Add env vars obfuscation to pod recording

Author: ncaak

pkg/gatherers/clusterconfig/operators_pods_and_events.go

@@ -22,6 +22,7 @@ import (
 	"github.com/openshift/insights-operator/pkg/record"
 	"github.com/openshift/insights-operator/pkg/recorder"
 	"github.com/openshift/insights-operator/pkg/utils"
+	"github.com/openshift/insights-operator/pkg/utils/anonymize"
 	"github.com/openshift/insights-operator/pkg/utils/check"
 	"github.com/openshift/insights-operator/pkg/utils/marshal"
 )
@@ -217,6 +218,8 @@ func gatherPodsAndTheirContainersLogs(ctx context.Context,
 	for _, pod := range pods {
 		// if pod is not healthy then record its definition and try to get previous log
 		if !check.IsHealthyPod(pod, time.Now()) {
+			anonymize.SensitiveEnvVars(pod.Spec.Containers)
+
 			records = append(records, record.Record{
 				Name: fmt.Sprintf("config/pod/%s/%s", pod.Namespace, pod.Name),
 				Item: record.ResourceMarshaller{Resource: pod},

pkg/gatherers/clusterconfig/version.go

@@ -78,6 +78,7 @@ func getClusterVersion(ctx context.Context,
 	}
 	for i := range pods.Items {
 		pod := &pods.Items[i]
+		anonymize.SensitiveEnvVars(pod.Spec.Containers)
 
 		// TODO: shift after IsHealthyPod
 		records = append(records, record.Record{

pkg/gatherers/conditional/gather_pod_definition.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/openshift/insights-operator/pkg/gatherers"
 	"github.com/openshift/insights-operator/pkg/record"
+	"github.com/openshift/insights-operator/pkg/utils/anonymize"
 )
 
 // BuildGatherPodDefinition collects pod definition from pods that are firing one of the configured alerts.
@@ -76,6 +77,7 @@ func (g *Gatherer) gatherPodDefinition(
 			errs = append(errs, err)
 			continue
 		}
+		anonymize.SensitiveEnvVars(pod.Spec.Containers)
 
 		records = append(records, record.Record{
 			Name: fmt.Sprintf(