From e81c498351833ea9feadcb1f31263f28970ca08a Mon Sep 17 00:00:00 2001 From: Pudong Zheng Date: Tue, 10 Oct 2023 08:21:23 +0000 Subject: [PATCH 1/4] update to logrusr v4 --- components/ws-manager-mk2/go.mod | 2 +- components/ws-manager-mk2/go.sum | 10 ++-------- components/ws-manager-mk2/main.go | 2 +- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/components/ws-manager-mk2/go.mod b/components/ws-manager-mk2/go.mod index c75b3b26705faf..5d7044bddde2c7 100644 --- a/components/ws-manager-mk2/go.mod +++ b/components/ws-manager-mk2/go.mod @@ -4,7 +4,7 @@ go 1.21 require ( github.com/aws/smithy-go v1.13.3 - github.com/bombsimon/logrusr/v2 v2.0.1 + github.com/bombsimon/logrusr/v4 v4.0.0 github.com/gitpod-io/gitpod/common-go v0.0.0-00010101000000-000000000000 github.com/gitpod-io/gitpod/components/scrubber v0.0.0-00010101000000-000000000000 github.com/gitpod-io/gitpod/content-service/api v0.0.0-00010101000000-000000000000 diff --git a/components/ws-manager-mk2/go.sum b/components/ws-manager-mk2/go.sum index ccc20b3986e134..9ef85069181f18 100644 --- a/components/ws-manager-mk2/go.sum +++ b/components/ws-manager-mk2/go.sum @@ -10,8 +10,8 @@ github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLj github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM= -github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= +github.com/bombsimon/logrusr/v4 v4.0.0 h1:Pm0InGphX0wMhPqC02t31onlq9OVyJ98eP/Vh63t1Oo= +github.com/bombsimon/logrusr/v4 v4.0.0/go.mod h1:pjfHC5e59CvjTBIU3V3sGhFWFAnsnhOR03TRc6im0l8= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -39,7 +39,6 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logr/logr v1.0.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -114,7 +113,6 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -166,7 +164,6 @@ github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPH github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/slok/go-http-metrics v0.10.0 h1:rh0LaYEKza5eaYRGDXujKrOln57nHBi4TtVhmNEpbgM= @@ -249,13 +246,11 @@ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210608053332-aa57babbf139/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= @@ -334,7 +329,6 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/components/ws-manager-mk2/main.go b/components/ws-manager-mk2/main.go index c9d8929abf1f71..ac65e972b305e9 100644 --- a/components/ws-manager-mk2/main.go +++ b/components/ws-manager-mk2/main.go @@ -20,7 +20,7 @@ import ( _ "k8s.io/client-go/plugin/pkg/client/auth" "k8s.io/client-go/rest" - "github.com/bombsimon/logrusr/v2" + "github.com/bombsimon/logrusr/v4" grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus" "github.com/prometheus/client_golang/prometheus" "k8s.io/apimachinery/pkg/runtime" From 1bbe3dc2f6e86c5bc0f9b362d7f3f968e71aa728 Mon Sep 17 00:00:00 2001 From: Pudong Zheng Date: Fri, 13 Oct 2023 08:32:34 +0000 Subject: [PATCH 2/4] Add DeepCopyStruct to scrubber --- components/scrubber/scrubber.go | 146 +++++++++++++++++++++++ components/scrubber/scrubber_test.go | 170 +++++++++++++++++++++++++++ 2 files changed, 316 insertions(+) diff --git a/components/scrubber/scrubber.go b/components/scrubber/scrubber.go index 3272eb98a87383..2050ec697b9720 100644 --- a/components/scrubber/scrubber.go +++ b/components/scrubber/scrubber.go @@ -10,6 +10,7 @@ import ( "reflect" "regexp" "strings" + "unsafe" "github.com/mitchellh/reflectwalk" ) @@ -86,6 +87,12 @@ type Scrubber interface { // } // Struct(val any) error + + // DeepCopyStruct scrubes a struct with a deep copy. + // The difference between `DeepCopyStruct` and `Struct`` is that DeepCopyStruct does not modify the structure directly, + // but creates a deep copy instead. + // Also, val can be a pointer or a structure. + DeepCopyStruct(val any) any } // Default is the default scrubber consumers of this package should use @@ -189,6 +196,145 @@ func (s *scrubberImpl) Struct(val any) error { return nil } +func (s *scrubberImpl) deepCopyStruct(fieldName string, src reflect.Value, scrubTag string, skipScrub bool) reflect.Value { + if src.Kind() == reflect.Ptr && src.IsNil() { + return reflect.New(src.Type()).Elem() + } + + if src.CanInterface() { + value := src.Interface() + if _, ok := value.(TrustedValue); ok { + skipScrub = true + } + } + + if src.Kind() == reflect.String && !skipScrub { + dst := reflect.New(src.Type()) + var ( + setExplicitValue bool + explicitValue string + ) + switch scrubTag { + case "ignore": + dst.Elem().SetString(src.String()) + if !dst.CanInterface() { + return dst + } + return dst.Elem() + case "hash": + setExplicitValue = true + explicitValue = SanitiseHash(src.String()) + case "redact": + setExplicitValue = true + explicitValue = SanitiseRedact(src.String()) + } + + if setExplicitValue { + dst.Elem().SetString(explicitValue) + } else { + sanitisatiser := s.getSanitisatiser(fieldName) + if sanitisatiser != nil { + dst.Elem().SetString(sanitisatiser(src.String())) + } else { + dst.Elem().SetString(s.Value(src.String())) + } + } + if !dst.CanInterface() { + return dst + } + return dst.Elem() + } + + switch src.Kind() { + case reflect.Struct: + dst := reflect.New(src.Type()) + t := src.Type() + + for i := 0; i < t.NumField(); i++ { + f := t.Field(i) + srcValue := src.Field(i) + dstValue := dst.Elem().Field(i) + + if !srcValue.CanInterface() { + dstValue = reflect.NewAt(dstValue.Type(), unsafe.Pointer(dstValue.UnsafeAddr())).Elem() + + if !srcValue.CanAddr() { + switch { + case srcValue.CanInt(): + dstValue.SetInt(srcValue.Int()) + case srcValue.CanUint(): + dstValue.SetUint(srcValue.Uint()) + case srcValue.CanFloat(): + dstValue.SetFloat(srcValue.Float()) + case srcValue.CanComplex(): + dstValue.SetComplex(srcValue.Complex()) + case srcValue.Kind() == reflect.Bool: + dstValue.SetBool(srcValue.Bool()) + } + + continue + } + + srcValue = reflect.NewAt(srcValue.Type(), unsafe.Pointer(srcValue.UnsafeAddr())).Elem() + } + + tagValue := f.Tag.Get("scrub") + copied := s.deepCopyStruct(f.Name, srcValue, tagValue, skipScrub) + dstValue.Set(copied) + } + return dst.Elem() + + case reflect.Map: + dst := reflect.MakeMap(src.Type()) + keys := src.MapKeys() + for i := 0; i < src.Len(); i++ { + mValue := src.MapIndex(keys[i]) + dst.SetMapIndex(keys[i], s.deepCopyStruct(keys[i].String(), mValue, "", skipScrub)) + } + return dst + + case reflect.Slice: + dst := reflect.MakeSlice(src.Type(), src.Len(), src.Cap()) + for i := 0; i < src.Len(); i++ { + dst.Index(i).Set(s.deepCopyStruct(fieldName, src.Index(i), "", skipScrub)) + } + return dst + + case reflect.Array: + if src.Len() == 0 { + return src + } + + dst := reflect.New(src.Type()).Elem() + for i := 0; i < src.Len(); i++ { + dst.Index(i).Set(s.deepCopyStruct(fieldName, src.Index(i), "", skipScrub)) + } + return dst + + case reflect.Interface: + dst := reflect.New(src.Elem().Type()) + copied := s.deepCopyStruct(fieldName, src.Elem(), scrubTag, skipScrub) + dst.Elem().Set(copied) + return