Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add datapolicy tags to staging/src/k8s.io/cri-api/ #96000

Closed
wants to merge 1 commit into from

Conversation

serathius
Copy link
Contributor

@serathius serathius commented Oct 29, 2020

/kind feature

What this PR does / why we need it:
This PR adds "datapolicy" tags to golang structures as described in Kubernetes system components logs sanitization KEP. Those tags will be used by for ensuring this data will not be written to logs by Kubernetes system components.

List of datapolicy tags available:

  • security-key - for TLS certificate keys. Keywords: key, cert, pem
  • token - for HTTP authorization tokens. Keywords: token, secret, header, auth
  • password - anything passwordlike. Keywords: password

Special notes for your reviewer:

Due to size of Kubernetes codebase first iteration of tagging was done based on greping for particular keyword. Please ensure that tagged fields do contain type of sensitive data that matches their tag. Feel free to suggest any additional places that you think should be tagged.

Does this PR introduce a user-facing change?:
No

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]: https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/1753-logs-sanitization

/cc @PurelyApplied
/sig instrumentation security
/priority important-soon
/milestone v1.20

@k8s-ci-robot
Copy link
Contributor

@serathius: GitHub didn't allow me to request PR reviews from the following users: PurelyApplied.

Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/kind feature

What this PR does / why we need it:
This PR adds "datapolicy" tags to golang structures as described in Kubernetes system components logs sanitization KEP. Those tags will be used by for ensuring this data will not be written to logs written by Kubernetes system components.

List of datapolicy tags available:

  • security-key - for TLS certificate keys. Keywords: key, cert, pem
  • token - for HTTP authorization tokens. Keywords: token, secret, header, auth
  • password - anything passwordlike. Keywords: password

Special notes for your reviewer:

Due to size of Kubernetes codebase first iteration of tagging was done based on greping for particular keyword. Please ensure that tagged fields do contain type of sensitive data that matches their tag. Feel free to suggest any additional places that you think should be tagged.

Does this PR introduce a user-facing change?:
No

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]: https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/1753-logs-sanitization

/cc @PurelyApplied
/sig instrumentation security
/priority important-soon
/milestone v1.20

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/feature Categorizes issue or PR as related to a new feature. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. labels Oct 29, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.20 milestone Oct 29, 2020
@k8s-ci-robot k8s-ci-robot added sig/security Categorizes an issue or PR as relevant to SIG Security. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Oct 29, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: serathius
To complete the pull request process, please assign derekwaynecarr after the PR has been reviewed.
You can assign the PR to them by writing /assign @derekwaynecarr in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added area/kubelet sig/node Categorizes an issue or PR as relevant to SIG Node. labels Oct 29, 2020
@serathius
Copy link
Contributor Author

/assign @derekwaynecarr

@k8s-ci-robot
Copy link
Contributor

@serathius: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
pull-kubernetes-verify 4950d3b link /test pull-kubernetes-verify

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@derekwaynecarr
Copy link
Member

I don't think it makes sense to add these to the generated go files because this is generated from api.proto.

Have you done this with any other proto based interface yet?

/cc @mrunalp

@derekwaynecarr
Copy link
Member

/assign @mrunalp @mikebrow as part of CRI GA tracking.

@mrunalp
Copy link
Contributor

mrunalp commented Nov 2, 2020

@serathius Did you check if there is a way to pass these down from the proto file?

@@ -5270,14 +5270,14 @@ func (m *ImageStatusResponse) GetInfo() map[string]string {
// AuthConfig contains authorization information for connecting to a registry.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we link to the datapolicy kep here and/or provide a brief explanation of any client and server processing requirements? I believe the expectation here is these fields if output to a log would cause the log entry to be filterable by some datapolicy filtering tool. What's not clear is if there is any new expectation (or not) that container runtime integrations must apply a filter/mask for these fields (remove them from the logs replace with xxx etc.). I'd have to check to make sure but I believe I remember seeing commits over time that removed these fields from the logs.

@PurelyApplied
Copy link
Contributor

@mrunalp Not to speak for @serathius, but there's an old protobuf Issue#52 about adding the ability to export field tags from protobuf. The long and short seems to be that protobuf doesn't want it to be possible by default.

People have made plugins for it, but being unfamiliar with the nitty gritty of generating from api.proto, it's unclear to me how tractable it would be to try to add a plugin into the build.

@serathius
Copy link
Contributor Author

/milestone clear

@k8s-ci-robot k8s-ci-robot removed this from the v1.20 milestone Nov 10, 2020
@mrunalp
Copy link
Contributor

mrunalp commented Nov 13, 2020

https://blog.golang.org/protobuf-apiv2 describes FieldOptions to achieve something similar.

@ehashman
Copy link
Member

ehashman commented Jan 6, 2021

I agree with the above fwiw; I think if we add the tags directly to the generated file, they'll just get overwritten.

@dashpole
Copy link
Contributor

/assign @ehashman
/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jan 13, 2021
@ehashman
Copy link
Member

ehashman commented Feb 4, 2021

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Feb 4, 2021
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 5, 2021
@serathius serathius closed this May 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/kubelet cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note-none Denotes a PR that doesn't merit a release note. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/security Categorizes an issue or PR as relevant to SIG Security. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
Development

Successfully merging this pull request may close these issues.

9 participants