Redact secret data.

Signed-off-by: Michal Schott <michal.schott@onegini.com>
fluxcd · Sep 2, 2021 · e3dbcfa · e3dbcfa
1 parent 52c61f8
commit e3dbcfa
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/controllers/kustomization_controller.go b/controllers/kustomization_controller.go
@@ -26,6 +26,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"regexp"
 	"strings"
 	"time"
 
@@ -367,7 +368,7 @@ func (r *KustomizationReconciler) reconcile(
 			source.GetArtifact().Revision,
 			meta.ReconciliationFailedReason,
 			err.Error(),
-		), err
+		), stripSensitiveData(err)
 	}
 
 	// prune
@@ -865,3 +866,13 @@ func (r *KustomizationReconciler) patchStatus(ctx context.Context, req ctrl.Requ
 
 	return r.Status().Patch(ctx, &kustomization, patch)
 }
+
+func stripSensitiveData(err error) error {
+	dataFilter := regexp.MustCompile(`Data:{.*}`)
+	stringDataFilter := regexp.MustCompile(`StringData:{.*}`)
+
+	newErr := dataFilter.ReplaceAllString(err.Error(), "[ ** REDACTED ** ]")
+	newErr = stringDataFilter.ReplaceAllString(newErr, "[ ** REDACTED ** ]")
+
+	return errors.New(newErr)
+}