Discover Redactors in Cluster (#827)

Adds the ability to search for support bundle specs and redactors, in both configmaps and secrets

cmd/troubleshoot/cli/root.go

@@ -47,7 +47,7 @@ from a server that can be used to assist when troubleshooting a Kubernetes clust
 	cmd.Flags().Bool("interactive", true, "enable/disable interactive mode")
 	cmd.Flags().Bool("collect-without-permissions", true, "always generate a support bundle, even if it some require additional permissions")
 	cmd.Flags().StringSliceP("selector", "l", []string{"troubleshoot.io/kind=supportbundle-spec"}, "selector to filter on for loading additional support bundle specs found in secrets within the cluster")
-	cmd.Flags().Bool("load-cluster-specs", false, "enable/disable loading additional support bundle specs found in secrets within the cluster. required when no specs are provided on the command line")
+	cmd.Flags().Bool("load-cluster-specs", false, "enable/disable loading additional troubleshoot specs found within the cluster. required when no specs are provided on the command line")
 	cmd.Flags().String("since-time", "", "force pod logs collectors to return logs after a specific date (RFC3339)")
 	cmd.Flags().String("since", "", "force pod logs collectors to return logs newer than a relative duration like 5s, 2m, or 3h.")
 	cmd.Flags().StringP("output", "o", "", "specify the output file path for the support bundle")

cmd/troubleshoot/cli/run.go

@@ -34,10 +34,6 @@ import (
 	"k8s.io/client-go/rest"
 )
 
-const (
-	SupportBundleSecretKey = "support-bundle-spec"
-)
-
 func runTroubleshoot(v *viper.Viper, arg []string) error {
 	if v.GetBool("load-cluster-specs") == false && len(arg) < 1 {
 		return errors.New("flag load-cluster-specs must be set if no specs are provided on the command line")
@@ -108,7 +104,7 @@ func runTroubleshoot(v *viper.Viper, arg []string) error {
 			mainBundle = supportbundle.ConcatSpec(mainBundle, supportBundle)
 		}
 
-		parsedRedactors, err := supportbundle.ParseRedactorsFromSpec(multidocs)
+		parsedRedactors, err := supportbundle.ParseRedactorsFromDocs(multidocs)
 		if err != nil {
 			return errors.Wrap(err, "failed to parse redactors from doc")
 		}
@@ -138,34 +134,69 @@ func runTroubleshoot(v *viper.Viper, arg []string) error {
 			return errors.Wrap(err, "failed to convert create k8s client")
 		}
 
-		bundlesFromSecrets, err := specs.LoadFromSecretMatchingLabel(client, parsedSelector.String(), namespace, SupportBundleSecretKey)
+		var bundlesFromCluster []string
+
+		// Search cluster for Troubleshoot objects in cluster
+		bundlesFromSecrets, err := specs.LoadFromSecretMatchingLabel(client, parsedSelector.String(), namespace, specs.SupportBundleKey)
 		if err != nil {
 			logger.Printf("failed to load support bundle spec from secrets: %s", err)
 		}
+		bundlesFromCluster = append(bundlesFromCluster, bundlesFromSecrets...)
 
-		if bundlesFromSecrets != nil {
-			for _, bundle := range bundlesFromSecrets {
-				multidocs := strings.Split(string(bundle), "\n---\n")
-				parsedBundlesFromSecrets, err := supportbundle.ParseSupportBundleFromDoc([]byte(multidocs[0]))
-				if err != nil {
-					logger.Printf("failed to parse support bundle spec:  %s", err)
-					continue
-				}
-
-				if mainBundle == nil {
-					mainBundle = parsedBundlesFromSecrets
-				} else {
-					mainBundle = supportbundle.ConcatSpec(mainBundle, parsedBundlesFromSecrets)
-				}
-
-				parsedRedactors, err := supportbundle.ParseRedactorsFromSpec(multidocs)
-				if err != nil {
-					logger.Printf("failed to parse redactors from doc:  %s", err)
-					continue
-				}
-				additionalRedactors.Spec.Redactors = append(additionalRedactors.Spec.Redactors, parsedRedactors...)
-			}
+		bundlesFromConfigMaps, err := specs.LoadFromConfigMapMatchingLabel(client, parsedSelector.String(), namespace, specs.SupportBundleKey)
+		if err != nil {
+			logger.Printf("failed to load support bundle spec from secrets: %s", err)
 		}
+		bundlesFromCluster = append(bundlesFromCluster, bundlesFromConfigMaps...)
+
+		for _, bundle := range bundlesFromCluster {
+			multidocs := strings.Split(string(bundle), "\n---\n")
+			parsedBundleFromSecret, err := supportbundle.ParseSupportBundleFromDoc([]byte(multidocs[0]))
+			if err != nil {
+				logger.Printf("failed to parse support bundle spec:  %s", err)
+				continue
+			}
+
+			if mainBundle == nil {
+				mainBundle = parsedBundleFromSecret
+			} else {
+				mainBundle = supportbundle.ConcatSpec(mainBundle, parsedBundleFromSecret)
+			}
+
+			parsedRedactors, err := supportbundle.ParseRedactorsFromDocs(multidocs)
+			if err != nil {
+				logger.Printf("failed to parse redactors from doc:  %s", err)
+				continue
+			}
+
+			additionalRedactors.Spec.Redactors = append(additionalRedactors.Spec.Redactors, parsedRedactors...)
+		}
+
+		var redactorsFromCluster []string
+
+		// Search cluster for Troubleshoot objects in ConfigMaps
+		redactorsFromSecrets, err := specs.LoadFromSecretMatchingLabel(client, parsedSelector.String(), namespace, specs.RedactorKey)
+		if err != nil {
+			logger.Printf("failed to load redactor specs from config maps: %s", err)
+		}
+		redactorsFromCluster = append(redactorsFromCluster, redactorsFromSecrets...)
+
+		redactorsFromConfigMaps, err := specs.LoadFromConfigMapMatchingLabel(client, parsedSelector.String(), namespace, specs.RedactorKey)
+		if err != nil {
+			logger.Printf("failed to load redactor specs from config maps: %s", err)
+		}
+		redactorsFromCluster = append(redactorsFromCluster, redactorsFromConfigMaps...)
+
+		for _, redactor := range redactorsFromCluster {
+			multidocs := strings.Split(string(redactor), "\n---\n")
+			parsedRedactors, err := supportbundle.ParseRedactorsFromDocs(multidocs)
+			if err != nil {
+				logger.Printf("failed to parse redactors from doc:  %s", err)
+			}
+
+			additionalRedactors.Spec.Redactors = append(additionalRedactors.Spec.Redactors, parsedRedactors...)
+		}
+
 		if mainBundle == nil {
 			return errors.New("no specs found in cluster")
 		}
@@ -302,7 +333,7 @@ the %s Admin Console to begin analysis.`
 			return nil
 		}
 
-		fmt.Printf("\n%s\n", response.ArchivePath)
+		fmt.Printf("%s\n", response.ArchivePath)
 		return nil
 	}
 

pkg/specs/configmaps.go

@@ -32,3 +32,22 @@ func LoadFromConfigMap(namespace string, configMapName string, key string) ([]by
 
 	return []byte(spec), nil
 }
+
+func LoadFromConfigMapMatchingLabel(client kubernetes.Interface, labelSelector string, namespace string, key string) ([]string, error) {
+	var configMapMatchingKey []string
+
+	configMaps, err := client.CoreV1().ConfigMaps(namespace).List(context.TODO(), metav1.ListOptions{LabelSelector: labelSelector})
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to search for configmaps in the cluster")
+	}
+
+	for _, configMap := range configMaps.Items {
+		spec, ok := configMap.Data[key]
+		if !ok {
+			continue
+		}
+		configMapMatchingKey = append(configMapMatchingKey, string(spec))
+	}
+
+	return configMapMatchingKey, nil
+}

pkg/specs/configmaps_test.go

@@ -0,0 +1,574 @@
+package specs
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	testclient "k8s.io/client-go/kubernetes/fake"
+)
+
+func Test_LoadFromConfigMapMatchingLabel(t *testing.T) {
+	type args struct {
+		ctx    context.Context
+		client kubernetes.Interface
+	}
+	tests := []struct {
+		name                    string
+		supportBundleConfigMaps []corev1.ConfigMap
+		want                    []string
+		wantErr                 bool
+	}{
+		{
+			name: "support bundle configmap with matching label and key",
+			supportBundleConfigMaps: []corev1.ConfigMap{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configmap",
+						Namespace: "default",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string]string{
+						"support-bundle-spec": `apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: test
+spec:
+  collectors:
+	- runPod:
+		name: "run-ping"
+		namespace: default
+		podSpec: 
+		  containers:
+		  - name: run-ping
+			image: busybox:1
+			command: ["ping"]
+			args: ["-w", "5", "www.google.com"]`,
+					},
+				},
+			},
+			want: []string{
+				`apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: test
+spec:
+  collectors:
+	- runPod:
+		name: "run-ping"
+		namespace: default
+		podSpec: 
+		  containers:
+		  - name: run-ping
+			image: busybox:1
+			command: ["ping"]
+			args: ["-w", "5", "www.google.com"]`,
+			},
+		},
+		{
+			name: "mutlidoc support bundle secret with matching label and key",
+			supportBundleConfigMaps: []corev1.ConfigMap{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configmap",
+						Namespace: "default",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string]string{
+						"support-bundle-spec": `apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: test
+spec:
+  collectors:
+	- runPod:
+		name: "run-ping"
+		namespace: default
+		podSpec: 
+		  containers:
+		  - name: run-ping
+			image: busybox:1
+			command: ["ping"]
+			args: ["-w", "5", "www.google.com"]
+---
+apiVersion: troubleshoot.sh/v1beta2
+kind: Redactor
+metadata:
+  name: Usernames
+spec:
+  redactors:
+  - name: Redact usernames in multiline JSON
+    removals:
+      regex:
+      - selector: '(?i)"name": *".*user[^\"]*"'
+        redactor: '(?i)("value": *")(?P<mask>.*[^\"]*)(")'`,
+					},
+				},
+			},
+			want: []string{
+				`apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: test
+spec:
+  collectors:
+	- runPod:
+		name: "run-ping"
+		namespace: default
+		podSpec: 
+		  containers:
+		  - name: run-ping
+			image: busybox:1
+			command: ["ping"]
+			args: ["-w", "5", "www.google.com"]
+---
+apiVersion: troubleshoot.sh/v1beta2
+kind: Redactor
+metadata:
+  name: Usernames
+spec:
+  redactors:
+  - name: Redact usernames in multiline JSON
+    removals:
+      regex:
+      - selector: '(?i)"name": *".*user[^\"]*"'
+        redactor: '(?i)("value": *")(?P<mask>.*[^\"]*)(")'`,
+			},
+		},
+		{
+			name: "support bundle configmap with missing label",
+			supportBundleConfigMaps: []corev1.ConfigMap{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configap",
+						Namespace: "default",
+					},
+					Data: map[string]string{
+						"support-bundle-spec": `apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: test
+spec:
+  collectors:
+  - data:
+      name: static/data.txt
+      data: |
+	    static data`,
+					},
+				},
+			},
+			want: []string(nil),
+		},
+		{
+			name: "support bundle configmap with matching label but wrong key",
+			supportBundleConfigMaps: []corev1.ConfigMap{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configmap",
+						Namespace: "default",
+					},
+					Data: map[string]string{
+						"support-bundle-specc": `apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: test
+spec:
+  collectors:
+  - data:
+      name: static/data.txt
+      data: |
+	    static data`,
+					},
+				},
+			},
+			want: []string(nil),
+		},
+		{
+			name: "multiple support bundle configmaps in the same namespace with matching label and key",
+			supportBundleConfigMaps: []corev1.ConfigMap{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configmap",
