Make redaction of common keys in diagnostics case insensitive

andrzej-stencel commented 1 day ago

What does this PR do?

Changes the redaction of common keys like "password" to be case insensitive. This means keys like "PASSWORD" and "PassWord" will also be redacted.

Why is it important?

To prevent leaking secrets into diagnostics.

Checklist

[x] My code follows the style guidelines of this project
~~[ ] I have commented my code, particularly in hard-to-understand areas~~
~~[ ] I have made corresponding changes to the documentation~~
- I couldn't find any docs on diagnostics redaction
~~[ ] I have made corresponding change to the default configuration files~~
[x] I have added tests that prove my fix is effective or that my feature works
[x] I have added an entry in ./changelog/fragments using the changelog tool
~~[ ] I have added an integration test or an E2E test~~

Disruptive User Impact

This may cause keys that were previously not redacted to be redacted after the change. For example, the "Key" substring may be common in configuration keys that don't need redaction.

How to test this PR locally

cd internal/pkg/diagnostics
go test .

andrzej-stencel commented 1 day ago

Should this be backported into 8.16? I marked this as an "enhancement", but maybe it is a bug fix?

elasticmachine commented 1 day ago

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

pkoutsovasilis commented 1 day ago

AFAICT unit-test fail because otel collector never reports healthy (unrelated to this PR) and the serverless ones are due to the BK agent (Error: error creating test runner: error checking region setting: Non-201 status code returned by server: 503)?!