redact

package

v0.0.0-...-30d51b5 Latest Latest Go to latest Published: Nov 25, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/DataDog/datadog-agent

Documentation ¶

Index ¶

func GetSensitiveAnnotationsAndLabels() []string
func RemoveSensitiveAnnotationsAndLabels(annotations map[string]string, labels map[string]string)
func ScrubPod(p *v1.Pod, scrubber *DataScrubber)
func ScrubPodTemplateSpec(template *v1.PodTemplateSpec, scrubber *DataScrubber)
func UpdateSensitiveAnnotationsAndLabels(annotationsAndLabels []string)
type DataScrubber
- func NewDefaultDataScrubber() *DataScrubber

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetSensitiveAnnotationsAndLabels ¶

func GetSensitiveAnnotationsAndLabels() []string

GetSensitiveAnnotationsAndLabels returns the list of sensitive annotations and labels.

func RemoveSensitiveAnnotationsAndLabels ¶

func RemoveSensitiveAnnotationsAndLabels(annotations map[string]string, labels map[string]string)

RemoveSensitiveAnnotationsAndLabels redacts sensitive annotations and labels like the whole "kubectl.kubernetes.io/last-applied-configuration" annotation value. As it may contain duplicate information and secrets.

func ScrubPod ¶

func ScrubPod(p *v1.Pod, scrubber *DataScrubber)

ScrubPod scrubs a pod.

func ScrubPodTemplateSpec ¶

func ScrubPodTemplateSpec(template *v1.PodTemplateSpec, scrubber *DataScrubber)

ScrubPodTemplateSpec scrubs a pod template.

func UpdateSensitiveAnnotationsAndLabels ¶

func UpdateSensitiveAnnotationsAndLabels(annotationsAndLabels []string)

UpdateSensitiveAnnotationsAndLabels adds new sensitive annotations or labels key to the list to redact.

Types ¶

type DataScrubber ¶

type DataScrubber struct {
	Enabled bool
	// RegexSensitivePatterns are custom regex patterns which are currently not exposed externally
	RegexSensitivePatterns []*regexp.Regexp
	// LiteralSensitivePatterns are custom words which use to match against
	LiteralSensitivePatterns []string
	// contains filtered or unexported fields
}

DataScrubber allows the agent to block cmdline arguments that match a list of predefined and custom words

func NewDefaultDataScrubber ¶

func NewDefaultDataScrubber() *DataScrubber

NewDefaultDataScrubber creates a DataScrubber with the default behavior: enabled and matching the default sensitive words

func (*DataScrubber) AddCustomSensitiveRegex ¶

func (ds *DataScrubber) AddCustomSensitiveRegex(words []string)

AddCustomSensitiveRegex adds custom sensitive regex on the DataScrubber object

func (*DataScrubber) AddCustomSensitiveWords ¶

func (ds *DataScrubber) AddCustomSensitiveWords(words []string)

AddCustomSensitiveWords adds custom sensitive words on the DataScrubber object

func (*DataScrubber) ContainsSensitiveWord ¶

func (ds *DataScrubber) ContainsSensitiveWord(s string) bool

ContainsSensitiveWord returns true if the given string contains a sensitive word

func (*DataScrubber) ScrubAnnotationValue ¶

func (ds *DataScrubber) ScrubAnnotationValue(annotationValue string) string

ScrubAnnotationValue obfuscate sensitive information from an annotation value.

func (*DataScrubber) ScrubSimpleCommand ¶

func (ds *DataScrubber) ScrubSimpleCommand(cmdline []string) ([]string, bool)

ScrubSimpleCommand hides the argument value for any key which matches a "sensitive word" pattern. It returns the updated cmdline, as well as a boolean representing whether it was scrubbed.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL