Implement fmt.Stringer on rest.Config to sanitize sensitive fields

It's very easy to add glog.Info(config) calls for debugging (or actual logging). In some scenarios those configs will carry sensitive tokens and those tokens will end up in logs or response bodies. Leaking of those stringified configs compromises the cluster. Also implement fmt.GoStringer. Kubernetes-commit: c9ad1d7339b164dfba0846ec49fa4a52474d3e23
2025-09-04 08:35:10 +00:00 · 2018-11-02 11:39:14 -07:00
parent b831b8de71
commit 420f3f77fb
4 changed files with 262 additions and 1 deletions
--- a/plugin/pkg/client/auth/exec/exec.go
+++ b/plugin/pkg/client/auth/exec/exec.go
@@ -31,6 +31,7 @@ import (
 	"sync"
 	"time"

+	"github.com/davecgh/go-spew/spew"
 	"golang.org/x/crypto/ssh/terminal"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -73,8 +74,10 @@ func newCache() *cache {
 	return &cache{m: make(map[string]*Authenticator)}
 }

+var spewConfig = &spew.ConfigState{DisableMethods: true, Indent: " "}
+
 func cacheKey(c *api.ExecConfig) string {
-	return fmt.Sprintf("%#v", c)
+	return spewConfig.Sprint(c)
 }

 type cache struct {