feat: add support for exceptions to annotations

jackhodgkiss · jackhodgkiss · commit 84ee860aa986 · 2023-12-29T12:35:28.000Z
Some secrets when redacted are rejected due to invalid characters. One example of this would `prometheus_bcrypt_salt` which is rejected due to the use of underscores. Therefore the solution is to add support for exceptions to the standard annotation format. See: https://github.com/ansible/ansible/blob/devel/lib/ansible/utils/encrypt.py#L118C46-L118C46
diff --git a/utils/kayobe-automation-redact b/utils/kayobe-automation-redact
@@ -5,11 +5,18 @@ import hashlib
 import base64
 import sys
 
+annotation_exceptions = {
+    'prometheus_bcrypt_salt': 'prometheusbcryptsalt'
+}
+
 def annotate(ctx, value):
   if not isinstance(value, str):
     return value
   path_str = map(str, ctx['path'])
-  return f"{'.'.join(path_str)}.{ value }"
+  if path_str in annotation_exceptions:
+    return f"{'.'.join(annotation_exceptions['prometheus_bcrypt_salt'])}.{value}"
+  else:
+    return f"{'.'.join(path_str)}.{ value }"
 
 def redact_int(ctx, x):
     # For numbers we can't indicate change with a string, so use sentinal values
