Skip to content

Commit

Permalink
feat(kuma-cp): remove value of secret when logging Secret Resources (#…
Browse files Browse the repository at this point in the history
…5384)

* feat(kuma-cp): remove value of secret when logging Secret Resources

Signed-off-by: Marcin Skalski <marcin.skalski@konghq.com>
(cherry picked from commit cddddc9)
  • Loading branch information
Automaat authored and mergify[bot] committed Dec 1, 2022
1 parent 8360a1d commit 68e0cfc
Show file tree
Hide file tree
Showing 6 changed files with 156 additions and 7 deletions.
20 changes: 20 additions & 0 deletions api/system/v1alpha1/datasource_helpers.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package v1alpha1

import util_proto "github.com/kumahq/kuma/pkg/util/proto"

func (ds *DataSource) MaskInlineDatasource() *DataSource {
if ds == nil {
return nil
}
if ds.GetInline().String() != "" {
return &DataSource{
Type: &DataSource_Inline{Inline: util_proto.Bytes([]byte("***"))},
}
}
if ds.GetInlineString() != "" {
return &DataSource{
Type: &DataSource_InlineString{InlineString: "***"},
}
}
return nil
}
5 changes: 5 additions & 0 deletions api/system/v1alpha1/secret_helper.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
package v1alpha1

func (s *Secret) MarshalLog() interface{} {
return "***"
}
7 changes: 0 additions & 7 deletions pkg/core/resources/apis/mesh/external_service_helper.go

This file was deleted.

44 changes: 44 additions & 0 deletions pkg/core/resources/apis/mesh/external_service_helpers.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
package mesh

import (
"google.golang.org/protobuf/proto"

mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1"
)

func (es *ExternalServiceResource) IsReachableFromZone(zone string) bool {
return es.Spec.Tags[mesh_proto.ZoneTag] == "" || es.Spec.Tags[mesh_proto.ZoneTag] == zone
}

func (esl *ExternalServiceResourceList) MarshalLog() interface{} {
maskedList := make([]*ExternalServiceResource, 0, len(esl.Items))
for _, es := range esl.Items {
maskedList = append(maskedList, es.MarshalLog().(*ExternalServiceResource))
}
return ExternalServiceResourceList{
Items: maskedList,
Pagination: esl.Pagination,
}
}

func (es *ExternalServiceResource) MarshalLog() interface{} {
spec := proto.Clone(es.Spec).(*mesh_proto.ExternalService)
if spec == nil {
return es
}
net := spec.GetNetworking()
if net == nil {
return es
}
tls := net.GetTls()
if tls == nil {
return es
}
tls.CaCert = tls.CaCert.MaskInlineDatasource()
tls.ClientCert = tls.ClientCert.MaskInlineDatasource()
tls.ClientKey = tls.ClientKey.MaskInlineDatasource()
return ExternalServiceResource{
Meta: es.Meta,
Spec: spec,
}
}
47 changes: 47 additions & 0 deletions pkg/core/resources/apis/mesh/mesh_helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,11 @@ import (
"strings"
"time"

"google.golang.org/protobuf/proto"

mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1"
"github.com/kumahq/kuma/pkg/plugins/ca/provided/config"
util_proto "github.com/kumahq/kuma/pkg/util/proto"
)

func (m *MeshResource) HasPrometheusMetricsEnabled() bool {
Expand Down Expand Up @@ -135,3 +139,46 @@ func ParseDuration(durationStr string) (time.Duration, error) {
}
return dur, nil
}

func (ml *MeshResourceList) MarshalLog() interface{} {
maskedList := make([]*MeshResource, 0, len(ml.Items))
for _, mesh := range ml.Items {
maskedList = append(maskedList, mesh.MarshalLog().(*MeshResource))
}
return MeshResourceList{
Items: maskedList,
Pagination: ml.Pagination,
}
}

func (m *MeshResource) MarshalLog() interface{} {
spec := proto.Clone(m.Spec).(*mesh_proto.Mesh)
if spec == nil {
return m
}
mtls := spec.Mtls
if mtls == nil {
return m
}
for _, backend := range mtls.Backends {
conf := backend.Conf
if conf == nil {
continue
}
cfg := &config.ProvidedCertificateAuthorityConfig{}
err := util_proto.ToTyped(conf, cfg)
if err != nil {
continue
}
cfg.Key = cfg.Key.MaskInlineDatasource()
cfg.Cert = cfg.Cert.MaskInlineDatasource()
backend.Conf, err = util_proto.ToStruct(cfg)
if err != nil {
continue
}
}
return MeshResource{
Meta: m.Meta,
Spec: spec,
}
}
40 changes: 40 additions & 0 deletions pkg/core/resources/apis/system/secret_resource_helper.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
package system

import (
"github.com/kumahq/kuma/pkg/core/resources/model"
)

type secretResource struct {
Meta model.ResourceMeta
Spec string
}

func (l *SecretResourceList) MarshalLog() interface{} {
list := make([]interface{}, 0, len(l.Items))
for _, res := range l.Items {
list = append(list, res.MarshalLog())
}
return list
}

func (sr *SecretResource) MarshalLog() interface{} {
return secretResource{
Meta: sr.Meta,
Spec: "***",
}
}

func (l *GlobalSecretResourceList) MarshalLog() interface{} {
list := make([]interface{}, 0, len(l.Items))
for _, res := range l.Items {
list = append(list, res.MarshalLog())
}
return list
}

func (gs *GlobalSecretResource) MarshalLog() interface{} {
return secretResource{
Meta: gs.Meta,
Spec: "***",
}
}

0 comments on commit 68e0cfc

Please sign in to comment.