+						Namespace: "default",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string]string{
+						"support-bundle-spec": `apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: cluster-info
+spec:
+  collectors:
+  - clusterInfo: {}`,
+					},
+				},
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configmap-2",
+						Namespace: "default",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string]string{
+						"support-bundle-spec": `apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: cluster-resources
+spec:
+  collectors:
+  - clusterResources: {}`,
+					},
+				},
+			},
+			want: []string{
+				`apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: cluster-info
+spec:
+  collectors:
+  - clusterInfo: {}`,
+				`apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: cluster-resources
+spec:
+  collectors:
+  - clusterResources: {}`,
+			},
+		},
+		{
+			name: "multiple support bundle configmaps in different namespaces with matching label and key",
+			supportBundleConfigMaps: []corev1.ConfigMap{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configmap",
+						Namespace: "some-namespace",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string]string{
+						"support-bundle-spec": `apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: cluster-info
+spec:
+  collectors:
+  - clusterInfo: {}`,
+					},
+				},
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configmap-2",
+						Namespace: "some-namespace-2",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string]string{
+						"support-bundle-spec": `apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: cluster-resources
+spec:
+  collectors:
+  - clusterResources: {}`,
+					},
+				},
+			},
+			want: []string{
+				`apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: cluster-info
+spec:
+  collectors:
+  - clusterInfo: {}`,
+				`apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: cluster-resources
+spec:
+  collectors:
+  - clusterResources: {}`,
+			},
+		},
+		{
+			name: "multiple support bundle configmaps in different namespaces but only one with correct label and key",
+			supportBundleConfigMaps: []corev1.ConfigMap{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configmap",
+						Namespace: "some-namespace",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec-wrong",
+						},
+					},
+					Data: map[string]string{
+						"support-bundle-spec-wrong": `apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: cluster-info
+spec:
+  collectors:
+  - clusterInfo: {}`,
+					},
+				},
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configmap-2",
+						Namespace: "some-namespace-2",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string]string{
+						"support-bundle-spec": `apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: cluster-resources
+spec:
+  collectors:
+  - clusterResources: {}`,
+					},
+				},
+			},
+			want: []string{
+				`apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: cluster-resources
+spec:
+  collectors:
+  - clusterResources: {}`,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx := context.Background()
+			client := testclient.NewSimpleClientset()
+			for _, configmap := range tt.supportBundleConfigMaps {
+				_, err := client.CoreV1().ConfigMaps(configmap.Namespace).Create(ctx, &configmap, metav1.CreateOptions{})
+				require.NoError(t, err)
+			}
+			got, err := LoadFromConfigMapMatchingLabel(client, "troubleshoot.io/kind=supportbundle-spec", "", "support-bundle-spec")
+			if tt.wantErr {
+				assert.Error(t, err)
+			} else {
+				require.NoError(t, err)
+				assert.Equal(t, tt.want, got)
+			}
+		})
+	}
+}
+
+func TestUserProvidedNamespace_LoadFromConfigMapMatchingLabel(t *testing.T) {
+	type args struct {
+		ctx    context.Context
+		client kubernetes.Interface
+	}
+	tests := []struct {
+		name                    string
+		supportBundleConfigMaps []corev1.ConfigMap
+		want                    []string
+		wantErr                 bool
+	}{
+		{
+			name: "support bundle configmap with matching label and key in user provided namespace",
