redact

package
v0.0.0-...-528fb2d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 23, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetSensitiveAnnotationsAndLabels

func GetSensitiveAnnotationsAndLabels() []string

GetSensitiveAnnotationsAndLabels returns the list of sensitive annotations and labels.

func RemoveSensitiveAnnotationsAndLabels

func RemoveSensitiveAnnotationsAndLabels(annotations map[string]string, labels map[string]string)

RemoveSensitiveAnnotationsAndLabels redacts sensitive annotations and labels like the whole "kubectl.kubernetes.io/last-applied-configuration" annotation value. As it may contain duplicate information and secrets.

func ScrubPod

func ScrubPod(p *v1.Pod, scrubber *DataScrubber)

ScrubPod scrubs a pod.

func ScrubPodTemplateSpec

func ScrubPodTemplateSpec(template *v1.PodTemplateSpec, scrubber *DataScrubber)

ScrubPodTemplateSpec scrubs a pod template.

func UpdateSensitiveAnnotationsAndLabels

func UpdateSensitiveAnnotationsAndLabels(annotationsAndLabels []string)

UpdateSensitiveAnnotationsAndLabels adds new sensitive annotations or labels key to the list to redact.

Types

type DataScrubber

type DataScrubber struct {
	Enabled bool
	// RegexSensitivePatterns are custom regex patterns which are currently not exposed externally
	RegexSensitivePatterns []*regexp.Regexp
	// LiteralSensitivePatterns are custom words which use to match against
	LiteralSensitivePatterns []string
	// contains filtered or unexported fields
}

DataScrubber allows the agent to block cmdline arguments that match a list of predefined and custom words

func NewDefaultDataScrubber

func NewDefaultDataScrubber() *DataScrubber

NewDefaultDataScrubber creates a DataScrubber with the default behavior: enabled and matching the default sensitive words

func (*DataScrubber) AddCustomSensitiveRegex

func (ds *DataScrubber) AddCustomSensitiveRegex(words []string)

AddCustomSensitiveRegex adds custom sensitive regex on the DataScrubber object

func (*DataScrubber) AddCustomSensitiveWords

func (ds *DataScrubber) AddCustomSensitiveWords(words []string)

AddCustomSensitiveWords adds custom sensitive words on the DataScrubber object

func (*DataScrubber) ContainsSensitiveWord

func (ds *DataScrubber) ContainsSensitiveWord(s string) bool

ContainsSensitiveWord returns true if the given string contains a sensitive word

func (*DataScrubber) ScrubAnnotationValue

func (ds *DataScrubber) ScrubAnnotationValue(annotationValue string) string

ScrubAnnotationValue obfuscate sensitive information from an annotation value.

func (*DataScrubber) ScrubSimpleCommand

func (ds *DataScrubber) ScrubSimpleCommand(cmdline []string) ([]string, bool)

ScrubSimpleCommand hides the argument value for any key which matches a "sensitive word" pattern. It returns the updated cmdline, as well as a boolean representing whether it was scrubbed.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL