[305] Hide authorisation headers of exceptions' reprs

[nolar]

What do these changes do?

Prevent leaking Authorisation: and maybe other sensitive headers of the K8s API requests and responses when failing to post an event.

Description

Previously, Kopf was logging the whole repr of an error in case of failures. With aiohttp.ClientResponseError, this seems to be a problem, as its repr includes all the request headers, including Authorization: ….

When this header is logged, then those who have access to the logs can also get access to the K8s API (especially if the K8s API tokens are not expired, which is the case on its own).

With this change, it will only show string forms of any errors. For aiohttp.ClientResponseError, this means only the HTTP status, message, and an URL. And, as a special case, in K8s-event posting, only the HTTP status and message.

Issues/PRs

Issues: fixes #305

Type of changes

• Bug fix (non-breaking change which fixes an issue)

Checklist

• The code addresses only the mentioned problem, and this problem only
• I think the code is well written
• Unit tests for the changes exist
• Documentation reflects the changes
• If you provide code modification, please add yourself to CONTRIBUTORS.txt

[zincr]

🤖 zincr found 0 problems , 0 warnings

✅ Large Commits
✅ Approvals
✅ Specification
✅ Dependency Licensing

[zincr]

🤖 zincr found 1 problem , 0 warnings

❌ Approvals
✅ Large Commits
✅ Specification
✅ Dependency Licensing

Details on how to resolve are provided below

---

Approvals

All proposed changes must be reviewed by project maintainers before they can be merged

Not enough people have approved this pull request - please ensure that 1 additional user, who have not contributed to this pull request approve the changes.

• ✅ Approved by PR author @nolar
• ❌ 1 additional approval needed