-
Notifications
You must be signed in to change notification settings - Fork 214
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support to add a logfilter #183
Conversation
To implement log sanitization according to KEP-1753 we need to be able to install a LogFilter method that can replace the arguments to logging statements to prevent accidental leaking of secrets, certificates or passwords. The interface of the filter defines three functions for the three kinds of logging functions exposed by klog. ``` type LogFilter interface { Filter(args []interface{}) ([]interface{}) FilterF(format string, args []interface{}) (string,[]interface{}) FilterS(msg string, keysAndValues []interface{}) (string, []interface{}) } ```
/assign |
/assign @44past4 |
2534219
to
7d96b43
Compare
/lgtm |
/assign @justinsb |
/cc @dims |
/approve will leave LGTM to someone else! |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dims, rf232, serathius The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
@@ -1249,13 +1270,14 @@ func (l *loggingT) setV(pc uintptr) Level { | |||
type Verbose struct { | |||
enabled bool | |||
logr logr.Logger | |||
filter LogFilter |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why was filter added to Verbose and as parameter to all the other functions? That causes overhead and the only advantage that I see is that in the theoretic case that someone does V + SetFilter, the original filter will be used when logging through the Verbose instance. I'm not even sure whether that is desirable.
What this PR does / why we need it:
To implement log sanitization according to KEP-1753 we need to be able
to install a LogFilter method that can replace the arguments to logging
statements to prevent accidental leaking of secrets, certificates or
passwords.
Special notes for your reviewer:
https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/1753-logs-sanitization
Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
Release note: