cli/genpolicy: never log existing policy annotation on 'debug' + handle missing log prefix #1061
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jmxnzo
force-pushed
the
genpolicy/logging-jla
branch
from
a8b4956 to
e62f731
Compare
burgerdev
reviewed
Dec 9, 2024
packages/by-name/microsoft/genpolicy/0009-genpolicy-do-not-log-policy-annotation-in-debug.patch
Outdated
Show resolved
Hide resolved
packages/by-name/microsoft/genpolicy/0009-genpolicy-do-not-log-policy-annotation-in-debug.patch
Outdated
Show resolved
Hide resolved
jmxnzo
force-pushed
the
genpolicy/logging-jla
branch
from
e62f731 to
45a9824
Compare
katexochen
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is a follow up on #1054 and patches the occurred runtime error on the different kata-containers upstream repos, by redacting existing policy annotations when logging. Thus the RUST_LOG env flag can now be set to "debug" and re-running the generate step on a deployment with set policy annotation does not result in a runtime error during translation anymore.
Nevertheless the default log level of genpolicy in the Contrast CLI is kept as 'info' and parsing the 'debug' logs needs to be configured manually by setting the RUST_LOG env to 'debug'.
In some cases the genpolicy tool does not use the logger to write to stderr, the logtranslator.go additionally was rewritten to continue logging on the latest log level in case of missing log prefix. As well a simple regex was introduced to extract error messages from stderr of genpolicy and translate them to 'ERROR' logging in Contrast CLI, as they are also missing a logging prefix.
Upstream PR: kata-containers/kata-containers#10647