You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by zh...@apache.org on 2022/12/02 08:57:16 UTC
[apisix-ingress-controller] branch master updated: fix:sanitize log output when exposing sensitive values (#1480)
This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git
The following commit(s) were added to refs/heads/master by this push:
new ed92690f fix:sanitize log output when exposing sensitive values (#1480)
ed92690f is described below
commit ed92690f5aabb4ece4b92d860d72d85bdfa23db0
Author: Marco Aurelio Caldas Miranda <17...@users.noreply.github.com>
AuthorDate: Fri Dec 2 09:57:10 2022 +0100
fix:sanitize log output when exposing sensitive values (#1480)
---
cmd/ingress/ingress.go | 10 +++++++---
cmd/ingress/ingress_test.go | 2 +-
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/cmd/ingress/ingress.go b/cmd/ingress/ingress.go
index ceda324d..2b2b9a6e 100644
--- a/cmd/ingress/ingress.go
+++ b/cmd/ingress/ingress.go
@@ -129,9 +129,13 @@ the apisix cluster and others are created`,
log.Info("version:\n", version.Long())
- data, err := json.MarshalIndent(cfg, "", "\t")
+ // We should make sure that the cfg that's logged out is sanitized.
+ cfgCopy := new(config.Config)
+ *cfgCopy = *cfg
+ cfgCopy.APISIX.DefaultClusterAdminKey = "******"
+ data, err := json.MarshalIndent(cfgCopy, "", " ")
if err != nil {
- dief("failed to show configuration: %s", string(data))
+ dief("failed to marshal configuration: %s", err)
}
log.Info("use configuration\n", string(data))
@@ -165,7 +169,7 @@ the apisix cluster and others are created`,
cmd.PersistentFlags().StringVar(&cfg.HTTPListen, "http-listen", ":8080", "the HTTP Server listen address")
cmd.PersistentFlags().StringVar(&cfg.HTTPSListen, "https-listen", ":8443", "the HTTPS Server listen address")
cmd.PersistentFlags().StringVar(&cfg.IngressPublishService, "ingress-publish-service", "",
- `the controller will use the Endpoint of this Service to update the status information of the Ingress resource.
+ `the controller will use the Endpoint of this Service to update the status information of the Ingress resource.
The format is "namespace/svc-name" to solve the situation that the data plane and the controller are not deployed in the same namespace.`)
cmd.PersistentFlags().StringSliceVar(&cfg.IngressStatusAddress, "ingress-status-address", []string{},
`when there is no available information on the Service used for publishing on the data plane,
diff --git a/cmd/ingress/ingress_test.go b/cmd/ingress/ingress_test.go
index 43636dd4..7b5e5341 100644
--- a/cmd/ingress/ingress_test.go
+++ b/cmd/ingress/ingress_test.go
@@ -149,7 +149,7 @@ func TestNewIngressCommandEffectiveLog(t *testing.T) {
assert.Equal(t, true, cfg.EnableProfiling)
assert.Equal(t, "/foo/bar/baz", cfg.Kubernetes.Kubeconfig)
assert.Equal(t, types.TimeDuration{Duration: 24 * time.Hour}, cfg.Kubernetes.ResyncInterval)
- assert.Equal(t, "0x123", cfg.APISIX.DefaultClusterAdminKey)
+ assert.Equal(t, "******", cfg.APISIX.DefaultClusterAdminKey)
assert.Equal(t, "http://apisixgw.default.cluster.local/apisix", cfg.APISIX.DefaultClusterBaseURL)
}