From dbe96678448beae5e79d7023fc8be83b7c722205 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Grzegorz=20Burzy=C5=84ski?= <czeslavo@gmail.com>
Date: Tue, 6 Feb 2024 13:24:16 +0100
Subject: [PATCH] feat: enable Konnect config dumps sanitization by default
 (#5573)

---
 CHANGELOG.md                                   | 4 +++-
 FEATURE_GATES.md                               | 2 +-
 internal/manager/featuregates/feature_gates.go | 2 +-
 test/envtest/telemetry_test.go                 | 2 +-
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9085ca7882..e48c2bdf5d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -161,8 +161,10 @@ Adding a new version? You'll need three changes:
   to Konnect.
   [#5453](https://github.com/Kong/kubernetes-ingress-controller/pull/5453)
 - Added `SanitizeKonnectConfigDumps` feature gate allowing to enable sanitizing
-  sensitive data in Konnect configuration dumps.
+  sensitive data (like TLS private keys, Secret-sourced Plugins configuration, etc.) 
+  in Konnect configuration dumps. It's turned on by default.
   [#5489](https://github.com/Kong/kubernetes-ingress-controller/pull/5489)
+  [#5573](https://github.com/Kong/kubernetes-ingress-controller/pull/5573)
 - Kong Plugin's `config` field now is sanitized when it contains sensitive data
   sourced from a Secret (i.e. `configFrom` or `configPatches` is used).
   [#5495](https://github.com/Kong/kubernetes-ingress-controller/pull/5495)
diff --git a/FEATURE_GATES.md b/FEATURE_GATES.md
index b003bbb3a7..886d1ec173 100644
--- a/FEATURE_GATES.md
+++ b/FEATURE_GATES.md
@@ -69,7 +69,7 @@ Features that reach GA and over time become stable will be removed from this tab
 | FillIDs                    | `true`  | Beta  | 3.0.0  | TBD   |
 | RewriteURIs                | `false` | Alpha | 2.12.0 | TBD   |
 | KongServiceFacade          | `false` | Alpha | 3.1.0  | TBD   |
-| SanitizeKonnectConfigDumps | `false` | Alpha | 3.1.0  | TBD   |
+| SanitizeKonnectConfigDumps | `true`  | Beta  | 3.1.0  | TBD   |
 
 **NOTE**: The `Gateway` feature gate refers to [Gateway
  API](https://github.com/kubernetes-sigs/gateway-api) APIs which are in
diff --git a/internal/manager/featuregates/feature_gates.go b/internal/manager/featuregates/feature_gates.go
index 569350674c..a1a0f7c5f6 100644
--- a/internal/manager/featuregates/feature_gates.go
+++ b/internal/manager/featuregates/feature_gates.go
@@ -67,6 +67,6 @@ func GetFeatureGatesDefaults() FeatureGates {
 		FillIDsFeature:             true,
 		RewriteURIsFeature:         false,
 		KongServiceFacade:          false,
-		SanitizeKonnectConfigDumps: false,
+		SanitizeKonnectConfigDumps: true,
 	}
 }
diff --git a/test/envtest/telemetry_test.go b/test/envtest/telemetry_test.go
index a0319223ba..0d21d4ccc5 100644
--- a/test/envtest/telemetry_test.go
+++ b/test/envtest/telemetry_test.go
@@ -362,7 +362,7 @@ func verifyTelemetryReport(t *testing.T, k8sVersion *version.Info, report string
 			"feature-kongservicefacade=false;"+
 			"feature-konnect-sync=false;"+
 			"feature-rewriteuris=false;"+
-			"feature-sanitizekonnectconfigdumps=false;"+
+			"feature-sanitizekonnectconfigdumps=true;"+
 			"hn=%s;"+
 			"kv=3.4.1;"+
 			"rf=traditional;"+