1,39 +0,0 @@ -package ecrm - -import ( - "fmt" - "io" - "os" -) - -type Option struct { - ScanOnly bool - Scan bool - Delete bool - Force bool - Repository RepositoryName - OutputFile string - Format outputFormat - ScannedFiles []string -} - -func (opt *Option) Validate() error { - if len(opt.ScannedFiles) == 0 && !opt.Scan { - return fmt.Errorf("no --scanned-files and --no-scan provided. specify at least one") - } - return nil -} - -// NopCloserWriter is a writer that does nothing on Close -type NopCloserWriter struct { - io.Writer -} - -func (NopCloserWriter) Close() error { return nil } - -func (opt *Option) OutputWriter() (io.WriteCloser, error) { - if opt.OutputFile == "" || opt.OutputFile == "-" { - return NopCloserWriter{os.Stdout}, nil - } - return os.Create(opt.OutputFile) -} diff --git a/planner.go b/planner.go deleted file mode 100644 index c3eac9a..0000000 --- a/planner.go +++ /dev/null @@ -1,260 +0,0 @@ -package ecrm - -import ( - "context" - "encoding/json" - "fmt" - "log" - "sort" - "strings" - "time" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/service/ecr" - ecrTypes "github.com/aws/aws-sdk-go-v2/service/ecr/types" - oci "github.com/google/go-containerregistry/pkg/v1" - ociTypes "github.com/google/go-containerregistry/pkg/v1/types" - "github.com/samber/lo" -) - -type Planner struct { - ecr *ecr.Client - region string -} - -func NewPlanner(cfg aws.Config) *Planner { - return &Planner{ - ecr: ecr.NewFromConfig(cfg), - region: cfg.Region, - } -} - -type DeletableImageIDs map[RepositoryName][]ecrTypes.ImageIdentifier - -func (d DeletableImageIDs) RepositoryNames() []RepositoryName { - names := lo.Keys(d) - sort.Slice(names, func(i, j int) bool { - return names[i] < names[j] - }) - return names -} - -// Plan scans repositories and find expired images, and returns a summary table and a map of deletable image identifiers. -// -// keepImages is a set of images in use by ECS tasks / task definitions / lambda functions -// so that they are not deleted -func (p *Planner) Plan(ctx context.Context, rcs []*RepositoryConfig, keepImages Images, repo RepositoryName) (SummaryTable, DeletableImageIDs, error) { - idsMaps := make(DeletableImageIDs) - sums := SummaryTable{} - in := &ecr.DescribeRepositoriesInput{} - if repo != "" { - in.RepositoryNames = []string{string(repo)} - } - pager := ecr.NewDescribeRepositoriesPaginator(p.ecr, in) - for pager.HasMorePages() { - repos, err := pager.NextPage(ctx) - if err != nil { - return nil, nil, fmt.Errorf("failed to describe repositories: %w", err) - } - REPO: - for _, repo := range repos.Repositories { - name := RepositoryName(*repo.RepositoryName) - var rc *RepositoryConfig - for _, _rc := range rcs { - if _rc.MatchName(name) { - rc = _rc - break - } - } - if rc == nil { - continue REPO - } - imageIDs, sum, err := p.unusedImageIdentifiers(ctx, name, rc, keepImages) - if err != nil { - return nil, nil, fmt.Errorf("failed to find unused image identifiers: %w", err) - } - sums = append(sums, sum...) - idsMaps[name] = imageIDs - } - } - sums.Sort() - return sums, idsMaps, nil -} - -// unusedImageIdentifiers finds image identifiers(by image digests) from the repository. -func (p *Planner) unusedImageIdentifiers(ctx context.Context, repo RepositoryName, rc *RepositoryConfig, keepImages Images) ([]ecrTypes.ImageIdentifier, RepoSummary, error) { - sums := NewRepoSummary(repo) - images, imageIndexes, sociIndexes, idByTags, err := p.listImageDetails(ctx, repo) - if err != nil { - return nil, sums, err - } - log.Printf("[info] %s has %d images, %d image indexes, %d soci indexes", repo, len(images), len(imageIndexes), len(sociIndexes)) - expiredIds := make([]ecrTypes.ImageIdentifier, 0) - expiredImageIndexes := newSet() - var keepCount int64 -IMAGE: - for _, d := range images { - tag, tagged := imageTag(d) - displayName := string(repo) + ":" + tag - sums.Add(d) - - // Check if the image is in use (digest) - imageURISha256 := ImageURI(fmt.Sprintf("%s.dkr.ecr.%s.amazonaws.com/%s@%s", *d.RegistryId, p.region, *d.RepositoryName, *d.ImageDigest)) - log.Printf("[debug] checking %s", imageURISha256) - if keepImages.Contains(imageURISha256) { - log.Printf("[info] %s@%s is in used, keep it", repo, *d.ImageDigest) - continue IMAGE - } - - // Check if the image is in use or conditions (tag) - for _, tag := range d.ImageTags { - if rc.MatchTag(tag) { - log.Printf("[info] image %s:%s is matched by tag condition, keep it", repo, tag) - continue IMAGE - } - imageURI := ImageURI(fmt.Sprintf("%s.dkr.ecr.%s.amazonaws.com/%s:%s", *d.RegistryId, p.region, *d.RepositoryName, tag)) - log.Printf("[debug] checking %s", imageURI) - if keepImages.Contains(imageURI) { - log.Printf("[info] image %s:%s is in used, keep it", repo, tag) - continue IMAGE - } - } - - // Check if the image is expired - pushedAt := *d.ImagePushedAt - if !rc.IsExpired(pushedAt) { - log.Printf("[info] image %s is not expired, keep it", displayName) - continue IMAGE - } - - if tagged { - keepCount++ - if keepCount <= rc.KeepCount { - log.Printf("[info] image %s is in keep_count %d <= %d, keep it", displayName, keepCount, rc.KeepCount) - continue IMAGE - } - } - - // Don't match any conditions, so expired - log.Printf("[notice] image %s is expired %s %s", displayName, *d.ImageDigest, pushedAt.Format(time.RFC3339)) - expiredIds = append(expiredIds, ecrTypes.ImageIdentifier{ImageDigest: d.ImageDigest}) - sums.Expire(d) - - tagSha256 := strings.Replace(*d.ImageDigest, "sha256:", "sha256-", 1) - if _, found := idByTags[tagSha256]; found { - expiredImageIndexes.add(tagSha256) - } - } - -IMAGE_INDEX: - for _, d := range imageIndexes { - log.Printf("[debug] is an image index %s", *d.ImageDigest) - sums.Add(d) - for _, tag := range d.ImageTags { - if expiredImageIndexes.contains(tag) { - log.Printf("[notice] %s:%s is expired (image index)", repo, tag) - sums.Expire(d) - expiredIds = append(expiredIds, ecrTypes.ImageIdentifier{ImageDigest: d.ImageDigest}) - continue IMAGE_INDEX - } - } - } - - sociIds, err := p.findSociIndex(ctx, repo, expiredImageIndexes.members()) - if err != nil { - return nil, sums, fmt.Errorf("failed to find soci index: %w", err) - } - -SOCI_INDEX: - for _, d := range sociIndexes { - log.Printf("[debug] is soci index %s", *d.ImageDigest) - sums.Add(d) - for _, id := range sociIds { - if aws.ToString(id.ImageDigest) == aws.ToString(d.ImageDigest) { - log.Printf("[notice] %s@%s is expired (soci index)", repo, *d.ImageDigest) - sums.Expire(d) - expiredIds = append(expiredIds, ecrTypes.ImageIdentifier{ImageDigest: d.ImageDigest}) - continue SOCI_INDEX - } - } - } - - return expiredIds, sums, nil -} - -func (p *Planner) listImageDetails(ctx context.Context, repo RepositoryName) ([]ecrTypes.ImageDetail, []ecrTypes.ImageDetail, []ecrTypes.ImageDetail, map[string]ecrTypes.ImageIdentifier, error) { - var images, imageIndexes, sociIndexes []ecrTypes.ImageDetail - foundTags := make(map[string]ecrTypes.ImageIdentifier, 0) - - pager := ecr.NewDescribeImagesPaginator(p.ecr, &ecr.DescribeImagesInput{ - RepositoryName: aws.String(string(repo)), - }) - for pager.HasMorePages() { - imgs, err := pager.NextPage(ctx) - if err != nil { - return nil, nil, nil, nil, fmt.Errorf("failed to describe images: %w", err) - } - for _, img := range imgs.ImageDetails { - if isContainerImage(img) { - images = append(images, img) - } else if isImageIndex(img) { - imageIndexes = append(imageIndexes, img) - } else if isSociIndex(img) { - sociIndexes = append(sociIndexes, img) - } - for _, tag := range img.ImageTags { - foundTags[tag] = ecrTypes.ImageIdentifier{ImageDigest: img.ImageDigest} - } - } - } - - sort.SliceStable(images, func(i, j int) bool { - return images[i].ImagePushedAt.After(*images[j].ImagePushedAt) - }) - sort.SliceStable(imageIndexes, func(i, j int) bool { - return imageIndexes[i].ImagePushedAt.After(*imageIndexes[j].ImagePushedAt) - }) - sort.SliceStable(sociIndexes, func(i, j int) bool { - return sociIndexes[i].ImagePushedAt.After(*sociIndexes[j].ImagePushedAt) - }) - return images, imageIndexes, sociIndexes, foundTags, nil -} - -func (p *Planner) findSociIndex(ctx context.Context, repo RepositoryName, imageTags []string) ([]ecrTypes.ImageIdentifier, error) { - ids := make([]ecrTypes.ImageIdentifier, 0, len(imageTags)) - - for _, c := range lo.Chunk(imageTags, batchGetImageLimit) { - imageIds := make([]ecrTypes.ImageIdentifier, 0, len(c)) - for _, tag := range c { - imageIds = append(imageIds, ecrTypes.ImageIdentifier{ImageTag: aws.String(tag)}) - } - res, err := p.ecr.BatchGetImage(ctx, &ecr.BatchGetImageInput{ - ImageIds: imageIds, - RepositoryName: aws.String(string(repo)), - AcceptedMediaTypes: []string{ - string(ociTypes.OCIManifestSchema1), - string(ociTypes.DockerManifestSchema1), - string(ociTypes.DockerManifestSchema2), - }, - }) - if err != nil { - return nil, fmt.Errorf("failed to batch get image: %w", err) - } - for _, img := range res.Images { - if img.ImageManifest == nil { - continue - } - var m oci.IndexManifest - if err := json.Unmarshal([]byte(*img.ImageManifest), &m); err != nil { - log.Printf("[warn] failed to parse manifest: %s %s", *img.ImageManifest, err) - continue - } - for _, d := range m.Manifests { - if d.ArtifactType == MediaTypeSociIndex { - ids = append(ids, ecrTypes.ImageIdentifier{ImageDigest: aws.String(d.Digest.String())}) - } - } - } - } - return ids, nil -} diff --git a/summary.go b/summary.go index 041389c..96c7728 100644 --- a/summary.go +++ b/summary.go @@ -5,7 +5,6 @@ import ( "fmt" "io" "log" - "sort" "strings" "github.com/aws/aws-sdk-go-v2/aws" @@ -121,13 +120,7 @@ const ( type SummaryTable []*Summary -func (s SummaryTable) Sort() { - sort.SliceStable(s, func(i, j int) bool { - return s[i].Repo < s[j].Repo - }) -} - -func (s *SummaryTable) Print(w io.Writer, format outputFormat) error { +func (s *SummaryTable) print(w io.Writer, format outputFormat) error { switch format { case formatTable: return s.printTable(w) From a5c8db6811d254c500972a904bf499f1b5695cb2 Mon Sep 17 00:00:00 2001 From: fujiwara Date: Fri, 13 Sep 2024 17:11:26 +0900 Subject: [PATCH 09/10] Revert "add Scanner" This reverts commit 8ebcb0fa1fc0b0d6d2766a5f093966941576486c. --- ecrm.go | 311 ++++++++++++++++++++++++++++++++++++++++++++++++++-- generate.go | 8 +- go.mod | 1 - go.sum | 3 +- lambda.go | 38 +++++-- scanner.go | 290 ------------------------------------------------ util.go | 52 --------- 7 files changed, 335 insertions(+), 368 deletions(-) delete mode 100644 scanner.go diff --git a/ecrm.go b/ecrm.go index c6b36f5..5cd03bd 100644 --- a/ecrm.go +++ b/ecrm.go @@ -18,6 +18,9 @@ import ( awsConfig "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/ecr" ecrTypes "github.com/aws/aws-sdk-go-v2/service/ecr/types" + "github.com/aws/aws-sdk-go-v2/service/ecs" + ecsTypes "github.com/aws/aws-sdk-go-v2/service/ecs/types" + "github.com/aws/aws-sdk-go-v2/service/lambda" "github.com/samber/lo" oci "github.com/google/go-containerregistry/pkg/v1" @@ -33,8 +36,9 @@ var untaggedStr = "__UNTAGGED__" type App struct { Version string - awsCfg aws.Config ecr *ecr.Client + ecs *ecs.Client + lambda *lambda.Client region string } @@ -70,11 +74,39 @@ func New(ctx context.Context) (*App, error) { } return &App{ region: cfg.Region, - awsCfg: cfg, ecr: ecr.NewFromConfig(cfg), + ecs: ecs.NewFromConfig(cfg), + lambda: lambda.NewFromConfig(cfg), }, nil } +func (app *App) clusterArns(ctx context.Context) ([]string, error) { + clusters := make([]string, 0) + p := ecs.NewListClustersPaginator(app.ecs, &ecs.ListClustersInput{}) + for p.HasMorePages() { + co, err := p.NextPage(ctx) + if err != nil { + return nil, err + } + clusters = append(clusters, co.ClusterArns...) + } + return clusters, nil +} + +func (app *App) taskDefinitionFamilies(ctx context.Context) ([]string, error) { + tds := make([]string, 0) + p := ecs.NewListTaskDefinitionFamiliesPaginator(app.ecs, &ecs.ListTaskDefinitionFamiliesInput{}) + for p.HasMorePages() { + td, err := p.NextPage(ctx) + if err != nil { + return nil, err + } + log.Println("[debug] task definition families:", td.Families) + tds = append(tds, td.Families...) + } + return tds, nil +} + func (app *App) Run(ctx context.Context, path string, opt *Option) error { if err := opt.Validate(); err != nil { return err @@ -85,29 +117,73 @@ func (app *App) Run(ctx context.Context, path string, opt *Option) error { return err } - scanner := NewScanner(app.awsCfg) - if err := scanner.LoadFiles(opt.ScannedFiles); err != nil { - return err + keepImages := make(Images) + if len(opt.ScannedFiles) > 0 { + for _, f := range opt.ScannedFiles { + log.Println("[info] loading scanned image URIs from", f) + imgs := make(Images) + if err := imgs.LoadFile(f); err != nil { + return err + } + log.Println("[info] loaded", len(imgs), "image URIs") + keepImages.Merge(imgs) + } } if opt.Scan { - if err := scanner.Scan(ctx, c); err != nil { + imgs, err := app.DoScan(ctx, c, opt) + if err != nil { return err } + keepImages.Merge(imgs) } - log.Println("[info] total", len(scanner.Images), "image URIs in use") + log.Println("[info] total", len(keepImages), "image URIs in use") if opt.ScanOnly { w, err := opt.OutputWriter() if err != nil { return fmt.Errorf("failed to open output: %w", err) } defer w.Close() - if err := scanner.Save(w); err != nil { + if err := keepImages.Print(w); err != nil { return err } + if opt.OutputFile != "" && opt.OutputFile != "-" { + log.Println("[info] saved scanned image URIs to", opt.OutputFile) + } return nil } - return