-
Notifications
You must be signed in to change notification settings - Fork 88
/
default.go
106 lines (93 loc) · 3.42 KB
/
default.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package redact
import (
"bytes"
"context"
"fmt"
"github.com/pkg/errors"
kotsadmtypes "github.com/replicatedhq/kots/pkg/kotsadm/types"
"github.com/replicatedhq/kots/pkg/util"
troubleshootv1beta2 "github.com/replicatedhq/troubleshoot/pkg/apis/troubleshoot/v1beta2"
corev1 "k8s.io/api/core/v1"
kuberneteserrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
serializer "k8s.io/apimachinery/pkg/runtime/serializer/json"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/kubernetes/scheme"
)
const (
defaultRedactSpecConfigMapName = "kotsadm-redact-default-spec"
defaultRedactSpecDataKey = "default-redactor"
ipv4AddressRegex = "(?P<mask>\\b(?P<drop>25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(?P<drop>25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(?P<drop>25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(?P<drop>25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b)"
)
func GetDefaultRedactSpecURI() string {
return fmt.Sprintf("configmap/%s/%s/%s", util.PodNamespace, defaultRedactSpecConfigMapName, defaultRedactSpecDataKey)
}
// CreateRenderedDefaultRedactSpec creates a configmap that contains the default redaction yaml spec for the admin console
func CreateRenderedDefaultRedactSpec(clientset kubernetes.Interface) error {
redactor := getDefaultRedactor()
s := serializer.NewYAMLSerializer(serializer.DefaultMetaFactory, scheme.Scheme, scheme.Scheme)
var b bytes.Buffer
if err := s.Encode(redactor, &b); err != nil {
return errors.Wrap(err, "failed to serialize default redactor")
}
spec := b.String()
existingConfigMap, err := clientset.CoreV1().ConfigMaps(util.PodNamespace).Get(context.TODO(), defaultRedactSpecConfigMapName, metav1.GetOptions{})
if err != nil && !kuberneteserrors.IsNotFound(err) {
return errors.Wrap(err, "failed to read default redactor configmap")
} else if kuberneteserrors.IsNotFound(err) {
configMap := &corev1.ConfigMap{
TypeMeta: metav1.TypeMeta{
APIVersion: "v1",
Kind: "ConfigMap",
},
ObjectMeta: metav1.ObjectMeta{
Name: defaultRedactSpecConfigMapName,
Namespace: util.PodNamespace,
Labels: kotsadmtypes.GetKotsadmLabels(),
},
Data: map[string]string{
defaultRedactSpecDataKey: spec,
},
}
_, err = clientset.CoreV1().ConfigMaps(util.PodNamespace).Create(context.TODO(), configMap, metav1.CreateOptions{})
if err != nil {
return errors.Wrap(err, "failed to create default redactor configmap")
}
return nil
}
if existingConfigMap.Data == nil {
existingConfigMap.Data = map[string]string{}
}
existingConfigMap.Data[defaultRedactSpecDataKey] = spec
existingConfigMap.ObjectMeta.Labels = kotsadmtypes.GetKotsadmLabels()
_, err = clientset.CoreV1().ConfigMaps(util.PodNamespace).Update(context.TODO(), existingConfigMap, metav1.UpdateOptions{})
if err != nil {
return errors.Wrap(err, "failed to update default redactor configmap")
}
return nil
}
func getDefaultRedactor() *troubleshootv1beta2.Redactor {
return &troubleshootv1beta2.Redactor{
TypeMeta: metav1.TypeMeta{
Kind: "Redactor",
APIVersion: "troubleshoot.sh/v1beta2",
},
ObjectMeta: metav1.ObjectMeta{
Name: "default-redactor",
},
Spec: troubleshootv1beta2.RedactorSpec{
Redactors: []*troubleshootv1beta2.Redact{
{
Name: "IP Addresses",
Removals: troubleshootv1beta2.Removals{
Regex: []troubleshootv1beta2.Regex{
{
Redactor: ipv4AddressRegex,
},
},
},
},
},
},
}
}