Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rgw: use trace logs for RGW admin HTTP info #8937

Merged
merged 1 commit into from Oct 7, 2021

Conversation

BlaineEXE
Copy link
Member

Debug logs for the RGW Admin Ops debugHTTPClient can leak credentials
used to access the Admin Ops API as well as credentials that may be
returned for any buckets/users. Use trace logs instead, which users are
unlikely to enable in production to mitigate the risk.

This is a partial backport of #8808. Including TRACE_LOGGING proved challenging given how much the controller code changed between 1.7 and master, but changing the leaky debug logs to trace is simple.

Signed-off-by: Blaine Gardner blaine.gardner@redhat.com

Description of your changes:

Which issue is resolved by this Pull Request:
Resolves #

Checklist:

  • Commit Message Formatting: Commit titles and messages follow guidelines in the developer guide.
  • Skip Tests for Docs: Add the flag for skipping the build if this is only a documentation change. See here for the flag.
  • Skip Unrelated Tests: Add a flag to run tests for a specific storage provider. See test options.
  • Reviewed the developer guide on Submitting a Pull Request
  • Documentation has been updated, if necessary.
  • Unit tests have been added, if necessary.
  • Integration tests have been added, if necessary.
  • Pending release notes updated with breaking and/or notable changes, if necessary.
  • Upgrade from previous release is tested and upgrade user guide is updated, if necessary.
  • Code generation (make codegen) has been run to update object specifications, if necessary.

Debug logs for the RGW Admin Ops debugHTTPClient can leak credentials
used to access the Admin Ops API as well as credentials that may be
returned for any buckets/users. Use trace logs instead, which users are
unlikely to enable in production to mitigate the risk.

Signed-off-by: Blaine Gardner <blaine.gardner@redhat.com>
@BlaineEXE BlaineEXE added the backport This PR *is* a backport PR (as opposed to needs-backport) label Oct 7, 2021
@travisn travisn merged commit f8d9f90 into rook:release-1.7 Oct 7, 2021
@BlaineEXE BlaineEXE deleted the trace-log-rgw-admin-http branch October 11, 2021 20:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport This PR *is* a backport PR (as opposed to needs-backport)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants