Skip to content

Commit

Permalink
Elide sensitive kubernetes flags from the logs
Browse files Browse the repository at this point in the history
  • Loading branch information
Alfonso Acosta committed Aug 18, 2016
1 parent 4b0f152 commit 3d124f9
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 6 deletions.
17 changes: 12 additions & 5 deletions prog/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,16 @@ var (
// set at build time
version = "dev"
// tokens to be elided when logging
serviceTokenFlag = "service-token"
probeTokenFlag = "probe.token"
sensitiveFlags = []string{serviceTokenFlag, probeTokenFlag}
serviceTokenFlag = "service-token"
probeTokenFlag = "probe.token"
kubernetesPasswordFlag = "probe.kubernetes.password"
kubernetesTokenFlag = "probe.kubernetes.token"
sensitiveFlags = []string{
serviceTokenFlag,
probeTokenFlag,
kubernetesPasswordFlag,
kubernetesTokenFlag,
}
)

type prefixFormatter struct {
Expand Down Expand Up @@ -209,9 +216,9 @@ func main() {
flag.StringVar(&flags.probe.kubernetesConfig.Context, "probe.kubernetes.context", "", "The name of the kubeconfig context to use")
flag.BoolVar(&flags.probe.kubernetesConfig.Insecure, "probe.kubernetes.insecure-skip-tls-verify", false, "If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure")
flag.StringVar(&flags.probe.kubernetesConfig.Kubeconfig, "probe.kubernetes.kubeconfig", "", "Path to the kubeconfig file to use")
flag.StringVar(&flags.probe.kubernetesConfig.Password, "probe.kubernetes.password", "", "Password for basic authentication to the API server")
flag.StringVar(&flags.probe.kubernetesConfig.Password, kubernetesPasswordFlag, "", "Password for basic authentication to the API server")
flag.StringVar(&flags.probe.kubernetesConfig.Server, "probe.kubernetes.server", "", "The address and port of the Kubernetes API server")
flag.StringVar(&flags.probe.kubernetesConfig.Token, "probe.kubernetes.token", "", "Bearer token for authentication to the API server")
flag.StringVar(&flags.probe.kubernetesConfig.Token, kubernetesTokenFlag, "", "Bearer token for authentication to the API server")
flag.StringVar(&flags.probe.kubernetesConfig.User, "probe.kubernetes.user", "", "The name of the kubeconfig user to use")
flag.StringVar(&flags.probe.kubernetesConfig.Username, "probe.kubernetes.username", "", "Username for basic authentication to the API server")

Expand Down
1 change: 0 additions & 1 deletion prog/probe.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,6 @@ func probeMain(flags probeFlags) {
hostID = hostName // TODO(pb): we should sanitize the hostname
)
log.Infof("probe starting, version %s, ID %s", version, probeID)
log.Infof("command line: %v", os.Args)
checkpointFlags := map[string]string{}
if flags.kubernetesEnabled {
checkpointFlags["kubernetes_enabled"] = "true"
Expand Down

0 comments on commit 3d124f9

Please sign in to comment.