diff --git a/api/main.go b/api/main.go index c257bb638..b1bd17a6c 100644 --- a/api/main.go +++ b/api/main.go @@ -34,7 +34,7 @@ func main() { if *standalone { harOutputChannel := tap.StartPassiveTapper() filteredHarChannel := make(chan *tap.OutputChannelItem) - go filterHarHeaders(harOutputChannel, filteredHarChannel, getFilteringOptions()) + go filterHarHeaders(harOutputChannel, filteredHarChannel, getTrafficFilteringOptions()) go api.StartReadingEntries(filteredHarChannel, nil) hostApi(nil) } else if *shouldTap { @@ -58,7 +58,7 @@ func main() { socketHarOutChannel := make(chan *tap.OutputChannelItem, 1000) filteredHarChannel := make(chan *tap.OutputChannelItem) go api.StartReadingEntries(filteredHarChannel, nil) - go filterHarHeaders(socketHarOutChannel, filteredHarChannel, getFilteringOptions()) + go filterHarHeaders(socketHarOutChannel, filteredHarChannel, getTrafficFilteringOptions()) hostApi(socketHarOutChannel) } @@ -101,21 +101,21 @@ func getTapTargets() []string { return tappedAddressesPerNodeDict[nodeName] } -func getFilteringOptions() *shared.FilteringOptions { +func getTrafficFilteringOptions() *shared.TrafficFilteringOptions { filteringOptionsJson := os.Getenv(shared.MizuFilteringOptionsEnvVar) if filteringOptionsJson == "" { return nil } - var filteringOptions shared.FilteringOptions + var filteringOptions shared.TrafficFilteringOptions err := json.Unmarshal([]byte(filteringOptionsJson), &filteringOptions) if err != nil { - panic(fmt.Sprintf("env var %s's value of %s is invalid! json must match the shared.FilteringOptions struct %v", shared.MizuFilteringOptionsEnvVar, filteringOptionsJson, err)) + panic(fmt.Sprintf("env var %s's value of %s is invalid! json must match the shared.TrafficFilteringOptions struct %v", shared.MizuFilteringOptionsEnvVar, filteringOptionsJson, err)) } return &filteringOptions } -func filterHarHeaders(inChannel <- chan *tap.OutputChannelItem, outChannel chan *tap.OutputChannelItem, filterOptions *shared.FilteringOptions) { +func filterHarHeaders(inChannel <- chan *tap.OutputChannelItem, outChannel chan *tap.OutputChannelItem, filterOptions *shared.TrafficFilteringOptions) { for message := range inChannel { sensitiveDataFiltering.FilterSensitiveInfoFromHarRequest(message, filterOptions) outChannel <- message diff --git a/api/pkg/sensitiveDataFiltering/messageSensitiveDataCleaner.go b/api/pkg/sensitiveDataFiltering/messageSensitiveDataCleaner.go index 0bd8b95bd..2d881a5ad 100644 --- a/api/pkg/sensitiveDataFiltering/messageSensitiveDataCleaner.go +++ b/api/pkg/sensitiveDataFiltering/messageSensitiveDataCleaner.go @@ -12,7 +12,7 @@ import ( "github.com/google/martian/har" ) -func FilterSensitiveInfoFromHarRequest(harOutputItem *tap.OutputChannelItem, options *shared.FilteringOptions) { +func FilterSensitiveInfoFromHarRequest(harOutputItem *tap.OutputChannelItem, options *shared.TrafficFilteringOptions) { filterHarHeaders(harOutputItem.HarEntry.Request.Headers) filterHarHeaders(harOutputItem.HarEntry.Response.Headers) @@ -74,7 +74,7 @@ func isFieldNameSensitive(fieldName string) bool { return false } -func filterHttpBody(bytes []byte, contentType string, options *shared.FilteringOptions) ([]byte, error) { +func filterHttpBody(bytes []byte, contentType string, options *shared.TrafficFilteringOptions) ([]byte, error) { mimeType := strings.Split(contentType, ";")[0] switch strings.ToLower(mimeType) { case "application/json": @@ -88,15 +88,15 @@ func filterHttpBody(bytes []byte, contentType string, options *shared.FilteringO case "application/xml": return filterXmlEtree(bytes) case "text/plain": - if options != nil && options.PlainTextFilterRegexes != nil { + if options != nil && options.PlainTextMaskingRegexes != nil { return filterPlainText(bytes, options), nil } } return bytes, nil } -func filterPlainText(bytes []byte, options *shared.FilteringOptions) []byte { - for _, regex := range options.PlainTextFilterRegexes { +func filterPlainText(bytes []byte, options *shared.TrafficFilteringOptions) []byte { + for _, regex := range options.PlainTextMaskingRegexes { bytes = regex.ReplaceAll(bytes, []byte(maskedFieldPlaceholderValue)) } return bytes diff --git a/cli/cmd/tapRunner.go b/cli/cmd/tapRunner.go index 44e38904d..1fb81edb4 100644 --- a/cli/cmd/tapRunner.go +++ b/cli/cmd/tapRunner.go @@ -62,7 +62,7 @@ func RunMizuTap(podRegexQuery *regexp.Regexp, tappingOptions *MizuTapOptions) { // TODO handle incoming traffic from tapper using a channel } -func createMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, tappingOptions *MizuTapOptions, mizuApiFilteringOptions *shared.FilteringOptions) error { +func createMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, tappingOptions *MizuTapOptions, mizuApiFilteringOptions *shared.TrafficFilteringOptions) error { if err := createMizuAggregator(ctx, kubernetesProvider, tappingOptions, mizuApiFilteringOptions); err != nil { return err } @@ -74,7 +74,7 @@ func createMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Pro return nil } -func createMizuAggregator(ctx context.Context, kubernetesProvider *kubernetes.Provider, tappingOptions *MizuTapOptions, mizuApiFilteringOptions *shared.FilteringOptions) error { +func createMizuAggregator(ctx context.Context, kubernetesProvider *kubernetes.Provider, tappingOptions *MizuTapOptions, mizuApiFilteringOptions *shared.TrafficFilteringOptions) error { var err error mizuServiceAccountExists = createRBACIfNecessary(ctx, kubernetesProvider) @@ -93,7 +93,7 @@ func createMizuAggregator(ctx context.Context, kubernetesProvider *kubernetes.Pr return nil } -func getMizuApiFilteringOptions(tappingOptions *MizuTapOptions) (*shared.FilteringOptions, error) { +func getMizuApiFilteringOptions(tappingOptions *MizuTapOptions) (*shared.TrafficFilteringOptions, error) { if tappingOptions.PlainTextFilterRegexes == nil || len(tappingOptions.PlainTextFilterRegexes) == 0 { return nil, nil } @@ -108,7 +108,7 @@ func getMizuApiFilteringOptions(tappingOptions *MizuTapOptions) (*shared.Filteri compiledRegexSlice = append(compiledRegexSlice, compiledRegex) } - return &shared.FilteringOptions{PlainTextFilterRegexes: compiledRegexSlice}, nil + return &shared.TrafficFilteringOptions{PlainTextMaskingRegexes: compiledRegexSlice}, nil } func createMizuTappers(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, tappingOptions *MizuTapOptions) error { diff --git a/cli/kubernetes/provider.go b/cli/kubernetes/provider.go index d6b598a27..decee5e5f 100644 --- a/cli/kubernetes/provider.go +++ b/cli/kubernetes/provider.go @@ -86,7 +86,7 @@ func (provider *Provider) GetPods(ctx context.Context, namespace string) { fmt.Printf("There are %d pods in Namespace %s\n", len(pods.Items), namespace) } -func (provider *Provider) CreateMizuAggregatorPod(ctx context.Context, namespace string, podName string, podImage string, linkServiceAccount bool, mizuApiFilteringOptions *shared.FilteringOptions) (*core.Pod, error) { +func (provider *Provider) CreateMizuAggregatorPod(ctx context.Context, namespace string, podName string, podImage string, linkServiceAccount bool, mizuApiFilteringOptions *shared.TrafficFilteringOptions) (*core.Pod, error) { marshaledFilteringOptions, err := json.Marshal(mizuApiFilteringOptions) if err != nil { return nil, err diff --git a/shared/models.go b/shared/models.go index 44e3ff9f5..cbf73b594 100644 --- a/shared/models.go +++ b/shared/models.go @@ -34,6 +34,6 @@ func CreateWebSocketStatusMessage(tappingStatus TapStatus) WebSocketStatusMessag } } -type FilteringOptions struct { - PlainTextFilterRegexes []*SerializableRegexp +type TrafficFilteringOptions struct { + PlainTextMaskingRegexes []*SerializableRegexp }