...

Source file src/github.com/datawire/ambassador/v2/pkg/snapshot/v1/sanitize.go

Documentation: github.com/datawire/ambassador/v2/pkg/snapshot/v1 

     1  package snapshot
     2  
     3  import (
     4  	"github.com/datawire/ambassador/v2/pkg/kates"
     5  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
     6  )
     7  
     8  // Currently, this only removes "sensitive" information, which, for now, is just Secrets.data and
     9  // anything that's not object metadata from Invalid objects. (since we couldn't parse the things in
    10  // "invalid", we actually don't know what they are so they could contain secrets.)
    11  //
    12  // TODO:(@acookin) Could also remove server generated bits from here, e.g. the last applied configuration
    13  // annotation that the kube server applies. The benefit of that would be to reduce bits sent across
    14  // the wire.
    15  func (s *Snapshot) Sanitize() error {
    16  	var err error
    17  	if s.Kubernetes != nil {
    18  		if err = s.Kubernetes.Sanitize(); err != nil {
    19  			return err
    20  		}
    21  	}
    22  	// this invalid stuff could contain secret secret things probably
    23  	// so it's probably best to scrub the contents and just send along the object meta and
    24  	// error?
    25  	if len(s.Invalid) > 0 {
    26  		scrubbedInvalid := []*kates.Unstructured{}
    27  		for _, invalid := range s.Invalid {
    28  			scrubbed := kates.NewUnstructured(invalid.GetKind(), invalid.GetAPIVersion())
    29  			scrubbed.SetName(invalid.GetName())
    30  			scrubbed.SetNamespace(invalid.GetNamespace())
    31  			invalidErrs, hasErrors := invalid.Object["errors"]
    32  			if hasErrors {
    33  				rawContent := scrubbed.UnstructuredContent()
    34  				rawContent["errors"] = invalidErrs
    35  				scrubbed.SetUnstructuredContent(rawContent)
    36  			}
    37  			scrubbedInvalid = append(scrubbedInvalid, scrubbed)
    38  		}
    39  		s.Invalid = scrubbedInvalid
    40  	}
    41  	return nil
    42  }
    43  
    44  func (ambInputs *KubernetesSnapshot) Sanitize() error {
    45  	// create new secrets so we only carry over info we want
    46  	// secret values can live on in the last applied configuration annotation, for example
    47  
    48  	// another option here is that we could have a `Sanatizable` interface, and have each object
    49  	// that needs to be cleaned up a bit implement `Sanitize()`, but, imo, that's harder to
    50  	// read
    51  	sanitizedSecrets := []*kates.Secret{}
    52  	for _, secret := range ambInputs.Secrets {
    53  		sanitizedSecret := &kates.Secret{
    54  			Type:     secret.Type,
    55  			TypeMeta: secret.TypeMeta,
    56  			ObjectMeta: metav1.ObjectMeta{
    57  				Name:      secret.ObjectMeta.Name,
    58  				Namespace: secret.ObjectMeta.Namespace,
    59  			},
    60  			Data: map[string][]byte{},
    61  		}
    62  		for k := range secret.Data {
    63  			// adding the keys but removing the data, which is probably fine
    64  			// note: the data will be base64 encoded during json serialization which is
    65  			// fun. I still think <REDACTED> is better than an empty string because an
    66  			// empty string could be a real value. Also just making this a garbage
    67  			// random value would make things harder to debug, so I'd prefer not to
    68  			sanitizedSecret.Data[k] = []byte(`<REDACTED>`)
    69  		}
    70  		sanitizedSecrets = append(sanitizedSecrets, sanitizedSecret)
    71  	}
    72  	ambInputs.Secrets = sanitizedSecrets
    73  
    74  	return nil
    75  }
    76  

View as plain text