Avoid credentials in logs

GowthamShanmugam · GowthamShanmugam · commit e58b85620e28 · 2022-02-28T17:46:22.000+05:30
Signed-off-by: Gowtham Shanmugasundaram &lt;gshanmug@redhat.com&gt;
diff --git a/controllers/common-controller-utils.go b/controllers/common-controller-utils.go
@@ -29,7 +29,7 @@ func createOrUpdateDestinationSecretsFromSource(ctx context.Context, rc client.C
 	logger := log.FromContext(ctx)
 	err := common.ValidateSourceSecret(sourceSecret)
 	if err != nil {
-		logger.Error(err, "Updating secrets failed. Invalid secret type.", "secret", sourceSecret)
+		logger.Error(err, "Updating secrets failed. Invalid secret type.", "secret", sourceSecret.Name)
 		return err
 	}
 
@@ -44,10 +44,10 @@ func createOrUpdateDestinationSecretsFromSource(ctx context.Context, rc client.C
 
 	uniqueConnectedPeers, err := PeersConnectedToSecret(sourceSecret, mirrorPeers)
 	if err != nil {
-		logger.Error(err, "ConnectedPeers returned an error", "secret", sourceSecret, "mirrorpeers", mirrorPeers)
+		logger.Error(err, "ConnectedPeers returned an error", "secret", sourceSecret.Name, "mirrorpeers", mirrorPeers)
 		return err
 	}
-	logger.V(2).Info("Listing all the Peers connected to the Source", "SourceSecret", sourceSecret, "#connected-peers", len(uniqueConnectedPeers))
+	logger.V(2).Info("Listing all the Peers connected to the Source", "SourceSecret", sourceSecret.Name, "#connected-peers", len(uniqueConnectedPeers))
 
 	// anyErr will have the last found error
 	var anyErr error
@@ -67,7 +67,7 @@ func processDestinationSecretUpdation(ctx context.Context, rc client.Client, des
 	logger := log.FromContext(ctx)
 	err := common.ValidateDestinationSecret(destSecret)
 	if err != nil {
-		logger.Error(err, "Destination secret validation failed", "secret", destSecret)
+		logger.Error(err, "Destination secret validation failed", "secret", destSecret.Name)
 		return err
 	}
 	mirrorPeers, err := common.FetchAllMirrorPeers(ctx, rc)
@@ -77,7 +77,7 @@ func processDestinationSecretUpdation(ctx context.Context, rc client.Client, des
 	}
 	uniqueConnectedPeers, err := PeersConnectedToSecret(destSecret, mirrorPeers)
 	if err != nil {
-		logger.Error(err, "Failed to get the peers connected to the secret", "secret", destSecret)
+		logger.Error(err, "Failed to get the peers connected to the secret", "secret", destSecret.Name)
 		return err
 	}
 	var connectedSource *corev1.Secret
@@ -89,7 +89,7 @@ func processDestinationSecretUpdation(ctx context.Context, rc client.Client, des
 			if k8serrors.IsNotFound(err) {
 				continue
 			}
-			logger.Error(err, "Unexpected error while finding the source secret", "peer-ref", eachConnectedPeer, "secret", destSecret)
+			logger.Error(err, "Unexpected error while finding the source secret", "peer-ref", eachConnectedPeer, "secret", destSecret.Name)
 			return err
 		}
 		if common.IsSecretSource(&connectedSecret) {
@@ -99,7 +99,7 @@ func processDestinationSecretUpdation(ctx context.Context, rc client.Client, des
 	}
 
