replicatedcom · emosbaugh · Apr 23, 2020 · Apr 22, 2020 · Apr 22, 2020 · laverya
diff --git a/CHANGELOG b/CHANGELOG
@@ -238,3 +238,6 @@
 
 0.28.2/2020-02-25
     * patch CVE-2019-5436, CVE-2019-5481 and CVE-2019-5482 in curl-7.52.1-5+deb9u9 and libcurl3-7.52.1-5+deb9u9
+
+0.29.0/2020-04-22
+    * Added support for global file redaction `meta.redact.files`
diff --git a/Makefile b/Makefile
@@ -156,7 +156,7 @@ e2e-supportbundle-core:
 		-v /var/run/docker.sock:/var/run/docker.sock                        \
 		-w /go/src/$(PKG)                                                   \
 		-l com.replicated.support-bundle=true                               \
-		golang:1.10                                                         \
+		golang:1.13                                                         \
 		/bin/sh -c "                                                        \
 			./e2e/collect/e2e.sh                                            \
 		"
@@ -171,7 +171,7 @@ e2e-supportbundle-docker:
 		-w /go/src/$(PKG)                                                   \
 		-l com.replicated.support-bundle=true                               \
 		-e DOCKER=1                                                         \
-		golang:1.10                                                         \
+		golang:1.13                                                         \
 		/bin/sh -c "                                                        \
 			./e2e/collect/e2e.sh                                            \
 		"
@@ -185,7 +185,7 @@ e2e-supportbundle-swarm:
 		-w /go/src/$(PKG)                                                   \
 		-l com.replicated.support-bundle=true                               \
 		-e SWARM=1                                                          \
-		golang:1.10                                                         \
+		golang:1.13                                                         \
 		/bin/sh -c "                                                        \
 			./e2e/collect/e2e.sh                                            \
 		"

diff --git a/e2e/collect/meta/meta_file_redaction_test.go b/e2e/collect/meta/meta_file_redaction_test.go
@@ -0,0 +1,55 @@
+package meta
+
+import (
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	. "github.com/replicatedcom/support-bundle/e2e/collect/ginkgo"
+)
+
+var _ = Describe("meta.files_redaction", func() {
+
+	BeforeEach(EnterNewTempDir)
+	AfterEach(LogResultsFromBundle)
+	AfterEach(CleanupDir)
+
+	Context("When a meta.redact.files spec is included", func() {
+
+		It("should output the correct files in the bundle", func() {
+
+			WriteBundleConfig(`
+specs:
+  - os.run-command:
+      name: sh
+      args: [-c, echo $HI]
+      env: [HI=hello!]
+      output_dir: /os/run-command/echohi/
+  - os.run-command:
+      name: sh
+      args: [-c, echo $BYE]
+      env: [BYE=goodbye!]
+      output_dir: /os/run-command/echobye/
+  - meta.redact:
+      output_dir: /redact/
+      files: ["**/echohi/*"]
+`)
+
+			GenerateBundle()
+
+			hiResult := GetResultFromBundle("os/run-command/echohi/stdout")
+			Expect(hiResult.Redacted).To(Equal(true))
+			ExpectFileNotInBundle("os/run-command/echohi/stdout")
+
+			byeResult := GetResultFromBundle("os/run-command/echobye/stdout")
+			Expect(byeResult.Redacted).To(Equal(false))
+			contents := GetFileFromBundle("os/run-command/echobye/stdout")
+			Expect(contents).To(Equal("goodbye!\n"))
+
+			_ = GetResultFromBundle("redact/file_redactions.json")
+			redactions := GetFileFromBundle("redact/file_redactions.json")
+			Expect(redactions).To(Equal(`[
+  "**/echohi/*"
+]
+`))
+		})
+	})
+})
diff --git a/go.mod b/go.mod
@@ -29,6 +29,7 @@ require (
 	github.com/go-kit/kit v0.8.0
 	github.com/go-logfmt/logfmt v0.3.0 // indirect
 	github.com/go-stack/stack v1.8.0
+	github.com/gobwas/glob v0.2.3
 	github.com/golang/mock v1.2.0
 	github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db // indirect
 	github.com/googleapis/gnostic v0.2.0 // indirect
@@ -47,8 +48,8 @@ require (
 	github.com/mitchellh/go-homedir v1.0.0
 	github.com/mitchellh/mapstructure v0.0.0-20180511142126-bb74f1db0675 // indirect
 	github.com/nwaples/rardecode v0.0.0-20171029023500-e06696f847ae // indirect
-	github.com/onsi/ginkgo v1.10.1
-	github.com/onsi/gomega v1.7.0
+	github.com/onsi/ginkgo v1.12.0
+	github.com/onsi/gomega v1.7.1
 	github.com/opencontainers/go-digest v1.0.0-rc1 // indirect
 	github.com/opencontainers/image-spec v1.0.1 // indirect
 	github.com/pelletier/go-toml v1.2.0 // indirect
@@ -68,6 +69,7 @@ require (
 	golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413
 	golang.org/x/net v0.0.0-20191004110552-13f9640d40b9
 	google.golang.org/grpc v1.20.0 // indirect
+	gopkg.in/square/go-jose.v2 v2.5.0
 	gopkg.in/yaml.v2 v2.2.8
 	k8s.io/api v0.17.2
 	k8s.io/apimachinery v0.17.2