app.DoDelete(ctx, c, opt, scanner.Images) + return app.DoDelete(ctx, c, opt, keepImages) +} + +func (app *App) DoScan(ctx context.Context, c *Config, opt *Option) (Images, error) { + log.Println("[info] scanning resources") + // collect images in use by ECS tasks / task definitions + var taskdefs []taskdef + keepImages := make(Images) + if tds, imgs, err := app.scanClusters(ctx, c.Clusters); err != nil { + return nil, err + } else { + taskdefs = append(taskdefs, tds...) + keepImages.Merge(imgs) + } + if tds, err := app.collectTaskdefs(ctx, c.TaskDefinitions); err != nil { + return nil, err + } else { + taskdefs = append(taskdefs, tds...) + } + if imgs, err := app.collectImages(ctx, taskdefs); err != nil { + return nil, err + } else { + keepImages.Merge(imgs) + } + + // collect images in use by lambda functions + if imgs, err := app.scanLambdaFunctions(ctx, c.LambdaFunctions); err != nil { + return nil, err + } else { + keepImages.Merge(imgs) + } + return keepImages, nil } func (app *App) DoDelete(ctx context.Context, c *Config, opt *Option, keepImages Images) error { @@ -129,6 +205,30 @@ func (app *App) DoDelete(ctx context.Context, c *Config, opt *Option, keepImages return nil } +// collectImages collects images in use by ECS tasks / task definitions +func (app *App) collectImages(ctx context.Context, taskdefs []taskdef) (Images, error) { + images := make(Images) + dup := newSet() + for _, td := range taskdefs { + tds := td.String() + if dup.contains(tds) { + continue + } + dup.add(tds) + + ids, err := app.extractECRImages(ctx, tds) + if err != nil { + return nil, err + } + for _, id := range ids { + if images.Add(id, tds) { + log.Printf("[info] image %s is in use by taskdef %s", id.String(), tds) + } + } + } + return images, nil +} + func (app *App) repositories(ctx context.Context) ([]ecrTypes.Repository, error) { repos := make([]ecrTypes.Repository, 0) p := ecr.NewDescribeRepositoriesPaginator(app.ecr, &ecr.DescribeRepositoriesInput{}) @@ -424,6 +524,199 @@ func imageTag(d ecrTypes.ImageDetail) (string, bool) { } } +// scanClusters scans ECS clusters and returns task definitions and images in use +func (app *App) scanClusters(ctx context.Context, clustersConfigs []*ClusterConfig) ([]taskdef, Images, error) { + tds := make([]taskdef, 0) + images := make(Images) + clusterArns, err := app.clusterArns(ctx) + if err != nil { + return tds, nil, err + } + + for _, a := range clusterArns { + var clusterArn string + for _, cc := range clustersConfigs { + if cc.Match(a) { + clusterArn = a + break + } + } + if clusterArn == "" { + continue + } + + log.Printf("[debug] Checking cluster %s", clusterArn) + if _tds, _imgs, err := app.availableResourcesInCluster(ctx, clusterArn); err != nil { + return tds, nil, err + } else { + tds = append(tds, _tds...) + images.Merge(_imgs) + } + } + return tds, images, nil +} + +// collectTaskdefs collects task definitions by configurations +func (app *App) collectTaskdefs(ctx context.Context, tcs []*TaskdefConfig) ([]taskdef, error) { + tds := make([]taskdef, 0) + families, err := app.taskDefinitionFamilies(ctx) + if err != nil { + return tds, err + } + + for _, family := range families { + var name string + var keepCount int64 + for _, tc := range tcs { + if tc.Match(family) { + name = family + keepCount = tc.KeepCount + break + } + } + if name == "" { + continue + } + log.Printf("[debug] Checking task definitions %s latest %d revisions", name, keepCount) + res, err := app.ecs.ListTaskDefinitions(ctx, &ecs.ListTaskDefinitionsInput{ + FamilyPrefix: &name, + MaxResults: aws.Int32(int32(keepCount)), + Sort: ecsTypes.SortOrderDesc, + }) + if err != nil { + return tds, err + } + for _, tdArn := range res.TaskDefinitionArns { + td, err := parseTaskdefArn(tdArn) + if err != nil { + return tds, err + } + tds = append(tds, td) + } + } + return tds, nil +} + +// extractECRImages extracts images (only in ECR) from the task definition +// returns image URIs +func (app App) extractECRImages(ctx context.Context, tdName string) ([]ImageURI, error) { + images := make([]ImageURI, 0) + out, err := app.ecs.DescribeTaskDefinition(ctx, &ecs.DescribeTaskDefinitionInput{ + TaskDefinition: &tdName, + }) + if err != nil { + return nil, err + } + for _, container := range out.TaskDefinition.ContainerDefinitions { + u := ImageURI(*container.Image) + if u.IsECRImage() { + images = append(images, u) + } else { + log.Printf("[debug] Skipping non ECR image %s", u) + } + } + return images, nil +} + +// availableResourcesInCluster scans task definitions and images in use in the cluster +func (app *App) availableResourcesInCluster(ctx context.Context, clusterArn string) ([]taskdef, Images, error) { + clusterName := clusterArnToName(clusterArn) + tdArns := make(set) + images := make(Images) + + log.Printf("[debug] Checking tasks in %s", clusterArn) + tp := ecs.NewListTasksPaginator(app.ecs, &ecs.ListTasksInput{Cluster: &clusterArn}) + for tp.HasMorePages() { + to, err := tp.NextPage(ctx) + if err != nil { + return nil, nil, err + } + if len(to.TaskArns) == 0 { + continue + } + tasks, err := app.ecs.DescribeTasks(ctx, &ecs.DescribeTasksInput{ + Cluster: &clusterArn, + Tasks: to.TaskArns, + }) + if err != nil { + return nil, nil, err + } + for _, task := range tasks.Tasks { + tdArn := aws.ToString(task.TaskDefinitionArn) + td, err := parseTaskdefArn(tdArn) + if err != nil { + return nil, nil, err + } + ts, err := arn.Parse(*task.TaskArn) + if err != nil { + return nil, nil, err + } + if tdArns.add(tdArn) { + log.Printf("[info] taskdef %s is used by %s", td.String(), ts.Resource) + } + for _, c := range task.Containers { + u := ImageURI(aws.ToString(c.Image)) + if !u.IsECRImage() { + continue + } + // ECR image + if u.IsDigestURI() { + if images.Add(u, tdArn) { + log.Printf("[info] image %s is used by %s container on %s", u.String(), *c.Name, ts.Resource) + } + } else { + base := u.Base() + digest := aws.ToString(c.ImageDigest) + u := ImageURI(base + "@" + digest) + if images.Add(u, tdArn) { + log.Printf("[info] image %s is used by %s container on %s", u.String(), *c.Name, ts.Resource) + } + } + } + } + } + + sp := ecs.NewListServicesPaginator(app.ecs, &ecs.ListServicesInput{Cluster: &clusterArn}) + for sp.HasMorePages() { + so, err := sp.NextPage(ctx) + if err != nil { + return nil, nil, err + } + if len(so.ServiceArns) == 0 { + continue + } + svs, err := app.ecs.DescribeServices(ctx, &ecs.DescribeServicesInput{ + Cluster: &clusterArn, + Services: so.ServiceArns, + }) + if err != nil { + return nil, nil, err + } + for _, sv := range svs.Services { + log.Printf("[debug] Checking service %s", *sv.ServiceName) + for _, dp := range sv.Deployments { + tdArn := aws.ToString(dp.TaskDefinition) + td, err := parseTaskdefArn(tdArn) + if err != nil { + return nil, nil, err + } + if tdArns.add(tdArn) { + log.Printf("[info] taskdef %s is used by %s deployment on service %s/%s", td.String(), *dp.Status, *sv.ServiceName, clusterName) + } + } + } + } + var tds []taskdef + for a := range tdArns { + td, err := parseTaskdefArn(a) + if err != nil { + return nil, nil, err + } + tds = append(tds, td) + } + return tds, images, nil +} + func arnToName(name, removePrefix string) string { if arn.IsARN(name) { a, _ := arn.Parse(name) diff --git a/generate.go b/generate.go index 8d70ca4..64edb17 100644 --- a/generate.go +++ b/generate.go @@ -12,8 +12,6 @@ import ( "strings" "github.com/Songmu/prompter" - "github.com/aws/aws-sdk-go-v2/service/ecs" - "github.com/aws/aws-sdk-go-v2/service/lambda" "github.com/goccy/go-yaml" ) @@ -62,7 +60,7 @@ func (app *App) GenerateConfig(ctx context.Context, configFile string, opt *Opti } func (app *App) generateClusterConfig(ctx context.Context, config *Config) error { - clusters, err := clusterArns(ctx, ecs.NewFromConfig(app.awsCfg)) + clusters, err := app.clusterArns(ctx) if err != nil { return err } @@ -92,7 +90,7 @@ func (app *App) generateClusterConfig(ctx context.Context, config *Config) error } func (app *App) generateTaskdefConfig(ctx context.Context, config *Config) error { - taskdefs, err := taskDefinitionFamilies(ctx, ecs.NewFromConfig(app.awsCfg)) + taskdefs, err := app.taskDefinitionFamilies(ctx) if err != nil { return err } @@ -124,7 +122,7 @@ func (app *App) generateTaskdefConfig(ctx context.Context, config *Config) error } func (app *App) generateLambdaConfig(ctx context.Context, config *Config) error { - lambdas, err := lambdaFunctions(ctx, lambda.NewFromConfig(app.awsCfg)) + lambdas, err := app.lambdaFunctions(ctx) if err != nil { return err } diff --git a/go.mod b/go.mod index 3ceb969..2cef183 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,6 @@ require ( github.com/fatih/color v1.17.0 github.com/fujiwara/logutils v1.1.0 github.com/goccy/go-yaml v1.9.4 - github.com/google/go-cmp v0.6.0 github.com/google/go-containerregistry v0.20.0 github.com/k1LoW/duration v1.1.0 github.com/olekukonko/tablewriter v0.0.5 diff --git a/go.sum b/go.sum index 2476cd6..7ed53cf 100644 --- a/go.sum +++ b/go.sum @@ -58,8 +58,7 @@ github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7a github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= github.com/goccy/go-yaml v1.9.4 h1:S0GCYjwHKVI6IHqio7QWNKNThUl6NLzFd/g8Z65Axw8= github.com/goccy/go-yaml v1.9.4/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-containerregistry v0.20.0 h1:wRqHpOeVh3DnenOrPy9xDOLdnLatiGuuNRVelR2gSbg= github.com/google/go-containerregistry v0.20.0/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= diff --git a/lambda.go b/lambda.go index fc7fd3d..a315968 100644 --- a/lambda.go +++ b/lambda.go @@ -12,11 +12,31 @@ import ( lambdaTypes "github.com/aws/aws-sdk-go-v2/service/lambda/types" ) -func (s *Scanner) scanLambdaFunctions(ctx context.Context, lcs []*LambdaConfig) error { - funcs, err := lambdaFunctions(ctx, s.lambda) +func (app *App) lambdaFunctions(ctx context.Context) ([]lambdaTypes.FunctionConfiguration, error) { + fns := make([]lambdaTypes.FunctionConfiguration, 0) + p := lambda.NewListFunctionsPaginator(app.lambda, &lambda.ListFunctionsInput{}) + for p.HasMorePages() { + r, err := p.NextPage(ctx) + if err != nil { + return nil, err + } + for _, fn := range r.Functions { + if fn.PackageType != "Image" { + continue + } + log.Printf("[debug] lambda function %s PackageType %s", *fn.FunctionName, fn.PackageType) + fns = append(fns, fn) + } + } + return fns, nil +} + +func (app *App) scanLambdaFunctions(ctx context.Context, lcs []*LambdaConfig) (Images, error) { + funcs, err := app.lambdaFunctions(ctx) if err != nil { - return err + return nil, err } + images := make(Images) for _, fn := range funcs { var name string @@ -34,7 +54,7 @@ func (s *Scanner) scanLambdaFunctions(ctx context.Context, lcs []*LambdaConfig) } log.Printf("[debug] Checking Lambda function %s latest %d versions", name, keepCount) p := lambda.NewListVersionsByFunctionPaginator( - s.lambda, + app.lambda, &lambda.ListVersionsByFunctionInput{ FunctionName: fn.FunctionName, MaxItems: aws.Int32(int32(keepCount)), @@ -44,7 +64,7 @@ func (s *Scanner) scanLambdaFunctions(ctx context.Context, lcs []*LambdaConfig) for p.HasMorePages() { r, err := p.NextPage(ctx) if err != nil { - return err + return nil, err } versions = append(versions, r.Versions...) } @@ -56,23 +76,23 @@ func (s *Scanner) scanLambdaFunctions(ctx context.Context, lcs []*LambdaConfig) } for _, v := range versions { log.Println("[debug] Getting Lambda function ", *v.FunctionArn) - f, err := s.lambda.GetFunction(ctx, &lambda.GetFunctionInput{ + f, err := app.lambda.GetFunction(ctx, &lambda.GetFunctionInput{ FunctionName: v.FunctionArn, }) if err != nil { - return err + return nil, err } u := ImageURI(aws.ToString(f.Code.ImageUri)) if u == "" { continue } log.Println("[debug] ImageUri", u) - if s.Images.Add(u, aws.ToString(v.FunctionArn)) { + if images.Add(u, aws.ToString(v.FunctionArn)) { log.Printf("[info] %s is in use by Lambda function %s:%s", u.String(), *v.FunctionName, *v.Version) } } } - return nil + return images, nil } func lambdaVersionInt64(v string) int64 { diff --git a/scanner.go b/scanner.go deleted file mode 100644 index bcf2783..0000000 --- a/scanner.go +++ /dev/null @@ -1,290 +0,0 @@ -package ecrm - -import ( - "context" - "io" - "log" - - "github.com/aws/aws-sdk-go-v2/aws" - "github.com/aws/aws-sdk-go-v2/aws/arn" - "github.com/aws/aws-sdk-go-v2/service/ecs" - ecsTypes "github.com/aws/aws-sdk-go-v2/service/ecs/types" - "github.com/aws/aws-sdk-go-v2/service/lambda" -) - -type Scanner struct { - Images Images - - ecs *ecs.Client - lambda *lambda.Client -} - -func NewScanner(cfg aws.Config) *Scanner { - return &Scanner{ - Images: make(Images), - ecs: ecs.NewFromConfig(cfg), - lambda: lambda.NewFromConfig(cfg), - } -} - -func (s *Scanner) Scan(ctx context.Context, c *Config) error { - log.Println("[info] scanning resources") - - // collect images in use by ECS tasks / task definitions - var taskdefs []taskdef - if tds, err := s.scanClusters(ctx, c.Clusters); err != nil { - return err - } else { - taskdefs = append(taskdefs, tds...) - } - if tds, err := s.collectTaskdefs(ctx, c.TaskDefinitions); err != nil { - return err - } else { - taskdefs = append(taskdefs, tds...) - } - if err := s.collectImages(ctx, taskdefs); err != nil { - return err - } - - // collect images in use by lambda functions - if err := s.scanLambdaFunctions(ctx, c.LambdaFunctions); err != nil { - return err - } - - return nil -} - -func (s *Scanner) LoadFiles(files []string) error { - for _, f := range files { - log.Println("[info] loading scanned image URIs from", f) - imgs := make(Images) - if err := imgs.LoadFile(f); err != nil { - return err - } - log.Println("[info] loaded", len(imgs), "image URIs") - s.Images.Merge(imgs) - } - return nil -} - -func (s *Scanner) Save(w io.Writer) error { - log.Println("[info] saving scanned image URIs") - if err := s.Images.Print(w); err != nil { - return err - } - log.Println("[info] saved", len(s.Images), "image URIs") - return nil -} - -// collectImages collects images in use by ECS tasks / task definitions -func (s *Scanner) collectImages(ctx context.Context, taskdefs []taskdef) error { - dup := newSet() - for _, td := range taskdefs { - tds := td.String() - if dup.contains(tds) { - continue - } - dup.add(tds) - - ids, err := s.extractECRImages(ctx, tds) - if err != nil { - return err - } - for _, id := range ids { - if s.Images.Add(id, tds) { - log.Printf("[info] image %s is in use by taskdef %s", id.String(), tds) - } - } - } - return nil -} - -// extractECRImages extracts images (only in ECR) from the task definition -// returns image URIs -func (s *Scanner) extractECRImages(ctx context.Context, tdName string) ([]ImageURI, error) { - images := make([]ImageURI, 0) - out, err := s.ecs.DescribeTaskDefinition(ctx, &ecs.DescribeTaskDefinitionInput{ - TaskDefinition: &tdName, - }) - if err != nil { - return nil, err - } - for _, container := range out.TaskDefinition.ContainerDefinitions { - u := ImageURI(*container.Image) - if u.IsECRImage() { - images = append(images, u) - } else { - log.Printf("[debug] Skipping non ECR image %s", u) - } - } - return images, nil -} - -// scanClusters scans ECS clusters and returns task definitions and images in use -func (s *Scanner) scanClusters(ctx context.Context, clustersConfigs []*ClusterConfig) ([]taskdef, error) { - tds := make([]taskdef, 0) - clusterArns, err := clusterArns(ctx, s.ecs) - if err != nil { - return nil, err - } - - for _, a := range clusterArns { - var clusterArn string - for _, cc := range clustersConfigs { - if cc.Match(a) { - clusterArn = a - break - } - } - if clusterArn == "" { - continue - } - - log.Printf("[debug] Checking cluster %s", clusterArn) - if _tds, err := s.availableResourcesInCluster(ctx, clusterArn); err != nil { - return tds, err - } else { - tds = append(tds, _tds...) - } - } - return tds, nil -} - -// collectTaskdefs collects task definitions by configurations -func (s *Scanner) collectTaskdefs(ctx context.Context, tcs []*TaskdefConfig) ([]taskdef, error) { - tds := make([]taskdef, 0) - families, err := taskDefinitionFamilies(ctx, s.ecs) - if err != nil { - return tds, err - } - - for _, family := range families { - var name string - var keepCount int64 - for _, tc := range tcs { - if tc.Match(family) { - name = family - keepCount = tc.KeepCount - break - } - } - if name == "" { - continue - } - log.Printf("[debug] Checking task definitions %s latest %d revisions", name, keepCount) - res, err := s.ecs.ListTaskDefinitions(ctx, &ecs.ListTaskDefinitionsInput{ - FamilyPrefix: &name, - MaxResults: aws.Int32(int32(keepCount)), - Sort: ecsTypes.SortOrderDesc, - }) - if err != nil { - return tds, err - } - for _, tdArn := range res.TaskDefinitionArns { - td, err := parseTaskdefArn(tdArn) - if err != nil { - return tds, err - } - tds = append(tds, td) - } - } - return tds, nil -} - -// availableResourcesInCluster scans task definitions and images in use in the cluster -func (s *Scanner) availableResourcesInCluster(ctx context.Context, clusterArn string) ([]taskdef, error) { - clusterName := clusterArnToName(clusterArn) - tdArns := make(set) - - log.Printf("[debug] Checking tasks in %s", clusterArn) - tp := ecs.NewListTasksPaginator(s.ecs, &ecs.ListTasksInput{Cluster: &clusterArn}) - for tp.HasMorePages() { - to, err := tp.NextPage(ctx) - if err != nil { - return nil, err - } - if len(to.TaskArns) == 0 { - continue - } - tasks, err := s.ecs.DescribeTasks(ctx, &ecs.DescribeTasksInput{ - Cluster: &clusterArn, - Tasks: to.TaskArns, - }) - if err != nil { - return nil, err - } - for _, task := range tasks.Tasks { - tdArn := aws.ToString(task.TaskDefinitionArn) - td, err := parseTaskdefArn(tdArn) - if err != nil { - return nil, err - } - ts, err := arn.Parse(*task.TaskArn) - if err != nil { - return nil, err - } - if tdArns.add(tdArn) { - log.Printf("[info] taskdef %s is used by %s", td.String(), ts.Resource) - } - for _, c := range task.Containers { - u := ImageURI(aws.ToString(c.Image)) - if !u.IsECRImage() { - continue - } - // ECR image - if