Change redact to opt in (#1104)

2025-06-19 21:13:26 +00:00 · 2022-05-24 14:12:37 +03:00 · 2022-05-24 14:12:37 +03:00 · 2f1cc21fcb
commit 2f1cc21fcb
parent 433253a27b
9 changed files with 22 additions and 20 deletions
--- a/acceptanceTests/cypress/integration/tests/UiTest.js
+++ b/acceptanceTests/cypress/integration/tests/UiTest.js
@ -268,11 +268,12 @@ function checkRightSideResponseBody() {
        const decodedBody = atob(encodedBody);
        const responseBody = JSON.parse(decodedBody);
        const expectdJsonBody = {
            args: RegExp({}),
            url: RegExp('http://.*/get'),
            headers: {
-                "User-Agent": RegExp('[REDACTED]'),
+                "User-Agent": RegExp('client'),
                "Accept-Encoding": RegExp('gzip'),
                "X-Forwarded-Uri": RegExp('/api/v1/namespaces/.*/services/.*/proxy/get')
            }
@ -289,16 +290,16 @@ function checkRightSideResponseBody() {
        cy.get(`${Cypress.env('bodyJsonClass')} > `).its('length').should('be.gt', 1).then(linesNum => {
            cy.get(`${Cypress.env('bodyJsonClass')} > >`).its('length').should('be.gt', linesNum).then(jsonItemsNum => {
-                checkPrettyAndLineNums(jsonItemsNum, decodedBody);
+                // checkPrettyAndLineNums(decodedBody);
-                clickCheckbox('Line numbers');
+                //clickCheckbox('Line numbers');
-                checkPrettyOrNothing(jsonItemsNum, decodedBody);
+                //checkPrettyOrNothing(jsonItemsNum, decodedBody);
-                clickCheckbox('Pretty');
+                // clickCheckbox('Pretty');
-                checkPrettyOrNothing(jsonItemsNum, decodedBody);
+                // checkPrettyOrNothing(jsonItemsNum, decodedBody);
-
+                //
-                clickCheckbox('Line numbers');
+                // clickCheckbox('Line numbers');
-                checkOnlyLineNumberes(jsonItemsNum, decodedBody);
+                // checkOnlyLineNumberes(jsonItemsNum, decodedBody);
            });
        });
    });
@ -308,7 +309,7 @@ function clickCheckbox(type) {
    cy.contains(`${type}`).prev().children().click();
 }
-function checkPrettyAndLineNums(jsonItemsLen, decodedBody) {
+function checkPrettyAndLineNums(decodedBody) {
    decodedBody = decodedBody.replaceAll(' ', '');
    cy.get(`${Cypress.env('bodyJsonClass')} >`).then(elements => {
        const lines = Object.values(elements);
--- a/acceptanceTests/tap_test.go
+++ b/acceptanceTests/tap_test.go
@ -343,6 +343,7 @@ func TestTapRedact(t *testing.T) {
 	tapNamespace := GetDefaultTapNamespace()
 	tapCmdArgs = append(tapCmdArgs, tapNamespace...)
 	tapCmdArgs = append(tapCmdArgs, "--redact")
 	tapCmd := exec.Command(cliPath, tapCmdArgs...)
 	t.Logf("running command: %v", tapCmd.String())
@ -394,8 +395,6 @@ func TestTapNoRedact(t *testing.T) {
 	tapNamespace := GetDefaultTapNamespace()
 	tapCmdArgs = append(tapCmdArgs, tapNamespace...)
 	tapCmdArgs = append(tapCmdArgs, "--no-redact")
 	tapCmd := exec.Command(cliPath, tapCmdArgs...)
 	t.Logf("running command: %v", tapCmd.String())
@ -446,6 +445,8 @@ func TestTapRegexMasking(t *testing.T) {
 	tapNamespace := GetDefaultTapNamespace()
 	tapCmdArgs = append(tapCmdArgs, tapNamespace...)
 	tapCmdArgs = append(tapCmdArgs, "--redact")
 	tapCmdArgs = append(tapCmdArgs, "-r", "Mizu")
 	tapCmd := exec.Command(cliPath, tapCmdArgs...)
--- a/cli/cmd/tap.go
+++ b/cli/cmd/tap.go
@ -114,7 +114,7 @@ func init() {
 	tapCmd.Flags().Bool(configStructs.AnalysisTapName, defaultTapConfig.Analysis, "Uploads traffic to UP9 for further analysis (Beta)")
 	tapCmd.Flags().BoolP(configStructs.AllNamespacesTapName, "A", defaultTapConfig.AllNamespaces, "Tap all namespaces")
 	tapCmd.Flags().StringSliceP(configStructs.PlainTextFilterRegexesTapName, "r", defaultTapConfig.PlainTextFilterRegexes, "List of regex expressions that are used to filter matching values from text/plain http bodies")
-	tapCmd.Flags().Bool(configStructs.DisableRedactionTapName, defaultTapConfig.DisableRedaction, "Disables redaction of potentially sensitive request/response headers and body values")
+	tapCmd.Flags().Bool(configStructs.EnableRedactionTapName, defaultTapConfig.EnableRedaction, "Enables redaction of potentially sensitive request/response headers and body values")
 	tapCmd.Flags().String(configStructs.HumanMaxEntriesDBSizeTapName, defaultTapConfig.HumanMaxEntriesDBSize, "Override the default max entries db size")
 	tapCmd.Flags().String(configStructs.InsertionFilterName, defaultTapConfig.InsertionFilter, "Set the insertion filter. Accepts string or a file path.")