diff --git a/go.sum b/go.sum
@@ -115,6 +115,8 @@ github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nA
 github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
 github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
+github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.0 h1:xU6/SpYbvkNYiptHJYEDRseDLvYE7wSqhYYNy0QSUzI=
@@ -252,9 +254,13 @@ github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo=
 github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.12.0 h1:Iw5WCbBcaAAd0fpRb1c9r5YCylv4XDoCSigm1zLevwU=
+github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.7.1 h1:K0jcRCwNQM3vFGh1ppMtDh/+7ApJrjldlX8fA0jDTLQ=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
@@ -397,6 +403,8 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456 h1:ng0gs1AKnRRuEMZoTLLlbOd+C17zUDepwGQBb/n+JVg=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e h1:N7DeIrjYszNmSW409R3frPPwglRwMkXSBzwVbkOjLLA=
+golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2 h1:z99zHgr7hKfrUcX/KsoJk5FJfjTceCKIp96+biqP4To=
@@ -455,6 +463,8 @@ gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/square/go-jose.v2 v2.5.0 h1:OZ4sdq+Y+SHfYB7vfthi1Ei8b0vkP8ZPQgUfUwdUSqo=
+gopkg.in/square/go-jose.v2 v2.5.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=

diff --git a/hack/docs/mutations.json b/hack/docs/mutations.json
@@ -4270,7 +4270,7 @@
       "required": ["scrubs", "output_dir"]
     },
     "merge": {
-      "description": "A list of scrubbers to apply to all assets. If multiple 'meta.redact' specs are specified, all lists will be used. If a spec specifies a scrubber, it will be run in addition to the global scrubbers.",
+      "description": "Redaction to apply to all assets. If multiple 'meta.redact' specs are specified, all lists will be used. If a spec specifies a scrubber, it will be run in addition to the global scrubbers.",
       "examples": [
         {
           "scrubs": [
@@ -4279,13 +4279,20 @@
               "replace": "xyz"
             }
           ],
+          "files": [
+            "**/secret.json"
+          ],
           "output_dir": "redact/"
         }
       ],
       "_ext_outputs": [
         {
           "path": "scrubs.json",
           "description": "A list of scrubs that were added globally by this item"
+        },
+        {
+          "path": "file_redactions.json",
+          "description": "A list of file redaction patterns that were added globally by this item"
         }
       ]
     }
@@ -4296,6 +4303,12 @@
       "description": "the list of scrubbers to apply to all outputs"
     }
   },
+  {
+    "path": "properties.collect.properties.v1.items.properties[\"meta.redact\"].properties.files",
+    "merge": {
+      "description": "the list of file patterns to redact"
+    }
+  },
   {
     "path": "properties.collect.properties.v1.items.properties[\"os.hostname\"]",
     "merge": {

