store redactions in memory, expose them via API

kotsadm/go.mod

@@ -30,7 +30,7 @@ require (
 	github.com/opencontainers/image-spec v1.0.1
 	github.com/pkg/errors v0.9.1
 	github.com/replicatedhq/kots v1.15.3
-	github.com/replicatedhq/troubleshoot v0.9.33
+	github.com/replicatedhq/troubleshoot v0.9.34-0.20200520142846-fb2f028fb5ed
 	github.com/replicatedhq/yaml/v3 v3.0.0-beta5-replicatedhq
 	github.com/robfig/cron/v3 v3.0.0
 	github.com/segmentio/ksuid v1.0.2

kotsadm/go.sum

@@ -804,6 +804,8 @@ github.com/replicatedhq/troubleshoot v0.9.31 h1:qFKR4J5vI0rvreVrpfE69tK7dlKADZ1L
 github.com/replicatedhq/troubleshoot v0.9.31/go.mod h1:YLrtvTJxqlvaqR/EsnfJ4IGNG2aWqV3yPSQ3WWEA/cU=
 github.com/replicatedhq/troubleshoot v0.9.33 h1:Po9q72R/25iU8V1BUA1w+SwnkV6e+WYx0rX/g8q8qTY=
 github.com/replicatedhq/troubleshoot v0.9.33/go.mod h1:wNGrTNsxvcGRCI7oe3NsfwQKTUsDW+6SvXdh3lJxMms=
+github.com/replicatedhq/troubleshoot v0.9.34-0.20200520142846-fb2f028fb5ed h1:wm83TI9KgtLqasXuvf1idYZ+ljHfs8/bGfw25hhVy8U=
+github.com/replicatedhq/troubleshoot v0.9.34-0.20200520142846-fb2f028fb5ed/go.mod h1:wNGrTNsxvcGRCI7oe3NsfwQKTUsDW+6SvXdh3lJxMms=
 github.com/replicatedhq/yaml/v3 v3.0.0-beta5-replicatedhq h1:PwPggruelq2336c1Ayg5STFqgbn/QB1tWLQwrVlU7ZQ=
 github.com/replicatedhq/yaml/v3 v3.0.0-beta5-replicatedhq/go.mod h1:Txa7LopbYCU8aRgmNe0n+y/EPMz50NbCPcVVJBquwag=
 github.com/robfig/cron v1.1.0 h1:jk4/Hud3TTdcrJgUOBgsqrZBarcxl6ADIjSC2iniwLY=

kotsadm/pkg/apiserver/server.go

@@ -66,6 +66,8 @@ func Start() {
 	r.Path("/api/v1/troubleshoot/{appSlug}").Methods("OPTIONS", "GET").HandlerFunc(handlers.GetTroubleshoot)
 	r.Path("/api/v1/troubleshoot/{appId}/{bundleId}").Methods("OPTIONS", "PUT").HandlerFunc(handlers.UploadSupportBundle)
 	r.Path("/api/v1/troubleshoot/supportbundle/{bundleId}/files").Methods("OPTIONS", "GET").HandlerFunc(handlers.GetSupportBundleFiles)
+	r.Path("/api/v1/troubleshoot/supportbundle/{bundleId}/redactions").Methods("OPTIONS", "GET").HandlerFunc(handlers.GetSupportBundleRedactions)
+	r.Path("/api/v1/troubleshoot/supportbundle/{bundleId}/redactions").Methods("PUT").HandlerFunc(handlers.SetSupportBundleRedactions)
 	r.Path("/api/v1/troubleshoot/supportbundle/{bundleId}/download").Methods("OPTIONS", "GET").HandlerFunc(handlers.DownloadSupportBundle)
 	r.Path("/api/v1/troubleshoot/analyzebundle/{bundleId}").Methods("POST").HandlerFunc(handlers.NodeProxy(upstream))
 

kotsadm/pkg/handlers/troubleshoot.go

@@ -26,6 +26,7 @@ import (
 	"github.com/replicatedhq/troubleshoot/pkg/apis/troubleshoot/v1beta1"
 	troubleshootv1beta1 "github.com/replicatedhq/troubleshoot/pkg/apis/troubleshoot/v1beta1"
 	"github.com/replicatedhq/troubleshoot/pkg/convert"
+	redact2 "github.com/replicatedhq/troubleshoot/pkg/redact"
 	"github.com/replicatedhq/yaml/v3"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -40,6 +41,17 @@ type GetSupportBundleFilesResponse struct {
 	Error   string `json:"error,omitempty"`
 }
 
+type GetSupportBundleRedactionsResponse struct {
+	Redactions redact2.RedactionList `json:"redactions"`
+
+	Success bool   `json:"success"`
+	Error   string `json:"error,omitempty"`
+}
+
+type PutSupportBundleRedactions struct {
+	Redactions redact2.RedactionList `json:"redactions"`
+}
+
 func GetSupportBundleFiles(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Access-Control-Allow-Origin", "*")
 	w.Header().Set("Access-Control-Allow-Headers", "content-type, origin, accept, authorization")
@@ -306,13 +318,17 @@ func GetTroubleshoot(w http.ResponseWriter, r *http.Request) {
 
 	// determine an upload URL
 	var uploadURL string
+	var redactURL string
 	randomBundleID := strings.ToLower(rand.String(32))
 	if r.Header.Get("Bundle-Upload-Host") != "" {
 		uploadURL = fmt.Sprintf("%s/api/v1/troubleshoot/%s/%s", r.Header.Get("Bundle-Upload-Host"), foundApp.ID, randomBundleID)
+		redactURL = fmt.Sprintf("%s/api/v1/troubleshoot/supportbundle/%s/redactions", r.Header.Get("Bundle-Upload-Host"), randomBundleID)
 	} else if inCluster == "true" {
 		uploadURL = fmt.Sprintf("%s/api/v1/troubleshoot/%s/%s", fmt.Sprintf("http://kotsadm-api.%s.svc.cluster.local:3000", os.Getenv("POD_NAMESPACE")), foundApp.ID, randomBundleID)
+		redactURL = fmt.Sprintf("%s/api/v1/troubleshoot/supportbundle/%s/redactions", fmt.Sprintf("http://kotsadm-api.%s.svc.cluster.local:3000", os.Getenv("POD_NAMESPACE")), randomBundleID)
 	} else {
 		uploadURL = fmt.Sprintf("%s/api/v1/troubleshoot/%s/%s", os.Getenv("API_ADVERTISE_ENDPOINT"), foundApp.ID, randomBundleID)
+		redactURL = fmt.Sprintf("%s/api/v1/troubleshoot/supportbundle/%s/redactions", os.Getenv("API_ADVERTISE_ENDPOINT"), randomBundleID)
 	}
 
 	licenseString, err := license.GetCurrentLicenseString(foundApp)
@@ -326,8 +342,9 @@ func GetTroubleshoot(w http.ResponseWriter, r *http.Request) {
 	tsSpec.Spec.AfterCollection = []*v1beta1.AfterCollection{
 		{
 			UploadResultsTo: &v1beta1.ResultRequest{
-				URI:    uploadURL,
-				Method: "PUT",
+				URI:       uploadURL,
+				Method:    "PUT",
+				RedactURI: redactURL,
 			},
 		},
 	}
@@ -353,6 +370,80 @@ func GetTroubleshoot(w http.ResponseWriter, r *http.Request) {
 	w.Write([]byte(fullTroubleshoot))
 }
 
+func GetSupportBundleRedactions(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Access-Control-Allow-Origin", "*")
+	w.Header().Set("Access-Control-Allow-Headers", "content-type, origin, accept, authorization")
+
+	if r.Method == "OPTIONS" {
+		w.WriteHeader(200)
+		return
+	}
+
+	getSupportBundleRedactionsResponse := GetSupportBundleRedactionsResponse{
+		Success: false,
+	}
+
+	sess, err := session.Parse(r.Header.Get("Authorization"))
+	if err != nil {
+		logger.Error(err)
+		getSupportBundleRedactionsResponse.Error = "failed to parse authorization header"
+		JSON(w, 401, getSupportBundleRedactionsResponse)
+		return
+	}
+
+	// we don't currently have roles, all valid tokens are valid sessions
+	if sess == nil || sess.ID == "" {
+		getSupportBundleRedactionsResponse.Error = "failed to parse authorization header"
+		JSON(w, 401, getSupportBundleRedactionsResponse)
+		return
+	}
+
+	bundleID := mux.Vars(r)["bundleId"]
+	redactions, err := supportbundle.GetRedactions(bundleID)
+	if err != nil {
+		logger.Error(err)
+		getSupportBundleRedactionsResponse.Error = fmt.Sprintf("failed to find redactions for bundle %s", bundleID)
+		JSON(w, 400, getSupportBundleRedactionsResponse)
+		return
+	}
+
+	getSupportBundleRedactionsResponse.Success = true
+	getSupportBundleRedactionsResponse.Redactions = redactions
+
+	JSON(w, 200, getSupportBundleRedactionsResponse)
+}
+
+func SetSupportBundleRedactions(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Access-Control-Allow-Origin", "*")
+	w.Header().Set("Access-Control-Allow-Headers", "content-type, origin, accept, authorization")
+
+	redactionsBody, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		logger.Error(err)
+		w.WriteHeader(500)
+		return
+	}
+
+	redactions := PutSupportBundleRedactions{}
+	err = json.Unmarshal(redactionsBody, &redactions)
+	if err != nil {
+		logger.Error(err)
+		w.WriteHeader(400)
+		return
+	}
+
+	bundleID := mux.Vars(r)["bundleId"]
+	err = supportbundle.SetRedactions(bundleID, redactions.Redactions)
+	if err != nil {
+		logger.Error(err)
+		w.WriteHeader(500)
+		return
+	}
+
+	w.WriteHeader(201)
+	return
+}
+
 // if a namespace is not set for a secret/run/logs/exec/copy collector, set it to the current namespace
 func populateNamespaces(existingSpec *v1beta1.Collector) *v1beta1.Collector {
 	if existingSpec == nil {

kotsadm/pkg/supportbundle/redactions.go

@@ -0,0 +1,30 @@
+package supportbundle
+
+import (
+	"fmt"
+
+	"github.com/replicatedhq/troubleshoot/pkg/redact"
+)
+
+// todo: actually persist this in db
+var redactions map[string]redact.RedactionList
+
+func GetRedactions(bundleID string) (redact.RedactionList, error) {
+	redacts, ok := redactions[bundleID]
+	if !ok {
+		return redact.RedactionList{}, fmt.Errorf("unable to find redactions for bundle %s", bundleID)
+	}
+	return redacts, nil
+}
+
+func SetRedactions(bundleID string, redacts redact.RedactionList) error {
+	if redactions == nil {
+		redactions = map[string]redact.RedactionList{}
+	}
+	if _, ok := redactions[bundleID]; ok {
+		// overwriting previously stored value is an error
+		return fmt.Errorf("redactions for bundle %s already present", bundleID)
+	}
+	redactions[bundleID] = redacts
+	return nil
+}