respect redactors included in the app (#1628)

* respect redactors included in the app
replicatedhq · Mar 13, 2021 · af0e629 · af0e629
1 parent faf6596
commit af0e629
Show file tree

Hide file tree

Showing 6 changed files with 150 additions and 17 deletions.
diff --git a/kotsadm/operator/pkg/applier/kubectl.go b/kotsadm/operator/pkg/applier/kubectl.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"strings"
 
 	"github.com/pkg/errors"
 	rest "k8s.io/client-go/rest"
@@ -56,12 +57,15 @@ func (c *Kubectl) connectArgs() []string {
 	return args
 }
 
-func (c *Kubectl) SupportBundle(collectorURI string, redactURI string) error {
-	log.Printf("running kubectl support-bundle %s --redactors=%s", collectorURI, redactURI)
+func (c *Kubectl) SupportBundle(collectorURI string, redactURIs []string) error {
+	redactors := strings.Join(redactURIs, ",")
+
+	log.Printf("running kubectl support-bundle %s --redactors=%s", collectorURI, redactors)
+
 	args := []string{
 		collectorURI,
 		"--collect-without-permissions",
-		fmt.Sprintf("--redactors=%s", redactURI),
+		fmt.Sprintf("--redactors=%s", redactors),
 	}
 
 	cmd := c.supportBundleCommand(args...)

diff --git a/kotsadm/operator/pkg/client/client.go b/kotsadm/operator/pkg/client/client.go
@@ -58,8 +58,8 @@ type PreflightRequest struct {
 }
 
 type SupportBundleRequest struct {
-	URI       string `json:"uri"`
-	RedactURI string `json:"redactURI"`
+	URI        string   `json:"uri"`
+	RedactURIs []string `json:"redactURIs"`
 }
 
 type InformRequest struct {
@@ -309,7 +309,7 @@ func (c *Client) registerHandlers(socketClient *socket.Client) error {
 			startTime := time.Now()
 			// This is in a goroutine because if we disconnect and reconnect to the
 			// websocket, we will want to report that it's completed...
-			err := runSupportBundle(args.URI, args.RedactURI)
+			err := runSupportBundle(args.URI, args.RedactURIs)
 			log.Printf("support bundle run completed in %s", time.Since(startTime).String())
 			if err != nil {
 				log.Printf("error running support bundle: %s", err.Error())
@@ -376,7 +376,7 @@ func (c *Client) sendResult(applicationManifests ApplicationManifests, isError b
 	return nil
 }
 
-func runSupportBundle(collectorURI string, redactURI string) error {
+func runSupportBundle(collectorURI string, redactURIs []string) error {
 	kubectl, err := exec.LookPath("kubectl")
 	if err != nil {
 		return errors.Wrap(err, "failed to find kubectl")
@@ -401,7 +401,7 @@ func runSupportBundle(collectorURI string, redactURI string) error {
 
 	kubernetesApplier := applier.NewKubectl(kubectl, preflight, supportBundle, config)
 
-	return kubernetesApplier.SupportBundle(collectorURI, redactURI)
+	return kubernetesApplier.SupportBundle(collectorURI, redactURIs)
 }
 
 func runPreflight(preflightURI string, ignorePermissions bool) error {

diff --git a/pkg/kotsutil/kots.go b/pkg/kotsutil/kots.go
@@ -47,6 +47,7 @@ type KotsKinds struct {
 	Preflight     *troubleshootv1beta2.Preflight
 	Analyzer      *troubleshootv1beta2.Analyzer
 	SupportBundle *troubleshootv1beta2.SupportBundle
+	Redactor      *troubleshootv1beta2.Redactor
 
 	Config       *kotsv1beta1.Config
 	ConfigValues *kotsv1beta1.ConfigValues
@@ -274,6 +275,15 @@ func (o KotsKinds) Marshal(g string, v string, k string) (string, error) {
 					return "", errors.Wrap(err, "failed to encode support bundle")
 				}
 				return string(b.Bytes()), nil
+			case "Redactor":
+				if o.Redactor == nil {
+					return "", nil
+				}
+				var b bytes.Buffer
+				if err := s.Encode(o.Redactor, &b); err != nil {
+					return "", errors.Wrap(err, "failed to encode redactor")
+				}
+				return string(b.Bytes()), nil
 			}
 		}
 	}
@@ -388,6 +398,8 @@ func LoadKotsKindsFromPath(fromDir string) (*KotsKinds, error) {
 				kotsKinds.Analyzer = decoded.(*troubleshootv1beta2.Analyzer)
 			case "troubleshoot.sh/v1beta2, Kind=SupportBundle":
 				kotsKinds.SupportBundle = decoded.(*troubleshootv1beta2.SupportBundle)
+			case "troubleshoot.sh/v1beta2, Kind=Redactor":
+				kotsKinds.Redactor = decoded.(*troubleshootv1beta2.Redactor)
 			case "troubleshoot.sh/v1beta2, Kind=Preflight":
 				kotsKinds.Preflight = decoded.(*troubleshootv1beta2.Preflight)
 			case "velero.io/v1, Kind=Backup":

diff --git a/pkg/redact/app.go b/pkg/redact/app.go
@@ -0,0 +1,110 @@
+package redact
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/pkg/errors"
+	"github.com/replicatedhq/kots/pkg/k8s"
+	kotsadmtypes "github.com/replicatedhq/kots/pkg/kotsadm/types"
+	"github.com/replicatedhq/kots/pkg/kotsutil"
+	"github.com/replicatedhq/kots/pkg/render/helper"
+	"github.com/replicatedhq/kots/pkg/store"
+	troubleshootv1beta2 "github.com/replicatedhq/troubleshoot/pkg/apis/troubleshoot/v1beta2"
+	corev1 "k8s.io/api/core/v1"
+	kuberneteserrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	serializer "k8s.io/apimachinery/pkg/runtime/serializer/json"
+	"k8s.io/client-go/kubernetes/scheme"
+)
+
+func GetAppRedactSpecConfigMapName(appSlug string) string {
+	return fmt.Sprintf("kotsadm-%s-redact-spec", appSlug)
+}
+
+func GetAppRedactSpecURI(appSlug string) string {
+	return fmt.Sprintf("configmap/%s/%s/%s", os.Getenv("POD_NAMESPACE"), GetAppRedactSpecConfigMapName(appSlug), redactSpecDataKey)
+}
+
+// WriteAppRedactSpecConfigMap creates a configmap that contains the redaction yaml spec included in the application release
+func WriteAppRedactSpecConfigMap(appID string, sequence int64, kotsKinds *kotsutil.KotsKinds) error {
+	builtRedactor := kotsKinds.Redactor.DeepCopy()
+	if builtRedactor == nil {
+		builtRedactor = &troubleshootv1beta2.Redactor{
+			TypeMeta: metav1.TypeMeta{
+				Kind:       "Redactor",
+				APIVersion: "troubleshoot.sh/v1beta2",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "default-redactor",
+			},
+		}
+	}
+
+	app, err := store.GetStore().GetApp(appID)
+	if err != nil {
+		return errors.Wrap(err, "failed to get app")
+	}
+
+	s := serializer.NewYAMLSerializer(serializer.DefaultMetaFactory, scheme.Scheme, scheme.Scheme)
+	var b bytes.Buffer
+	if err := s.Encode(builtRedactor, &b); err != nil {
+		return errors.Wrap(err, "failed to encode redactor")
+	}
+	templatedSpec := b.Bytes()
+
+	rs, err := helper.RenderAppFile(app, &sequence, templatedSpec, kotsKinds)
+	if err != nil {
+		return errors.Wrap(err, "failed render redactor spec")
+	}
+	renderedSpec := string(rs)
+
+	clientset, err := k8s.Clientset()
+	if err != nil {
+		return errors.Wrap(err, "failed to create clientset")
+	}
+
+	configMapName := GetAppRedactSpecConfigMapName(app.Slug)
+
+	existingConfigMap, err := clientset.CoreV1().ConfigMaps(os.Getenv("POD_NAMESPACE")).Get(context.TODO(), configMapName, metav1.GetOptions{})
+	if err != nil && !kuberneteserrors.IsNotFound(err) {
+		return errors.Wrap(err, "failed to read redactor configmap")
+	} else if kuberneteserrors.IsNotFound(err) {
+		configMap := &corev1.ConfigMap{
+			TypeMeta: metav1.TypeMeta{
+				APIVersion: "v1",
+				Kind:       "ConfigMap",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      configMapName,
+				Namespace: os.Getenv("POD_NAMESPACE"),
+				Labels:    kotsadmtypes.GetKotsadmLabels(),
+			},
+			Data: map[string]string{
+				redactSpecDataKey: renderedSpec,
+			},
+		}
+
+		_, err = clientset.CoreV1().ConfigMaps(os.Getenv("POD_NAMESPACE")).Create(context.TODO(), configMap, metav1.CreateOptions{})
+		if err != nil {
+			return errors.Wrap(err, "failed to create redactor configmap")
+		}
+
+		return nil
+	}
+
+	if existingConfigMap.Data == nil {
+		existingConfigMap.Data = map[string]string{}
+	}
+	existingConfigMap.Data[redactSpecDataKey] = renderedSpec
+	existingConfigMap.ObjectMeta.Labels = kotsadmtypes.GetKotsadmLabels()
+
+	_, err = clientset.CoreV1().ConfigMaps(os.Getenv("POD_NAMESPACE")).Update(context.TODO(), existingConfigMap, metav1.UpdateOptions{})
+	if err != nil {
+		return errors.Wrap(err, "failed to update redactor configmap")
+	}
+
+	return nil
+}
diff --git a/pkg/redact/redact.go b/pkg/redact/redact.go
@@ -41,13 +41,13 @@ const (
 	redactSpecDataKey       = "redact-spec"
 )
 
-func GetRedactSpecURI() string {
+func GetKotsadmRedactSpecURI() string {
 	return fmt.Sprintf("configmap/%s/%s/%s", os.Getenv("POD_NAMESPACE"), redactSpecConfigMapName, redactSpecDataKey)
 }
 
-// WriteRedactSpecConfigMap creates a configmap that contains the redaction yaml spec
+// WriteKotsadmRedactSpecConfigMap creates a configmap that contains the admin console custom redaction yaml spec
 // auto-generated from "kotsadm-redact" configmap when collecting support bundles. contains the full redact spec type that is supported by troubleshoot.
-func WriteRedactSpecConfigMap() error {
+func WriteKotsadmRedactSpecConfigMap() error {
 	spec, _, err := GetRedactSpec()
 	if err != nil {
 		return errors.Wrap(err, "failed to get redact spec")

diff --git a/pkg/socketservice/socketservice.go b/pkg/socketservice/socketservice.go
@@ -67,8 +67,8 @@ type AppInformersArgs struct {
 }
 
 type SupportBundleArgs struct {
-	URI       string `json:"uri"`
-	RedactURI string `json:"redactURI"`
+	URI        string   `json:"uri"`
+	RedactURIs []string `json:"redactURIs"`
 }
 
 var server *socket.Server
@@ -454,14 +454,21 @@ func processSupportBundle(clusterSocket *ClusterSocket, pendingSupportBundle sup
 		return errors.Wrap(err, "failed to create rendered support bundle spec")
 	}
 
-	err = redact.WriteRedactSpecConfigMap()
+	err = redact.WriteKotsadmRedactSpecConfigMap()
 	if err != nil {
-		return errors.Wrap(err, "failed to write redact spec configmap")
+		return errors.Wrap(err, "failed to write kotsadm redact spec configmap")
 	}
+	redactURIs := []string{redact.GetKotsadmRedactSpecURI()}
+
+	err = redact.WriteAppRedactSpecConfigMap(a.ID, sequence, kotsKinds)
+	if err != nil {
+		return errors.Wrap(err, "failed to write app redact spec configmap")
+	}
+	redactURIs = append(redactURIs, redact.GetAppRedactSpecURI(a.Slug))
 
 	supportBundleArgs := SupportBundleArgs{
-		URI:       supportbundle.GetSpecURI(a.Slug),
-		RedactURI: redact.GetRedactSpecURI(),
+		URI:        supportbundle.GetSpecURI(a.Slug),
+		RedactURIs: redactURIs,
 	}
 	c.Emit("supportbundle", supportBundleArgs)