Merge pull request #79 from GowthamShanmugam/fix_security_issue

openshift-merge-robot · web-flow · commit 41048d748871 · 2022-03-01T00:13:18.000-05:00
Ignore logging credentials
diff --git a/controllers/common-controller-utils.go b/controllers/common-controller-utils.go
@@ -29,7 +29,7 @@ func createOrUpdateDestinationSecretsFromSource(ctx context.Context, rc client.C
 	logger := log.FromContext(ctx)
 	err := common.ValidateSourceSecret(sourceSecret)
 	if err != nil {
-		logger.Error(err, "Updating secrets failed. Invalid secret type.", "secret", sourceSecret)
+		logger.Error(err, "Updating secrets failed. Invalid secret type.", "secret", sourceSecret.Name, "namespace", sourceSecret.Namespace)
 		return err
 	}
 
@@ -44,18 +44,18 @@ func createOrUpdateDestinationSecretsFromSource(ctx context.Context, rc client.C
 
 	uniqueConnectedPeers, err := PeersConnectedToSecret(sourceSecret, mirrorPeers)
 	if err != nil {
-		logger.Error(err, "ConnectedPeers returned an error", "secret", sourceSecret, "mirrorpeers", mirrorPeers)
+		logger.Error(err, "ConnectedPeers returned an error", "secret", sourceSecret.Name, "namespace", sourceSecret.Namespace, "mirrorpeers", mirrorPeers)
 		return err
 	}
-	logger.V(2).Info("Listing all the Peers connected to the Source", "SourceSecret", sourceSecret, "#connected-peers", len(uniqueConnectedPeers))
+	logger.V(2).Info("Listing all the Peers connected to the Source", "SourceSecret", sourceSecret.Name, "namespace", sourceSecret.Namespace, "connected-peers-length", len(uniqueConnectedPeers))
 
 	// anyErr will have the last found error
 	var anyErr error
 	for _, eachConnectedPeer := range uniqueConnectedPeers {
 		namedPeerRef := NewNamedPeerRefWithSecretData(sourceSecret, eachConnectedPeer)
 		err := namedPeerRef.CreateOrUpdateDestinationSecret(ctx, rc)
 		if err != nil {
-			logger.Error(err, "Unable to update the destination secret", "PeerRef", eachConnectedPeer)
+			logger.Error(err, "Unable to update the destination secret", "secret", sourceSecret.Name, "namespace", sourceSecret.Namespace, "PeerRef", eachConnectedPeer)
 			anyErr = err
 		}
 	}
@@ -67,7 +67,7 @@ func processDestinationSecretUpdation(ctx context.Context, rc client.Client, des
 	logger := log.FromContext(ctx)
 	err := common.ValidateDestinationSecret(destSecret)
 	if err != nil {
-		logger.Error(err, "Destination secret validation failed", "secret", destSecret)
+		logger.Error(err, "Destination secret validation failed", "secret", destSecret.Name, "namespace", destSecret.Namespace)
 		return err
 	}
 	mirrorPeers, err := common.FetchAllMirrorPeers(ctx, rc)
@@ -77,7 +77,7 @@ func processDestinationSecretUpdation(ctx context.Context, rc client.Client, des
 	}
 	uniqueConnectedPeers, err := PeersConnectedToSecret(destSecret, mirrorPeers)
 	if err != nil {
-		logger.Error(err, "Failed to get the peers connected to the secret", "secret", destSecret)
+		logger.Error(err, "Failed to get the peers connected to the secret", "secret", destSecret.Name, "namespace", destSecret.Namespace)
 		return err
 	}
 	var connectedSource *corev1.Secret
@@ -89,7 +89,7 @@ func processDestinationSecretUpdation(ctx context.Context, rc client.Client, des
 			if k8serrors.IsNotFound(err) {
 				continue
 			}
-			logger.Error(err, "Unexpected error while finding the source secret", "peer-ref", eachConnectedPeer, "secret", destSecret)
+			logger.Error(err, "Unexpected error while finding the source secret", "peer-ref", eachConnectedPeer, "secret", destSecret.Name, "namespace", destSecret.Namespace)
 			return err
 		}
 		if common.IsSecretSource(&connectedSecret) {
@@ -99,7 +99,7 @@ func processDestinationSecretUpdation(ctx context.Context, rc client.Client, des
 	}
 
 	if connectedSource == nil {
-		logger.Error(nil, "No connected source found. Removing the dangling destination secret", "secret", destSecret)
+		logger.Error(nil, "No connected source found. Removing the dangling destination secret", "secret", destSecret.Name, "namespace", destSecret.Namespace)
 		err = rc.Delete(ctx, destSecret)
 		return err
 	}
@@ -119,7 +119,7 @@ func processDestinationSecretCleanup(ctx context.Context, rc client.Client) erro
 		err = processDestinationSecretUpdation(ctx, rc, &eachDSecret)
 		if err != nil {
 			anyError = err
-			logger.Error(err, "Failed to update destination secret", "secret", eachDSecret)
+			logger.Error(err, "Failed to update destination secret", "secret", eachDSecret.Name, "namespace", eachDSecret.Namespace)
 		}
 	}
 	return anyError
@@ -153,7 +153,7 @@ func createOrUpdateRamenS3Secret(ctx context.Context, rc client.Client, secret *
 	if err != nil {
 		if k8serrors.IsNotFound(err) {
 			// creating new s3 secret on ramen openshift-dr-system namespace
-			logger.Info("Creating a s3 secret", "secret", expectedSecret)
+			logger.Info("Creating a s3 secret", "secret", expectedSecret.Name, "namespace", expectedSecret.Namespace)
 			return rc.Create(ctx, &expectedSecret)
 		}
 		logger.Error(err, "unable to fetch the s3 secret", "secret", secret.Name, "namespace", ramenHubNamespace)
@@ -289,7 +289,7 @@ func createOrUpdateSecretsFromInternalSecret(ctx context.Context, rc client.Clie
 	logger := log.FromContext(ctx)
 
 	if err := common.ValidateInternalSecret(secret, common.InternalLabel); err != nil {
-		logger.Error(err, "Provided internal secret is not valid", "secret", secret)
+		logger.Error(err, "Provided internal secret is not valid", "secret", secret.Name, "namespace", secret.Namespace)
 		return err
 	}
 
@@ -348,7 +348,7 @@ func processDeletedSecrets(ctx context.Context, rc client.Client, req types.Name
 				// secrets of same name.
 				if sourceSecretPointer != nil {
 					err = errors.New("multiple source secrets detected")
-					logger.Error(err, "Cannot have more than one source secrets with the same name", "request", req, "source-secret", *sourceSecretPointer)
+					logger.Error(err, "Cannot have more than one source secrets with the same name", "request", req, "source-secret", sourceSecretPointer.Name, "namespace", sourceSecretPointer.Namespace)
 					return err
 				}
 				sourceSecretPointer = eachSecret.DeepCopy()
@@ -358,21 +358,21 @@ func processDeletedSecrets(ctx context.Context, rc client.Client, req types.Name
 		}
 	}
 
-	logger.V(2).Info("List of secrets with requested name", "secret-name", req.Name, "secretlist", sameNamedDestinationSecrets, "#secrets", len(sameNamedDestinationSecrets))
+	logger.V(2).Info("List of secrets with requested name", "secret-name", req.Name, "secret-length", len(sameNamedDestinationSecrets))
 
 	if sourceSecretPointer == nil {
 		// if there is neither source secret nor any other similarly named secrets,
 		// that means all 'req.Name'-ed secrets are cleaned up and nothing to be done
 		if len(sameNamedDestinationSecrets) == 0 {
 			return nil
 		}
-		logger.Info("A SOURCE secret deletion detected", "secret-name", req.Name)
+		logger.Info("A SOURCE secret deletion detected", "secret-name", req.Name, "namespace", req.Namespace)
 		var anyErr error
 		// if source secret is not present, remove all the destinations|GREENs
 		for _, eachDestSecret := range sameNamedDestinationSecrets {
 			err = rc.Delete(ctx, &eachDestSecret)
 			if err != nil {
-				logger.Error(err, "Deletion failed", "secret", eachDestSecret)
+				logger.Error(err, "Deletion failed", "secret", eachDestSecret.Name, "namespace", eachDestSecret.Namespace)
 				anyErr = err
 			}
 		}
@@ -382,13 +382,13 @@ func processDeletedSecrets(ctx context.Context, rc client.Client, req types.Name
 			return anyErr
 		}
 	} else {
-		logger.Info("A DESTINATION secret deletion detected", "secret-name", req.Name)
+		logger.Info("A DESTINATION secret deletion detected", "secret-name", req.Name, "namespace", req.Namespace)
 		// in this section, one of the destination is removed
 		// action: use the source secret pointed by 'sourceSecretPointer'
 		// and restore the missing destination secret
 		err = createOrUpdateDestinationSecretsFromSource(ctx, rc, sourceSecretPointer)
 		if err != nil {
-			logger.Error(err, "Unable to update the destination secret", "source-secret", sourceSecretPointer)
+			logger.Error(err, "Unable to update the destination secret", "source-secret", sourceSecretPointer.Name, "namespace", sourceSecretPointer.Namespace)
 			return err
 		}
 	}
diff --git a/controllers/mirrorpeer_controller.go b/controllers/mirrorpeer_controller.go
@@ -242,7 +242,7 @@ func processMirrorPeerSecretChanges(ctx context.Context, rc client.Client, mirro
 		}
 		err = createOrUpdateDestinationSecretsFromSource(ctx, rc, matchingSourceSecret, mirrorPeerObj)
 		if err != nil {
-			logger.Error(err, "Error while updating Destination secrets", "source-secret", *matchingSourceSecret)
+			logger.Error(err, "Error while updating Destination secrets", "source-secret", matchingSourceSecret.Name, "namespace", matchingSourceSecret.Namespace)
 			anyErr = err
 		}
 	}
diff --git a/controllers/mirrorpeersecret_controller.go b/controllers/mirrorpeersecret_controller.go
@@ -68,25 +68,25 @@ func mirrorPeerSecretReconcile(ctx context.Context, rc client.Client, req ctrl.R
 	}
 	if common.IsSecretSource(&peerSecret) {
 		if err := common.ValidateSourceSecret(&peerSecret); err != nil {
-			logger.Error(err, "Provided source secret is not valid", "secret", peerSecret)
+			logger.Error(err, "Provided source secret is not valid", "secret", peerSecret.Name, "namespace", peerSecret.Namespace)
 			return err
 		}
 		err = createOrUpdateDestinationSecretsFromSource(ctx, rc, &peerSecret)
 		if err != nil {
-			logger.Error(err, "Updating the destination secret failed", "secret", peerSecret)
+			logger.Error(err, "Updating the destination secret failed", "secret", peerSecret.Name, "namespace", peerSecret.Namespace)
 			return err
 		}
 	} else if common.IsSecretDestination(&peerSecret) {
 		// a destination secret updation happened
 		err = processDestinationSecretUpdation(ctx, rc, &peerSecret)
 		if err != nil {
-			logger.Error(err, "Restoring destination secret failed", "secret", peerSecret)
+			logger.Error(err, "Restoring destination secret failed", "secret", peerSecret.Name, "namespace", peerSecret.Namespace)
 			return err
 		}
 	} else if common.IsSecretInternal(&peerSecret) {
 		err = createOrUpdateSecretsFromInternalSecret(ctx, rc, &peerSecret, nil)
 		if err != nil {
-			logger.Error(err, "Updating the secret from internal secret is failed", "secret", peerSecret)
+			logger.Error(err, "Updating the secret from internal secret is failed", "secret", peerSecret.Name, "namespace", peerSecret.Namespace)
 			return err
 		}
 	}
diff --git a/controllers/named-peerref-with-data.go b/controllers/named-peerref-with-data.go
@@ -113,7 +113,7 @@ func (nPR *NamedPeerRefWithSecretData) CreateOrUpdateDestinationSecret(ctx conte
 	err = nPR.GetAssociatedSecret(ctx, rc, &currentDest)
 	if err != nil {
 		if k8serrors.IsNotFound(err) {
-			logger.Info("Creating destination secret", "secret", expectedDest)
+			logger.Info("Creating destination secret", "secret", expectedDest.Name, "namespace", expectedDest.Namespace)
 			return rc.Create(ctx, expectedDest)
 		}
 		logger.Error(err, "Unable to get the destination secret", "destination-ref", nPR.PeerRef)
@@ -122,9 +122,7 @@ func (nPR *NamedPeerRefWithSecretData) CreateOrUpdateDestinationSecret(ctx conte
 
