From 1114eb4dadab973d24dec7a8dd582937beb46abc Mon Sep 17 00:00:00 2001
From: Andrii Dema <a.dema@jazzserve.com>
Date: Wed, 21 Jul 2021 16:38:20 +0300
Subject: [PATCH] PT-1926: pt-k8s-debug-collector should not collect passwords
 (#497)

https://jira.percona.com/browse/PT-1926

Save secrets only with configuration data
---
 .../pt-k8s-debug-collector/dumper/dumper.go   | 20 +++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/go/pt-k8s-debug-collector/dumper/dumper.go b/src/go/pt-k8s-debug-collector/dumper/dumper.go
index 2c2bd682..315c983e 100644
--- a/src/go/pt-k8s-debug-collector/dumper/dumper.go
+++ b/src/go/pt-k8s-debug-collector/dumper/dumper.go
@@ -39,7 +39,6 @@ func New(location, namespace, resource string) Dumper {
 		"replicationcontrollers",
 		"events",
 		"configmaps",
-		"secrets",
 		"cronjobs",
 		"jobs",
 		"podsecuritypolicies",
@@ -170,6 +169,13 @@ func (d *Dumper) DumpCluster() error {
 			if d.crType == "psmdb" {
 				component = "mongod"
 			}
+			if pod.Labels["app.kubernetes.io/instance"] != "" && pod.Labels["app.kubernetes.io/component"] != "" {
+				resource := "secret/" + pod.Labels["app.kubernetes.io/instance"] + "-" + pod.Labels["app.kubernetes.io/component"]
+				err = d.getResource(resource, ns.Name, true, tw)
+				if err != nil {
+					log.Printf("Error: get %s resource: %v", resource, err)
+				}
+			}
 			if pod.Labels["app.kubernetes.io/component"] == component {
 				output, err = d.getPodSummary(d.crType, pod.Name, pod.Labels["app.kubernetes.io/instance"], tw)
 				if err != nil {
@@ -189,14 +195,14 @@ func (d *Dumper) DumpCluster() error {
 		}
 
 		for _, resource := range d.resources {
-			err = d.getResource(resource, ns.Name, tw)
+			err = d.getResource(resource, ns.Name, false, tw)
 			if err != nil {
 				log.Printf("Error: get %s resource: %v", resource, err)
 			}
 		}
 	}
 
-	err = d.getResource("nodes", "", tw)
+	err = d.getResource("nodes", "", false, tw)
 	if err != nil {
 		return errors.Wrapf(err, "get nodes")
 	}
@@ -218,9 +224,12 @@ func (d *Dumper) runCmd(args ...string) ([]byte, error) {
 	return outb.Bytes(), nil
 }
 
-func (d *Dumper) getResource(name, namespace string, tw *tar.Writer) error {
+func (d *Dumper) getResource(name, namespace string, ignoreNotFound bool, tw *tar.Writer) error {
 	location := d.location
 	args := []string{"get", name, "-o", "yaml"}
+	if ignoreNotFound {
+		args = append(args, "--ignore-not-found")
+	}
 	if len(namespace) > 0 {
 		args = append(args, "--namespace", namespace)
 		location = filepath.Join(d.location, namespace)
@@ -233,6 +242,9 @@ func (d *Dumper) getResource(name, namespace string, tw *tar.Writer) error {
 		return addToArchive(location, d.mode, []byte(err.Error()), tw)
 	}
 
+	if ignoreNotFound && len(output) == 0 {
+		return nil
+	}
 	return addToArchive(location, d.mode, output, tw)
 }