Rename to align with other obfuscator configs

DataDog · Nov 6, 2024 · 3307086 · 3307086
1 parent 241236c
commit 3307086
Show file tree

Hide file tree

Showing 7 changed files with 18 additions and 18 deletions.
diff --git a/cmd/trace-agent/test/testsuite/cards_test.go b/cmd/trace-agent/test/testsuite/cards_test.go
@@ -93,7 +93,7 @@ apm_config:
   obfuscation:
     credit_cards:
       enabled: false
-      skip_keys: ["credit_card_number"]`),
+      keep_values: ["credit_card_number"]`),
 			out:     "4166 6766 6766 6746",
 			version: "v0.5",
 		},

diff --git a/pkg/config/setup/apm.go b/pkg/config/setup/apm.go
@@ -152,7 +152,7 @@ func setupAPM(config pkgconfigmodel.Setup) {
 	config.BindEnv("apm_config.install_time", "DD_INSTRUMENTATION_INSTALL_TIME")
 	config.BindEnv("apm_config.obfuscation.credit_cards.enabled", "DD_APM_OBFUSCATION_CREDIT_CARDS_ENABLED")
 	config.BindEnv("apm_config.obfuscation.credit_cards.luhn", "DD_APM_OBFUSCATION_CREDIT_CARDS_LUHN")
-	config.BindEnv("apm_config.obfuscation.credit_cards.skip_keys", "DD_APM_OBFUSCATION_CREDIT_CARDS_SKIP_KEYS")
+	config.BindEnv("apm_config.obfuscation.credit_cards.keep_values", "DD_APM_OBFUSCATION_CREDIT_CARDS_KEEP_VALUES")
 	config.BindEnvAndSetDefault("apm_config.debug.port", 5012, "DD_APM_DEBUG_PORT")
 	config.BindEnv("apm_config.features", "DD_APM_FEATURES")
 	config.ParseEnvAsStringSlice("apm_config.features", func(s string) []string {
@@ -184,7 +184,7 @@ func setupAPM(config pkgconfigmodel.Setup) {
 	config.ParseEnvAsStringSlice("apm_config.filter_tags.reject", parseKVList("apm_config.filter_tags.reject"))
 	config.ParseEnvAsStringSlice("apm_config.filter_tags_regex.require", parseKVList("apm_config.filter_tags_regex.require"))
 	config.ParseEnvAsStringSlice("apm_config.filter_tags_regex.reject", parseKVList("apm_config.filter_tags_regex.reject"))
-	config.ParseEnvAsStringSlice("apm_config.obfuscation.credit_cards.skip_keys", parseKVList("apm_config.obfuscation.credit_cards.skip_keys"))
+	config.ParseEnvAsStringSlice("apm_config.obfuscation.credit_cards.keep_values", parseKVList("apm_config.obfuscation.credit_cards.keep_values"))
 	config.ParseEnvAsSliceMapString("apm_config.replace_tags", func(in string) []map[string]string {
 		var out []map[string]string
 		if err := json.Unmarshal([]byte(in), &out); err != nil {

diff --git a/pkg/flare/envvars.go b/pkg/flare/envvars.go
@@ -88,7 +88,7 @@ var allowedEnvvarNames = []string{
 	"DD_APM_SYMDB_DD_URL",
 	"DD_APM_OBFUSCATION_CREDIT_CARDS_ENABLED",
 	"DD_APM_OBFUSCATION_CREDIT_CARDS_LUHN",
-	"DD_APM_OBFUSCATION_CREDIT_CARDS_SKIP_KEYS",
+	"DD_APM_OBFUSCATION_CREDIT_CARDS_KEEP_VALUES",
 	"DD_APM_OBFUSCATION_ELASTICSEARCH_ENABLED",
 	"DD_APM_OBFUSCATION_ELASTICSEARCH_KEEP_VALUES",
 	"DD_APM_OBFUSCATION_ELASTICSEARCH_OBFUSCATE_SQL_VALUES",

diff --git a/pkg/obfuscate/credit_cards.go b/pkg/obfuscate/credit_cards.go
@@ -11,18 +11,18 @@ import (
 
