From c9fa36b9e8f29666d99b92851e4683c5b6afd9f0 Mon Sep 17 00:00:00 2001
From: Ming Fang <mingfang@mac.com>
Date: Thu, 9 Apr 2020 23:39:10 -0400
Subject: [PATCH] hide sensitive data in secrets

---
 k8s/k8s2tf_schema_visitor.go |  2 ++
 k8s/utils.go                 | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/k8s/k8s2tf_schema_visitor.go b/k8s/k8s2tf_schema_visitor.go
index 4209942..4fd4ab8 100644
--- a/k8s/k8s2tf_schema_visitor.go
+++ b/k8s/k8s2tf_schema_visitor.go
@@ -96,11 +96,13 @@ func (this *K8S2TFSchemaVisitor) VisitKind(proto *proto.Kind) {
 			schemaVisitor.Schema.Computed = false
 			schemaVisitor.Schema.Optional = false
 			schemaVisitor.Schema.ForceNew = IsForceNewField(path)
+			schemaVisitor.Schema.Sensitive = IsSensitive(path)
 		} else {
 			schemaVisitor.Schema.Required = false
 			schemaVisitor.Schema.Computed = true
 			schemaVisitor.Schema.Optional = true
 			schemaVisitor.Schema.ForceNew = IsForceNewField(path)
+			schemaVisitor.Schema.Sensitive = IsSensitive(path)
 		}
 
 		elements[ToSnake(key)] = &schemaVisitor.Schema
diff --git a/k8s/utils.go b/k8s/utils.go
index 16dfd8a..7f2b436 100644
--- a/k8s/utils.go
+++ b/k8s/utils.go
@@ -69,6 +69,20 @@ func IsSkipPath(path string) bool {
 	return false
 }
 
+var sensitivePaths = []*regexp.Regexp{
+	regexp.MustCompile(`k8s_core_.*_secret\.data`),
+}
+
+func IsSensitive(path string) bool {
+	for _, pattern := range sensitivePaths {
+		if pattern.MatchString(path) {
+			return true
+		}
+	}
+	return false
+}
+
+
 var keywords = []*regexp.Regexp{
 	regexp.MustCompile(`^provisioner`),
 }