fix CI job for leak-report (!2738) · Merge requests · Sylva-projects / sylva-core

this MR refactors the whitelisting code to allow partial matches of following secret names after analyzed leaks report and Failed on the CI:

sensitive ones:

REGISTRY_CREDENTIAL_PASSWORD from harbor-jobservice : https://gitlab.com/sylva-projects/sylva-core/-/issues/1332
"secretKey" and "REGISTRY_CREDENTIAL_PASSWORD" from harbor-core https://gitlab.com/sylva-projects/sylva-core/-/issues/1332

non sensitive ones:

"tls.crt"
"ca.crt"
"extra-ca-certs.pem"
"ca-file.pem"

the leak report format has been updated to have a report more usable in this MR.

now the leak are reported as followd in the report:

{'pod': 'metal3-metal3-ironic-bc4b98657-hhwhg', 'namespace': 'metal3-system', 'leak': {'secret': 'ironic-inspector-basic-auth', 'key': 'htpasswd'}, 'secret': 'ironic:$2a$10$4klNMCl7XUD847Ta3bj0Qu/WthBdt4V.uSYfCZXST5vxdQDY0IVmG'}

name of the pod

name of the namespace

the secret, its key and its value

Closes #1526 (closed)

Edited Sep 13, 2024 by Samuel Bartel

fix CI job for leak-report

Merge request reports