#!/usr/bin/env bash

echo "Running $0"

set -x

trap 'catch $LINENO' ERR

# shellcheck disable=SC2120
catch() {
	if [ $# -ne 0 ]; then
		echo "error on line $1"
		for site in sitea siteb; do
			echo "$site server logs ========="
			cat "/tmp/${site}_1.log"
			echo "==========================="
			cat "/tmp/${site}_2.log"
		done
	fi

	echo "Cleaning up instances of MinIO"
	pkill minio
	pkill -9 minio

export JUNIT_OUT ?= $(ARTIFACTS)/junit.xml
export REPO_ROOT := $(shell git rev-parse --show-toplevel)

# Make directories needed by the build system
$(shell mkdir -p $(TARGET_OUT_LINUX))
$(shell mkdir -p $(TARGET_OUT_LINUX)/logs)
$(shell mkdir -p $(dir $(JUNIT_OUT)))

# Need separate target for init:
$(TARGET_OUT):
	@mkdir -p $@

# If the hub is not explicitly set, use default to istio.
HUB ?=istio
ifeq ($(HUB),)

### CVE-2024-5321: Incorrect permissions on Windows containers logs

A security issue was discovered in Kubernetes clusters with Windows nodes
where BUILTIN\Users may be able to read container logs and NT
AUTHORITY\Authenticated Users may be able to modify container logs.

**Affected Versions**:
  - kubelet <= 1.27.15
  - kubelet <= 1.28.11
  - kubelet <= 1.29.6

### Other (Cleanup or Flake)

- Masks ceph RBD adminSecrets in logs when logLevel >= 4 ([#95245](https://github.com/kubernetes/kubernetes/pull/95245), [@sfowl](https://github.com/sfowl)) [SIG Storage]

## Dependencies

### Added
_Nothing has changed._

### Changed

Interceptors
============

Interceptors are a powerful mechanism that can monitor, rewrite, and retry calls. Here's a simple interceptor that logs the outgoing request and the incoming response.

```java
class LoggingInterceptor implements Interceptor {
  @Override public Response intercept(Interceptor.Chain chain) throws IOException {
    Request request = chain.request();

    long t1 = System.nanoTime();

// done per-"handler function registration" in the router.
//
// The passed in handler function must be a method of `adminAPIHandlers` for the
// name displayed in logs and trace to be accurate. The name is extracted via
// reflection.
//
// When no flags are passed, gzip compression, http tracing of headers and
// checking of object layer availability are all enabled. Use flags to modify

           * we catch everything. (Any Exception is either a RuntimeException or
           * sneaky checked exception.) With no better options, we log anything to the same
           * place as Closeables logs.
           */
          Closeables.logger.log(
              Level.WARNING, "Suppressing exception thrown when closing " + closeable, suppressed);
        }
      };

# Don't trigger --config=<host platform> when cross-compiling.
build:android --noenable_platform_specific_config
build:ios --noenable_platform_specific_config

# Suppress all C++ compiler warnings, otherwise build logs become 10s of MBs.
build:android --copt=-w
build:ios --copt=-w
build:linux --host_copt=-w
build:macos --copt=-w
build:windows --copt=/W0
build:windows --host_copt=/W0

    requests with the same POST data get the same cache entry.

 *  New: `HttpLoggingInterceptor.redactQueryParams()` configures the query parameters to redact
    in logs. For best security, don't put sensitive information in query parameters.

 *  New: `ConnectionPool.setPolicy()` configures a minimum connection pool size for a target
    address. Use this to proactively open HTTP connections.

  // Return previous terminated container logs. Defaults to false.
  // +optional
  optional bool previous = 3;

  // A relative time in seconds before the current time from which to show logs. If this value
  // precedes the time a pod was started, only logs since the pod start will be returned.
  // If this value is in the future, no logs will be returned.