u.IsDigestURI() { - if s.Images.Add(u, tdArn) { - log.Printf("[info] image %s is used by %s container on %s", u.String(), *c.Name, ts.Resource) - } - } else { - base := u.Base() - digest := aws.ToString(c.ImageDigest) - u := ImageURI(base + "@" + digest) - if s.Images.Add(u, tdArn) { - log.Printf("[info] image %s is used by %s container on %s", u.String(), *c.Name, ts.Resource) - } - } - } - } - } - - sp := ecs.NewListServicesPaginator(s.ecs, &ecs.ListServicesInput{Cluster: &clusterArn}) - for sp.HasMorePages() { - so, err := sp.NextPage(ctx) - if err != nil { - return nil, err - } - if len(so.ServiceArns) == 0 { - continue - } - svs, err := s.ecs.DescribeServices(ctx, &ecs.DescribeServicesInput{ - Cluster: &clusterArn, - Services: so.ServiceArns, - }) - if err != nil { - return nil, err - } - for _, sv := range svs.Services { - log.Printf("[debug] Checking service %s", *sv.ServiceName) - for _, dp := range sv.Deployments { - tdArn := aws.ToString(dp.TaskDefinition) - td, err := parseTaskdefArn(tdArn) - if err != nil { - return nil, err - } - if tdArns.add(tdArn) { - log.Printf("[info] taskdef %s is used by %s deployment on service %s/%s", td.String(), *dp.Status, *sv.ServiceName, clusterName) - } - } - } - } - var tds []taskdef - for a := range tdArns { - td, err := parseTaskdefArn(a) - if err != nil { - return nil, err - } - tds = append(tds, td) - } - return tds, nil -} diff --git a/util.go b/util.go index 5593440..b71f624 100644 --- a/util.go +++ b/util.go @@ -1,14 +1,8 @@ package ecrm import ( - "context" - "log" - "github.com/aws/aws-sdk-go-v2/aws" ecrTypes "github.com/aws/aws-sdk-go-v2/service/ecr/types" - "github.com/aws/aws-sdk-go-v2/service/ecs" - "github.com/aws/aws-sdk-go-v2/service/lambda" - lambdaTypes "github.com/aws/aws-sdk-go-v2/service/lambda/types" ociTypes "github.com/google/go-containerregistry/pkg/v1/types" ) @@ -33,49 +27,3 @@ func isImageIndex(d ecrTypes.ImageDetail) bool { func isSociIndex(d ecrTypes.ImageDetail) bool { return ociTypes.MediaType(aws.ToString(d.ArtifactMediaType)) == MediaTypeSociIndex } - -func taskDefinitionFamilies(ctx context.Context, client *ecs.Client) ([]string, error) { - tds := make([]string, 0) - p := ecs.NewListTaskDefinitionFamiliesPaginator(client, &ecs.ListTaskDefinitionFamiliesInput{}) - for p.HasMorePages() { - td, err := p.NextPage(ctx) - if err != nil { - return nil, err - } - log.Println("[debug] task definition families:", td.Families) - tds = append(tds, td.Families...) - } - return tds, nil -} - -func clusterArns(ctx context.Context, client *ecs.Client) ([]string, error) { - clusters := make([]string, 0) - p := ecs.NewListClustersPaginator(client, &ecs.ListClustersInput{}) - for p.HasMorePages() { - co, err := p.NextPage(ctx) - if err != nil { - return nil, err - } - clusters = append(clusters, co.ClusterArns...) - } - return clusters, nil -} - -func lambdaFunctions(ctx context.Context, client *lambda.Client) ([]lambdaTypes.FunctionConfiguration, error) { - fns := make([]lambdaTypes.FunctionConfiguration, 0) - p := lambda.NewListFunctionsPaginator(client, &lambda.ListFunctionsInput{}) - for p.HasMorePages() { - r, err := p.NextPage(ctx) - if err != nil { - return nil, err - } - for _, fn := range r.Functions { - if fn.PackageType != "Image" { - continue - } - log.Printf("[debug] lambda function %s PackageType %s", *fn.FunctionName, fn.PackageType) - fns = append(fns, fn) - } - } - return fns, nil -} From 76c72b093dee24fa0766fd93cbec64bd6c9cba87 Mon Sep 17 00:00:00 2001 From: fujiwara Date: Fri, 13 Sep 2024 17:14:01 +0900 Subject: [PATCH 10/10] go mod tidy --- go.mod | 1 + go.sum | 1 + 2 files changed, 2 insertions(+) diff --git a/go.mod b/go.mod index 2cef183..b04a525 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( github.com/fatih/color v1.17.0 github.com/fujiwara/logutils v1.1.0 github.com/goccy/go-yaml v1.9.4 + github.com/google/go-cmp v0.5.9 github.com/google/go-containerregistry v0.20.0 github.com/k1LoW/duration v1.1.0 github.com/olekukonko/tablewriter v0.0.5 diff --git a/go.sum b/go.sum index 7ed53cf..07b4b36 100644 --- a/go.sum +++ b/go.sum @@ -59,6 +59,7 @@ github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn github.com/goccy/go-yaml v1.9.4 h1:S0GCYjwHKVI6IHqio7QWNKNThUl6NLzFd/g8Z65Axw8= github.com/goccy/go-yaml v1.9.4/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.20.0 h1:wRqHpOeVh3DnenOrPy9xDOLdnLatiGuuNRVelR2gSbg= github.com/google/go-containerregistry v0.20.0/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=