Merge pull request #2 from IBM/fix/requestdump

yuji-watanabe-jp · web-flow · commit fe6412952ef4 · 2020-06-29T15:22:07.000+09:00
fix secret request issue in context log
diff --git a/enforcer/pkg/control/common/reqcontext.go b/enforcer/pkg/control/common/reqcontext.go
@@ -108,6 +108,10 @@ func (rc *ReqContext) IsCreator() bool {
 	return rc.UserName != "" && rc.UserName == rc.OrgMetadata.Annotations.CreatedBy()
 }
 
+func (rc *ReqContext) IsSecret() bool {
+	return rc.Kind == "Secret" && rc.GroupVersion() == "v1"
+}
+
 type ParsedRequest struct {
 	UID     string
 	JsonStr string
diff --git a/enforcer/pkg/control/enforcer/checkcontext.go b/enforcer/pkg/control/enforcer/checkcontext.go
@@ -558,7 +558,7 @@ func (self *CheckContext) convertToLogBytes() []byte {
 
 	}
 
-	if self.config.Log.IncludeRequest {
+	if self.config.Log.IncludeRequest && !reqc.IsSecret() {
 		logRecord["request.dump"] = reqc.RequestJsonStr
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -558,7 +558,7 @@ func (self *CheckContext) convertToLogBytes() []byte {`
`558`	`558`
`559`	`559`	`}`
`560`	`560`
`561`		`- if self.config.Log.IncludeRequest {`
	`561`	`+ if self.config.Log.IncludeRequest && !reqc.IsSecret() {`
`562`	`562`	`logRecord["request.dump"] = reqc.RequestJsonStr`
`563`	`563`	`}`
`564`	`564`