Skip to content

Conversation

sayboras
Copy link
Member

@sayboras sayboras commented Jun 7, 2024

No description provided.

@maintainer-s-little-helper maintainer-s-little-helper bot added backport/1.14 This PR represents a backport for Cilium 1.14.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. labels Jun 7, 2024
@sayboras sayboras changed the title [v1.15] bugtool: Avoid sensitive data in envoy config dump [v1.14] bugtool: Avoid sensitive data in envoy config dump Jun 7, 2024
@sayboras sayboras force-pushed the pr/tammach/envoy-bugtool-1.14 branch from 9a1bb25 to 359a258 Compare June 7, 2024 16:02
@sayboras
Copy link
Member Author

sayboras commented Jun 7, 2024

/test-backport-1.14

@sayboras sayboras marked this pull request as ready for review June 7, 2024 16:06
@sayboras sayboras requested a review from a team as a code owner June 7, 2024 16:06
@sayboras sayboras force-pushed the pr/tammach/envoy-bugtool-1.14 branch from 359a258 to f8111cc Compare June 7, 2024 16:09
sayboras added 2 commits June 8, 2024 02:09
[upstream commit 568dbc5]

This commit is to add a generic json field masking based on the field
name.

Signed-off-by: Tam Mach <tam.mach@cilium.io>
[upstream commit 48a9976]

This commit is to explicitly mask the below fields from Envoy config
dump:

- api_key (used in kafka L7 policy)
- TLSContext (used in Cilium NetworkPolicy)

One round of scanning on existing Cilium protobuf was done.

Related docs: https://www.envoyproxy.io/docs/envoy/latest/operations/admin#get--config_dump

Signed-off-by: Tam Mach <tam.mach@cilium.io>
@sayboras sayboras force-pushed the pr/tammach/envoy-bugtool-1.14 branch from f8111cc to 40e6036 Compare June 7, 2024 16:09
@sayboras
Copy link
Member Author

sayboras commented Jun 7, 2024

/test-backport-1.14

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 7, 2024
@julianwiedmann julianwiedmann merged commit 9eb25ba into v1.14 Jun 7, 2024
@julianwiedmann julianwiedmann deleted the pr/tammach/envoy-bugtool-1.14 branch June 7, 2024 17:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport/1.14 This PR represents a backport for Cilium 1.14.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
No open projects
Status: Released
Development

Successfully merging this pull request may close these issues.

4 participants