Strip tokens from kubeadm-config config map
This commit is contained in:
fabriziopandini
@@ -40,6 +40,9 @@ func UploadConfiguration(cfg *kubeadmapi.MasterConfiguration, client clientset.I
|
|||||||
externalcfg := &kubeadmapiext.MasterConfiguration{}
|
externalcfg := &kubeadmapiext.MasterConfiguration{}
|
||||||
api.Scheme.Convert(cfg, externalcfg, nil)
|
api.Scheme.Convert(cfg, externalcfg, nil)
|
||||||
|
|
||||||
|
// Removes sensitive info from the data that will be stored in the config map
|
||||||
|
externalcfg.Token = ""
|
||||||
|
|
||||||
cfgYaml, err := yaml.Marshal(*externalcfg)
|
cfgYaml, err := yaml.Marshal(*externalcfg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|||||||
@@ -64,6 +64,7 @@ func TestUploadConfiguration(t *testing.T) {
|
|||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
cfg := &kubeadmapi.MasterConfiguration{
|
cfg := &kubeadmapi.MasterConfiguration{
|
||||||
KubernetesVersion: "1.7.3",
|
KubernetesVersion: "1.7.3",
|
||||||
|
Token: "1234567",
|
||||||
}
|
}
|
||||||
client := clientsetfake.NewSimpleClientset()
|
client := clientsetfake.NewSimpleClientset()
|
||||||
if tt.errOnCreate != nil {
|
if tt.errOnCreate != nil {
|
||||||
@@ -108,6 +109,10 @@ func TestUploadConfiguration(t *testing.T) {
|
|||||||
if decodedCfg.KubernetesVersion != cfg.KubernetesVersion {
|
if decodedCfg.KubernetesVersion != cfg.KubernetesVersion {
|
||||||
t.Errorf("Decoded value doesn't match, decoded = %#v, expected = %#v", decodedCfg.KubernetesVersion, cfg.KubernetesVersion)
|
t.Errorf("Decoded value doesn't match, decoded = %#v, expected = %#v", decodedCfg.KubernetesVersion, cfg.KubernetesVersion)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if decodedCfg.Token != "" {
|
||||||
|
t.Errorf("Decoded value contains token (sensitive info), decoded = %#v, expected = empty", decodedCfg.Token)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user