 	// recieved a destination secret, now compare
 	if !reflect.DeepEqual(expectedDest.Data, currentDest.Data) {
-		logger.Info("Updating the destination secret",
-			"current-data", currentDest.Data,
-			"expected-data", expectedDest.Data)
+		logger.Info("Updating the destination secret", "secret", currentDest.Name, "namespace", currentDest.Namespace)
 		_, err := controllerutil.CreateOrUpdate(ctx, rc, &currentDest, func() error {
 			currentDest.Data = expectedDest.Data
 			return nil

Original file line number	Diff line number	Diff line change
`@@ -242,7 +242,7 @@ func processMirrorPeerSecretChanges(ctx context.Context, rc client.Client, mirro`
`242`	`242`	`}`
`243`	`243`	`err = createOrUpdateDestinationSecretsFromSource(ctx, rc, matchingSourceSecret, mirrorPeerObj)`
`244`	`244`	`if err != nil {`
`245`		`- logger.Error(err, "Error while updating Destination secrets", "source-secret", *matchingSourceSecret)`
	`245`	`+ logger.Error(err, "Error while updating Destination secrets", "source-secret", matchingSourceSecret.Name, "namespace", matchingSourceSecret.Namespace)`
`246`	`246`	`anyErr = err`
`247`	`247`	`}`
`248`	`248`	`}`
Original file line number	Diff line number	Diff line change
`@@ -68,25 +68,25 @@ func mirrorPeerSecretReconcile(ctx context.Context, rc client.Client, req ctrl.R`
`68`	`68`	`}`
`69`	`69`	`if common.IsSecretSource(&peerSecret) {`
`70`	`70`	`if err := common.ValidateSourceSecret(&peerSecret); err != nil {`
`71`		`- logger.Error(err, "Provided source secret is not valid", "secret", peerSecret)`
	`71`	`+ logger.Error(err, "Provided source secret is not valid", "secret", peerSecret.Name, "namespace", peerSecret.Namespace)`
`72`	`72`	`return err`
`73`	`73`	`}`
`74`	`74`	`err = createOrUpdateDestinationSecretsFromSource(ctx, rc, &peerSecret)`
`75`	`75`	`if err != nil {`
`76`		`- logger.Error(err, "Updating the destination secret failed", "secret", peerSecret)`
	`76`	`+ logger.Error(err, "Updating the destination secret failed", "secret", peerSecret.Name, "namespace", peerSecret.Namespace)`
`77`	`77`	`return err`
`78`	`78`	`}`
`79`	`79`	`} else if common.IsSecretDestination(&peerSecret) {`
`80`	`80`	`// a destination secret updation happened`
`81`	`81`	`err = processDestinationSecretUpdation(ctx, rc, &peerSecret)`
`82`	`82`	`if err != nil {`
`83`		`- logger.Error(err, "Restoring destination secret failed", "secret", peerSecret)`
	`83`	`+ logger.Error(err, "Restoring destination secret failed", "secret", peerSecret.Name, "namespace", peerSecret.Namespace)`
`84`	`84`	`return err`
`85`	`85`	`}`
`86`	`86`	`} else if common.IsSecretInternal(&peerSecret) {`
`87`	`87`	`err = createOrUpdateSecretsFromInternalSecret(ctx, rc, &peerSecret, nil)`
`88`	`88`	`if err != nil {`
`89`		`- logger.Error(err, "Updating the secret from internal secret is failed", "secret", peerSecret)`
	`89`	`+ logger.Error(err, "Updating the secret from internal secret is failed", "secret", peerSecret.Name, "namespace", peerSecret.Namespace)`
`90`	`90`	`return err`
`91`	`91`	`}`
`92`	`92`	`}`