redact

package
Version: v0.0.0-...-7592bf3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 23, 2021 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RemoveLastAppliedConfigurationAnnotation

func RemoveLastAppliedConfigurationAnnotation(annotations map[string]string)

RemoveLastAppliedConfigurationAnnotation redacts the whole "kubectl.kubernetes.io/last-applied-configuration" annotation. As it may contain duplicate information and secrets.

func ScrubContainer

func ScrubContainer(c *v1.Container, scrubber *DataScrubber)

ScrubContainer scrubs sensitive information in the command line & env vars

Types

type DataScrubber

type DataScrubber struct {
	Enabled bool
	// RegexSensitivePatterns are custom regex patterns which are currently not exposed externally
	RegexSensitivePatterns []*regexp.Regexp
	// LiteralSensitivePatterns are custom words which use to match against
	LiteralSensitivePatterns []string
	// contains filtered or unexported fields
}

DataScrubber allows the agent to block cmdline arguments that match a list of predefined and custom words

func NewDefaultDataScrubber

func NewDefaultDataScrubber() *DataScrubber

NewDefaultDataScrubber creates a DataScrubber with the default behavior: enabled and matching the default sensitive words

func (*DataScrubber) AddCustomSensitiveRegex

func (ds *DataScrubber) AddCustomSensitiveRegex(words []string)

AddCustomSensitiveRegex adds custom sensitive regex on the DataScrubber object

func (*DataScrubber) AddCustomSensitiveWords

func (ds *DataScrubber) AddCustomSensitiveWords(words []string)

AddCustomSensitiveWords adds custom sensitive words on the DataScrubber object

func (*DataScrubber) ContainsSensitiveWord

func (ds *DataScrubber) ContainsSensitiveWord(word string) bool

ContainsSensitiveWord returns true if the given string contains a sensitive word

func (*DataScrubber) ScrubSimpleCommand

func (ds *DataScrubber) ScrubSimpleCommand(cmdline []string) ([]string, bool)

ScrubSimpleCommand hides the argument value for any key which matches a "sensitive word" pattern. It returns the updated cmdline, as well as a boolean representing whether it was scrubbed.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL