Merge pull request #95245 from sfowl/ceph-rbd-log-cleanup
Mask Ceph RBD adminSecrets in logs when logLevel >= 4
This commit is contained in:
		| @@ -594,9 +594,9 @@ func (util *rbdUtil) CreateImage(p *rbdVolumeProvisioner) (r *v1.RBDPersistentVo | |||||||
| 	volSz := fmt.Sprintf("%d", sz) | 	volSz := fmt.Sprintf("%d", sz) | ||||||
| 	mon := util.kernelRBDMonitorsOpt(p.Mon) | 	mon := util.kernelRBDMonitorsOpt(p.Mon) | ||||||
| 	if p.rbdMounter.imageFormat == rbdImageFormat2 { | 	if p.rbdMounter.imageFormat == rbdImageFormat2 { | ||||||
| 		klog.V(4).Infof("rbd: create %s size %s format %s (features: %s) using mon %s, pool %s id %s key %s", p.rbdMounter.Image, volSz, p.rbdMounter.imageFormat, p.rbdMounter.imageFeatures, mon, p.rbdMounter.Pool, p.rbdMounter.adminID, p.rbdMounter.adminSecret) | 		klog.V(4).Infof("rbd: create %s size %s format %s (features: %s) using mon %s, pool %s id %s key <masked>", p.rbdMounter.Image, volSz, p.rbdMounter.imageFormat, p.rbdMounter.imageFeatures, mon, p.rbdMounter.Pool, p.rbdMounter.adminID) | ||||||
| 	} else { | 	} else { | ||||||
| 		klog.V(4).Infof("rbd: create %s size %s format %s using mon %s, pool %s id %s key %s", p.rbdMounter.Image, volSz, p.rbdMounter.imageFormat, mon, p.rbdMounter.Pool, p.rbdMounter.adminID, p.rbdMounter.adminSecret) | 		klog.V(4).Infof("rbd: create %s size %s format %s using mon %s, pool %s id %s key <masked>", p.rbdMounter.Image, volSz, p.rbdMounter.imageFormat, mon, p.rbdMounter.Pool, p.rbdMounter.adminID) | ||||||
| 	} | 	} | ||||||
| 	args := []string{"create", p.rbdMounter.Image, "--size", volSz, "--pool", p.rbdMounter.Pool, "--id", p.rbdMounter.adminID, "-m", mon, "--key=" + p.rbdMounter.adminSecret, "--image-format", p.rbdMounter.imageFormat} | 	args := []string{"create", p.rbdMounter.Image, "--size", volSz, "--pool", p.rbdMounter.Pool, "--id", p.rbdMounter.adminID, "-m", mon, "--key=" + p.rbdMounter.adminSecret, "--image-format", p.rbdMounter.imageFormat} | ||||||
| 	if p.rbdMounter.imageFormat == rbdImageFormat2 { | 	if p.rbdMounter.imageFormat == rbdImageFormat2 { | ||||||
| @@ -632,7 +632,7 @@ func (util *rbdUtil) DeleteImage(p *rbdVolumeDeleter) error { | |||||||
| 	} | 	} | ||||||
| 	// rbd rm. | 	// rbd rm. | ||||||
| 	mon := util.kernelRBDMonitorsOpt(p.rbdMounter.Mon) | 	mon := util.kernelRBDMonitorsOpt(p.rbdMounter.Mon) | ||||||
| 	klog.V(4).Infof("rbd: rm %s using mon %s, pool %s id %s key %s", p.rbdMounter.Image, mon, p.rbdMounter.Pool, p.rbdMounter.adminID, p.rbdMounter.adminSecret) | 	klog.V(4).Infof("rbd: rm %s using mon %s, pool %s id %s key <masked>", p.rbdMounter.Image, mon, p.rbdMounter.Pool, p.rbdMounter.adminID) | ||||||
| 	output, err = p.exec.Command("rbd", | 	output, err = p.exec.Command("rbd", | ||||||
| 		"rm", p.rbdMounter.Image, "--pool", p.rbdMounter.Pool, "--id", p.rbdMounter.adminID, "-m", mon, "--key="+p.rbdMounter.adminSecret).CombinedOutput() | 		"rm", p.rbdMounter.Image, "--pool", p.rbdMounter.Pool, "--id", p.rbdMounter.adminID, "-m", mon, "--key="+p.rbdMounter.adminSecret).CombinedOutput() | ||||||
| 	if err == nil { | 	if err == nil { | ||||||
| @@ -668,7 +668,7 @@ func (util *rbdUtil) ExpandImage(rbdExpander *rbdVolumeExpander, oldSize resourc | |||||||
|  |  | ||||||
| 	// rbd resize. | 	// rbd resize. | ||||||
| 	mon := util.kernelRBDMonitorsOpt(rbdExpander.rbdMounter.Mon) | 	mon := util.kernelRBDMonitorsOpt(rbdExpander.rbdMounter.Mon) | ||||||
| 	klog.V(4).Infof("rbd: resize %s using mon %s, pool %s id %s key %s", rbdExpander.rbdMounter.Image, mon, rbdExpander.rbdMounter.Pool, rbdExpander.rbdMounter.adminID, rbdExpander.rbdMounter.adminSecret) | 	klog.V(4).Infof("rbd: resize %s using mon %s, pool %s id %s key <masked>", rbdExpander.rbdMounter.Image, mon, rbdExpander.rbdMounter.Pool, rbdExpander.rbdMounter.adminID) | ||||||
| 	output, err = rbdExpander.exec.Command("rbd", | 	output, err = rbdExpander.exec.Command("rbd", | ||||||
| 		"resize", rbdExpander.rbdMounter.Image, "--size", newVolSz, "--pool", rbdExpander.rbdMounter.Pool, "--id", rbdExpander.rbdMounter.adminID, "-m", mon, "--key="+rbdExpander.rbdMounter.adminSecret).CombinedOutput() | 		"resize", rbdExpander.rbdMounter.Image, "--size", newVolSz, "--pool", rbdExpander.rbdMounter.Pool, "--id", rbdExpander.rbdMounter.adminID, "-m", mon, "--key="+rbdExpander.rbdMounter.adminSecret).CombinedOutput() | ||||||
| 	if err == nil { | 	if err == nil { | ||||||
| @@ -710,7 +710,7 @@ func (util *rbdUtil) rbdInfo(b *rbdMounter) (int, error) { | |||||||
| 	// # image does not exist (exit=2) | 	// # image does not exist (exit=2) | ||||||
| 	// rbd: error opening image 1234: (2) No such file or directory | 	// rbd: error opening image 1234: (2) No such file or directory | ||||||
| 	// | 	// | ||||||
| 	klog.V(4).Infof("rbd: info %s using mon %s, pool %s id %s key %s", b.Image, mon, b.Pool, id, secret) | 	klog.V(4).Infof("rbd: info %s using mon %s, pool %s id %s key <masked>", b.Image, mon, b.Pool, id) | ||||||
| 	output, err = b.exec.Command("rbd", | 	output, err = b.exec.Command("rbd", | ||||||
| 		"info", b.Image, "--pool", b.Pool, "-m", mon, "--id", id, "--key="+secret, "-k=/dev/null", "--format=json").Output() | 		"info", b.Image, "--pool", b.Pool, "-m", mon, "--id", id, "--key="+secret, "-k=/dev/null", "--format=json").Output() | ||||||
|  |  | ||||||
| @@ -773,7 +773,7 @@ func (util *rbdUtil) rbdStatus(b *rbdMounter) (bool, string, error) { | |||||||
| 	// # image does not exist (exit=2) | 	// # image does not exist (exit=2) | ||||||
| 	// rbd: error opening image kubernetes-dynamic-pvc-<UUID>: (2) No such file or directory | 	// rbd: error opening image kubernetes-dynamic-pvc-<UUID>: (2) No such file or directory | ||||||
| 	// | 	// | ||||||
| 	klog.V(4).Infof("rbd: status %s using mon %s, pool %s id %s key %s", b.Image, mon, b.Pool, id, secret) | 	klog.V(4).Infof("rbd: status %s using mon %s, pool %s id %s key <masked>", b.Image, mon, b.Pool, id) | ||||||
| 	cmd, err = b.exec.Command("rbd", | 	cmd, err = b.exec.Command("rbd", | ||||||
| 		"status", b.Image, "--pool", b.Pool, "-m", mon, "--id", id, "--key="+secret).CombinedOutput() | 		"status", b.Image, "--pool", b.Pool, "-m", mon, "--id", id, "--key="+secret).CombinedOutput() | ||||||
| 	output = string(cmd) | 	output = string(cmd) | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Kubernetes Prow Robot
					Kubernetes Prow Robot