Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redact commands and args while logging Pod manifest #1200

Merged
merged 5 commits into from
Jan 28, 2022
Merged

Redact commands and args while logging Pod manifest #1200

merged 5 commits into from
Jan 28, 2022

Conversation

PrasadG193
Copy link
Contributor

@PrasadG193 PrasadG193 commented Jan 21, 2022
edited

Change Overview

This PR adds a helper function that can be used to log pod object manifest safely by hiding the commands and args field values which can hold sensitive info.

Pull request type

Please check the type of change your PR introduces:

  • 🚧 Work in Progress
  • 🌈 Refactoring (no functional changes, no api changes)
  • 🐹 Trivial/Minor
  • 🐛 Bugfix
  • 🌻 Feature
  • 🗺️ Documentation
  • 🤖 Test

Test Plan

  • 💪 Manual
  • ⚡ Unit test
  • 💚 E2E
$ go test -v -check.f="TestSafeDumpPodObject" .
=== RUN   Test
OK: 1 passed
--- PASS: Test (0.00s)
PASS
ok      github.com/kanisterio/kanister/pkg/log  0.008s

@PrasadG193
Redact commands and args while logging Pod manifest
bdaa266 
Signed-off-by: Prasad Ghangal <prasad.ghangal@gmail.com>
pavannd1
pavannd1 approved these changes Jan 25, 2022
View reviewed changes
Copy link
Contributor

@pavannd1 pavannd1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pavannd1
pavannd1 reviewed Jan 26, 2022
View reviewed changes
pkg/log/log.go Outdated Show resolved Hide resolved
@PrasadG193 @pavannd1
Update pkg/log/log.go
9fa3172 
Co-authored-by: Pavan Navarathna <pavan@kasten.io>
@pavannd1 pavannd1 added kueue and removed kueue labels Jan 28, 2022
@mergify mergify bot merged commit 4da55be into master Jan 28, 2022
@mergify mergify bot deleted the log-hide-pod-cmd branch January 28, 2022 03:15
julio-lopez
julio-lopez reviewed Feb 3, 2022
View reviewed changes
pkg/log/log.go

// SafeDumpPodObject redacts commands and args in Pod manifest to hide sensitive info,
// converts Pod object into string and returns it
func SafeDumpPodObject(pod *v1.Pod) string {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function modifies pod. Either:

  • it should be noted in the function documentation; or
  • the function should create a deep copy.

This is not an issue in the current usage of this function. But, if the function were to be reused elsewhere, this is surprising behavior and it may actually introduce software defects (a.k.a bugs).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense. Thanks a lot for letting me know. I will keep that in mind. Also, will fix this in the follow-up

@ihcsim ihcsim mentioned this pull request Jul 4, 2022
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@julio-lopez julio-lopez julio-lopez left review comments

@pavannd1 pavannd1 pavannd1 approved these changes

@viveksinghggits viveksinghggits Awaiting requested review from viveksinghggits

Assignees
No one assigned
Labels
kueue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@PrasadG193 @julio-lopez @pavannd1