OCPBUGS-94000: Remove sensitive ControllerConfig logging

[dkhater-redhat]

The bootstrap MCS was logging the entire ControllerConfig YAML which contains sensitive data (internalRegistryPullSecret). This causes LeakTK to redact CI artifacts, preventing bootstrap failure debugging.

The file read is already logged on line 116, which is sufficient.

- What I did

- How to verify it

- Description for the changelog

Summary by CodeRabbit

• Bug Fixes
  • Removed an unnecessary log entry during startup, helping keep configuration details out of logs and reducing noise.

[coderabbitai]

Walkthrough

Removes a single log statement in bootstrapServer.GetConfig that printed raw controllerConfig bytes after reading the file and before YAML unmarshalling.

Changes

Log cleanup in bootstrap server

Layer / File(s)	Summary
Remove raw config log statement pkg/server/bootstrap_server.go	The log call printing raw controllerConfig bytes between file read and YAML unmarshalling is deleted.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	No Ginkgo specs or test titles were changed; the PR only removes a log line in pkg/server/bootstrap_server.go.
Test Structure And Quality	✅ Passed	PR only removes a log line in pkg/server/bootstrap_server.go; no Ginkgo test code or cluster test behavior was changed, so this check is not applicable.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added; the PR only removes a log line in pkg/server/bootstrap_server.go, so MicroShift compatibility checks are not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR only removes a sensitive log line in pkg/server/bootstrap_server.go; no Ginkgo e2e tests were added or changed.
Topology-Aware Scheduling Compatibility	✅ Passed	Only bootstrap logging was changed in pkg/server/bootstrap_server.go; no manifests, replicas, affinity, selectors, or topology-aware scheduling logic were added.
Ote Binary Stdout Contract	✅ Passed	PR only removes a controller-config log in a library method; bootstrap cmd already sets logtostderr=true, so no process-level stdout writes are introduced.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added; the change only removes bootstrap_server.go logging.
No-Weak-Crypto	✅ Passed	PASS: The only change is removing a verbose ControllerConfig log; the touched code contains no weak-crypto APIs, custom crypto, or secret comparisons.
Container-Privileges	✅ Passed	PR only removes a verbose log in pkg/server/bootstrap_server.go; no container/K8s manifests or privilege settings were changed.
No-Sensitive-Data-In-Logs	✅ Passed	PASS: The PR removes klog.Infof("got controllerConfig: %s", string(data)), and no new sensitive logging was added in the diff.
Title check	✅ Passed	The title clearly matches the main change: removing sensitive ControllerConfig logging.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[dkhater-redhat]

/verified bypass

[dkhater-redhat]

/jira refresh

[isabella-janssen]

/lgtm

[openshift-merge-bot]

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aws-ovn
/test e2e-aws-ovn-upgrade
/test e2e-gcp-op-ocl-part1
/test e2e-gcp-op-ocl-part2
/test e2e-gcp-op-part1
/test e2e-gcp-op-part2
/test e2e-gcp-op-single-node
/test e2e-hypershift

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dkhater-redhat, isabella-janssen

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [dkhater-redhat,isabella-janssen]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dkhater-redhat]

/verified bypass

[openshift-ci-robot]

@dkhater-redhat: The verified label has been added.

Details

In response to this:

/verified bypass

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[dkhater-redhat]

/retest-required

[openshift-ci]

@dkhater-redhat: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn-upgrade	ba9dad3	link	true	/test e2e-aws-ovn-upgrade
ci/prow/e2e-aws-ovn	ba9dad3	link	true	/test e2e-aws-ovn

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.