github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-09-10 15:00:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix the issues related to sensitive data filtering feature (#285)

Browse Source 
* Run acceptance tests on pull request

* Take `options.DisableRedaction` into account

* Log `defaultTapConfig`

* Pass the `SENSITIVE_DATA_FILTERING_OPTIONS` to tapper daemon set too

* Revert "Run acceptance tests on pull request"

This reverts commit ad79f1418f.
This commit is contained in:
M. Mert Yıldıran
2021-09-19 13:33:34 +03:00
committed by GitHub
parent 65bb262652
commit 5392475486
4 changed files with 18 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cli/cmd/tap.go
View File

@@ -2,11 +2,12 @@ package cmd
import ( import (
"errors" "errors"
"os"
"github.com/up9inc/mizu/cli/config" "github.com/up9inc/mizu/cli/config"
"github.com/up9inc/mizu/cli/config/configStructs" "github.com/up9inc/mizu/cli/config/configStructs"
"github.com/up9inc/mizu/cli/logger" "github.com/up9inc/mizu/cli/logger"
"github.com/up9inc/mizu/cli/telemetry" "github.com/up9inc/mizu/cli/telemetry"
"os"
"github.com/creasty/defaults" "github.com/creasty/defaults"
"github.com/spf13/cobra" "github.com/spf13/cobra"

11
cli/cmd/tapRunner.go
View File

@@ -109,7 +109,7 @@ func RunMizuTap() {
} }
go goUtils.HandleExcWrapper(watchApiServerPod, ctx, kubernetesProvider, cancel) go goUtils.HandleExcWrapper(watchApiServerPod, ctx, kubernetesProvider, cancel)
go goUtils.HandleExcWrapper(watchPodsForTapping, ctx, kubernetesProvider, targetNamespaces, cancel) go goUtils.HandleExcWrapper(watchPodsForTapping, ctx, kubernetesProvider, targetNamespaces, cancel, mizuApiFilteringOptions)
//block until exit signal or error //block until exit signal or error
waitForFinish(ctx, cancel) waitForFinish(ctx, cancel)
@@ -135,7 +135,7 @@ func createMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Pro
return err return err
} }
if err := updateMizuTappers(ctx, kubernetesProvider, nodeToTappedPodIPMap); err != nil { if err := updateMizuTappers(ctx, kubernetesProvider, nodeToTappedPodIPMap, mizuApiFilteringOptions); err != nil {
return err return err
} }
@@ -221,7 +221,7 @@ func getMizuApiFilteringOptions() (*api.TrafficFilteringOptions, error) {
}, nil }, nil
} }
func updateMizuTappers(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string) error { func updateMizuTappers(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, mizuApiFilteringOptions *api.TrafficFilteringOptions) error {
if len(nodeToTappedPodIPMap) > 0 { if len(nodeToTappedPodIPMap) > 0 {
var serviceAccountName string var serviceAccountName string
if state.mizuServiceAccountExists { if state.mizuServiceAccountExists {
@@ -241,6 +241,7 @@ func updateMizuTappers(ctx context.Context, kubernetesProvider *kubernetes.Provi
serviceAccountName, serviceAccountName,
config.Config.Tap.TapperResources, config.Config.Tap.TapperResources,
config.Config.ImagePullPolicy(), config.Config.ImagePullPolicy(),
mizuApiFilteringOptions,
); err != nil { ); err != nil {
return err return err
} }
@@ -347,7 +348,7 @@ func waitUntilNamespaceDeleted(ctx context.Context, cancel context.CancelFunc, k
} }
} }
func watchPodsForTapping(ctx context.Context, kubernetesProvider *kubernetes.Provider, targetNamespaces []string, cancel context.CancelFunc) { func watchPodsForTapping(ctx context.Context, kubernetesProvider *kubernetes.Provider, targetNamespaces []string, cancel context.CancelFunc, mizuApiFilteringOptions *api.TrafficFilteringOptions) {
added, modified, removed, errorChan := kubernetes.FilteredWatch(ctx, kubernetesProvider, targetNamespaces, config.Config.Tap.PodRegex()) added, modified, removed, errorChan := kubernetes.FilteredWatch(ctx, kubernetesProvider, targetNamespaces, config.Config.Tap.PodRegex())
restartTappers := func() { restartTappers := func() {
@@ -371,7 +372,7 @@ func watchPodsForTapping(ctx context.Context, kubernetesProvider *kubernetes.Pro
logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error building node to ips map: %v", errormessage.FormatError(err))) logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error building node to ips map: %v", errormessage.FormatError(err)))
cancel() cancel()
} }
if err := updateMizuTappers(ctx, kubernetesProvider, nodeToTappedPodIPMap); err != nil { if err := updateMizuTappers(ctx, kubernetesProvider, nodeToTappedPodIPMap, mizuApiFilteringOptions); err != nil {
logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error updating daemonset: %v", errormessage.FormatError(err))) logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Error updating daemonset: %v", errormessage.FormatError(err)))
cancel() cancel()
} }

