1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-01-18 05:18:24 +02:00
sap-jenkins-library/pkg/cnbutils/privacy/privacy.go
Ralf Pannemans e7db09db12
feat(cnbBuild): added dockerimage to the telemetry data (#3501)
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
Co-authored-by: Sumit Kulhadia <sumit.kulhadia@sap.com>
Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
2022-02-16 13:28:51 +01:00

91 lines
2.2 KiB
Go

package privacy
import (
"strings"
containerName "github.com/google/go-containerregistry/pkg/name"
)
var allowedBuildpackSources = []struct {
registry, repositoryPrefix string
}{
// Paketo
{
registry: "gcr.io",
repositoryPrefix: "paketo-buildpacks/",
}, {
registry: "index.docker.io",
repositoryPrefix: "paketobuildpacks/",
},
// Google Buildpacks
{
registry: "gcr.io",
repositoryPrefix: "buildpacks/",
},
// Heroku
{
registry: "public.ecr.aws",
repositoryPrefix: "heroku-buildpacks/",
},
}
func FilterBuilder(builder string) string {
result := FilterBuildpacks([]string{builder})
return result[0]
}
// FilterBuildpacks filters a list of buildpacks to redact Personally Identifiable Information (PII) like the hostname of a personal registry
func FilterBuildpacks(buildpacks []string) []string {
result := make([]string, 0, len(buildpacks))
for _, buildpack := range buildpacks {
ref, err := containerName.ParseReference(strings.ToLower(buildpack))
if err != nil {
result = append(result, "<error>")
continue
}
registry := ref.Context().Registry.Name()
repository := ref.Context().RepositoryStr()
allowed := false
for _, allowedBuildpackSource := range allowedBuildpackSources {
if registry == allowedBuildpackSource.registry && strings.HasPrefix(repository, allowedBuildpackSource.repositoryPrefix) {
allowed = true
break
}
}
if allowed {
result = append(result, buildpack)
} else {
result = append(result, "<redacted>")
}
}
return result
}
var allowedEnvKeys = map[string]interface{}{
// Java
// https://github.com/paketo-buildpacks/sap-machine and https://github.com/paketo-buildpacks/bellsoft-liberica
"BP_JVM_VERSION": nil,
"BP_JVM_TYPE": nil,
// https://github.com/paketo-buildpacks/apache-tomcat
"BP_TOMCAT_VERSION": nil,
// Node
// https://github.com/paketo-buildpacks/node-engine
"BP_NODE_VERSION": nil,
}
// FilterEnv filters a map of environment variables to redact Personally Identifiable Information (PII)
func FilterEnv(in map[string]interface{}) map[string]interface{} {
out := map[string]interface{}{}
for key, value := range in {
_, allowed := allowedEnvKeys[key]
if allowed {
out[key] = value
}
}
return out
}