 // creditCard maintains credit card obfuscation state and processing.
 type creditCard struct {
-	luhn     bool
-	skipKeys map[string]struct{}
+	luhn       bool
+	keepValues map[string]struct{}
 }
 
 func newCCObfuscator(config *CreditCardsConfig) *creditCard {
-	skipKeys := make(map[string]struct{}, len(config.SkipKeys))
-	for _, sk := range config.SkipKeys {
-		skipKeys[sk] = struct{}{}
+	keepValues := make(map[string]struct{}, len(config.KeepValues))
+	for _, sk := range config.KeepValues {
+		keepValues[sk] = struct{}{}
 	}
 	return &creditCard{
-		luhn:     config.Luhn,
-		skipKeys: skipKeys,
+		luhn:       config.Luhn,
+		keepValues: keepValues,
 	}
 }
 
@@ -63,7 +63,7 @@ func (o *Obfuscator) ObfuscateCreditCardNumber(key, val string) string {
 	if strings.HasPrefix(key, "_") {
 		return val
 	}
-	if _, ok := o.ccObfuscator.skipKeys[key]; ok {
+	if _, ok := o.ccObfuscator.keepValues[key]; ok {
 		return val
 	}
 	if o.ccObfuscator.IsCardNumber(val) {

diff --git a/pkg/obfuscate/credit_cards_test.go b/pkg/obfuscate/credit_cards_test.go
@@ -273,9 +273,9 @@ func TestIINIsSensitive(t *testing.T) {
 	})
 }
 
-func TestCCSkipKeys(t *testing.T) {
+func TestCCKeepValues(t *testing.T) {
 	possibleCard := "378282246310005"
-	o := NewObfuscator(Config{CreditCard: CreditCardsConfig{Enabled: true, SkipKeys: []string{"skip_me"}}})
+	o := NewObfuscator(Config{CreditCard: CreditCardsConfig{Enabled: true, KeepValues: []string{"skip_me"}}})
 
 	assert.Equal(t, possibleCard, o.ObfuscateCreditCardNumber("skip_me", possibleCard))
 	assert.Equal(t, "?", o.ObfuscateCreditCardNumber("obfuscate_me", possibleCard))

diff --git a/pkg/obfuscate/obfuscate.go b/pkg/obfuscate/obfuscate.go
@@ -265,9 +265,9 @@ type CreditCardsConfig struct {
 	// It reduces false positives, but increases the CPU time X3.
 	Luhn bool `mapstructure:"luhn"`
 
-	// SkipKeys specifies tag keys that are known to not ever contain credit cards
-	// and can therefore be skipped.
-	SkipKeys []string `mapstructure:"skip_keys"`
+	// KeepValues specifies tag keys that are known to not ever contain credit cards
+	// and therefore their values can be kept.
+	KeepValues []string `mapstructure:"keep_values"`
 }
 
 // NewObfuscator creates a new obfuscator

diff --git a/releasenotes/notes/CCObfSkipKeys-b639ee1a05455030.yaml b/releasenotes/notes/CCObfSkipKeys-b639ee1a05455030.yaml
@@ -9,6 +9,6 @@
 
 features:
   - |
-    APM: New configuration apm_config.obfuscation.credit_cards.skip_keys (DD_APM_OBFUSCATION_CREDIT_CARDS_SKIP_KEYS)
+    APM: New configuration apm_config.obfuscation.credit_cards.keep_values (DD_APM_OBFUSCATION_CREDIT_CARDS_KEEP_VALUES)
     can be used to skip specific tag keys that are known to never contain credit card numbers. This is especially useful
     in cases where a span tag value is a number that triggers false positives from the credit card obfuscator.