diff --git a/hack/docs/schema.json b/hack/docs/schema.json
@@ -5399,6 +5399,9 @@
                     "description": "The Kubernetes pod query options (used when querying for a label selector)",
                     "$schema": "http://json-schema.org/draft-04/schema#",
                     "properties": {
+                      "allowWatchBookmarks": {
+                        "type": "boolean"
+                      },
                       "apiVersion": {
                         "type": "string"
                       },
@@ -5408,9 +5411,6 @@
                       "fieldSelector": {
                         "type": "string"
                       },
-                      "includeUninitialized": {
-                        "type": "boolean"
-                      },
                       "kind": {
                         "type": "string"
                       },
@@ -5543,6 +5543,9 @@
                     "description": "The Kubernetes pod query options (used when querying for a label selector)",
                     "$schema": "http://json-schema.org/draft-04/schema#",
                     "properties": {
+                      "allowWatchBookmarks": {
+                        "type": "boolean"
+                      },
                       "apiVersion": {
                         "type": "string"
                       },
@@ -5552,9 +5555,6 @@
                       "fieldSelector": {
                         "type": "string"
                       },
-                      "includeUninitialized": {
-                        "type": "boolean"
-                      },
                       "kind": {
                         "type": "string"
                       },
@@ -5645,6 +5645,9 @@
                       "follow": {
                         "type": "boolean"
                       },
+                      "insecureSkipTLSVerifyBackend": {
+                        "type": "boolean"
+                      },
                       "kind": {
                         "type": "string"
                       },
@@ -5797,6 +5800,9 @@
                     "description": "An instance of metav1.ListOptions",
                     "$schema": "http://json-schema.org/draft-04/schema#",
                     "properties": {
+                      "allowWatchBookmarks": {
+                        "type": "boolean"
+                      },
                       "apiVersion": {
                         "type": "string"
                       },
@@ -5806,9 +5812,6 @@
                       "fieldSelector": {
                         "type": "string"
                       },
-                      "includeUninitialized": {
-                        "type": "boolean"
-                      },
                       "kind": {
                         "type": "string"
                       },
@@ -6078,7 +6081,7 @@
                 "type": "object"
               },
               "meta.redact": {
-                "description": "A list of scrubbers to apply to all assets. If multiple 'meta.redact' specs are specified, all lists will be used. If a spec specifies a scrubber, it will be run in addition to the global scrubbers.",
+                "description": "Redaction to apply to all assets. If multiple 'meta.redact' specs are specified, all lists will be used. If a spec specifies a scrubber, it will be run in addition to the global scrubbers.",
                 "examples": [
                   {
                     "scrubs": [
@@ -6087,13 +6090,20 @@
                         "replace": "xyz"
                       }
                     ],
+                    "files": [
+                      "**/secret.json"
+                    ],
                     "output_dir": "redact/"
                   }
                 ],
                 "_ext_outputs": [
                   {
                     "path": "scrubs.json",
                     "description": "A list of scrubs that were added globally by this item"
+                  },
+                  {
+                    "path": "file_redactions.json",
+                    "description": "A list of file redaction patterns that were added globally by this item"
                   }
                 ],
                 "$schema": "http://json-schema.org/draft-04/schema#",
@@ -6104,6 +6114,13 @@
                   "description": {
                     "type": "string"
                   },
+                  "files": {
+                    "description": "the list of file patterns to redact",
+                    "items": {
+                      "type": "string"
+                    },
+                    "type": "array"
+                  },
                   "include_empty": {
                     "type": "boolean"
                   },