 	if connectedSource == nil {
-		logger.Error(nil, "No connected source found. Removing the dangling destination secret", "secret", destSecret)
+		logger.Error(nil, "No connected source found. Removing the dangling destination secret", "secret", destSecret.Name)
 		err = rc.Delete(ctx, destSecret)
 		return err
 	}
@@ -119,7 +119,7 @@ func processDestinationSecretCleanup(ctx context.Context, rc client.Client) erro
 		err = processDestinationSecretUpdation(ctx, rc, &eachDSecret)
 		if err != nil {
 			anyError = err
-			logger.Error(err, "Failed to update destination secret", "secret", eachDSecret)
+			logger.Error(err, "Failed to update destination secret", "secret", eachDSecret.Name)
 		}
 	}
 	return anyError
@@ -153,7 +153,7 @@ func createOrUpdateRamenS3Secret(ctx context.Context, rc client.Client, secret *
 	if err != nil {
 		if k8serrors.IsNotFound(err) {
 			// creating new s3 secret on ramen openshift-dr-system namespace
-			logger.Info("Creating a s3 secret", "secret", expectedSecret)
+			logger.Info("Creating a s3 secret", "secret", expectedSecret.Name)
 			return rc.Create(ctx, &expectedSecret)
 		}
 		logger.Error(err, "unable to fetch the s3 secret", "secret", secret.Name, "namespace", ramenHubNamespace)
@@ -289,7 +289,7 @@ func createOrUpdateSecretsFromInternalSecret(ctx context.Context, rc client.Clie
 	logger := log.FromContext(ctx)
 
 	if err := common.ValidateInternalSecret(secret, common.InternalLabel); err != nil {
-		logger.Error(err, "Provided internal secret is not valid", "secret", secret)
+		logger.Error(err, "Provided internal secret is not valid", "secret", secret.Name)
 		return err
 	}
 
@@ -348,7 +348,7 @@ func processDeletedSecrets(ctx context.Context, rc client.Client, req types.Name
 				// secrets of same name.
 				if sourceSecretPointer != nil {
 					err = errors.New("multiple source secrets detected")
-					logger.Error(err, "Cannot have more than one source secrets with the same name", "request", req, "source-secret", *sourceSecretPointer)
+					logger.Error(err, "Cannot have more than one source secrets with the same name", "request", req, "source-secret", sourceSecretPointer.Name)
 					return err
 				}
 				sourceSecretPointer = eachSecret.DeepCopy()
@@ -358,7 +358,7 @@ func processDeletedSecrets(ctx context.Context, rc client.Client, req types.Name
 		}
 	}
 
-	logger.V(2).Info("List of secrets with requested name", "secret-name", req.Name, "secretlist", sameNamedDestinationSecrets, "#secrets", len(sameNamedDestinationSecrets))
+	logger.V(2).Info("List of secrets with requested name", "secret-name", req.Name, "secret-length", len(sameNamedDestinationSecrets))
 
 	if sourceSecretPointer == nil {
 		// if there is neither source secret nor any other similarly named secrets,
@@ -372,7 +372,7 @@ func processDeletedSecrets(ctx context.Context, rc client.Client, req types.Name
 		for _, eachDestSecret := range sameNamedDestinationSecrets {
 			err = rc.Delete(ctx, &eachDestSecret)
 			if err != nil {
-				logger.Error(err, "Deletion failed", "secret", eachDestSecret)
+				logger.Error(err, "Deletion failed", "secret", eachDestSecret.Name)
 				anyErr = err
 			}
 		}
@@ -388,7 +388,7 @@ func processDeletedSecrets(ctx context.Context, rc client.Client, req types.Name
 		// and restore the missing destination secret
 		err = createOrUpdateDestinationSecretsFromSource(ctx, rc, sourceSecretPointer)
 		if err != nil {
-			logger.Error(err, "Unable to update the destination secret", "source-secret", sourceSecretPointer)
+			logger.Error(err, "Unable to update the destination secret", "source-secret", sourceSecretPointer.Name)
 			return err
 		}
 	}
diff --git a/controllers/mirrorpeer_controller.go b/controllers/mirrorpeer_controller.go
@@ -242,7 +242,7 @@ func processMirrorPeerSecretChanges(ctx context.Context, rc client.Client, mirro
 		}
 		err = createOrUpdateDestinationSecretsFromSource(ctx, rc, matchingSourceSecret, mirrorPeerObj)
 		if err != nil {
-			logger.Error(err, "Error while updating Destination secrets", "source-secret", *matchingSourceSecret)
+			logger.Error(err, "Error while updating Destination secrets", "source-secret", matchingSourceSecret.Name)
 			anyErr = err
 		}
 	}
diff --git a/controllers/mirrorpeersecret_controller.go b/controllers/mirrorpeersecret_controller.go
@@ -68,25 +68,25 @@ func mirrorPeerSecretReconcile(ctx context.Context, rc client.Client, req ctrl.R
 	}
 	if common.IsSecretSource(&peerSecret) {
 		if err := common.ValidateSourceSecret(&peerSecret); err != nil {
-			logger.Error(err, "Provided source secret is not valid", "secret", peerSecret)
+			logger.Error(err, "Provided source secret is not valid", "secret", peerSecret.Name)
 			return err
 		}
 		err = createOrUpdateDestinationSecretsFromSource(ctx, rc, &peerSecret)
 		if err != nil {
-			logger.Error(err, "Updating the destination secret failed", "secret", peerSecret)
+			logger.Error(err, "Updating the destination secret failed", "secret", peerSecret.Name)
 			return err
 		}
 	} else if common.IsSecretDestination(&peerSecret) {
 		// a destination secret updation happened
 		err = processDestinationSecretUpdation(ctx, rc, &peerSecret)
 		if err != nil {
-			logger.Error(err, "Restoring destination secret failed", "secret", peerSecret)
+			logger.Error(err, "Restoring destination secret failed", "secret", peerSecret.Name)
 			return err
 		}
 	} else if common.IsSecretInternal(&peerSecret) {
 		err = createOrUpdateSecretsFromInternalSecret(ctx, rc, &peerSecret, nil)
 		if err != nil {
-			logger.Error(err, "Updating the secret from internal secret is failed", "secret", peerSecret)
+			logger.Error(err, "Updating the secret from internal secret is failed", "secret", peerSecret.Name)
 			return err
 		}
 	}
diff --git a/controllers/named-peerref-with-data.go b/controllers/named-peerref-with-data.go
@@ -113,7 +113,7 @@ func (nPR *NamedPeerRefWithSecretData) CreateOrUpdateDestinationSecret(ctx conte
 	err = nPR.GetAssociatedSecret(ctx, rc, &currentDest)
 	if err != nil {
 		if k8serrors.IsNotFound(err) {
-			logger.Info("Creating destination secret", "secret", expectedDest)
+			logger.Info("Creating destination secret", "secret", expectedDest.Name)
 			return rc.Create(ctx, expectedDest)
 		}
 		logger.Error(err, "Unable to get the destination secret", "destination-ref", nPR.PeerRef)
@@ -122,9 +122,7 @@ func (nPR *NamedPeerRefWithSecretData) CreateOrUpdateDestinationSecret(ctx conte
 
 	// recieved a destination secret, now compare
 	if !reflect.DeepEqual(expectedDest.Data, currentDest.Data) {
-		logger.Info("Updating the destination secret",
-			"current-data", currentDest.Data,
-			"expected-data", expectedDest.Data)
+		logger.Info("Updating the destination secret", "secret", currentDest.Name)
 		_, err := controllerutil.CreateOrUpdate(ctx, rc, &currentDest, func() error {
 			currentDest.Data = expectedDest.Data
 			return nil

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ func createOrUpdateDestinationSecretsFromSource(ctx context.Context, rc client.C`
`29`	`29`	`logger := log.FromContext(ctx)`
`30`	`30`	`err := common.ValidateSourceSecret(sourceSecret)`
`31`	`31`	`if err != nil {`
`32`		`- logger.Error(err, "Updating secrets failed. Invalid secret type.", "secret", sourceSecret)`
	`32`	`+ logger.Error(err, "Updating secrets failed. Invalid secret type.", "secret", sourceSecret.Name)`
`33`	`33`	`return err`
`34`	`34`	`}`
`35`	`35`
`@@ -44,10 +44,10 @@ func createOrUpdateDestinationSecretsFromSource(ctx context.Context, rc client.C`
`44`	`44`
`45`	`45`	`uniqueConnectedPeers, err := PeersConnectedToSecret(sourceSecret, mirrorPeers)`
`46`	`46`	`if err != nil {`
`47`		`- logger.Error(err, "ConnectedPeers returned an error", "secret", sourceSecret, "mirrorpeers", mirrorPeers)`
	`47`	`+ logger.Error(err, "ConnectedPeers returned an error", "secret", sourceSecret.Name, "mirrorpeers", mirrorPeers)`
`48`	`48`	`return err`
`49`	`49`	`}`
`50`		`- logger.V(2).Info("Listing all the Peers connected to the Source", "SourceSecret", sourceSecret, "#connected-peers", len(uniqueConnectedPeers))`
	`50`	`+ logger.V(2).Info("Listing all the Peers connected to the Source", "SourceSecret", sourceSecret.Name, "#connected-peers", len(uniqueConnectedPeers))`
`51`	`51`
`52`	`52`	`// anyErr will have the last found error`
`53`	`53`	`var anyErr error`
`@@ -67,7 +67,7 @@ func processDestinationSecretUpdation(ctx context.Context, rc client.Client, des`
`67`	`67`	`logger := log.FromContext(ctx)`
`68`	`68`	`err := common.ValidateDestinationSecret(destSecret)`
`69`	`69`	`if err != nil {`
`70`		`- logger.Error(err, "Destination secret validation failed", "secret", destSecret)`
	`70`	`+ logger.Error(err, "Destination secret validation failed", "secret", destSecret.Name)`
`71`	`71`	`return err`
`72`	`72`	`}`
`73`	`73`	`mirrorPeers, err := common.FetchAllMirrorPeers(ctx, rc)`
`@@ -77,7 +77,7 @@ func processDestinationSecretUpdation(ctx context.Context, rc client.Client, des`
`77`	`77`	`}`
`78`	`78`	`uniqueConnectedPeers, err := PeersConnectedToSecret(destSecret, mirrorPeers)`
`79`	`79`	`if err != nil {`
`80`		`- logger.Error(err, "Failed to get the peers connected to the secret", "secret", destSecret)`
	`80`	`+ logger.Error(err, "Failed to get the peers connected to the secret", "secret", destSecret.Name)`
`81`	`81`	`return err`
`82`	`82`	`}`
`83`	`83`	`var connectedSource *corev1.Secret`
`@@ -89,7 +89,7 @@ func processDestinationSecretUpdation(ctx context.Context, rc client.Client, des`
`89`	`89`	`if k8serrors.IsNotFound(err) {`
`90`	`90`	`continue`
`91`	`91`	`}`
`92`		`- logger.Error(err, "Unexpected error while finding the source secret", "peer-ref", eachConnectedPeer, "secret", destSecret)`
	`92`	`+ logger.Error(err, "Unexpected error while finding the source secret", "peer-ref", eachConnectedPeer, "secret", destSecret.Name)`
`93`	`93`	`return err`
`94`	`94`	`}`
`95`	`95`	`if common.IsSecretSource(&connectedSecret) {`
`@@ -99,7 +99,7 @@ func processDestinationSecretUpdation(ctx context.Context, rc client.Client, des`
`99`	`99`	`}`
`100`	`100`
`101`	`101`	`if connectedSource == nil {`
`102`		`- logger.Error(nil, "No connected source found. Removing the dangling destination secret", "secret", destSecret)`
