Skip to content

Commit

Permalink
Do not print credentials for AtlasProject resources (#907)
Browse files Browse the repository at this point in the history
  • Loading branch information
@igor-karpukhin @fabritsius
igor-karpukhin authored and fabritsius committed Mar 24, 2023
1 parent f961bc7 commit 253036c
Showing 1 changed file with 35 additions and 0 deletions.
35 changes: 35 additions & 0 deletions pkg/api/v1/atlasproject_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ limitations under the License.
package v1

import (
"go.uber.org/zap/zapcore"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/client"

Expand Down Expand Up @@ -111,6 +112,40 @@ type AtlasProjectSpec struct {
Teams []Team `json:"teams,omitempty"`
}

const hiddenField = "*** redacted ***"

//nolint:errcheck
func (p AtlasProjectSpec) MarshalLogObject(e zapcore.ObjectEncoder) error {
printable := p.DeepCopy()
// cleanup encryption at EncryptionAtRest
if printable.EncryptionAtRest != nil {
printable.EncryptionAtRest.AwsKms.AccessKeyID = hiddenField
printable.EncryptionAtRest.AwsKms.CustomerMasterKeyID = hiddenField
printable.EncryptionAtRest.AwsKms.SecretAccessKey = hiddenField
printable.EncryptionAtRest.AwsKms.RoleID = hiddenField
printable.EncryptionAtRest.AzureKeyVault.Secret = hiddenField
printable.EncryptionAtRest.GoogleCloudKms.ServiceAccountKey = hiddenField
}

// cleanup AlertConfigurations
for i := range printable.AlertConfigurations {
for j := range printable.AlertConfigurations[i].Notifications {
printable.AlertConfigurations[i].Notifications[j].APIToken = hiddenField
printable.AlertConfigurations[i].Notifications[j].DatadogAPIKey = hiddenField
printable.AlertConfigurations[i].Notifications[j].FlowdockAPIToken = hiddenField
printable.AlertConfigurations[i].Notifications[j].DatadogAPIKey = hiddenField
printable.AlertConfigurations[i].Notifications[j].MobileNumber = hiddenField
printable.AlertConfigurations[i].Notifications[j].OpsGenieAPIKey = hiddenField
printable.AlertConfigurations[i].Notifications[j].ServiceKey = hiddenField
printable.AlertConfigurations[i].Notifications[j].VictorOpsAPIKey = hiddenField
printable.AlertConfigurations[i].Notifications[j].VictorOpsRoutingKey = hiddenField
}
}

e.AddReflected("AtlasProjectSpec", printable)
return nil
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:object:root=true
// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.spec.name`
Expand Down

0 comments on commit 253036c

Please sign in to comment.