hide sensitive data in secrets

mingfang · Apr 10, 2020 · c9fa36b · c9fa36b
1 parent b8f89a6
commit c9fa36b
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/k8s/k8s2tf_schema_visitor.go b/k8s/k8s2tf_schema_visitor.go
@@ -96,11 +96,13 @@ func (this *K8S2TFSchemaVisitor) VisitKind(proto *proto.Kind) {
 			schemaVisitor.Schema.Computed = false
 			schemaVisitor.Schema.Optional = false
 			schemaVisitor.Schema.ForceNew = IsForceNewField(path)
+			schemaVisitor.Schema.Sensitive = IsSensitive(path)
 		} else {
 			schemaVisitor.Schema.Required = false
 			schemaVisitor.Schema.Computed = true
 			schemaVisitor.Schema.Optional = true
 			schemaVisitor.Schema.ForceNew = IsForceNewField(path)
+			schemaVisitor.Schema.Sensitive = IsSensitive(path)
 		}
 
 		elements[ToSnake(key)] = &schemaVisitor.Schema

diff --git a/k8s/utils.go b/k8s/utils.go
@@ -69,6 +69,20 @@ func IsSkipPath(path string) bool {
 	return false
 }
 
+var sensitivePaths = []*regexp.Regexp{
+	regexp.MustCompile(`k8s_core_.*_secret\.data`),
+}
+
+func IsSensitive(path string) bool {
+	for _, pattern := range sensitivePaths {
+		if pattern.MatchString(path) {
+			return true
+		}
+	}
+	return false
+}
+
+
 var keywords = []*regexp.Regexp{
 	regexp.MustCompile(`^provisioner`),
 }