util: avoid secret logging in GRPC Replication Request

This commit uses the helper function to avoid the
logging of secrets in Replication GRPC request.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
Madhu Rajanna 2021-03-31 13:50:09 +05:30 committed by mergify[bot]
parent 4f955e474d
commit da840a70c5

View File

@ -26,6 +26,8 @@ import (
"github.com/ceph/ceph-csi/internal/util" "github.com/ceph/ceph-csi/internal/util"
"github.com/container-storage-interface/spec/lib/go/csi" "github.com/container-storage-interface/spec/lib/go/csi"
rp "github.com/kube-storage/replication-lib-utils/protosanitizer"
"github.com/kube-storage/spec/lib/go/replication"
"github.com/kubernetes-csi/csi-lib-utils/protosanitizer" "github.com/kubernetes-csi/csi-lib-utils/protosanitizer"
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/codes" "google.golang.org/grpc/codes"
@ -82,6 +84,21 @@ func NewControllerServiceCapability(ctrlCap csi.ControllerServiceCapability_RPC_
} }
} }
// Add replication request names to the list when we implement more API's.
func isReplicationRequest(req interface{}) bool {
isReplicationRequest := true
switch req.(type) {
case *replication.EnableVolumeReplicationRequest:
case *replication.DisableVolumeReplicationRequest:
case *replication.PromoteVolumeRequest:
case *replication.DemoteVolumeRequest:
case *replication.ResyncVolumeRequest:
default:
isReplicationRequest = false
}
return isReplicationRequest
}
func getReqID(req interface{}) string { func getReqID(req interface{}) string {
// if req is nil empty string will be returned // if req is nil empty string will be returned
reqID := "" reqID := ""
@ -112,6 +129,19 @@ func getReqID(req interface{}) string {
case *csi.NodeExpandVolumeRequest: case *csi.NodeExpandVolumeRequest:
reqID = r.VolumeId reqID = r.VolumeId
case *replication.EnableVolumeReplicationRequest:
reqID = r.VolumeId
case *replication.DisableVolumeReplicationRequest:
reqID = r.VolumeId
case *replication.PromoteVolumeRequest:
reqID = r.VolumeId
case *replication.DemoteVolumeRequest:
reqID = r.VolumeId
case *replication.ResyncVolumeRequest:
reqID = r.VolumeId
} }
return reqID return reqID
} }
@ -130,7 +160,12 @@ func contextIDInjector(ctx context.Context, req interface{}, info *grpc.UnarySer
func logGRPC(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) { func logGRPC(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
util.ExtendedLog(ctx, "GRPC call: %s", info.FullMethod) util.ExtendedLog(ctx, "GRPC call: %s", info.FullMethod)
if isReplicationRequest(req) {
util.TraceLog(ctx, "GRPC request: %s", rp.StripReplicationSecrets(req))
} else {
util.TraceLog(ctx, "GRPC request: %s", protosanitizer.StripSecrets(req)) util.TraceLog(ctx, "GRPC request: %s", protosanitizer.StripSecrets(req))
}
resp, err := handler(ctx, req) resp, err := handler(ctx, req)
if err != nil { if err != nil {
klog.Errorf(util.Log(ctx, "GRPC error: %v"), err) klog.Errorf(util.Log(ctx, "GRPC error: %v"), err)