dst.Elem() + + case reflect.Ptr: + dst := reflect.New(src.Elem().Type()) + copied := s.deepCopyStruct(fieldName, src.Elem(), scrubTag, skipScrub) + dst.Elem().Set(copied) + return dst + + default: + dst := reflect.New(src.Type()) + dst.Elem().Set(src) + return dst.Elem() + } +} + +// Struct implements Scrubber +func (s *scrubberImpl) DeepCopyStruct(val any) any { + return s.deepCopyStruct("", reflect.ValueOf(val), "", false).Interface() +} + func (s *scrubberImpl) scrubJsonObject(val map[string]interface{}) error { // fix https://github.com/gitpod-io/security/issues/64 name, _ := val["name"].(string) diff --git a/components/scrubber/scrubber_test.go b/components/scrubber/scrubber_test.go index 4e93139ba06538..8f597893d5a81c 100644 --- a/components/scrubber/scrubber_test.go +++ b/components/scrubber/scrubber_test.go @@ -5,6 +5,7 @@ package scrubber import ( + "encoding/json" "math/rand" "testing" @@ -68,6 +69,10 @@ type TrustedStructToTest struct { StructToTest } +type TestWrap struct { + Test *StructToTest +} + type UnexportedStructToTest struct { Exported string unexportedPtr *string @@ -293,6 +298,171 @@ func TestJSON(t *testing.T) { } } +func TestDeepCopyStruct(t *testing.T) { + type Expectation struct { + Error string + Result any + } + tests := []struct { + Name string + Struct any + Expectation Expectation + CmpOpts []cmp.Option + }{ + { + Name: "basic happy path", + Struct: &struct { + Username string + Email string + Password string + WorkspaceID string + LeaveMeAlone string + }{Username: "foo", Email: "foo@bar.com", Password: "foobar", WorkspaceID: "gitpodio-gitpod-uesaddev73c", LeaveMeAlone: "foo"}, + Expectation: Expectation{ + Result: &struct { + Username string + Email string + Password string + WorkspaceID string + LeaveMeAlone string + }{Username: "[redacted:md5:acbd18db4cc2f85cedef654fccc4a4d8]", Email: "[redacted]", Password: "[redacted]", WorkspaceID: "[redacted:md5:a35538939333def8477b5c19ac694b35]", LeaveMeAlone: "foo"}, + }, + }, + { + Name: "stuct without pointer", + Struct: struct { + Username string + Email string + Password string + WorkspaceID string + LeaveMeAlone string + }{Username: "foo", Email: "foo@bar.com", Password: "foobar", WorkspaceID: "gitpodio-gitpod-uesaddev73c", LeaveMeAlone: "foo"}, + Expectation: Expectation{ + Result: struct { + Username string + Email string + Password string + WorkspaceID string + LeaveMeAlone string + }{Username: "[redacted:md5:acbd18db4cc2f85cedef654fccc4a4d8]", Email: "[redacted]", Password: "[redacted]", WorkspaceID: "[redacted:md5:a35538939333def8477b5c19ac694b35]", LeaveMeAlone: "foo"}, + }, + }, + { + Name: "map field", + Struct: &struct { + WithMap map[string]interface{} + }{ + WithMap: map[string]interface{}{ + "email": "foo@bar.com", + }, + }, + Expectation: Expectation{ + Result: &struct{ WithMap map[string]any }{WithMap: map[string]any{"email": string("[redacted]")}}, + }, + }, + { + Name: "slices", + Struct: &struct { + Slice []string + }{Slice: []string{"foo", "bar", "foo@bar.com"}}, + Expectation: Expectation{ + Result: &struct { + Slice []string + }{Slice: []string{"foo", "bar", "[redacted:email]"}}, + }, + }, + { + Name: "struct tags", + Struct: &struct { + Hashed string `scrub:"hash"` + Redacted string `scrub:"redact"` + Email string `scrub:"ignore"` + }{ + Hashed: "foo", + Redacted: "foo", + Email: "foo", + }, + Expectation: Expectation{ + Result: &struct { + Hashed