/
log_masker.go
102 lines (89 loc) · 2.49 KB
/
log_masker.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package kube
import (
"strings"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
)
// LogMasker replaces words in a log from a set of secrets
type LogMasker struct {
ReplaceWords map[string]string
}
// NewLogMasker creates a new LogMasker loading secrets from the given namespace
func NewLogMasker(kubeClient kubernetes.Interface, ns string) (*LogMasker, error) {
masker := &LogMasker{}
resourceList, err := kubeClient.CoreV1().Secrets(ns).List(metav1.ListOptions{})
if err != nil {
return masker, err
}
for _, s := range resourceList.Items {
secret := s
masker.LoadSecret(&secret)
}
return masker, nil
}
// NewLogMaskerFromMap creates a new LogMasker with all the string values in a tree of map
func NewLogMaskerFromMap(m map[string]interface{}) *LogMasker {
masker := &LogMasker{
ReplaceWords: map[string]string{},
}
masker.replaceMapValues(m)
return masker
}
// LoadSecrets loads the secrets into the log masker
func (m *LogMasker) LoadSecrets(kubeClient kubernetes.Interface, ns string) error {
resourceList, err := kubeClient.CoreV1().Secrets(ns).List(metav1.ListOptions{})
if err != nil {
return err
}
for _, s := range resourceList.Items {
secret := s
m.LoadSecret(&secret)
}
return nil
}
// LoadSecret loads the secret data into the log masker
func (m *LogMasker) LoadSecret(secret *corev1.Secret) {
if m.ReplaceWords == nil {
m.ReplaceWords = map[string]string{}
}
if secret.Data != nil {
for _, v := range secret.Data {
if v != nil && len(v) > 0 {
// key := string(k)
value := string(v)
m.ReplaceWords[value] = m.replaceValue(value)
}
}
}
}
// MaskLog returns the text with all of the secrets masked out
func (m *LogMasker) MaskLog(text string) string {
answer := text
for k, v := range m.ReplaceWords {
answer = strings.Replace(answer, k, v, -1)
}
return answer
}
// MaskLogData masks the log data
func (m *LogMasker) MaskLogData(logData []byte) []byte {
text := m.MaskLog(string(logData))
return []byte(text)
}
// replaceMapValues adds all the string values in the given map to the replacer words
func (m *LogMasker) replaceMapValues(values map[string]interface{}) {
for _, value := range values {
childMap, ok := value.(map[string]interface{})
if ok {
m.replaceMapValues(childMap)
continue
}
text, ok := value.(string)
if ok {
m.ReplaceWords[text] = m.replaceValue(text)
}
}
}
func (m *LogMasker) replaceValue(value string) string {
return strings.Repeat("*", len(value))
}