github/weave-scope
1
0
Fork 0
mirror of https://github.com/weaveworks/scope.git synced 2026-03-04 18:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Elide sensitive kubernetes flags from the logs

Browse Source
This commit is contained in:
Alfonso Acosta
2016-08-18 15:30:31 +00:00
parent 9839b3d161
commit f8a67a41f7
2 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
prog/main.go
View File

@@ -22,9 +22,16 @@ var (
// set at build time
version = "dev"
// tokens to be elided when logging
serviceTokenFlag = "service-token"
probeTokenFlag = "probe.token"
sensitiveFlags = []string{serviceTokenFlag, probeTokenFlag}
serviceTokenFlag = "service-token"
probeTokenFlag = "probe.token"
kubernetesPasswordFlag = "probe.kubernetes.password"
kubernetesTokenFlag = "probe.kubernetes.token"
sensitiveFlags = []string{
serviceTokenFlag,
probeTokenFlag,
kubernetesPasswordFlag,
kubernetesTokenFlag,
}
)
type prefixFormatter struct {
@@ -209,9 +216,9 @@ func main() {
flag.StringVar(&flags.probe.kubernetesConfig.Context, "probe.kubernetes.context", "", "The name of the kubeconfig context to use")
flag.BoolVar(&flags.probe.kubernetesConfig.Insecure, "probe.kubernetes.insecure-skip-tls-verify", false, "If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure")
flag.StringVar(&flags.probe.kubernetesConfig.Kubeconfig, "probe.kubernetes.kubeconfig", "", "Path to the kubeconfig file to use")
flag.StringVar(&flags.probe.kubernetesConfig.Password, "probe.kubernetes.password", "", "Password for basic authentication to the API server")
flag.StringVar(&flags.probe.kubernetesConfig.Password, kubernetesPasswordFlag, "", "Password for basic authentication to the API server")
flag.StringVar(&flags.probe.kubernetesConfig.Server, "probe.kubernetes.server", "", "The address and port of the Kubernetes API server")
flag.StringVar(&flags.probe.kubernetesConfig.Token, "probe.kubernetes.token", "", "Bearer token for authentication to the API server")
flag.StringVar(&flags.probe.kubernetesConfig.Token, kubernetesTokenFlag, "", "Bearer token for authentication to the API server")
flag.StringVar(&flags.probe.kubernetesConfig.User, "probe.kubernetes.user", "", "The name of the kubeconfig user to use")
flag.StringVar(&flags.probe.kubernetesConfig.Username, "probe.kubernetes.username", "", "Username for basic authentication to the API server")

1
prog/probe.go
View File

@@ -88,7 +88,6 @@ func probeMain(flags probeFlags) {
hostID = hostName // TODO(pb): we should sanitize the hostname
)
log.Infof("probe starting, version %s, ID %s", version, probeID)
log.Infof("command line: %v", os.Args)
checkpointFlags := map[string]string{}
if flags.kubernetesEnabled {
checkpointFlags["kubernetes_enabled"] = "true"