Skip to content

Commit

Permalink
fix: do not log sensitive mount options (#755)
Browse files Browse the repository at this point in the history
We log the mount options with level info, which may contain sensitive
information according to the
[CSI-Spec](https://github.com/container-storage-interface/spec/blob/f6b6d53db606c651d975edf0ff3d0c9f5cd4fa35/spec.md?plain=1#L930).
  • Loading branch information
lukasmetzner authored Oct 25, 2024
1 parent 942e42e commit 0b6e860
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions internal/volumes/mount.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,8 +94,6 @@ func (s *LinuxMountService) Publish(targetPath string, devicePath string, opts M
mountOptions = append(mountOptions, "ro")
}

mountOptions = append(mountOptions, opts.Additional...)

if opts.EncryptionPassphrase != "" {
existingFSType, err := s.mounter.GetDiskFormat(devicePath)
if err != nil {
Expand Down Expand Up @@ -131,10 +129,10 @@ func (s *LinuxMountService) Publish(targetPath string, devicePath string, opts M
)

if opts.BlockVolume {
return s.mounter.Mount(devicePath, targetPath, opts.FSType, mountOptions)
return s.mounter.MountSensitive(devicePath, targetPath, opts.FSType, mountOptions, opts.Additional)
}

return s.mounter.FormatAndMount(devicePath, targetPath, opts.FSType, mountOptions)
return s.mounter.FormatAndMountSensitive(devicePath, targetPath, opts.FSType, mountOptions, opts.Additional)
}

func (s *LinuxMountService) Unpublish(targetPath string) error {
Expand Down

0 comments on commit 0b6e860

Please sign in to comment.