From c266f764ecccc40408f35f6917919017f79bc9c6 Mon Sep 17 00:00:00 2001 From: fabriziopandini Date: Sat, 7 Oct 2017 14:40:48 +0200 Subject: [PATCH] Strip tokens from `kubeadm-config` config map --- cmd/kubeadm/app/phases/uploadconfig/uploadconfig.go | 3 +++ cmd/kubeadm/app/phases/uploadconfig/uploadconfig_test.go | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/cmd/kubeadm/app/phases/uploadconfig/uploadconfig.go b/cmd/kubeadm/app/phases/uploadconfig/uploadconfig.go index 9d9e3c5fb7f..6208d568b35 100644 --- a/cmd/kubeadm/app/phases/uploadconfig/uploadconfig.go +++ b/cmd/kubeadm/app/phases/uploadconfig/uploadconfig.go @@ -40,6 +40,9 @@ func UploadConfiguration(cfg *kubeadmapi.MasterConfiguration, client clientset.I externalcfg := &kubeadmapiext.MasterConfiguration{} api.Scheme.Convert(cfg, externalcfg, nil) + // Removes sensitive info from the data that will be stored in the config map + externalcfg.Token = "" + cfgYaml, err := yaml.Marshal(*externalcfg) if err != nil { return err diff --git a/cmd/kubeadm/app/phases/uploadconfig/uploadconfig_test.go b/cmd/kubeadm/app/phases/uploadconfig/uploadconfig_test.go index d05260a4d61..dfc834ed545 100644 --- a/cmd/kubeadm/app/phases/uploadconfig/uploadconfig_test.go +++ b/cmd/kubeadm/app/phases/uploadconfig/uploadconfig_test.go @@ -64,6 +64,7 @@ func TestUploadConfiguration(t *testing.T) { t.Run(tt.name, func(t *testing.T) { cfg := &kubeadmapi.MasterConfiguration{ KubernetesVersion: "1.7.3", + Token: "1234567", } client := clientsetfake.NewSimpleClientset() if tt.errOnCreate != nil { @@ -108,6 +109,10 @@ func TestUploadConfiguration(t *testing.T) { if decodedCfg.KubernetesVersion != cfg.KubernetesVersion { t.Errorf("Decoded value doesn't match, decoded = %#v, expected = %#v", decodedCfg.KubernetesVersion, cfg.KubernetesVersion) } + + if decodedCfg.Token != "" { + t.Errorf("Decoded value contains token (sensitive info), decoded = %#v, expected = empty", decodedCfg.Token) + } } }) }