	`102`	`+ logger.Error(nil, "No connected source found. Removing the dangling destination secret", "secret", destSecret.Name)`
`103`	`103`	`err = rc.Delete(ctx, destSecret)`
`104`	`104`	`return err`
`105`	`105`	`}`
`@@ -119,7 +119,7 @@ func processDestinationSecretCleanup(ctx context.Context, rc client.Client) erro`
`119`	`119`	`err = processDestinationSecretUpdation(ctx, rc, &eachDSecret)`
`120`	`120`	`if err != nil {`
`121`	`121`	`anyError = err`
`122`		`- logger.Error(err, "Failed to update destination secret", "secret", eachDSecret)`
	`122`	`+ logger.Error(err, "Failed to update destination secret", "secret", eachDSecret.Name)`
`123`	`123`	`}`
`124`	`124`	`}`
`125`	`125`	`return anyError`
`@@ -153,7 +153,7 @@ func createOrUpdateRamenS3Secret(ctx context.Context, rc client.Client, secret *`
`153`	`153`	`if err != nil {`
`154`	`154`	`if k8serrors.IsNotFound(err) {`
`155`	`155`	`// creating new s3 secret on ramen openshift-dr-system namespace`
`156`		`- logger.Info("Creating a s3 secret", "secret", expectedSecret)`
	`156`	`+ logger.Info("Creating a s3 secret", "secret", expectedSecret.Name)`
`157`	`157`	`return rc.Create(ctx, &expectedSecret)`
`158`	`158`	`}`
`159`	`159`	`logger.Error(err, "unable to fetch the s3 secret", "secret", secret.Name, "namespace", ramenHubNamespace)`
`@@ -289,7 +289,7 @@ func createOrUpdateSecretsFromInternalSecret(ctx context.Context, rc client.Clie`
`289`	`289`	`logger := log.FromContext(ctx)`
`290`	`290`
`291`	`291`	`if err := common.ValidateInternalSecret(secret, common.InternalLabel); err != nil {`
`292`		`- logger.Error(err, "Provided internal secret is not valid", "secret", secret)`
	`292`	`+ logger.Error(err, "Provided internal secret is not valid", "secret", secret.Name)`
`293`	`293`	`return err`
`294`	`294`	`}`
`295`	`295`
`@@ -348,7 +348,7 @@ func processDeletedSecrets(ctx context.Context, rc client.Client, req types.Name`
`348`	`348`	`// secrets of same name.`
`349`	`349`	`if sourceSecretPointer != nil {`
`350`	`350`	`err = errors.New("multiple source secrets detected")`
`351`		`- logger.Error(err, "Cannot have more than one source secrets with the same name", "request", req, "source-secret", *sourceSecretPointer)`
	`351`	`+ logger.Error(err, "Cannot have more than one source secrets with the same name", "request", req, "source-secret", sourceSecretPointer.Name)`
`352`	`352`	`return err`
`353`	`353`	`}`
`354`	`354`	`sourceSecretPointer = eachSecret.DeepCopy()`
`@@ -358,7 +358,7 @@ func processDeletedSecrets(ctx context.Context, rc client.Client, req types.Name`
`358`	`358`	`}`
`359`	`359`	`}`
`360`	`360`
`361`		`- logger.V(2).Info("List of secrets with requested name", "secret-name", req.Name, "secretlist", sameNamedDestinationSecrets, "#secrets", len(sameNamedDestinationSecrets))`
	`361`	`+ logger.V(2).Info("List of secrets with requested name", "secret-name", req.Name, "secret-length", len(sameNamedDestinationSecrets))`
`362`	`362`
`363`	`363`	`if sourceSecretPointer == nil {`
`364`	`364`	`// if there is neither source secret nor any other similarly named secrets,`
`@@ -372,7 +372,7 @@ func processDeletedSecrets(ctx context.Context, rc client.Client, req types.Name`
`372`	`372`	`for _, eachDestSecret := range sameNamedDestinationSecrets {`
`373`	`373`	`err = rc.Delete(ctx, &eachDestSecret)`
`374`	`374`	`if err != nil {`
`375`		`- logger.Error(err, "Deletion failed", "secret", eachDestSecret)`
	`375`	`+ logger.Error(err, "Deletion failed", "secret", eachDestSecret.Name)`
`376`	`376`	`anyErr = err`
`377`	`377`	`}`
`378`	`378`	`}`
`@@ -388,7 +388,7 @@ func processDeletedSecrets(ctx context.Context, rc client.Client, req types.Name`
`388`	`388`	`// and restore the missing destination secret`
`389`	`389`	`err = createOrUpdateDestinationSecretsFromSource(ctx, rc, sourceSecretPointer)`
`390`	`390`	`if err != nil {`
`391`		`- logger.Error(err, "Unable to update the destination secret", "source-secret", sourceSecretPointer)`
	`391`	`+ logger.Error(err, "Unable to update the destination secret", "source-secret", sourceSecretPointer.Name)`
`392`	`392`	`return err`
`393`	`393`	`}`
`394`	`394`	`}`
Original file line number	Diff line number	Diff line change
`@@ -242,7 +242,7 @@ func processMirrorPeerSecretChanges(ctx context.Context, rc client.Client, mirro`
`242`	`242`	`}`
`243`	`243`	`err = createOrUpdateDestinationSecretsFromSource(ctx, rc, matchingSourceSecret, mirrorPeerObj)`
`244`	`244`	`if err != nil {`
`245`		`- logger.Error(err, "Error while updating Destination secrets", "source-secret", *matchingSourceSecret)`
	`245`	`+ logger.Error(err, "Error while updating Destination secrets", "source-secret", matchingSourceSecret.Name)`
`246`	`246`	`anyErr = err`
`247`	`247`	`}`
`248`	`248`	`}`
Original file line number	Diff line number	Diff line change
`@@ -68,25 +68,25 @@ func mirrorPeerSecretReconcile(ctx context.Context, rc client.Client, req ctrl.R`
`68`	`68`	`}`
`69`	`69`	`if common.IsSecretSource(&peerSecret) {`
`70`	`70`	`if err := common.ValidateSourceSecret(&peerSecret); err != nil {`
`71`		`- logger.Error(err, "Provided source secret is not valid", "secret", peerSecret)`
	`71`	`+ logger.Error(err, "Provided source secret is not valid", "secret", peerSecret.Name)`
`72`	`72`	`return err`
`73`	`73`	`}`
`74`	`74`	`err = createOrUpdateDestinationSecretsFromSource(ctx, rc, &peerSecret)`
`75`	`75`	`if err != nil {`
`76`		`- logger.Error(err, "Updating the destination secret failed", "secret", peerSecret)`
	`76`	`+ logger.Error(err, "Updating the destination secret failed", "secret", peerSecret.Name)`
`77`	`77`	`return err`
`78`	`78`	`}`
`79`	`79`	`} else if common.IsSecretDestination(&peerSecret) {`
`80`	`80`	`// a destination secret updation happened`
`81`	`81`	`err = processDestinationSecretUpdation(ctx, rc, &peerSecret)`
`82`	`82`	`if err != nil {`
`83`		`- logger.Error(err, "Restoring destination secret failed", "secret", peerSecret)`
	`83`	`+ logger.Error(err, "Restoring destination secret failed", "secret", peerSecret.Name)`
`84`	`84`	`return err`
`85`	`85`	`}`
`86`	`86`	`} else if common.IsSecretInternal(&peerSecret) {`
`87`	`87`	`err = createOrUpdateSecretsFromInternalSecret(ctx, rc, &peerSecret, nil)`
`88`	`88`	`if err != nil {`
`89`		`- logger.Error(err, "Updating the secret from internal secret is failed", "secret", peerSecret)`
	`89`	`+ logger.Error(err, "Updating the secret from internal secret is failed", "secret", peerSecret.Name)`
`90`	`90`	`return err`
`91`	`91`	`}`
`92`	`92`	`}`