You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by zh...@apache.org on 2022/12/02 08:57:16 UTC

[apisix-ingress-controller] branch master updated: fix:sanitize log output when exposing sensitive values (#1480)

This is an automated email from the ASF dual-hosted git repository.

zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git


The following commit(s) were added to refs/heads/master by this push:
     new ed92690f fix:sanitize log output when exposing sensitive values (#1480)
ed92690f is described below

commit ed92690f5aabb4ece4b92d860d72d85bdfa23db0
Author: Marco Aurelio Caldas Miranda <17...@users.noreply.github.com>
AuthorDate: Fri Dec 2 09:57:10 2022 +0100

    fix:sanitize log output when exposing sensitive values (#1480)
---
 cmd/ingress/ingress.go      | 10 +++++++---
 cmd/ingress/ingress_test.go |  2 +-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/cmd/ingress/ingress.go b/cmd/ingress/ingress.go
index ceda324d..2b2b9a6e 100644
--- a/cmd/ingress/ingress.go
+++ b/cmd/ingress/ingress.go
@@ -129,9 +129,13 @@ the apisix cluster and others are created`,
 
 			log.Info("version:\n", version.Long())
 
-			data, err := json.MarshalIndent(cfg, "", "\t")
+			// We should make sure that the cfg that's logged out is sanitized.
+			cfgCopy := new(config.Config)
+			*cfgCopy = *cfg
+			cfgCopy.APISIX.DefaultClusterAdminKey = "******"
+			data, err := json.MarshalIndent(cfgCopy, "", "  ")
 			if err != nil {
-				dief("failed to show configuration: %s", string(data))
+				dief("failed to marshal configuration: %s", err)
 			}
 			log.Info("use configuration\n", string(data))
 
@@ -165,7 +169,7 @@ the apisix cluster and others are created`,
 	cmd.PersistentFlags().StringVar(&cfg.HTTPListen, "http-listen", ":8080", "the HTTP Server listen address")
 	cmd.PersistentFlags().StringVar(&cfg.HTTPSListen, "https-listen", ":8443", "the HTTPS Server listen address")
 	cmd.PersistentFlags().StringVar(&cfg.IngressPublishService, "ingress-publish-service", "",
-		`the controller will use the Endpoint of this Service to update the status information of the Ingress resource. 
+		`the controller will use the Endpoint of this Service to update the status information of the Ingress resource.
 The format is "namespace/svc-name" to solve the situation that the data plane and the controller are not deployed in the same namespace.`)
 	cmd.PersistentFlags().StringSliceVar(&cfg.IngressStatusAddress, "ingress-status-address", []string{},
 		`when there is no available information on the Service used for publishing on the data plane,
diff --git a/cmd/ingress/ingress_test.go b/cmd/ingress/ingress_test.go
index 43636dd4..7b5e5341 100644
--- a/cmd/ingress/ingress_test.go
+++ b/cmd/ingress/ingress_test.go
@@ -149,7 +149,7 @@ func TestNewIngressCommandEffectiveLog(t *testing.T) {
 	assert.Equal(t, true, cfg.EnableProfiling)
 	assert.Equal(t, "/foo/bar/baz", cfg.Kubernetes.Kubeconfig)
 	assert.Equal(t, types.TimeDuration{Duration: 24 * time.Hour}, cfg.Kubernetes.ResyncInterval)
-	assert.Equal(t, "0x123", cfg.APISIX.DefaultClusterAdminKey)
+	assert.Equal(t, "******", cfg.APISIX.DefaultClusterAdminKey)
 	assert.Equal(t, "http://apisixgw.default.cluster.local/apisix", cfg.APISIX.DefaultClusterBaseURL)
 }