string `scrub:"hash"` + Redacted string `scrub:"redact"` + Email string `scrub:"ignore"` + }{ + Hashed: "[redacted:md5:acbd18db4cc2f85cedef654fccc4a4d8]", + Redacted: "[redacted]", + Email: "foo", + }, + }, + }, + { + Name: "trusted struct", + Struct: scrubStructToTest(&StructToTest{ + Username: "foo", + Email: "foo@bar.com", + Password: "foobar", + }), + Expectation: Expectation{ + Result: &TrustedStructToTest{ + StructToTest: StructToTest{ + Username: "foo", + Email: "trusted:[redacted:email]", + Password: "trusted:[redacted]", + }, + }, + }, + }, + { + Name: "trusted interface", + Struct: scrubStructToTestAsTrustedValue(&StructToTest{ + Username: "foo", + Email: "foo@bar.com", + Password: "foobar", + }), + Expectation: Expectation{ + Result: &TrustedStructToTest{ + StructToTest: StructToTest{ + Username: "foo", + Email: "trusted:[redacted:email]", + Password: "trusted:[redacted]", + }, + }, + }, + }, + { + Name: "contains unexported pointers", + Struct: UnexportedStructToTest{ + Exported: "foo", + unexportedPtr: nil, + }, + Expectation: Expectation{ + Result: UnexportedStructToTest{ + Exported: "foo", + unexportedPtr: nil, + }, + }, + CmpOpts: []cmp.Option{cmpopts.IgnoreUnexported(UnexportedStructToTest{})}, + }, + } + + for _, test := range tests { + t.Run(test.Name, func(t *testing.T) { + var act Expectation + b, _ := json.Marshal(test.Struct) + + act.Result = Default.DeepCopyStruct(test.Struct) + b2, _ := json.Marshal(test.Struct) + + if diff := cmp.Diff(b, b2, test.CmpOpts...); diff != "" { + t.Errorf("DeepCopyStruct for origin struct modified (-want +got):\n%s", diff) + } + + if diff := cmp.Diff(test.Expectation, act, test.CmpOpts...); diff != "" { + t.Errorf("DeepCopyStruct() mismatch (-want +got):\n%s", diff) + } + }) + } +} + func BenchmarkKeyValue(b *testing.B) { key := HashedFieldNames[rand.Intn(len(HashedFieldNames))] From f01a33c8fb52ac5b9ffe17172b01848f57c5cd29 Mon Sep 17 00:00:00 2001 From: Pudong Zheng Date: Fri, 13 Oct 2023 08:33:21 +0000 Subject: [PATCH 3/4] use DeepCopyStruct to scrub log --- components/common-go/log/log.go | 12 ++++++++++++ .../controllers/workspace_controller.go | 14 +++----------- components/ws-manager-mk2/main.go | 9 ++++++++- 3 files changed, 23 insertions(+), 12 deletions(-) diff --git a/components/common-go/log/log.go b/components/common-go/log/log.go index 2f78ec2f6d5e28..3ae0c1b1986c49 100644 --- a/components/common-go/log/log.go +++ b/components/common-go/log/log.go @@ -231,3 +231,15 @@ type jsonEntry struct { Msg string `json:"msg,omitempty"` Time *time.Time `json:"time,omitempty"` } + +// TrustedValueWrap is a simple wrapper that treats the entire value as trusted, which are not processed by the scrubber. +// During JSON marshal, only the Value itself will be processed, without including Wrap. +type TrustedValueWrap struct { + Value any +} + +func (TrustedValueWrap) IsTrustedValue() {} + +func (t TrustedValueWrap) MarshalJSON() ([]byte, error) { + return json.Marshal(t.Value) +} diff --git a/components/ws-manager-mk2/controllers/workspace_controller.go b/components/ws-manager-mk2/controllers/workspace_controller.go index c989d4f1eddfce..43b6827d232618 100644 --- a/components/ws-manager-mk2/controllers/workspace_controller.go +++ b/components/ws-manager-mk2/controllers/workspace_controller.go @@ -29,7 +29,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" wsk8s "github.com/gitpod-io/gitpod/common-go/kubernetes" - "github.com/gitpod-io/gitpod/components/scrubber" "github.com/gitpod-io/gitpod/ws-manager-mk2/pkg/maintenance" config "github.com/gitpod-io/gitpod/ws-manager/api/config" workspacev1 "github.com/gitpod-io/gitpod/ws-manager/api/crd/v1" @@ -126,20 +125,13 @@ func (r *WorkspaceReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( r.updateMetrics(ctx, &workspace) r.emitPhaseEvents(ctx, &workspace, oldStatus) - var scrubbedPodStatus *corev1.PodStatus + var podStatus *corev1.PodStatus if len(workspacePods.Items) > 0 { - scrubbedPodStatus = workspacePods.Items[0].Status.DeepCopy() - if err = scrubber.Default.Struct(scrubbedPodStatus); err != nil { - log.Error(err, "failed to scrub pod status") - } - } - scrubbedStatus := workspace.Status.DeepCopy() - if err = scrubber.Default.Struct(scrubbedStatus); err != nil { - log.Error(err, "failed to scrub workspace status") + podStatus = &workspacePods.Items[0].Status } if !equality.Semantic.DeepDerivative(oldStatus, workspace.Status) { - log.Info("updating workspace status", "status", scrubbedStatus, "podStatus", scrubbedPodStatus) + log.Info("updating workspace status", "status", workspace.Status, "podStatus", podStatus) } err = r.Status().Update(ctx, &workspace) diff --git a/components/ws-manager-mk2/main.go b/components/ws-manager-mk2/main.go index ac65e972b305e9..1f419b505e1de3 100644 --- a/components/ws-manager-mk2/main.go +++ b/components/ws-manager-mk2/main.go @@ -23,6 +23,7 @@ import ( "github.com/bombsimon/logrusr/v4" grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus" "github.com/prometheus/client_golang/prometheus" + "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" @@ -43,6 +44,7 @@ import ( config "github.com/gitpod-io/gitpod/ws-manager/api/config" workspacev1 "github.com/gitpod-io/gitpod/ws-manager/api/crd/v1" + "github.com/gitpod-io/gitpod/components/scrubber" "github.com/gitpod-io/gitpod/ws-manager-mk2/controllers" "github.com/gitpod-io/gitpod/ws-manager-mk2/pkg/maintenance" imgproxy "github.com/gitpod-io/gitpod/ws-manager-mk2/pkg/proxy" @@ -77,7 +79,12 @@ func main() { flag.Parse() log.Init(ServiceName, Version, jsonLog, verbose) - baseLogger := logrusr.New(log.Log) + + l := log.WithFields(logrus.Fields{}) + l.Logger.SetReportCaller(false) + baseLogger := logrusr.New(l, logrusr.WithFormatter(func(i interface{}) interface{} { + return &log.TrustedValueWrap{Value: scrubber.Default.DeepCopyStruct(i)} + })) ctrl.SetLogger(baseLogger) // Set the logger used by k8s (e.g. client-go). klog.SetLogger(baseLogger) From c5c7c5c583a97b18a93ac8963f5c96b909b9dcbc Mon Sep 17 00:00:00 2001 From: Pudong Zheng Date: Mon, 16 Oct 2023 10:18:29 +0000 Subject: [PATCH 4/4] mark wrokspace.stauts.url redact --- components/ws-manager-api/go/crd/v1/workspace_types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/ws-manager-api/go/crd/v1/workspace_types.go b/components/ws-manager-api/go/crd/v1/workspace_types.go index aa54d684b6e97e..3c4bb39c5c1049 100644 --- a/components/ws-manager-api/go/crd/v1/workspace_types.go +++ b/components/ws-manager-api/go/crd/v1/workspace_types.go @@ -169,7 +169,7 @@ func (ps PortSpec) Equal(other PortSpec) bool { // WorkspaceStatus defines the observed state of Workspace type WorkspaceStatus struct { PodStarts int `json:"podStarts"` - URL string `json:"url,omitempty"` + URL string `json:"url,omitempty" scrub:"redact"` OwnerToken string `json:"ownerToken,omitempty" scrub:"redact"` // +kubebuilder:default=Unknown