Merge pull request #66023 from ibrasho/change-TRUNCATED-to-DATA+OMITTED

Automatic merge from submit-queue (batch tested with PRs 60790, 66023, 67549). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. change TRUNCATED to DATA+OMITTED in kubectl config view **What this PR does / why we need it**: Based on the discussion in #61573, this PR switches the replacement text for CA certificate data and client certificates and secrets printed using `kubectl config view`. Currently, `REDACTED` is used, which might give a false impression that the data is a secret (which is not true for the public certificates). This PR changes `REDACTED` to `DATA+OMITTED`. The printed string is the base64 encoded string on the byte stream. Some trickery is involved to print a readable string (refer to [this comment](https://github.com/kubernetes/kubernetes/pull/66023/files#diff-aec000ca3f293c94dcd99b4a9d1c5c3cL86) for more info). **Which issue(s) this PR fixes**: Fixes #61573 **Special notes for your reviewer**: **Release note**: ```release-note Switched certificate data replacement from "REDACTED" to "DATA+OMITTED" ``` Kubernetes-commit: ae9beb4663329c8ca824638805b70eba0d295977
2025-06-24 14:12:18 +00:00 · 2018-08-17 20:36:57 -07:00 · 2018-08-17 20:36:57 -07:00 · b53d9ecf53
commit b53d9ecf53
parent 5d107d4ebc a83d2a2682
3 changed files with 62 additions and 56 deletions
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@ -396,207 +396,207 @@
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting/fuzzer",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting/roundtrip",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/equality",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/errors",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/meta",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/resource",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/fuzzer",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/internalversion",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1beta1",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion/queryparams",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/fields",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/labels",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/schema",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/json",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/protobuf",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/recognizer",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/streaming",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/versioning",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/selection",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/types",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/cache",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/clock",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/diff",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/errors",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/framer",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/httpstream",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/httpstream/spdy",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/intstr",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/json",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/mergepatch",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/naming",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/net",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/remotecommand",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/runtime",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/sets",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/strategicpatch",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation/field",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/wait",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/yaml",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/version",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/watch",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/json",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/netutil",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/reflect",
-			"Rev": "93ccdcd99b01517fd11cd0b142dd00ec4c70a95c"
+			"Rev": "96c5a2b154a12e0ff9830aedfd19f6d0780b79f6"
 		},
 		{
 			"ImportPath": "k8s.io/kube-openapi/pkg/util/proto",
--- a/tools/clientcmd/api/helpers.go
+++ b/tools/clientcmd/api/helpers.go
@ -29,6 +29,8 @@ import (
 func init() {
 	sDec, _ := base64.StdEncoding.DecodeString("REDACTED+")
 	redactedBytes = []byte(string(sDec))
+	sDec, _ = base64.StdEncoding.DecodeString("DATA+OMITTED")
+	dataOmittedBytes = []byte(string(sDec))
 }

 // IsConfigEmpty returns true if the config is empty.
@ -79,7 +81,10 @@ func MinifyConfig(config *Config) error {
 	return nil
 }

-var redactedBytes []byte
+var (
+	redactedBytes    []byte
+	dataOmittedBytes []byte
+)

 // Flatten redacts raw data entries from the config object for a human-readable view.
 func ShortenConfig(config *Config) {
@ -97,7 +102,7 @@ func ShortenConfig(config *Config) {
 	}
 	for key, cluster := range config.Clusters {
 		if len(cluster.CertificateAuthorityData) > 0 {
-			cluster.CertificateAuthorityData = redactedBytes
+			cluster.CertificateAuthorityData = dataOmittedBytes
 		}
 		config.Clusters[key] = cluster
 	}
--- a/tools/clientcmd/api/helpers_test.go
+++ b/tools/clientcmd/api/helpers_test.go
@ -229,7 +229,7 @@ func Example_minifyAndShorten() {
 	// clusters:
 	//   cow-cluster:
 	//     LocationOfOrigin: ""
-	//     certificate-authority-data: REDACTED
+	//     certificate-authority-data: DATA+OMITTED
 	//     server: http://cow.org:8080
 	// contexts:
 	//   federal-context:
@ -276,14 +276,15 @@ func TestShortenSuccess(t *testing.T) {
 	}

 	redacted := string(redactedBytes)
+	dataOmitted := string(dataOmittedBytes)
 	if len(mutatingConfig.Clusters) != 2 {
 		t.Errorf("unexpected clusters: %v", mutatingConfig.Clusters)
 	}
 	if !reflect.DeepEqual(startingConfig.Clusters[unchangingCluster], mutatingConfig.Clusters[unchangingCluster]) {
 		t.Errorf("expected %v, got %v", startingConfig.Clusters[unchangingCluster], mutatingConfig.Clusters[unchangingCluster])
 	}
-	if string(mutatingConfig.Clusters[changingCluster].CertificateAuthorityData) != redacted {
-		t.Errorf("expected %v, got %v", redacted, string(mutatingConfig.Clusters[changingCluster].CertificateAuthorityData))
+	if string(mutatingConfig.Clusters[changingCluster].CertificateAuthorityData) != dataOmitted {
+		t.Errorf("expected %v, got %v", dataOmitted, string(mutatingConfig.Clusters[changingCluster].CertificateAuthorityData))
 	}

 	if len(mutatingConfig.AuthInfos) != 2 {