Skip to content

Commit 6321792

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request kubernetes-sigs#2192 from zhanggbj/cherry-pick-2154-to-release-1.6
[release-1.6] ✨ Improve session handling with a secure session key
2 parents 2808927 + cf9c580 commit 6321792

File tree

1 file changed

+14
-5
lines changed

1 file changed

+14
-5
lines changed

pkg/session/session.go

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ package session
1818

1919
import (
2020
"context"
21+
"crypto/sha256"
2122
"fmt"
2223
"net/netip"
2324
"net/url"
@@ -109,14 +110,22 @@ func (p *Params) WithFeatures(feature Feature) *Params {
109110
// GetOrCreate gets a cached session or creates a new one if one does not
110111
// already exist.
111112
func GetOrCreate(ctx context.Context, params *Params) (*Session, error) {
112-
logger := ctrl.LoggerFrom(ctx).WithName("session")
113+
logger := ctrl.LoggerFrom(ctx).WithName("session").WithValues(
114+
"server", params.server,
115+
"datacenter", params.datacenter,
116+
"username", params.userinfo.Username())
117+
113118
sessionMU.Lock()
114119
defer sessionMU.Unlock()
115120

116-
sessionKey := params.server + params.userinfo.Username() + params.datacenter
121+
userPassword, _ := params.userinfo.Password()
122+
h := sha256.New()
123+
h.Write([]byte(userPassword))
124+
hashedUserPassword := h.Sum(nil)
125+
sessionKey := fmt.Sprintf("%s#%s#%s#%x", params.server, params.datacenter, params.userinfo.Username(),
126+
hashedUserPassword)
117127
if cachedSession, ok := sessionCache.Load(sessionKey); ok {
118128
s := cachedSession.(*Session)
119-
logger = logger.WithValues("server", params.server, "datacenter", params.datacenter)
120129

121130
vimSessionActive, err := s.SessionManager.SessionIsActive(ctx)
122131
if err != nil {
@@ -215,7 +224,7 @@ func newClient(ctx context.Context, logger logr.Logger, sessionKey string, url *
215224
_, err := methods.GetCurrentTime(ctx, tripper)
216225
if err != nil {
217226
logger.Error(err, "failed to keep alive govmomi client")
218-
logger.Info("clearing the session", "key", sessionKey)
227+
logger.Info("clearing the session")
219228
sessionCache.Delete(sessionKey)
220229
}
221230
return err
@@ -240,7 +249,7 @@ func newManager(ctx context.Context, logger logr.Logger, sessionKey string, clie
240249
return nil
241250
}
242251

243-
logger.Info("rest client session expired, clearing session", "key", sessionKey)
252+
logger.Info("rest client session expired, clearing session")
244253
sessionCache.Delete(sessionKey)
245254
return errors.New("rest client session expired")
246255
})

0 commit comments

Comments
 (0)