Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove apf_fd from httplog #108631

Merged
merged 1 commit into from
Mar 10, 2022
Merged

Remove apf_fd from httplog #108631

merged 1 commit into from
Mar 10, 2022

Conversation

jupblb
Copy link
Contributor

@jupblb jupblb commented Mar 10, 2022
edited by liggitt

What type of PR is this?

/kind bug

What this PR does / why we need it:

Since flowDistinguisher may hold data identifying a user accessing the cluster this can be a source of a PII leak. We should remove this from the httplog for now until a better solution can be found.

Which issue(s) this PR fixes:

N/A

Special notes for your reviewer:

The code responsible for logging this information was added in: #104359 /cc @mborsz

Does this PR introduce a user-facing change?

Fixes a 1.23 regression in kube-apiserver: removed apf_fd from server logs which could contain data identifying the requesting user

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@jupblb
Remove apf_fd from httplog
94c92f7 
Since flowDistinguisher may hold data identifying a user accessing the
cluster this can be a source of a PII leak.
@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/bug Categorizes issue or PR as related to a bug. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. area/apiserver sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Mar 10, 2022
@wojtek-t
Copy link
Member

Thanks - yes, I think it's necessary as we don't want leaking PII in logs.

But I want to give others time to react.
@MikeSpreitzer @tkashem @deads2k

@wojtek-t
Copy link
Member

/cc @MikeSpreitzer @tkashem @deads2k

@jupblb
Copy link
Contributor Author

jupblb commented Mar 10, 2022

/retest

@liggitt
Copy link
Member

liggitt commented Mar 10, 2022
edited

We should remove this from the httplog for now...

Agreed

...until a better solution can be found.

is the flow distinguisher always derivable from the FlowSchema? if so, we already log the flow schema, so don't really need the flow distinguisher, right?

@liggitt
Copy link
Member

liggitt commented Mar 10, 2022

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 10, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jupblb, liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 10, 2022
@wojtek-t
Copy link
Member

is the flow distinguisher always derivable from the FlowSchema? if so, we already log the flow schema, so don't really need the flow distinguisher, right?

It's not - it's a hash of proper field from the object (more-or-less) - we have two methods:

@liggitt
Copy link
Member

liggitt commented Mar 10, 2022
edited

sorry, I skipped my inner dialogue... I was thinking it would be useful to know the flow distinguisher type (user or namespace), so we could consider logging just that

that led to my question about whether the flow distinguisher type was always 1:1 with the flow schema, which we're already logging

@wojtek-t
Copy link
Member

that led to my question about whether the flow distinguisher type was always 1:1 with the flow schema, which we're already logging

Yes - that is 1:1 with schema, so we know that (assuming that we know the current state of FS, which isn't obvious if we're debugging past state).

@liggitt
Copy link
Member

liggitt commented Mar 10, 2022

assuming that we know the current state of FS, which isn't obvious if we're debugging past state

that's a good point. if we want to reintroduce the distinguisher type in logging in a follow-up, that might be useful

@k8s-ci-robot k8s-ci-robot merged commit e9af399 into kubernetes:master Mar 10, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.24 milestone Mar 10, 2022
@jupblb jupblb deleted the b223652793 branch March 10, 2022 14:02
@jupblb jupblb mentioned this pull request Mar 10, 2022
Merged
@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Mar 10, 2022
@fedebongio
Copy link
Contributor

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 10, 2022
k8s-ci-robot added a commit that referenced this pull request Mar 15, 2022
@k8s-ci-robot
Merge pull request #108634 from jupblb/automated-cherry-pick-of-#1086…
aac09be 
…31-upstream-release-1.23

Automated cherry pick of #108631: Remove apf_fd from httplog
@github-actions github-actions bot mentioned this pull request Mar 22, 2022
Open
@liggitt liggitt added the kind/regression Categorizes issue or PR as related to a regression from a prior release. label Apr 27, 2022
This was referenced Sep 7, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caesarxuchao caesarxuchao Awaiting requested review from caesarxuchao

@sttts sttts Awaiting requested review from sttts

@deads2k deads2k Awaiting requested review from deads2k

@MikeSpreitzer MikeSpreitzer Awaiting requested review from MikeSpreitzer

@tkashem tkashem Awaiting requested review from tkashem

Assignees

@liggitt liggitt

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. kind/regression Categorizes issue or PR as related to a regression from a prior release. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.24
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@jupblb @wojtek-t @liggitt @k8s-ci-robot @fedebongio