From a5f2635bc0cbdb7192b7c368812dcd43f955a68a Mon Sep 17 00:00:00 2001
From: Madhu Rajanna <mrajanna@redhat.com>
Date: Fri, 8 Feb 2019 13:20:21 +0530
Subject: [PATCH] avoid logging secrets in request

Signed-off-by: Madhu Rajanna <mrajanna@redhat.com>
---
 pkg/rbd/controllerserver.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/pkg/rbd/controllerserver.go b/pkg/rbd/controllerserver.go
index 844423a26..616012095 100644
--- a/pkg/rbd/controllerserver.go
+++ b/pkg/rbd/controllerserver.go
@@ -26,6 +26,7 @@ import (
 	"github.com/container-storage-interface/spec/lib/go/csi"
 	"github.com/golang/protobuf/ptypes"
 	"github.com/golang/protobuf/ptypes/timestamp"
+	"github.com/kubernetes-csi/csi-lib-utils/protosanitizer"
 	"github.com/kubernetes-csi/drivers/pkg/csi-common"
 	"github.com/pborman/uuid"
 	"github.com/pkg/errors"
@@ -74,7 +75,7 @@ func (cs *ControllerServer) LoadExDataFromMetadataStore() error {
 
 func (cs *ControllerServer) validateVolumeReq(req *csi.CreateVolumeRequest) error {
 	if err := cs.Driver.ValidateControllerServiceRequest(csi.ControllerServiceCapability_RPC_CREATE_DELETE_VOLUME); err != nil {
-		klog.V(3).Infof("invalid create volume req: %v", req)
+		klog.V(3).Infof("invalid create volume req: %v", protosanitizer.StripSecrets(req))
 		return err
 	}
 	// Check sanity of request Name, Volume Capabilities
@@ -228,7 +229,7 @@ func (cs *ControllerServer) checkSnapshot(req *csi.CreateVolumeRequest, rbdVol *
 // from store
 func (cs *ControllerServer) DeleteVolume(ctx context.Context, req *csi.DeleteVolumeRequest) (*csi.DeleteVolumeResponse, error) {
 	if err := cs.Driver.ValidateControllerServiceRequest(csi.ControllerServiceCapability_RPC_CREATE_DELETE_VOLUME); err != nil {
-		klog.Warningf("invalid delete volume req: %v", req)
+		klog.Warningf("invalid delete volume req: %v", protosanitizer.StripSecrets(req))
 		return nil, err
 	}
 	// For now the image get unconditionally deleted, but here retention policy can be checked
@@ -394,7 +395,7 @@ func (cs *ControllerServer) storeSnapMetadata(rbdSnap *rbdSnapshot, secret map[s
 
 func (cs *ControllerServer) validateSnapshotReq(req *csi.CreateSnapshotRequest) error {
 	if err := cs.Driver.ValidateControllerServiceRequest(csi.ControllerServiceCapability_RPC_CREATE_DELETE_SNAPSHOT); err != nil {
-		klog.Warningf("invalid create snapshot req: %v", req)
+		klog.Warningf("invalid create snapshot req: %v", protosanitizer.StripSecrets(req))
 		return err
 	}
 
@@ -447,7 +448,7 @@ func (cs *ControllerServer) doSnapshot(rbdSnap *rbdSnapshot, secret map[string]s
 //snapshot metadata from store
 func (cs *ControllerServer) DeleteSnapshot(ctx context.Context, req *csi.DeleteSnapshotRequest) (*csi.DeleteSnapshotResponse, error) {
 	if err := cs.Driver.ValidateControllerServiceRequest(csi.ControllerServiceCapability_RPC_CREATE_DELETE_SNAPSHOT); err != nil {
-		klog.Warningf("invalid delete snapshot req: %v", req)
+		klog.Warningf("invalid delete snapshot req: %v", protosanitizer.StripSecrets(req))
 		return nil, err
 	}