logging: remove SAN from logs (openservicemesh#2346)

Signed-off-by: Sanya Kochhar <kochhars@microsoft.com>
eduser25 · Jan 22, 2021 · 1e6b29a · 1e6b29a
1 parent 98d4675
commit 1e6b29a
Showing 1 changed file with 0 additions and 4 deletions.
diff --git a/pkg/envoy/sds/response.go b/pkg/envoy/sds/response.go
@@ -191,8 +191,6 @@ func (s *sdsImpl) getRootCert(cert certificate.Certificater, sdscert envoy.SDSCe
 			return nil, err
 		}
 		secret.GetValidationContext().MatchSubjectAltNames = getSubjectAltNamesFromSvcAccount(svcAccounts)
-		log.Trace().Msgf("Proxy for service=%s, upstream cert=%s will only allow SANs exactly matching: %v",
-			proxyService, sdscert, subjectAltNamesToStr(secret.GetValidationContext().GetMatchSubjectAltNames()))
 
 	case envoy.RootCertTypeForMTLSInbound:
 		// For inbound certificate validation context, the SAN needs to be the list of all downstream
@@ -205,8 +203,6 @@ func (s *sdsImpl) getRootCert(cert certificate.Certificater, sdscert envoy.SDSCe
 			return nil, err
 		}
 		secret.GetValidationContext().MatchSubjectAltNames = getSubjectAltNamesFromSvcAccount(svcAccounts)
-		log.Trace().Msgf("Proxy for service=%s, downstream cert=%s will only allow SANs exactly matching: %v",
-			proxyService, sdscert, subjectAltNamesToStr(secret.GetValidationContext().GetMatchSubjectAltNames()))
 
 	default:
 		log.Debug().Msgf("SAN matching not needed for cert %s", sdscert)