+			supportBundleConfigMaps: []corev1.ConfigMap{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configmap",
+						Namespace: "some-namespace",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string]string{
+						"support-bundle-spec": `apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: test
+spec:
+  collectors:
+  - data:
+      name: static/data.txt
+      data: |
+	    static data`,
+					},
+				},
+			},
+			want: []string{
+				`apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: test
+spec:
+  collectors:
+  - data:
+      name: static/data.txt
+      data: |
+	    static data`,
+			},
+		},
+		{
+			name: "support bundle configmap with matching label and key outside of user provided namespace",
+			supportBundleConfigMaps: []corev1.ConfigMap{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configmap",
+						Namespace: "not-your-namespace",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string]string{
+						"support-bundle-spec": `apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: test
+spec:
+  collectors:
+  - data:
+      name: static/data.txt
+      data: |
+	    static data`,
+					},
+				},
+			},
+			want: []string(nil),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx := context.Background()
+			client := testclient.NewSimpleClientset()
+			for _, configmap := range tt.supportBundleConfigMaps {
+				_, err := client.CoreV1().ConfigMaps(configmap.Namespace).Create(ctx, &configmap, metav1.CreateOptions{})
+				require.NoError(t, err)
+			}
+			got, err := LoadFromConfigMapMatchingLabel(client, "troubleshoot.io/kind=supportbundle-spec", "some-namespace", "support-bundle-spec")
+			if tt.wantErr {
+				assert.Error(t, err)
+			} else {
+				require.NoError(t, err)
+				assert.Equal(t, tt.want, got)
+			}
+		})
+	}
+}
+
+func TestRedactors_LoadFromConfigMapMatchingLabel(t *testing.T) {
+	type args struct {
+		ctx    context.Context
+		client kubernetes.Interface
+	}
+	tests := []struct {
+		name                    string
+		supportBundleConfigMaps []corev1.ConfigMap
+		want                    []string
+		wantErr                 bool
+	}{
+		{
+			name: "redactor configmap with matching label and key",
+			supportBundleConfigMaps: []corev1.ConfigMap{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configmap",
+						Namespace: "default",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string]string{
+						"redactor-spec": `apiVersion: troubleshoot.sh/v1beta2
+kind: Redactor
+metadata:
+  name: redact-some-content
+spec:
+  redactors:
+  - name: replace some-content
+    fileSelector:
+      file: result.json
+    removals:
+      values:
+      - some-content`,
+					},
+				},
+			},
+			want: []string{
+				`apiVersion: troubleshoot.sh/v1beta2
+kind: Redactor
+metadata:
+  name: redact-some-content
+spec:
+  redactors:
+  - name: replace some-content
+    fileSelector:
+      file: result.json
+    removals:
+      values:
+      - some-content`,
+			},
+		},
+		{
+			name: "redactor configmap with matching label but wrong key",
+			supportBundleConfigMaps: []corev1.ConfigMap{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "configmap",
+						Namespace: "default",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string]string{
+						"redactor-spec-wrong": `apiVersion: troubleshoot.sh/v1beta2
+kind: Redactor
+metadata:
+  name: redact-some-content
+spec:
+  redactors:
+  - name: replace some-content
+    fileSelector:
+      file: result.json
+    removals:
+      values:
+      - some-content`,
+					},
+				},
+			},
+			want: []string(nil),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx := context.Background()
+			client := testclient.NewSimpleClientset()
+			for _, configmap := range tt.supportBundleConfigMaps {
+				_, err := client.CoreV1().ConfigMaps(configmap.Namespace).Create(ctx, &configmap, metav1.CreateOptions{})
+				require.NoError(t, err)
+			}
+			got, err := LoadFromConfigMapMatchingLabel(client, "troubleshoot.io/kind=supportbundle-spec", "", "redactor-spec")
+			if tt.wantErr {
+				assert.Error(t, err)
+			} else {
+				require.NoError(t, err)
+				assert.Equal(t, tt.want, got)
+			}
+		})
+	}
+}

