Redact secret data.

Signed-off-by: Michal Schott <michal.schott@onegini.com>
fluxcd · Sep 3, 2021 · bec1a7a · bec1a7a
1 parent 52c61f8
commit bec1a7a
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/controllers/kustomization_controller.go b/controllers/kustomization_controller.go
@@ -26,6 +26,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"regexp"
 	"strings"
 	"time"
 
@@ -367,7 +368,7 @@ func (r *KustomizationReconciler) reconcile(
 			source.GetArtifact().Revision,
 			meta.ReconciliationFailedReason,
 			err.Error(),
-		), err
+		), stripSensitiveData(err)
 	}
 
 	// prune
@@ -865,3 +866,13 @@ func (r *KustomizationReconciler) patchStatus(ctx context.Context, req ctrl.Requ
 
 	return r.Status().Patch(ctx, &kustomization, patch)
 }
+
+func stripSensitiveData(err error) error {
+	r := regexp.MustCompile(`(v1.Secret.(StringData|Data): )(.*)`)
+	newErr := r.ReplaceAllString(err.Error(), "$1 [ ** REDACTED ** ]")
+
+	// strip data from bigger context
+	r = regexp.MustCompile(`(Data\":{)(.*)(})`)
+	newErr = r.ReplaceAllString(newErr, "$1 [ ** REDACTED ** ] $3")
+	return errors.New(newErr)
+}