vendor: revendor

vendor/k8s.io/component-base/logs/datapol/datapol.go

@@ -0,0 +1,99 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package datapol contains functions to determine if objects contain sensitive
+// data to e.g. make decisions on whether to log them or not.
+package datapol
+
+import (
+	"reflect"
+	"strings"
+
+	"k8s.io/klog/v2"
+)
+
+// Verify returns a list of the datatypes contained in the argument that can be
+// considered sensitive w.r.t. to logging
+func Verify(value interface{}) []string {
+	defer func() {
+		if r := recover(); r != nil {
+			//TODO maybe export a metric
+			klog.Warningf("Error while inspecting arguments for sensitive data: %v", r)
+		}
+	}()
+	t := reflect.ValueOf(value)
+	if t.Kind() == reflect.Ptr {
+		t = t.Elem()
+	}
+	return datatypes(t)
+}
+
+func datatypes(v reflect.Value) []string {
+	if types := byType(v.Type()); len(types) > 0 {
+		// Slices, and maps can be nil or empty, only the nil case is zero
+		switch v.Kind() {
+		case reflect.Slice, reflect.Map:
+			if !v.IsZero() && v.Len() > 0 {
+				return types
+			}
+		default:
+			if !v.IsZero() {
+				return types
+			}
+		}
+	}
+	switch v.Kind() {
+	case reflect.Interface:
+		return datatypes(v.Elem())
+	case reflect.Slice, reflect.Array:
+		for i := 0; i < v.Len(); i++ {
+			if types := datatypes(v.Index(i)); len(types) > 0 {
+				return types
+			}
+		}
+	case reflect.Map:
+		mapIter := v.MapRange()
+		for mapIter.Next() {
+			k := mapIter.Key()
+			v := mapIter.Value()
+			if types := datatypes(k); len(types) > 0 {
+				return types
+			}
+			if types := datatypes(v); len(types) > 0 {
+				return types
+			}
+		}
+	case reflect.Struct:
+		t := v.Type()
+		numField := t.NumField()
+
+		for i := 0; i < numField; i++ {
+			f := t.Field(i)
+			if f.Type.Kind() == reflect.Ptr {
+				continue
+			}
+			if reason, ok := f.Tag.Lookup("datapolicy"); ok {
+				if !v.Field(i).IsZero() {
+					return strings.Split(reason, ",")
+				}
+			}
+			if types := datatypes(v.Field(i)); len(types) > 0 {
+				return types
+			}
+		}
+	}
+	return nil
+}

vendor/k8s.io/component-base/logs/datapol/externaltypes.go

@@ -0,0 +1,49 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package datapol
+
+import (
+	"fmt"
+	"reflect"
+)
+
+const (
+	httpHeader      = "net/http.Header"
+	httpCookie      = "net/http.Cookie"
+	x509Certificate = "crypto/x509.Certificate"
+)
+
+// GlobalDatapolicyMapping returns the list of sensitive datatypes are embedded
+// in types not native to Kubernetes.
+func GlobalDatapolicyMapping(v interface{}) []string {
+	return byType(reflect.TypeOf(v))
+}
+
+func byType(t reflect.Type) []string {
+	// Use string representation of the type to prevent taking a depency on the actual type.
+	switch fmt.Sprintf("%s.%s", t.PkgPath(), t.Name()) {
+	case httpHeader:
+		return []string{"password", "token"}
+	case httpCookie:
+		return []string{"token"}
+	case x509Certificate:
+		return []string{"security-key"}
+	default:
+		return nil
+	}
+
+}

vendor/k8s.io/component-base/logs/options.go

@@ -24,6 +24,7 @@ import (
 	"github.com/go-logr/logr"
 	"github.com/spf13/pflag"
 
+	"k8s.io/component-base/logs/sanitization"
 	"k8s.io/klog/v2"
 )
 
@@ -40,7 +41,8 @@ var supportedLogsFlags = map[string]struct{}{
 
 // Options has klog format parameters
 type Options struct {
-	LogFormat string
+	LogFormat       string
+	LogSanitization bool
 }
 
 // NewOptions return new klog options
@@ -88,6 +90,8 @@ func (o *Options) AddFlags(fs *pflag.FlagSet) {
 
 	// No new log formats should be added after generation is of flag options
 	logRegistry.Freeze()
+	fs.BoolVar(&o.LogSanitization, "experimental-logging-sanitization", o.LogSanitization, `[Experimental] When enabled prevents logging of fields tagged as sensitive (passwords, keys, tokens).
+Runtime log sanitization may introduce significant computation overhead and therefore should not be enabled in production.`)
 }
 
 // Apply set klog logger from LogFormat type
@@ -95,6 +99,9 @@ func (o *Options) Apply() {
 	// if log format not exists, use nil loggr
 	loggr, _ := o.Get()
 	klog.SetLogger(loggr)
+	if o.LogSanitization {
+		klog.SetLogFilter(&sanitization.SanitizingFilter{})
+	}
 }
 
 // Get logger with LogFormat field

vendor/k8s.io/component-base/logs/sanitization/sanitization.go

@@ -0,0 +1,69 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package sanitization
+
+import (
+	"fmt"
+
+	"k8s.io/component-base/logs/datapol"
+)
+
+const (
+	datapolMsgFmt = "Log message has been redacted. Log argument #%d contains: %v"
+	datapolMsg    = "Log message has been redacted."
+)
+
+// SanitizingFilter implements the LogFilter interface from klog with a set of functions that inspects the arguments with the datapol library
+type SanitizingFilter struct{}
+
+// Filter is the filter function for the non-formatting logging functions of klog.
+func (sf *SanitizingFilter) Filter(args []interface{}) []interface{} {
+	for i, v := range args {
+		types := datapol.Verify(v)
+		if len(types) > 0 {
+			return []interface{}{fmt.Sprintf(datapolMsgFmt, i, types)}
+		}
+	}
+	return args
+}
+
+// FilterF is the filter function for the formatting logging functions of klog
+func (sf *SanitizingFilter) FilterF(fmt string, args []interface{}) (string, []interface{}) {
+	for i, v := range args {
+		types := datapol.Verify(v)
+		if len(types) > 0 {
+			return datapolMsgFmt, []interface{}{i, types}
+		}
+	}
+	return fmt, args
+
+}
+
+// FilterS is the filter for the structured logging functions of klog.
+func (sf *SanitizingFilter) FilterS(msg string, keysAndValues []interface{}) (string, []interface{}) {
+	for i, v := range keysAndValues {
+		types := datapol.Verify(v)
+		if len(types) > 0 {
+			if i%2 == 0 {
+				return datapolMsg, []interface{}{"key_index", i, "types", types}
+			}
+			// since we scanned linearly we can safely log the key.
+			return datapolMsg, []interface{}{"key", keysAndValues[i-1], "types", types}
+		}
+	}
+	return msg, keysAndValues
+}