From 7f984d5855fa45d5871392da00e1769ead9f9a91 Mon Sep 17 00:00:00 2001
From: Matthias Bertschy <matthias.bertschy@gmail.com>
Date: Fri, 22 Nov 2024 09:37:56 +0100
Subject: [PATCH] remove unecessary resources discovery for cleanup

Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
---
 pkg/cleanup/discovery.go        |  15 ---
 pkg/cleanup/testdata/wlids.json | 220 +-------------------------------
 2 files changed, 1 insertion(+), 234 deletions(-)

diff --git a/pkg/cleanup/discovery.go b/pkg/cleanup/discovery.go
index 53bf4e8cf..a430144f7 100644
--- a/pkg/cleanup/discovery.go
+++ b/pkg/cleanup/discovery.go
@@ -22,28 +22,13 @@ import (
 
 var (
 	Workloads = mapset.NewSet[string]([]string{
-		"apiservice",
-		"configmap",
-		"clusterrole",
-		"clusterrolebinding",
 		"cronjob",
 		"daemonset",
 		"deployment",
-		"endpoints",
-		"endpointslice",
 		"job",
-		"lease",
-		"namespace",
-		"node",
-		"persistentvolume",
-		"persistentvolumeclaim",
 		"pod",
 		"replicaset",
-		"role",
-		"rolebinding",
-		"secret",
 		"service",
-		"serviceaccount",
 		"statefulset",
 	}...) // FIXME put in a configmap
 )
diff --git a/pkg/cleanup/testdata/wlids.json b/pkg/cleanup/testdata/wlids.json
index 94cd4283f..07d78fa1d 100644
--- a/pkg/cleanup/testdata/wlids.json
+++ b/pkg/cleanup/testdata/wlids.json
@@ -1,105 +1,17 @@
 {
-  "namespace-/apiservice-v1.": [],
-  "namespace-/apiservice-v1.admissionregistration.k8s.io": [],
-  "namespace-/apiservice-v1.apiextensions.k8s.io": [],
-  "namespace-/apiservice-v1.apps": [],
-  "namespace-/apiservice-v1.authentication.k8s.io": [],
-  "namespace-/apiservice-v1.authorization.k8s.io": [],
-  "namespace-/apiservice-v1.autoscaling": [],
-  "namespace-/apiservice-v1.batch": [],
-  "namespace-/apiservice-v1.certificates.k8s.io": [],
-  "namespace-/apiservice-v1.coordination.k8s.io": [],
-  "namespace-/apiservice-v1.discovery.k8s.io": [],
-  "namespace-/apiservice-v1.events.k8s.io": [],
-  "namespace-/apiservice-v1.networking.k8s.io": [],
-  "namespace-/apiservice-v1.node.k8s.io": [],
-  "namespace-/apiservice-v1.policy": [],
-  "namespace-/apiservice-v1.rbac.authorization.k8s.io": [],
-  "namespace-/apiservice-v1.scheduling.k8s.io": [],
-  "namespace-/apiservice-v1.storage.k8s.io": [],
-  "namespace-/apiservice-v1beta1.spdx.softwarecomposition.kubescape.io": [],
-  "namespace-/apiservice-v1beta2.flowcontrol.apiserver.k8s.io": [],
-  "namespace-/apiservice-v1beta3.flowcontrol.apiserver.k8s.io": [],
-  "namespace-/apiservice-v2.autoscaling": [],
-  "namespace-/clusterrolebinding-cluster-admin": [],
-  "namespace-/clusterrolebinding-kindnet": [],
-  "namespace-/clusterrolebinding-kollector": [],
-  "namespace-/clusterrolebinding-kubeadm:get-nodes": [],
-  "namespace-/clusterrolebinding-kubeadm:kubelet-bootstrap": [],
-  "namespace-/clusterrolebinding-kubeadm:node-autoapprove-bootstrap": [],
-  "namespace-/clusterrolebinding-kubeadm:node-autoapprove-certificate-rotation": [],
-  "namespace-/clusterrolebinding-kubeadm:node-proxier": [],
-  "namespace-/clusterrolebinding-kubescape": [],
-  "namespace-/clusterrolebinding-kubevuln": [],
-  "namespace-/clusterrolebinding-local-path-provisioner-bind": [],
-  "namespace-/clusterrolebinding-node-agent": [],
-  "namespace-/clusterrolebinding-operator": [],
-  "namespace-/clusterrolebinding-storage": [],
-  "namespace-/clusterrolebinding-storage:system:auth-delegator": [],
-  "namespace-/clusterrolebinding-synchronizer": [],
-  "namespace-/clusterrolebinding-system:basic-user": [],
-  "namespace-/clusterrolebinding-system:controller:attachdetach-controller": [],
-  "namespace-/clusterrolebinding-system:controller:certificate-controller": [],
-  "namespace-/clusterrolebinding-system:controller:clusterrole-aggregation-controller": [],
-  "namespace-/clusterrolebinding-system:controller:cronjob-controller": [],
-  "namespace-/clusterrolebinding-system:controller:daemon-set-controller": [],
-  "namespace-/clusterrolebinding-system:controller:deployment-controller": [],
-  "namespace-/clusterrolebinding-system:controller:disruption-controller": [],
-  "namespace-/clusterrolebinding-system:controller:endpoint-controller": [],
-  "namespace-/clusterrolebinding-system:controller:endpointslice-controller": [],
-  "namespace-/clusterrolebinding-system:controller:endpointslicemirroring-controller": [],
-  "namespace-/clusterrolebinding-system:controller:ephemeral-volume-controller": [],
-  "namespace-/clusterrolebinding-system:controller:expand-controller": [],
-  "namespace-/clusterrolebinding-system:controller:generic-garbage-collector": [],
-  "namespace-/clusterrolebinding-system:controller:horizontal-pod-autoscaler": [],
-  "namespace-/clusterrolebinding-system:controller:job-controller": [],
-  "namespace-/clusterrolebinding-system:controller:namespace-controller": [],
-  "namespace-/clusterrolebinding-system:controller:node-controller": [],
-  "namespace-/clusterrolebinding-system:controller:persistent-volume-binder": [],
-  "namespace-/clusterrolebinding-system:controller:pod-garbage-collector": [],
-  "namespace-/clusterrolebinding-system:controller:pv-protection-controller": [],
-  "namespace-/clusterrolebinding-system:controller:pvc-protection-controller": [],
-  "namespace-/clusterrolebinding-system:controller:replicaset-controller": [],
-  "namespace-/clusterrolebinding-system:controller:replication-controller": [],
-  "namespace-/clusterrolebinding-system:controller:resourcequota-controller": [],
-  "namespace-/clusterrolebinding-system:controller:root-ca-cert-publisher": [],
-  "namespace-/clusterrolebinding-system:controller:route-controller": [],
-  "namespace-/clusterrolebinding-system:controller:service-account-controller": [],
-  "namespace-/clusterrolebinding-system:controller:service-controller": [],
-  "namespace-/clusterrolebinding-system:controller:statefulset-controller": [],
-  "namespace-/clusterrolebinding-system:controller:ttl-after-finished-controller": [],
-  "namespace-/clusterrolebinding-system:controller:ttl-controller": [],
-  "namespace-/clusterrolebinding-system:coredns": [],
-  "namespace-/clusterrolebinding-system:discovery": [],
-  "namespace-/clusterrolebinding-system:kube-controller-manager": [],
-  "namespace-/clusterrolebinding-system:kube-dns": [],
-  "namespace-/clusterrolebinding-system:kube-scheduler": [],
-  "namespace-/clusterrolebinding-system:monitoring": [],
-  "namespace-/clusterrolebinding-system:node": [],
-  "namespace-/clusterrolebinding-system:node-proxier": [],
-  "namespace-/clusterrolebinding-system:public-info-viewer": [],
-  "namespace-/clusterrolebinding-system:service-account-issuer-discovery": [],
-  "namespace-/clusterrolebinding-system:volume-scheduler": [],
   "namespace-/namespace-default": [],
-  "namespace-/namespace-kube-node-lease": [],
   "namespace-/namespace-kube-public": [],
   "namespace-/namespace-kube-system": [],
   "namespace-/namespace-kubescape": [],
   "namespace-/namespace-local-path-storage": [],
-  "namespace-/node-kind-control-plane": [],
-  "namespace-/persistentvolume-pvc-7843aae9-7eaf-407a-8e7e-ea8760e76e6e": [],
-  "namespace-default/configmap-kube-root-ca.crt": [],
   "namespace-default/deployment-nginx": [
     "nginx"
   ],
-  "namespace-default/endpoints-kubernetes": [],
-  "namespace-default/endpointslice-kubernetes": [],
   "namespace-default/pod-nginx-748c667d99-8mk4k": [],
   "namespace-default/replicaset-nginx-748c667d99": [
     "nginx"
   ],
   "namespace-default/service-kubernetes": [],
-  "namespace-default/serviceaccount-default": [],
   "namespace-gmp-system/daemonset-collector": [
     "prometheus",
     "config-reloader"
@@ -114,23 +26,6 @@
   "namespace-gmp-system/statefulset-alertmanager": [
     "alertmanager"
   ],
-  "namespace-kube-node-lease/configmap-kube-root-ca.crt": [],
-  "namespace-kube-node-lease/lease-kind-control-plane": [],
-  "namespace-kube-node-lease/serviceaccount-default": [],
-  "namespace-kube-public/configmap-cluster-info": [],
-  "namespace-kube-public/configmap-kube-root-ca.crt": [],
-  "namespace-kube-public/role-kubeadm:bootstrap-signer-clusterinfo": [],
-  "namespace-kube-public/role-system:controller:bootstrap-signer": [],
-  "namespace-kube-public/rolebinding-kubeadm:bootstrap-signer-clusterinfo": [],
-  "namespace-kube-public/rolebinding-system:controller:bootstrap-signer": [],
-  "namespace-kube-public/serviceaccount-default": [],
-  "namespace-kube-system/configmap-coredns": [],
-  "namespace-kube-system/configmap-extension-apiserver-authentication": [],
-  "namespace-kube-system/configmap-kube-apiserver-legacy-service-account-token-tracking": [],
-  "namespace-kube-system/configmap-kube-proxy": [],
-  "namespace-kube-system/configmap-kube-root-ca.crt": [],
-  "namespace-kube-system/configmap-kubeadm-config": [],
-  "namespace-kube-system/configmap-kubelet-config": [],
   "namespace-kube-system/daemonset-fluentbit-gke": [
     "fluentbit-gke",
     "fluentbit"
@@ -249,12 +144,6 @@
     "metrics-server",
     "metrics-server-nanny"
   ],
-  "namespace-kube-system/endpoints-kube-dns": [],
-  "namespace-kube-system/endpointslice-kube-dns-92k4x": [],
-  "namespace-kube-system/endpointslice-kube-dns-jgjc6": [],
-  "namespace-kube-system/lease-apiserver-c7uylvfxlbqccnk6myfkwetzze": [],
-  "namespace-kube-system/lease-kube-controller-manager": [],
-  "namespace-kube-system/lease-kube-scheduler": [],
   "namespace-kube-system/pod-coredns-5d78c9869d-bjsbm": [],
   "namespace-kube-system/pod-coredns-5d78c9869d-bt8qx": [],
   "namespace-kube-system/pod-coredns-787d4945fb-r2g4q": [],
@@ -273,77 +162,7 @@
   "namespace-kube-system/replicaset-coredns-787d4945fb": [
     "coredns"
   ],
-  "namespace-kube-system/role-extension-apiserver-authentication-reader": [],
-  "namespace-kube-system/role-kube-proxy": [],
-  "namespace-kube-system/role-kubeadm:kubelet-config": [],
-  "namespace-kube-system/role-kubeadm:nodes-kubeadm-config": [],
-  "namespace-kube-system/role-system::leader-locking-kube-controller-manager": [],
-  "namespace-kube-system/role-system::leader-locking-kube-scheduler": [],
-  "namespace-kube-system/role-system:controller:bootstrap-signer": [],
-  "namespace-kube-system/role-system:controller:cloud-provider": [],
-  "namespace-kube-system/role-system:controller:token-cleaner": [],
-  "namespace-kube-system/rolebinding-kube-proxy": [],
-  "namespace-kube-system/rolebinding-kubeadm:kubelet-config": [],
-  "namespace-kube-system/rolebinding-kubeadm:nodes-kubeadm-config": [],
-  "namespace-kube-system/rolebinding-storage-auth-reader": [],
-  "namespace-kube-system/rolebinding-system::extension-apiserver-authentication-reader": [],
-  "namespace-kube-system/rolebinding-system::leader-locking-kube-controller-manager": [],
-  "namespace-kube-system/rolebinding-system::leader-locking-kube-scheduler": [],
-  "namespace-kube-system/rolebinding-system:controller:bootstrap-signer": [],
-  "namespace-kube-system/rolebinding-system:controller:cloud-provider": [],
-  "namespace-kube-system/rolebinding-system:controller:token-cleaner": [],
-  "namespace-kube-system/secret-bootstrap-token-abcdef": [],
   "namespace-kube-system/service-kube-dns": [],
-  "namespace-kube-system/serviceaccount-attachdetach-controller": [],
-  "namespace-kube-system/serviceaccount-bootstrap-signer": [],
-  "namespace-kube-system/serviceaccount-certificate-controller": [],
-  "namespace-kube-system/serviceaccount-clusterrole-aggregation-controller": [],
-  "namespace-kube-system/serviceaccount-coredns": [],
-  "namespace-kube-system/serviceaccount-cronjob-controller": [],
-  "namespace-kube-system/serviceaccount-daemon-set-controller": [],
-  "namespace-kube-system/serviceaccount-default": [],
-  "namespace-kube-system/serviceaccount-deployment-controller": [],
-  "namespace-kube-system/serviceaccount-disruption-controller": [],
-  "namespace-kube-system/serviceaccount-endpoint-controller": [],
-  "namespace-kube-system/serviceaccount-endpointslice-controller": [],
-  "namespace-kube-system/serviceaccount-endpointslicemirroring-controller": [],
-  "namespace-kube-system/serviceaccount-ephemeral-volume-controller": [],
-  "namespace-kube-system/serviceaccount-expand-controller": [],
-  "namespace-kube-system/serviceaccount-generic-garbage-collector": [],
-  "namespace-kube-system/serviceaccount-horizontal-pod-autoscaler": [],
-  "namespace-kube-system/serviceaccount-job-controller": [],
-  "namespace-kube-system/serviceaccount-kindnet": [],
-  "namespace-kube-system/serviceaccount-kube-proxy": [],
-  "namespace-kube-system/serviceaccount-namespace-controller": [],
-  "namespace-kube-system/serviceaccount-node-controller": [],
-  "namespace-kube-system/serviceaccount-persistent-volume-binder": [],
-  "namespace-kube-system/serviceaccount-pod-garbage-collector": [],
-  "namespace-kube-system/serviceaccount-pv-protection-controller": [],
-  "namespace-kube-system/serviceaccount-pvc-protection-controller": [],
-  "namespace-kube-system/serviceaccount-replicaset-controller": [],
-  "namespace-kube-system/serviceaccount-replication-controller": [],
-  "namespace-kube-system/serviceaccount-resourcequota-controller": [],
-  "namespace-kube-system/serviceaccount-root-ca-cert-publisher": [],
-  "namespace-kube-system/serviceaccount-service-account-controller": [],
-  "namespace-kube-system/serviceaccount-service-controller": [],
-  "namespace-kube-system/serviceaccount-statefulset-controller": [],
-  "namespace-kube-system/serviceaccount-token-cleaner": [],
-  "namespace-kube-system/serviceaccount-ttl-after-finished-controller": [],
-  "namespace-kube-system/serviceaccount-ttl-controller": [],
-  "namespace-kubescape/configmap-cs-matching-rules": [],
-  "namespace-kubescape/configmap-host-scanner-definition": [],
-  "namespace-kubescape/configmap-ks-capabilities": [],
-  "namespace-kubescape/configmap-ks-cloud-config": [],
-  "namespace-kubescape/configmap-kube-root-ca.crt": [],
-  "namespace-kubescape/configmap-kubescape-cronjob-template": [],
-  "namespace-kubescape/configmap-kubescape-scheduler": [],
-  "namespace-kubescape/configmap-kubevuln-cronjob-template": [],
-  "namespace-kubescape/configmap-kubevuln-scheduler": [],
-  "namespace-kubescape/configmap-node-agent": [],
-  "namespace-kubescape/configmap-operator": [],
-  "namespace-kubescape/configmap-otel-collector-config": [],
-  "namespace-kubescape/configmap-registry-scan-cronjob-template": [],
-  "namespace-kubescape/configmap-synchronizer": [],
   "namespace-kubescape/cronjob-kubescape-scheduler": [],
   "namespace-kubescape/cronjob-kubevuln-scheduler": [],
   "namespace-kubescape/daemonset-node-agent": [
@@ -370,24 +189,6 @@
   "namespace-kubescape/deployment-synchronizer": [
     "synchronizer"
   ],
-  "namespace-kubescape/endpoints-gateway": [],
-  "namespace-kubescape/endpoints-kubescape": [],
-  "namespace-kubescape/endpoints-kubevuln": [],
-  "namespace-kubescape/endpoints-operator": [],
-  "namespace-kubescape/endpoints-otel-collector": [],
-  "namespace-kubescape/endpoints-storage": [],
-  "namespace-kubescape/endpointslice-gateway-49n52": [],
-  "namespace-kubescape/endpointslice-gateway-v7sdn": [],
-  "namespace-kubescape/endpointslice-kubescape-77x49": [],
-  "namespace-kubescape/endpointslice-kubescape-l7ccb": [],
-  "namespace-kubescape/endpointslice-kubevuln-k4p8f": [],
-  "namespace-kubescape/endpointslice-kubevuln-qm7x8": [],
-  "namespace-kubescape/endpointslice-operator-rl9d7": [],
-  "namespace-kubescape/endpointslice-operator-tgxrh": [],
-  "namespace-kubescape/endpointslice-otel-collector-h8zp5": [],
-  "namespace-kubescape/endpointslice-otel-collector-qgz29": [],
-  "namespace-kubescape/endpointslice-storage-bnqlv": [],
-  "namespace-kubescape/endpointslice-storage-cxtlm": [],
   "namespace-kubescape/job-kubescape-scheduler-28364487": [
     "kubescape-scheduler"
   ],
@@ -400,7 +201,6 @@
   "namespace-kubescape/job-kubevuln-scheduler-28372865": [
     "kubevuln-scheduler"
   ],
-  "namespace-kubescape/persistentvolumeclaim-storage": [],
   "namespace-kubescape/pod-gateway-776ff9b5c8-2c6z8": [],
   "namespace-kubescape/pod-gateway-7d75fdf958-t7vv6": [],
   "namespace-kubescape/pod-kollector-0": [],
@@ -467,31 +267,15 @@
   "namespace-kubescape/replicaset-synchronizer-67576f6b5c": [
     "synchronizer"
   ],
-  "namespace-kubescape/role-kubescape": [],
-  "namespace-kubescape/role-operator": [],
-  "namespace-kubescape/rolebinding-kubescape": [],
-  "namespace-kubescape/rolebinding-operator": [],
-  "namespace-kubescape/secret-cloud-secret": [],
-  "namespace-kubescape/secret-sh.helm.release.v1.kubescape.v1": [],
   "namespace-kubescape/service-gateway": [],
   "namespace-kubescape/service-kubescape": [],
   "namespace-kubescape/service-kubevuln": [],
   "namespace-kubescape/service-operator": [],
   "namespace-kubescape/service-otel-collector": [],
   "namespace-kubescape/service-storage": [],
-  "namespace-kubescape/serviceaccount-default": [],
-  "namespace-kubescape/serviceaccount-kollector": [],
-  "namespace-kubescape/serviceaccount-kubescape": [],
-  "namespace-kubescape/serviceaccount-kubevuln": [],
-  "namespace-kubescape/serviceaccount-node-agent": [],
-  "namespace-kubescape/serviceaccount-operator": [],
-  "namespace-kubescape/serviceaccount-storage": [],
-  "namespace-kubescape/serviceaccount-synchronizer": [],
   "namespace-kubescape/statefulset-kollector": [
     "kollector"
   ],
-  "namespace-local-path-storage/configmap-kube-root-ca.crt": [],
-  "namespace-local-path-storage/configmap-local-path-config": [],
   "namespace-local-path-storage/deployment-local-path-provisioner": [
     "local-path-provisioner"
   ],
@@ -503,9 +287,7 @@
   "namespace-local-path-storage/replicaset-local-path-provisioner-75f5b54ffd": [
     "local-path-provisioner"
   ],
-  "namespace-local-path-storage/serviceaccount-default": [],
-  "namespace-local-path-storage/serviceaccount-local-path-provisioner-service-account": [],
   "namespace-systest-ns-foso/deployment-golang": [
     "golang"
   ]
-}
\ No newline at end of file
+}