From fa2b01708c56bbded6d3da15e76757a334cd75be Mon Sep 17 00:00:00 2001
From: Michel Hollands <michel.hollands@grafana.com>
Date: Fri, 7 Jul 2023 14:04:56 +0100
Subject: [PATCH] Add regexes to filter out PII

Signed-off-by: Michel Hollands <michel.hollands@grafana.com>
---
 .../templates/agent/_helpers-agent.tpl           |  8 ++++++++
 .../meta-monitoring/templates/agent/config.yaml  | 16 +++++++++++++++-
 charts/meta-monitoring/values.yaml               |  3 +++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/charts/meta-monitoring/templates/agent/_helpers-agent.tpl b/charts/meta-monitoring/templates/agent/_helpers-agent.tpl
index aa4225a..906217b 100644
--- a/charts/meta-monitoring/templates/agent/_helpers-agent.tpl
+++ b/charts/meta-monitoring/templates/agent/_helpers-agent.tpl
@@ -17,6 +17,14 @@
 {{- join ", " $list }}
 {{- end }}
 
+{{- define "agent.loki_process_targets" -}}
+{{- if empty .Values.logs.piiregexes }}
+{{- include "agent.loki_write_targets" . }}
+{{- else }}
+{{- printf "loki.process.PII.receiver" }}
+{{- end }}
+{{- end }}
+
 {{- define "agent.prometheus_write_targets" -}}
 {{- $list := list }}
 {{- if .Values.local.metrics.enabled }}
diff --git a/charts/meta-monitoring/templates/agent/config.yaml b/charts/meta-monitoring/templates/agent/config.yaml
index c73d3e2..36424ee 100644
--- a/charts/meta-monitoring/templates/agent/config.yaml
+++ b/charts/meta-monitoring/templates/agent/config.yaml
@@ -40,8 +40,22 @@ data:
     {{- if or .Values.local.logs.enabled .Values.cloud.logs.enabled }}
     loki.source.kubernetes "pods" {
       targets    = discovery.relabel.rename_meta_labels.output
-      forward_to = [ {{ include "agent.loki_write_targets" . }} ]
+      forward_to = [ {{ include "agent.loki_process_targets" . }} ]
     }
+
+    {{- if not (empty .Values.logs.piiregexes) }}
+    loki.process "PII" {
+      forward_to = [ {{ include "agent.loki_write_targets" . }} ]
+
+      {{- range .Values.logs.piiregexes }}
+      stage.replace {
+        expression = "{{ . }}"
+        replace = "*****"
+      }
+      {{- end }}
+    }
+    {{- end }}
+
     {{- end }}
 
     {{- if or .Values.local.metrics.enabled .Values.cloud.metrics.enabled }}
diff --git a/charts/meta-monitoring/values.yaml b/charts/meta-monitoring/values.yaml
index 0eea3df..8336126 100644
--- a/charts/meta-monitoring/values.yaml
+++ b/charts/meta-monitoring/values.yaml
@@ -32,6 +32,9 @@ cloud:
     username:
     password:
 
+logs:
+  PIIregexes:
+
 global:
   minio:
     rootUser: "rootuser"