kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

csi: fix redaction of volume status mount flags (#12150)

Browse Source 
The `volume status` command and associated API redacts the entire
mount options instead of just the `MountFlags` field that can contain
sensitive data. Return a redacted value so that the return value makes
sense to operators who have set this field.
This commit is contained in:
Tim Gross
2022-03-01 08:34:03 -05:00
committed by GitHub
parent c06f31eef0
commit 8ccb9a3271
2 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/12150.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:improvement
cli: Return a redacted value for mount flags in the `volume status` command, instead of `<none>`
```

10
command/agent/csi_endpoint.go
View File

@@ -136,7 +136,6 @@ func (s *HTTPServer) csiVolumeGet(id string, resp http.ResponseWriter, req *http
// remove sensitive fields, as our redaction mechanism doesn't
// help serializing here
vol.Secrets = nil
vol.MountOptions = nil
return vol, nil
}
@@ -761,11 +760,14 @@ func structsCSIMountOptionsToApi(opts *structs.CSIMountOptions) *api.CSIMountOpt
if opts == nil {
return nil
}
return &api.CSIMountOptions{
apiOpts := &api.CSIMountOptions{
FSType: opts.FSType,
MountFlags: opts.MountFlags,
}
if len(opts.MountFlags) > 0 {
apiOpts.MountFlags = []string{"[REDACTED]"}
}
return apiOpts
}
func structsCSISecretsToApi(secrets structs.CSISecrets) api.CSISecrets {