New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update AzureFile and CephFS to use MountSensitive #88684
Conversation
|
Looks like a compile error in mount_windows :-/ Looks like we need cross-platform typecheck CI in the utils repo |
|
mechanics of the bump lgtm, once the error is fixed and the functionality is verified by Jan and Andy |
|
thanks @saad-ali |
|
@liggitt kubernetes/utils#143 to fix the build issue. @andyzhangx Thanks. |
|
ceph changes lgtm |
|
Thanks @andyzhangx and @jsafrane. Do either of you want to test the patch (against real AzureFile and Ceph) before merge? @liggitt PTAL. Build issues are fixed. Note that I had to fix a unit test due to changes made in kubernetes/utils#134 |
despite e2e test of Below are the kubelet logs showing that secret is masked, thanks for the effort! |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, saad-ali The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
lgtm-ish, please rebase |
|
Thank you for testing it @andyzhangx Rebased. PTAL |
|
/test pull-kubernetes-e2e-kind |
|
/test pull-kubernetes-e2e-gce-csi-serial |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
|
Thanks. Is this pickable to 1.15/1.16/1.17? |
cc @enj |
Update AzureFile and CephFS to use MountSensitive Kubernetes-commit: cd23e78
|
Is this going to be cherry picked to 1.16? I see this PR referenced wrt CVE-2019-11252 |
|
no, see discussion in #89494 (comment) (which was against 1.17... the changes to backport to 1.16 were even larger) |
What type of PR is this?
What this PR does / why we need it:
k8s.io/utilsdependency tof9c14454073bto pick up Introduce parameter for sensitive mount options. utils#138AzureFilevolume plugin to use the newMountSensitivemethod to prevent logging of sensitive mount options.CephFSvolume plugin to use the newMountSensitivemethod to prevent logging of sensitive mount options.Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
/assign @liggitt
/assign @andyzhangx
@andyzhangx can you please help me test this patch with AzureFile to ensure it doesn't break anything?
/assign @jsafrane
@jsafrane can you please help me test this patch with CephFS to ensure it doesn't break anything?
/sig storage
/priority important-soon