NO-JIRA: Add showInfo flag to control CLI command logging #30442
Conversation
This change adds a showInfo boolean field to the CLI struct to prevent
sensitive data exposure in test logs. While RedactBearerToken() helps
with bearer tokens, commands like 'oc set data secret --from-literal=password=secret'
would still expose sensitive data.
Changes:
- Add showInfo field to CLI struct (default: true for backward compatibility)
- Modify start() to conditionally call framework.Logf based on showInfo
- Implement NotShowInfo() and SetShowInfo() methods in util_otp.go
- Initialize showInfo=true in all CLI constructor functions
Usage:
cli.NotShowInfo().Run("set", "data", "secret", ...).Execute()
Fixes: https://issues.redhat.com/browse/OCPERT-201
openshift-ci-robot
added
the
jira/valid-reference
|
@rioliu-rh: This pull request explicitly references no jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/cc @stbenjam @sergiordlr |
|
/test e2e-vsphere-ovn-upi |
|
/test e2e-gcp-csi |
|
/test e2e-gcp-ovn |
1 similar comment
|
/test e2e-gcp-ovn |
|
/test e2e-vsphere-ovn-upi |
|
/test e2e-gcp-ovn |
1 similar comment
|
/test e2e-gcp-ovn |
|
/lgtm |
|
/verified by @rioliu-rh |
openshift-ci-robot
added
the
verified
|
@rioliu-rh: This PR has been marked as verified by In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rioliu-rh, sergiordlr, stbenjam The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/test e2e-metal-ipi-ovn-ipv6 |
|
must-gather related cases are always timeout |
|
/override ci/prow/e2e-metal-ipi-ovn-ipv6 |
|
@rioliu-rh: rioliu-rh unauthorized: /override is restricted to Repo administrators, approvers in top level OWNERS file, and the following github teams:openshift: openshift-release-oversight openshift-staff-engineers openshift-sustaining-engineers. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/hold Revision 8c00829 was retested 3 times: holding |
openshift-ci
bot
added
the
do-not-merge/hold
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
/test e2e-aws-ovn-serial-1of2 |
|
@rioliu-rh: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
4 participants
Summary
Add a
showInfoflag to the CLI struct to prevent sensitive data exposure in test logs when executing commands.Problem
Currently,
framework.Logf()always prints command execution details. WhileRedactBearerToken()helps with tokens, commands like:oc set data secret mysecret --from-literal=password=supersecretStill expose sensitive data (passwords, API keys) directly in test logs.
Solution
showInfo boolfield to CLI struct (defaults totruefor backward compatibility)framework.Logf()only whenshowInfois enabledNotShowInfo()andSetShowInfo()methods for controlUsage
Fixes: https://issues.redhat.com/browse/OCPERT-201