cni: Do not expose the node's OVN bridge-mappings

In case the desired OVN bridge-mapping does not exist, the CNI will
return an error that includes the existing OVN bridge-mapping on the node.
The error is propagated by kubelet in form of event on the connected pod
which is accessible to non-admin users (using kubectl describe pod ...).

The existing OVN bridge-mapping on the node should not be exposed to
non-admin users.
Hence, omit the node existing OVN bridge-mapping from the error
message.

Log the error including the existing OVN mapping on the node to allow
troubleshooting.

Signed-off-by: Or Mergi <[email protected]>

Author: ormergi

go-controller/pkg/cni/cni.go

@@ -455,6 +455,6 @@ func checkBridgeMapping(ovsClient client.Client, topology string, networkName st
 			return nil
 		}
 	}
-
-	return fmt.Errorf("failed to find bridge mapping for network: %q; Current ovn-bridge-mappings: %q", networkName, ovnBridgeMappings)
+	klog.V(5).Infof("Failed to find bridge mapping for network: %q, current OVN bridge-mappings: (%s)", networkName, ovnBridgeMappings)
+	return fmt.Errorf("failed to find OVN bridge-mapping for network: %q", networkName)
 }

go-controller/pkg/cni/cni_test.go

@@ -372,7 +372,7 @@ var _ = Describe("checkBridgeMapping", func() {
 			})
 			Expect(err).NotTo(HaveOccurred())
 			Expect(checkBridgeMapping(ovsClient, ovntypes.LocalnetTopology, networkName).Error()).To(
-				Equal(`failed to find bridge mapping for network: "test-network"; Current ovn-bridge-mappings: "other-network:br-int"`))
+				Equal(`failed to find OVN bridge-mapping for network: "test-network"`))
 		})
 	})
 })