Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release-4.1] Bug 1734622: resourceapply: don't log secret data #472

Merged

Conversation

sttts
Copy link
Contributor

@sttts sttts commented Jul 12, 2019

Log OLD and NEW instead if a data value changed.

Reject stringData because we don't support that right now (could be added if needed, but not in this PR).

@sttts
Copy link
Contributor Author

sttts commented Jul 12, 2019

/assign @enj

@openshift-ci-robot openshift-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jul 12, 2019
@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 12, 2019
@sttts sttts force-pushed the sttts-no-secret-logging branch from 0cc90de to 03e1162 Compare July 12, 2019 11:02
@openshift-ci-robot openshift-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 12, 2019
@@ -196,6 +196,10 @@ func ApplyConfigMap(client coreclientv1.ConfigMapsGetter, recorder events.Record

// ApplySecret merges objectmeta, requires data
func ApplySecret(client coreclientv1.SecretsGetter, recorder events.Recorder, required *corev1.Secret) (*corev1.Secret, bool, error) {
if len(required.StringData) > 0 {
return nil, false, fmt.Errorf("Secret.stringData is not supported")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not?

Copy link
Contributor Author

@sttts sttts Jul 12, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because it's normalized by the server to Data, and we would have to add that normalization here before the DeepEqual. Not impossible, just not done.

safeExisting := existing.DeepCopy()

for s := range safeExisting.Data {
safeExisting.Data[s] = []byte("OLD")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe we want OLD, NEW and MODIFIED as the states to track?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what do you mean with 3 states? We only have two.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ic what you mean. But note that we create a patch below. We cannot have OLD and NEW for all fields, only those which changed.

@sttts sttts force-pushed the sttts-no-secret-logging branch from 03e1162 to 2798694 Compare July 31, 2019 16:04
@enj
Copy link
Contributor

enj commented Jul 31, 2019

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 31, 2019
@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enj, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@enj
Copy link
Contributor

enj commented Jul 31, 2019

/cherrypick release-4.1

@openshift-cherrypick-robot

@enj: once the present PR merges, I will cherry-pick it on top of release-4.1 in a new PR and assign it to you.

In response to this:

/cherrypick release-4.1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot

@enj: new pull request created: #495

In response to this:

/cherrypick release-4.1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@enj
Copy link
Contributor

enj commented Jul 31, 2019

/retitle [release-4.1] Bug 1734622: resourceapply: don't log secret data

@enj
Copy link
Contributor

enj commented Jul 31, 2019

/bugzilla 1734622

@stevekuznetsov stevekuznetsov changed the title resourceapply: don't log secret data [release-4.1] Bug 1734622: resourceapply: don't log secret data Jul 31, 2019
@openshift-ci-robot
Copy link

@sttts: All pull requests linked via external trackers have merged. The Bugzilla bug has been moved to the MODIFIED state.

In response to this:

[release-4.1] Bug 1734622: resourceapply: don't log secret data

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tnozicka
Copy link
Contributor

tnozicka commented Aug 6, 2019

/retitle [release-4.1] Bug 1734622: resourceapply: don't log secret data

@enj This one was for master branch, not release-4.1. What am I missing?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants