-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.py
236 lines (205 loc) · 9.47 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
'''
Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
the License. A copy of the License is located at
http://aws.amazon.com/apache2.0/
or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and
limitations under the License.
'''
from __future__ import print_function
import os
import argparse
import boto3
import requests
import sys
REGION = None
DRYRUN = None
IMAGES_TO_KEEP = None
ASSUME_ROLE = None
def getAWSClient(resource_name,region='us-east-1'):
sts_client = boto3.client('sts')
assumedRoleObject = sts_client.assume_role(
RoleArn=ASSUME_ROLE,
RoleSessionName="AssumeRoleSession1"
)
credentials = assumedRoleObject['Credentials']
client = boto3.client(
resource_name,
aws_access_key_id = credentials['AccessKeyId'],
aws_secret_access_key = credentials['SecretAccessKey'],
aws_session_token = credentials['SessionToken'],
region_name = region
)
return client
def getAWSResource(resource_name,region='us-east-1'):
sts_client = boto3.client('sts')
assumedRoleObject = sts_client.assume_role(
RoleArn=ASSUME_ROLE,
RoleSessionName="AssumeRoleSession1"
)
credentials = assumedRoleObject['Credentials']
#print(credentials)
resource = boto3.client(
resource_name,
aws_access_key_id = credentials['AccessKeyId'],
aws_secret_access_key = credentials['SecretAccessKey'],
aws_session_token = credentials['SessionToken'],
region_name = region
)
return resource
def initialize():
global REGION
global DRYRUN
global IMAGES_TO_KEEP
global ASSUME_ROLE
REGION = os.environ.get('REGION', "None")
DRYRUN = os.environ.get('DRYRUN', "false").lower()
ASSUME_ROLE = os.environ.get('ARN','None')
if DRYRUN == "false":
DRYRUN = False
else:
DRYRUN = True
IMAGES_TO_KEEP = int(os.environ.get('IMAGES_TO_KEEP', 100))
def handler(event, context):
initialize()
if REGION == "None":
partitions = requests.get("https://raw.githubusercontent.com/boto/botocore/develop/botocore/data/endpoints.json").json()['partitions']
for partition in partitions:
if partition['partition'] == "aws":
for endpoint in partition['services']['ecs']['endpoints']:
discover_delete_images(endpoint)
else:
discover_delete_images(REGION)
def discover_delete_images(regionname):
print("Discovering images in "+regionname)
#ecr_client = boto3.client('ecr', region_name=regionname)
ecr_client = getAWSClient('ecr', region=regionname)
repositories = []
describerepo_paginator = ecr_client.get_paginator('describe_repositories')
for response_listrepopaginator in describerepo_paginator.paginate():
for repo in response_listrepopaginator['repositories']:
repositories.append(repo)
#print(repositories)
#ecs_client = boto3.client('ecs', region_name=regionname)
ecs_client = getAWSClient('ecs', region=regionname)
listclusters_paginator = ecs_client.get_paginator('list_clusters')
running_containers = []
for response_listclusterpaginator in listclusters_paginator.paginate():
for cluster in response_listclusterpaginator['clusterArns']:
listtasks_paginator = ecs_client.get_paginator('list_tasks')
for reponse_listtaskpaginator in listtasks_paginator.paginate(cluster=cluster, desiredStatus='RUNNING'):
if reponse_listtaskpaginator['taskArns']:
describe_tasks_list = ecs_client.describe_tasks(
cluster=cluster,
tasks=reponse_listtaskpaginator['taskArns']
)
for tasks_list in describe_tasks_list['tasks']:
if tasks_list['taskDefinitionArn'] is not None:
response = ecs_client.describe_task_definition(
taskDefinition=tasks_list['taskDefinitionArn']
)
for container in response['taskDefinition']['containerDefinitions']:
if '.dkr.ecr.' in container['image'] and ":" in container['image']:
if container['image'] not in running_containers:
running_containers.append(container['image'])
print("Images that are running:")
