redactSecrets redacts secrets from the diff output.
(old, new *manifest.MappingResult)
| 353 | |
| 354 | // redactSecrets redacts secrets from the diff output. |
| 355 | func redactSecrets(old, new *manifest.MappingResult) { |
| 356 | if (old != nil && old.Kind != kindSecret) || (new != nil && new.Kind != kindSecret) { |
| 357 | return |
| 358 | } |
| 359 | serializer := json.NewYAMLSerializer(json.DefaultMetaFactory, scheme.Scheme, scheme.Scheme) |
| 360 | |
| 361 | oldSecret, newSecret, oldSecretDecodeErr, newSecretDecodeErr := preHandleSecrets(old, new) |
| 362 | |
| 363 | if old != nil && oldSecretDecodeErr == nil { |
| 364 | oldSecret.StringData = make(map[string]string, len(oldSecret.Data)) |
| 365 | for k, v := range oldSecret.Data { |
| 366 | if new != nil && bytes.Equal(v, newSecret.Data[k]) { |
| 367 | oldSecret.StringData[k] = fmt.Sprintf("REDACTED # (%d bytes)", len(v)) |
| 368 | } else { |
| 369 | oldSecret.StringData[k] = fmt.Sprintf("-------- # (%d bytes)", len(v)) |
| 370 | } |
| 371 | } |
| 372 | } |
| 373 | if new != nil && newSecretDecodeErr == nil { |
| 374 | newSecret.StringData = make(map[string]string, len(newSecret.Data)) |
| 375 | for k, v := range newSecret.Data { |
| 376 | if old != nil && bytes.Equal(v, oldSecret.Data[k]) { |
| 377 | newSecret.StringData[k] = fmt.Sprintf("REDACTED # (%d bytes)", len(v)) |
| 378 | } else { |
| 379 | newSecret.StringData[k] = fmt.Sprintf("++++++++ # (%d bytes)", len(v)) |
| 380 | } |
| 381 | } |
| 382 | } |
| 383 | |
| 384 | // remove Data field now that we are using StringData for serialization |
| 385 | if old != nil && oldSecretDecodeErr == nil { |
| 386 | oldSecretBuf := bytes.NewBuffer(nil) |
| 387 | oldSecret.Data = nil |
| 388 | if err := serializer.Encode(&oldSecret, oldSecretBuf); err != nil { |
| 389 | new.Content = fmt.Sprintf("Error encoding new secret: %s", err) |
| 390 | } |
| 391 | old.Content = getComment(old.Content) + strings.Replace(strings.Replace(oldSecretBuf.String(), "stringData", "data", 1), " creationTimestamp: null\n", "", 1) |
| 392 | oldSecretBuf.Reset() |
| 393 | } |
| 394 | if new != nil && newSecretDecodeErr == nil { |
| 395 | newSecretBuf := bytes.NewBuffer(nil) |
| 396 | newSecret.Data = nil |
| 397 | if err := serializer.Encode(&newSecret, newSecretBuf); err != nil { |
| 398 | new.Content = fmt.Sprintf("Error encoding new secret: %s", err) |
| 399 | } |
| 400 | new.Content = getComment(new.Content) + strings.Replace(strings.Replace(newSecretBuf.String(), "stringData", "data", 1), " creationTimestamp: null\n", "", 1) |
| 401 | newSecretBuf.Reset() |
| 402 | } |
| 403 | } |
| 404 | |
| 405 | // decodeSecrets decodes secrets from the diff output. |
| 406 | func decodeSecrets(old, new *manifest.MappingResult) { |