From 80e97e7f7ef271d4bd8f47dbdf34efb4dac69c8a Mon Sep 17 00:00:00 2001 From: RamiBerm Date: Wed, 21 Jul 2021 10:49:27 +0300 Subject: [PATCH] Update main.go, tap.go, and 4 more files... --- api/main.go | 4 +++- cli/cmd/tap.go | 2 ++ cli/cmd/tapRunner.go | 2 +- cli/kubernetes/provider.go | 4 ++-- shared/consts.go | 2 +- shared/models.go | 1 + 6 files changed, 10 insertions(+), 5 deletions(-) diff --git a/api/main.go b/api/main.go index b7d358a18..fe91f44bc 100644 --- a/api/main.go +++ b/api/main.go @@ -142,7 +142,9 @@ func filterHarItems(inChannel <-chan *tap.OutputChannelItem, outChannel chan *ta continue } - sensitiveDataFiltering.FilterSensitiveInfoFromHarRequest(message, filterOptions) + if !filterOptions.DisableRedaction { + sensitiveDataFiltering.FilterSensitiveInfoFromHarRequest(message, filterOptions) + } outChannel <- message } diff --git a/cli/cmd/tap.go b/cli/cmd/tap.go index 245b3d7df..b88edb5a7 100644 --- a/cli/cmd/tap.go +++ b/cli/cmd/tap.go @@ -25,6 +25,7 @@ type MizuTapOptions struct { HideHealthChecks bool MaxEntriesDBSizeBytes int64 SleepIntervalSec uint16 + DisableRedaction bool } var mizuTapOptions = &MizuTapOptions{} @@ -102,4 +103,5 @@ func init() { tapCmd.Flags().StringVarP(&direction, "direction", "", "in", "Record traffic that goes in this direction (relative to the tapped pod): in/any") tapCmd.Flags().BoolVar(&mizuTapOptions.HideHealthChecks, "hide-healthchecks", false, "hides requests with kube-probe or prometheus user-agent headers") tapCmd.Flags().StringVarP(&humanMaxEntriesDBSize, maxEntriesDBSizeFlagName, "", "200MB", "override the default max entries db size of 200mb") + tapCmd.Flags().BoolVar(&mizuTapOptions.DisableRedaction, "no-redact", false, "Disables redaction of potentially sensitive request/response headers and body values") } diff --git a/cli/cmd/tapRunner.go b/cli/cmd/tapRunner.go index 26bec8fc2..2015e81ef 100644 --- a/cli/cmd/tapRunner.go +++ b/cli/cmd/tapRunner.go @@ -126,7 +126,7 @@ func getMizuApiFilteringOptions(tappingOptions *MizuTapOptions) (*shared.Traffic } } - return &shared.TrafficFilteringOptions{PlainTextMaskingRegexes: compiledRegexSlice, HideHealthChecks: tappingOptions.HideHealthChecks}, nil + return &shared.TrafficFilteringOptions{PlainTextMaskingRegexes: compiledRegexSlice, HideHealthChecks: tappingOptions.HideHealthChecks, DisableRedaction: tappingOptions.DisableRedaction}, nil } func updateMizuTappers(ctx context.Context, kubernetesProvider *kubernetes.Provider, nodeToTappedPodIPMap map[string][]string, tappingOptions *MizuTapOptions) error { diff --git a/cli/kubernetes/provider.go b/cli/kubernetes/provider.go index 9a9409eaf..7141e1a27 100644 --- a/cli/kubernetes/provider.go +++ b/cli/kubernetes/provider.go @@ -14,8 +14,8 @@ import ( core "k8s.io/api/core/v1" rbac "k8s.io/api/rbac/v1" k8serrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" resource "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/watch" applyconfapp "k8s.io/client-go/applyconfigurations/apps/v1" @@ -118,7 +118,7 @@ func (provider *Provider) CreateMizuAggregatorPod(ctx context.Context, namespace Value: string(marshaledFilteringOptions), }, { - Name: shared.MaxEntriesDBSizeByteSEnvVar, + Name: shared.MaxEntriesDBSizeBytesEnvVar, Value: strconv.FormatInt(maxEntriesDBSizeBytes, 10), }, }, diff --git a/shared/consts.go b/shared/consts.go index 0d452910d..7effd97fa 100644 --- a/shared/consts.go +++ b/shared/consts.go @@ -5,5 +5,5 @@ const ( HostModeEnvVar = "HOST_MODE" NodeNameEnvVar = "NODE_NAME" TappedAddressesPerNodeDictEnvVar = "TAPPED_ADDRESSES_PER_HOST" - MaxEntriesDBSizeByteSEnvVar = "MAX_ENTRIES_DB_BYTES" + MaxEntriesDBSizeBytesEnvVar = "MAX_ENTRIES_DB_BYTES" ) diff --git a/shared/models.go b/shared/models.go index 14c1b3ce9..d0f7a15c5 100644 --- a/shared/models.go +++ b/shared/models.go @@ -60,6 +60,7 @@ func CreateWebSocketMessageTypeAnalyzeStatus(analyzeStatus AnalyzeStatus) WebSoc type TrafficFilteringOptions struct { PlainTextMaskingRegexes []*SerializableRegexp HideHealthChecks bool + DisableRedaction bool } type VersionResponse struct {