Merge pull request kubernetes-sigs#132 from dobsonj/OCPBUGS-43642

OCPBUGS-43642: redact sensitive information when logging VCenter config
gnufied · Oct 22, 2024 · cfcad01 · cfcad01
2 parents 3162762 + de54615
commit cfcad01
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 3 deletions.
diff --git a/pkg/common/config/config.go b/pkg/common/config/config.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"reflect"
 	"regexp"
 	"strconv"
 	"strings"
@@ -413,7 +414,7 @@ func validateConfig(ctx context.Context, cfg *Config) error {
 		if setCfgGlobalvCenter && cfg.Global.VCenterIP == "" {
 			cfg.Global.VCenterIP = vcServer
 		}
-		// Print out the config. WARNING: This will print the password used in plain text.
+		// Print out the config.
 		log.Debugf("vc server %s config: %+v", vcServer, vcConfig)
 	}
 
@@ -785,3 +786,23 @@ func GetSessionUserAgent(ctx context.Context) (string, error) {
 	}
 	return useragent, nil
 }
+
+// String returns a string representation of VirtualCenterConfig with sensitive fields redacted
+func (vc VirtualCenterConfig) String() string {
+	val := reflect.ValueOf(vc)
+	typ := val.Type()
+
+	var fields []string
+	for i := 0; i < val.NumField(); i++ {
+		field := typ.Field(i)
+		value := val.Field(i)
+
+		if field.Tag.Get("sensitive") == "true" {
+			fields = append(fields, fmt.Sprintf("%s:%s", field.Name, strings.Repeat("*", value.Len())))
+		} else {
+			fields = append(fields, fmt.Sprintf("%s:%v", field.Name, value.Interface()))
+		}
+	}
+
+	return fmt.Sprintf("{%s}", strings.Join(fields, " "))
+}
diff --git a/pkg/common/config/config_test.go b/pkg/common/config/config_test.go
@@ -18,8 +18,10 @@ package config
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"reflect"
+	"strings"
 	"testing"
 )
 
@@ -219,6 +221,21 @@ func TestValidateConfigWithValidUsername2(t *testing.T) {
 	}
 }
 
+func TestSensitiveConfigFieldsRedacted(t *testing.T) {
+	vc := VirtualCenterConfig{
+		User:         "[email protected]",
+		Password:     "sensitivepassword",
+		VCenterPort:  "443",
+		Datacenters:  "dc1",
+		InsecureFlag: true,
+	}
+
+	s := fmt.Sprintf("%+v", vc)
+	if strings.Contains(s, "sensitivepassword") {
+		t.Errorf("Sensitive information leaked in VirtualCenterConfig struct:\n%s", s)
+	}
+}
+
 func TestSnapshotConfigWhenMaxUnspecified(t *testing.T) {
 	cfg := &Config{
 		VirtualCenter: idealVCConfig,

diff --git a/pkg/common/config/types.go b/pkg/common/config/types.go
@@ -132,9 +132,9 @@ type NetPermissionConfig struct {
 // endpoint.
 type VirtualCenterConfig struct {
 	// vCenter username.
-	User string `gcfg:"user"`
+	User string `gcfg:"user" sensitive:"true"`
 	// vCenter password in clear text.
-	Password string `gcfg:"password"`
+	Password string `gcfg:"password" sensitive:"true"`
 	// vCenter port.
 	VCenterPort string `gcfg:"port"`
 	// True if vCenter uses self-signed cert.