pkg/specs/secrets.go

@@ -5,7 +5,6 @@ import (
 
 	"github.com/pkg/errors"
 	"github.com/replicatedhq/troubleshoot/pkg/k8sutil"
-	"github.com/replicatedhq/troubleshoot/pkg/logger"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 )
@@ -45,7 +44,6 @@ func LoadFromSecretMatchingLabel(client kubernetes.Interface, labelSelector stri
 	for _, secret := range secrets.Items {
 		spec, ok := secret.Data[key]
 		if !ok {
-			logger.Printf("expected key of %s not found in secret %s, skipping\n", key, secret.Name)
 			continue
 		}
 		secretsMatchingKey = append(secretsMatchingKey, string(spec))

pkg/specs/secrets_test.go

@@ -71,6 +71,78 @@ spec:
 			args: ["-w", "5", "www.google.com"]`,
 			},
 		},
+		{
+			name: "mutlidoc support bundle secret with matching label and key",
+			supportBundleSecrets: []corev1.Secret{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "secret",
+						Namespace: "default",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string][]byte{
+						"support-bundle-spec": []byte(`apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: test
+spec:
+  collectors:
+	- runPod:
+		name: "run-ping"
+		namespace: default
+		podSpec: 
+		  containers:
+		  - name: run-ping
+			image: busybox:1
+			command: ["ping"]
+			args: ["-w", "5", "www.google.com"]
+---
+apiVersion: troubleshoot.sh/v1beta2
+kind: Redactor
+metadata:
+  name: Usernames
+spec:
+  redactors:
+  - name: Redact usernames in multiline JSON
+    removals:
+      regex:
+      - selector: '(?i)"name": *".*user[^\"]*"'
+        redactor: '(?i)("value": *")(?P<mask>.*[^\"]*)(")'`),
+					},
+				},
+			},
+			want: []string{
+				`apiVersion: troubleshoot.sh/v1beta2
+kind: SupportBundle
+metadata:
+  name: test
+spec:
+  collectors:
+	- runPod:
+		name: "run-ping"
+		namespace: default
+		podSpec: 
+		  containers:
+		  - name: run-ping
+			image: busybox:1
+			command: ["ping"]
+			args: ["-w", "5", "www.google.com"]
+---
+apiVersion: troubleshoot.sh/v1beta2
+kind: Redactor
+metadata:
+  name: Usernames
+spec:
+  redactors:
+  - name: Redact usernames in multiline JSON
+    removals:
+      regex:
+      - selector: '(?i)"name": *".*user[^\"]*"'
+        redactor: '(?i)("value": *")(?P<mask>.*[^\"]*)(")'`,
+			},
+		},
 		{
 			name: "support bundle secret with missing label",
 			supportBundleSecrets: []corev1.Secret{
@@ -398,3 +470,105 @@ spec:
 		})
 	}
 }
+
+func TestRedactors_LoadFromSecretMatchingLabel(t *testing.T) {
+	type args struct {
+		ctx    context.Context
+		client kubernetes.Interface
+	}
+	tests := []struct {
+		name                 string
+		supportBundleSecrets []corev1.Secret
+		want                 []string
+		wantErr              bool
+	}{
+		{
+			name: "redactor secret with matching label and key",
+			supportBundleSecrets: []corev1.Secret{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "secret",
+						Namespace: "default",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string][]byte{
+						"redactor-spec": []byte(`apiVersion: troubleshoot.sh/v1beta2
+kind: Redactor
+metadata:
+  name: redact-some-content
+spec:
+  redactors:
+  - name: replace some-content
+    fileSelector:
+      file: result.json
+    removals:
+      values:
+      - some-content`),
+					},
+				},
+			},
+			want: []string{
+				`apiVersion: troubleshoot.sh/v1beta2
+kind: Redactor
+metadata:
+  name: redact-some-content
+spec:
+  redactors:
+  - name: replace some-content
+    fileSelector:
+      file: result.json
+    removals:
+      values:
+      - some-content`,
+			},
+		},
+		{
+			name: "redactor secret with matching label but wrong key",
+			supportBundleSecrets: []corev1.Secret{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "secret",
+						Namespace: "default",
+						Labels: map[string]string{
+							"troubleshoot.io/kind": "supportbundle-spec",
+						},
+					},
+					Data: map[string][]byte{
+						"redactor-spec-wrong": []byte(`apiVersion: troubleshoot.sh/v1beta2
+kind: Redactor
+metadata:
+  name: redact-some-content
+spec:
+  redactors:
+  - name: replace some-content
+    fileSelector:
+      file: result.json
+    removals:
+      values:
+      - some-content`),
+					},
+				},
+			},
+			want: []string(nil),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx := context.Background()
+			client := testclient.NewSimpleClientset()
+			for _, secret := range tt.supportBundleSecrets {
+				_, err := client.CoreV1().Secrets(secret.Namespace).Create(ctx, &secret, metav1.CreateOptions{})
+				require.NoError(t, err)
+			}
+			got, err := LoadFromSecretMatchingLabel(client, "troubleshoot.io/kind=supportbundle-spec", "", "redactor-spec")
+			if tt.wantErr {
+				assert.Error(t, err)
+			} else {
+				require.NoError(t, err)
+				assert.Equal(t, tt.want, got)
+			}
+		})
+	}
+}

pkg/specs/specs.go

@@ -0,0 +1,6 @@
+package specs
+
+const (
+	SupportBundleKey = "support-bundle-spec"
+	RedactorKey      = "redactor-spec"
+)

pkg/supportbundle/load.go

@@ -248,23 +248,22 @@ func loadSpecFromURL(arg string) ([]byte, error) {
 	}
 }
 
-func ParseRedactorsFromSpec(docs []string) ([]*troubleshootv1beta2.Redact, error) {
+func ParseRedactorsFromDocs(docs []string) ([]*troubleshootv1beta2.Redact, error) {
 	var redactors []*troubleshootv1beta2.Redact
 
 	decode := scheme.Codecs.UniversalDeserializer().Decode
 
-	for i, additionalDoc := range docs {
-		if i == 0 {
-			continue
-		}
-		additionalDoc, err := docrewrite.ConvertToV1Beta2([]byte(additionalDoc))
+	for i, doc := range docs {
+		doc, err := docrewrite.ConvertToV1Beta2([]byte(doc))
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to convert to v1beta2")
 		}
-		obj, _, err := decode(additionalDoc, nil, nil)
+
+		obj, _, err := decode(doc, nil, nil)
 		if err != nil {
-			return nil, errors.Wrapf(err, "failed to parse additional doc %d", i)
+			return nil, errors.Wrapf(err, "failed to parse redactor from doc %d", i)
 		}
+
 		multidocRedactors, ok := obj.(*troubleshootv1beta2.Redactor)
 		if !ok {
 			continue