diff --git a/packages/by-name/kata/kata-runtime/0018-genpolicy-do-not-log-policy-annotation-in-debug.patch b/packages/by-name/kata/kata-runtime/0018-genpolicy-do-not-log-policy-annotation-in-debug.patch new file mode 100644 index 0000000000..5ce1fb3eee --- /dev/null +++ b/packages/by-name/kata/kata-runtime/0018-genpolicy-do-not-log-policy-annotation-in-debug.patch @@ -0,0 +1,64 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: jmxnzo +Date: Tue, 10 Dec 2024 11:19:29 +0100 +Subject: [PATCH] genpolicy: do not log policy annotation in 'debug' + +--- + src/tools/genpolicy/src/obj_meta.rs | 38 ++++++++++++++++++++++++++++- + 1 file changed, 37 insertions(+), 1 deletion(-) + +diff --git a/src/tools/genpolicy/src/obj_meta.rs b/src/tools/genpolicy/src/obj_meta.rs +index 3da75fc0ff67068af04ea98a6dfdc6989961e17c..327ef13ad4cd6ff8f08d25228e6c108dea3f1606 100644 +--- a/src/tools/genpolicy/src/obj_meta.rs ++++ b/src/tools/genpolicy/src/obj_meta.rs +@@ -8,9 +8,10 @@ + + use serde::{Deserialize, Serialize}; + use std::collections::BTreeMap; ++use std::fmt; + + /// See ObjectMeta in the Kubernetes API reference. +-#[derive(Clone, Debug, Default, Serialize, Deserialize)] ++#[derive(Clone, Default, Serialize, Deserialize)] + pub struct ObjectMeta { + #[serde(skip_serializing_if = "Option::is_none")] + pub name: Option, +@@ -43,3 +44,38 @@ impl ObjectMeta { + self.namespace.as_ref().cloned() + } + } ++ ++ ++impl fmt::Debug for ObjectMeta { ++ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { ++ let mut debug_struct = f.debug_struct("ObjectMeta"); ++ ++ if let Some(ref name) = self.name { ++ debug_struct.field("name", name); ++ } ++ if let Some(ref generate_name) = self.generateName { ++ debug_struct.field("generateName", generate_name); ++ } ++ if let Some(ref labels) = self.labels { ++ debug_struct.field("labels", labels); ++ } ++ if let Some(ref annotations) = self.annotations { ++ let truncated_annotations: BTreeMap<_, _> = annotations ++ .iter() ++ .map(|(key, value)| { ++ if value.len() > 4096 { ++ (key, format!("{}<... truncated ...>", &value[..4096].to_string())) ++ } else { ++ (key, value.to_string()) ++ } ++ }) ++ .collect(); ++ debug_struct.field("annotations", &truncated_annotations); ++ } ++ if let Some(ref namespace) = self.namespace { ++ debug_struct.field("namespace", namespace); ++ } ++ ++ debug_struct.finish() ++ } ++} diff --git a/packages/by-name/kata/kata-runtime/package.nix b/packages/by-name/kata/kata-runtime/package.nix index c7e0c521af..7b77b6e132 100644 --- a/packages/by-name/kata/kata-runtime/package.nix +++ b/packages/by-name/kata/kata-runtime/package.nix @@ -102,6 +102,11 @@ buildGoModule rec { # No upstream patch available, changes first need to be discussed with Kata maintainers. # See https://katacontainers.slack.com/archives/C879ACQ00/p1731928491942299 ./0017-runtime-allow-initrd-AND-image-to-be-set.patch + + # Simple genpolicy logging redaction of the policy annotation + # This avoids printing the entire annotation on log level debug, which resulted in errors of the logtranslator.go + # TODO(jmxnzo): remove when upstream patch is merged: https://github.com/kata-containers/kata-containers/pull/10647 + ./0018-genpolicy-do-not-log-policy-annotation-in-debug.patch ]; };