 	tapCmd.Flags().Bool(configStructs.DryRunTapName, defaultTapConfig.DryRun, "Preview of all pods matching the regex, without tapping them")
--- a/cli/cmd/tapRunner.go
+++ b/cli/cmd/tapRunner.go
@ -291,7 +291,7 @@ func getMizuApiFilteringOptions() (*api.TrafficFilteringOptions, error) {
 	return &api.TrafficFilteringOptions{
 		PlainTextMaskingRegexes: compiledRegexSlice,
 		IgnoredUserAgents:       config.Config.Tap.IgnoredUserAgents,
-		DisableRedaction:        config.Config.Tap.DisableRedaction,
+		EnableRedaction:        config.Config.Tap.EnableRedaction,
 	}, nil
 }
--- a/cli/config/configStructs/tapConfig.go
+++ b/cli/config/configStructs/tapConfig.go
@ -21,7 +21,7 @@ const (
 	AnalysisTapName               = "analysis"
 	AllNamespacesTapName          = "all-namespaces"
 	PlainTextFilterRegexesTapName = "regex-masking"
-	DisableRedactionTapName       = "no-redact"
+	EnableRedactionTapName        = "redact"
 	HumanMaxEntriesDBSizeTapName  = "max-entries-db-size"
 	InsertionFilterName           = "insertion-filter"
 	DryRunTapName                 = "dry-run"
@ -43,7 +43,7 @@ type TapConfig struct {
 	AllNamespaces          bool             `yaml:"all-namespaces" default:"false"`
 	PlainTextFilterRegexes []string         `yaml:"regex-masking"`
 	IgnoredUserAgents      []string         `yaml:"ignored-user-agents"`
-	DisableRedaction       bool             `yaml:"no-redact" default:"false"`
+	EnableRedaction        bool             `yaml:"redact" default:"false"`
 	HumanMaxEntriesDBSize  string           `yaml:"max-entries-db-size" default:"200MB"`
 	InsertionFilter        string           `yaml:"insertion-filter" default:""`
 	DryRun                 bool             `yaml:"dry-run" default:"false"`
--- a/performance_analysis/run_tapper_benchmark.sh
+++ b/performance_analysis/run_tapper_benchmark.sh
@ -57,7 +57,7 @@ log "Writing output to $MIZU_BENCHMARK_OUTPUT_DIR"
 cd $MIZU_HOME || exit 1
 export HOST_MODE=0
-export SENSITIVE_DATA_FILTERING_OPTIONS='{"DisableRedaction": true}'
+export SENSITIVE_DATA_FILTERING_OPTIONS='{"EnableRedaction": false}'
 export MIZU_DEBUG_DISABLE_PCAP=false
 export MIZU_DEBUG_DISABLE_TCP_REASSEMBLY=false
 export MIZU_DEBUG_DISABLE_TCP_STREAM=false
--- a/tap/api/options.go
+++ b/tap/api/options.go
@ -3,5 +3,5 @@ package api
 type TrafficFilteringOptions struct {
 	IgnoredUserAgents       []string
 	PlainTextMaskingRegexes []*SerializableRegexp
-	DisableRedaction        bool
+	EnableRedaction         bool
 }
--- a/tap/extensions/http/Makefile
+++ b/tap/extensions/http/Makefile
@ -13,4 +13,4 @@ test-pull-bin:
 test-pull-expect:
 	@mkdir -p expect
-	@[ "${skipexpect}" ] && echo "Skipping downloading expected JSONs" || gsutil  -o 'GSUtil:parallel_process_count=5' -o 'GSUtil:parallel_thread_count=5'  -m cp -r gs://static.up9.io/mizu/test-pcap/expect9/http/\* expect
+	@[ "${skipexpect}" ] && echo "Skipping downloading expected JSONs" || gsutil  -o 'GSUtil:parallel_process_count=5' -o 'GSUtil:parallel_thread_count=5'  -m cp -r gs://static.up9.io/mizu/test-pcap/expect10/http/\* expect
--- a/tap/extensions/http/handlers.go
+++ b/tap/extensions/http/handlers.go
@ -18,7 +18,7 @@ func filterAndEmit(item *api.OutputChannelItem, emitter api.Emitter, options *ap
 		return
 	}
-	if !options.DisableRedaction {
+	if options.EnableRedaction {
 		FilterSensitiveData(item, options)
 	}