Release version-6.5.6: fix(core): Only log relevant details of description (#4456) (#4458) · spinnaker/clouddriver

version-6.5.6
6a11468
Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23
Expired

Verified
Learn about vigilant mode
Compare

Choose a tag to compare

Loading

View all tags

version-6.5.6: fix(core): Only log relevant details of description (#4456) (#4458)

version-6.5.6
6a11468
Compare

Choose a tag to compare

Loading

View all tags
Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23
Expired

Verified
Learn about vigilant mode

spinnakerbot tagged this 24 Mar 23:34

When we encounter a description that should have application restrictions
but doesn't, we log a warning including the full description JSON. In some
cases (ex: Kubernetes) this description may contain sensitive information
that ideally wouldn't be logged.

Ideally really sensitive values would come from artifacts so they aren't
in the pipeline JSON at all, but let's nonetheless cut back on how much
we are logging here to reduce the chance of sensitive information ending
up in the logs.

In particular, it's not clear how much the full description would help in
debugging, as generally what is important is the class of the description
(to check whether it implements ApplicationNameable or ResourcesNameable)
and and the account, both of which will still be logged after this change.

Co-authored-by: Eric Zimanyi <ezimanyi@google.com>

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly