API tools faq
paste
Guest User

Untitled

a guest
Jun 25th, 2025
27
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Go 2.37 KB | None | 0 0
raw download clone embed print report
  1. package main
  2.  
  3. import (
  4.     "encoding/json"
  5.     "fmt"
  6.     "k8s.io/client-go/util/jsonpath"
  7.     "reflect"
  8.     "strings"
  9. )
  10.  
  11. func redactFields(resource map[string]interface{}, annotation string) (map[string]interface{}, error) {
  12.     // Split annotation into JSONPath expressions
  13.     paths := strings.Split(annotation, ",")
  14.     j := jsonpath.New("redact")
  15.     j.AllowMissingKeys(true)
  16.  
  17.     for _, path := range paths {
  18.         err := j.Parse("{" + path + "}")
  19.         if err != nil {
  20.             return nil, fmt.Errorf("failed to parse JSONPath %s: %v", path, err)
  21.         }
  22.         results, err := j.FindResults(resource)
  23.         if err != nil {
  24.             continue
  25.         }
  26.         // Traverse and redact (simplified; real implementation needs recursive traversal)
  27.         for _, result := range results {
  28.             for _, r := range result {
  29.                 // Assuming r is a reflect.Value, replace with redacted value
  30.                 if r.IsValid() {
  31.                     // This is a placeholder; actual replacement requires traversing the map
  32.                     // For simplicity, assume we’re replacing a string field
  33.                     if r.Kind() == reflect.String {
  34.                         value := r.String()
  35.                         r.Set(reflect.ValueOf(fmt.Sprintf("REDACTED (len %d bytes)", len(value))))
  36.                     }
  37.                 }
  38.             }
  39.         }
  40.     }
  41.     return resource, nil
  42. }
  43.  
  44. func main() {
  45.     // Example Kubernetes resource
  46.     resource := map[string]interface{}{
  47.         "metadata": map[string]interface{}{
  48.             "annotations": map[string]interface{}{
  49.                 "werf.io/sensitive-paths": "$.data.*",
  50.             },
  51.         },
  52.         "data": map[string]interface{}{
  53.             "password": "secret123",
  54.             "token":    "abcxyz",
  55.         },
  56.     }
  57.  
  58.     annotation, ok := resource["metadata"].(map[string]interface{})["annotations"].(map[string]interface{})["werf.io/sensitive-paths"].(string)
  59.     if !ok {
  60.         fmt.Println("Annotation not found")
  61.         return
  62.     }
  63.  
  64.     redacted, err := redactFields(resource, annotation)
  65.     if err != nil {
  66.         fmt.Printf("Error: %v\n", err)
  67.         return
  68.     }
  69.  
  70.     output, err := json.MarshalIndent(redacted, "", "  ")
  71.     if err != nil {
  72.         fmt.Printf("Error marshaling: %v\n", err)
  73.         return
  74.     }
  75.     fmt.Println(string(output))
  76. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!