[apisix-ingress-controller] branch master updated: fix:sanitize log output when exposing sensitive values (#1480)

Fri, 02 Dec 2022 00:57:20 -0800 

This is an automated email from the ASF dual-hosted git repository.

zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git


The following commit(s) were added to refs/heads/master by this push:
     new ed92690f fix:sanitize log output when exposing sensitive values (#1480)
ed92690f is described below

commit ed92690f5aabb4ece4b92d860d72d85bdfa23db0
Author: Marco Aurelio Caldas Miranda 
<[email protected]>
AuthorDate: Fri Dec 2 09:57:10 2022 +0100

    fix:sanitize log output when exposing sensitive values (#1480)
---
 cmd/ingress/ingress.go      | 10 +++++++---
 cmd/ingress/ingress_test.go |  2 +-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/cmd/ingress/ingress.go b/cmd/ingress/ingress.go
index ceda324d..2b2b9a6e 100644
--- a/cmd/ingress/ingress.go
+++ b/cmd/ingress/ingress.go
@@ -129,9 +129,13 @@ the apisix cluster and others are created`,
 
                        log.Info("version:\n", version.Long())
 
-                       data, err := json.MarshalIndent(cfg, "", "\t")
+                       // We should make sure that the cfg that's logged out 
is sanitized.
+                       cfgCopy := new(config.Config)
+                       *cfgCopy = *cfg
+                       cfgCopy.APISIX.DefaultClusterAdminKey = "******"
+                       data, err := json.MarshalIndent(cfgCopy, "", "  ")
                        if err != nil {
-                               dief("failed to show configuration: %s", 
string(data))
+                               dief("failed to marshal configuration: %s", err)
                        }
                        log.Info("use configuration\n", string(data))
 
@@ -165,7 +169,7 @@ the apisix cluster and others are created`,
        cmd.PersistentFlags().StringVar(&cfg.HTTPListen, "http-listen", 
":8080", "the HTTP Server listen address")
        cmd.PersistentFlags().StringVar(&cfg.HTTPSListen, "https-listen", 
":8443", "the HTTPS Server listen address")
        cmd.PersistentFlags().StringVar(&cfg.IngressPublishService, 
"ingress-publish-service", "",
-               `the controller will use the Endpoint of this Service to update 
the status information of the Ingress resource. 
+               `the controller will use the Endpoint of this Service to update 
the status information of the Ingress resource.
 The format is "namespace/svc-name" to solve the situation that the data plane 
and the controller are not deployed in the same namespace.`)
        cmd.PersistentFlags().StringSliceVar(&cfg.IngressStatusAddress, 
"ingress-status-address", []string{},
                `when there is no available information on the Service used for 
publishing on the data plane,
diff --git a/cmd/ingress/ingress_test.go b/cmd/ingress/ingress_test.go
index 43636dd4..7b5e5341 100644
--- a/cmd/ingress/ingress_test.go
+++ b/cmd/ingress/ingress_test.go
@@ -149,7 +149,7 @@ func TestNewIngressCommandEffectiveLog(t *testing.T) {
        assert.Equal(t, true, cfg.EnableProfiling)
        assert.Equal(t, "/foo/bar/baz", cfg.Kubernetes.Kubeconfig)
        assert.Equal(t, types.TimeDuration{Duration: 24 * time.Hour}, 
cfg.Kubernetes.ResyncInterval)
-       assert.Equal(t, "0x123", cfg.APISIX.DefaultClusterAdminKey)
+       assert.Equal(t, "******", cfg.APISIX.DefaultClusterAdminKey)
        assert.Equal(t, "http://apisixgw.default.cluster.local/apisix";, 
cfg.APISIX.DefaultClusterBaseURL)
 }

Reply via email to