From bd2bf5c0e3150807a440d358f4858c77553db91b Mon Sep 17 00:00:00 2001
From: Marek Siarkowicz <siarkowicz@google.com>
Date: Mon, 9 Nov 2020 14:57:51 +0100
Subject: [PATCH] Add --experimental-logging-sanitization flag to control plane
 components
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Paweł Kępka <pkepka@google.com>
---
 staging/src/k8s.io/component-base/logs/BUILD      | 1 +
 staging/src/k8s.io/component-base/logs/options.go | 9 ++++++++-
 vendor/modules.txt                                | 2 ++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/staging/src/k8s.io/component-base/logs/BUILD b/staging/src/k8s.io/component-base/logs/BUILD
index aac0b455819..0183730b539 100644
--- a/staging/src/k8s.io/component-base/logs/BUILD
+++ b/staging/src/k8s.io/component-base/logs/BUILD
@@ -17,6 +17,7 @@ go_library(
     deps = [
         "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
         "//staging/src/k8s.io/component-base/logs/json:go_default_library",
+        "//staging/src/k8s.io/component-base/logs/sanitization:go_default_library",
         "//vendor/github.com/go-logr/logr:go_default_library",
         "//vendor/github.com/spf13/pflag:go_default_library",
         "//vendor/k8s.io/klog/v2:go_default_library",
diff --git a/staging/src/k8s.io/component-base/logs/options.go b/staging/src/k8s.io/component-base/logs/options.go
index 00e62e65c8c..a5b6b470419 100644
--- a/staging/src/k8s.io/component-base/logs/options.go
+++ b/staging/src/k8s.io/component-base/logs/options.go
@@ -24,6 +24,7 @@ import (
 	"github.com/go-logr/logr"
 	"github.com/spf13/pflag"
 
+	"k8s.io/component-base/logs/sanitization"
 	"k8s.io/klog/v2"
 )
 
@@ -40,7 +41,8 @@ var supportedLogsFlags = map[string]struct{}{
 
 // Options has klog format parameters
 type Options struct {
-	LogFormat string
+	LogFormat       string
+	LogSanitization bool
 }
 
 // NewOptions return new klog options
@@ -88,6 +90,8 @@ func (o *Options) AddFlags(fs *pflag.FlagSet) {
 
 	// No new log formats should be added after generation is of flag options
 	logRegistry.Freeze()
+	fs.BoolVar(&o.LogSanitization, "experimental-logging-sanitization", false, `[Experimental] When enabled prevents logging of fields that tagged as sensitive (passwords, keys, tokens).
+Runtime log sanitization may introduce significant computation overhead and therefore should not be enabled in production.`)
 }
 
 // Apply set klog logger from LogFormat type
@@ -95,6 +99,9 @@ func (o *Options) Apply() {
 	// if log format not exists, use nil loggr
 	loggr, _ := o.Get()
 	klog.SetLogger(loggr)
+	if o.LogSanitization {
+		klog.SetLogFilter(&sanitization.SanitizingFilter{})
+	}
 }
 
 // Get logger with LogFormat field
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 1ae0a154465..732cccfd725 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -2206,8 +2206,10 @@ k8s.io/component-base/configz
 k8s.io/component-base/featuregate
 k8s.io/component-base/featuregate/testing
 k8s.io/component-base/logs
+k8s.io/component-base/logs/datapol
 k8s.io/component-base/logs/json
 k8s.io/component-base/logs/logreduction
+k8s.io/component-base/logs/sanitization
 k8s.io/component-base/metrics
 k8s.io/component-base/metrics/legacyregistry
 k8s.io/component-base/metrics/prometheus/clientgo