for image in running_containers:
print(image)
for repository in repositories:
print ("------------------------")
print("Starting with repository :"+repository['repositoryUri'])
deletesha = []
deletetag = []
tagged_images = []
describeimage_paginator = ecr_client.get_paginator('describe_images')
for response_describeimagepaginator in describeimage_paginator.paginate(
registryId=repository['registryId'],
repositoryName=repository['repositoryName']):
for image in response_describeimagepaginator['imageDetails']:
if 'imageTags' in image:
tagged_images.append(image)
else:
appendtolist(deletesha, image['imageDigest'])
print("Total number of images found: {}".format(len(tagged_images)+len(deletesha)))
print("Number of unttaged images found {}".format(len(deletesha)))
tagged_images.sort(key=lambda k: k['imagePushedAt'], reverse=True)
#Get ImageDigest from ImageURL for running images. Do this for every repository
running_sha = []
for image in tagged_images:
for tag in image['imageTags']:
imageurl = repository['repositoryUri'] + ":" + tag
for runningimages in running_containers:
if imageurl == runningimages:
if imageurl not in running_sha:
running_sha.append(image['imageDigest'])
print("Number of running images found {}".format(len(running_sha)))
for image in tagged_images:
if tagged_images.index(image) >= IMAGES_TO_KEEP:
for tag in image['imageTags']:
if "latest" not in tag:
if not running_sha or image['imageDigest'] not in running_sha:
appendtolist(deletesha, image['imageDigest'])
appendtotaglist(deletetag, {"imageUrl": repository['repositoryUri'] + ":" + tag, "pushedAt": image["imagePushedAt"]})
if deletesha:
print("Number of images to be deleted: {}".format(len(deletesha)))
delete_images(
ecr_client,
deletesha,
deletetag,
repository['registryId'],
repository['repositoryName']
)
else:
print("Nothing to delete in repository : " + repository['repositoryName'])
def appendtolist(list, id):
if not {'imageDigest': id} in list:
list.append({'imageDigest': id})
def appendtotaglist(list, id):
if not id in list:
list.append(id)
def chunks(l, n):
"""Yield successive n-sized chunks from l."""
for i in range(0, len(l), n):
yield l[i:i + n]
def delete_images(ecr_client, deletesha, deletetag, id, name):
if len(deletesha) >= 1:
## spliting list of images to delete on chunks with 100 images each
## http://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_BatchDeleteImage.html#API_BatchDeleteImage_RequestSyntax
i = 0
for deletesha_chunk in chunks(deletesha, 100):
i += 1
if not DRYRUN:
delete_response = ecr_client.batch_delete_image(
registryId=id,
repositoryName=name,
imageIds=deletesha_chunk
)
print(delete_response)
else:
print("registryId:"+id)
print("repositoryName:"+name)
print("Deleting {} chank of images".format(i))
print("imageIds:", end='')
print(deletesha_chunk)
if deletetag:
print("Image URLs that are marked for deletion:")
for ids in deletetag:
print("- {} - {}".format(ids["imageUrl"], ids["pushedAt"]))
# Below is the test harness
if __name__ == '__main__':
request = {"None": "None"}
parser = argparse.ArgumentParser(description='Deletes stale ECR images')
parser.add_argument('-dryrun', help='Prints the repository to be deleted without deleting them', default='true', action='store', dest='dryrun')
parser.add_argument('-imagestokeep', help='Number of image tags to keep', default='100', action='store', dest='imagestokeep')
parser.add_argument('-region', help='ECR/ECS region', default=None, action='store', dest='region')
parser.add_argument('-arn', help='Assume role id', default=None, action='store', dest='arn')
args = parser.parse_args()
if args.region:
os.environ["REGION"] = args.region
else:
os.environ["REGION"] = "None"
os.environ["DRYRUN"] = args.dryrun.lower()
os.environ["IMAGES_TO_KEEP"] = args.imagestokeep
os.environ["ARN"] = args.arn
handler(request, None)