8
cli/kubernetes/provider.go
View File

@@ -576,7 +576,7 @@ func (provider *Provider) CreateConfigMap(ctx context.Context, namespace string,
return nil return nil
} }
func (provider *Provider) ApplyMizuTapperDaemonSet(ctx context.Context, namespace string, daemonSetName string, podImage string, tapperPodName string, apiServerPodIp string, nodeToTappedPodIPMap map[string][]string, serviceAccountName string, resources configStructs.Resources, imagePullPolicy core.PullPolicy) error { func (provider *Provider) ApplyMizuTapperDaemonSet(ctx context.Context, namespace string, daemonSetName string, podImage string, tapperPodName string, apiServerPodIp string, nodeToTappedPodIPMap map[string][]string, serviceAccountName string, resources configStructs.Resources, imagePullPolicy core.PullPolicy, mizuApiFilteringOptions *api.TrafficFilteringOptions) error {
logger.Log.Debugf("Applying %d tapper daemon sets, ns: %s, daemonSetName: %s, podImage: %s, tapperPodName: %s", len(nodeToTappedPodIPMap), namespace, daemonSetName, podImage, tapperPodName) logger.Log.Debugf("Applying %d tapper daemon sets, ns: %s, daemonSetName: %s, podImage: %s, tapperPodName: %s", len(nodeToTappedPodIPMap), namespace, daemonSetName, podImage, tapperPodName)
if len(nodeToTappedPodIPMap) == 0 { if len(nodeToTappedPodIPMap) == 0 {
@@ -588,6 +588,11 @@ func (provider *Provider) ApplyMizuTapperDaemonSet(ctx context.Context, namespac
return err return err
} }
marshaledFilteringOptions, err := json.Marshal(mizuApiFilteringOptions)
if err != nil {
return err
}
mizuCmd := []string{ mizuCmd := []string{
"./mizuagent", "./mizuagent",
"-i", "any", "-i", "any",
@@ -606,6 +611,7 @@ func (provider *Provider) ApplyMizuTapperDaemonSet(ctx context.Context, namespac
applyconfcore.EnvVar().WithName(shared.HostModeEnvVar).WithValue("1"), applyconfcore.EnvVar().WithName(shared.HostModeEnvVar).WithValue("1"),
applyconfcore.EnvVar().WithName(shared.TappedAddressesPerNodeDictEnvVar).WithValue(string(nodeToTappedPodIPMapJsonStr)), applyconfcore.EnvVar().WithName(shared.TappedAddressesPerNodeDictEnvVar).WithValue(string(nodeToTappedPodIPMapJsonStr)),
applyconfcore.EnvVar().WithName(shared.GoGCEnvVar).WithValue("12800"), applyconfcore.EnvVar().WithName(shared.GoGCEnvVar).WithValue("12800"),
applyconfcore.EnvVar().WithName(shared.MizuFilteringOptionsEnvVar).WithValue(string(marshaledFilteringOptions)),
) )
agentContainer.WithEnv( agentContainer.WithEnv(
applyconfcore.EnvVar().WithName(shared.NodeNameEnvVar).WithValueFrom( applyconfcore.EnvVar().WithName(shared.NodeNameEnvVar).WithValueFrom(

4
tap/extensions/http/handlers.go
View File

@@ -14,7 +14,9 @@ import (
) )
func filterAndEmit(item *api.OutputChannelItem, emitter api.Emitter, options *api.TrafficFilteringOptions) { func filterAndEmit(item *api.OutputChannelItem, emitter api.Emitter, options *api.TrafficFilteringOptions) {
FilterSensitiveData(item, options) if !options.DisableRedaction {
FilterSensitiveData(item, options)
}
emitter.Emit(item) emitter.Emit(item)
} }