You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by bd...@apache.org on 2022/08/22 21:01:46 UTC

[openwhisk] branch master updated: add config to mask docker run args when logging (#5310)

This is an automated email from the ASF dual-hosted git repository.

bdoyle pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openwhisk.git


The following commit(s) were added to refs/heads/master by this push:
     new 6605b5f91 add config to mask docker run args when logging (#5310)
6605b5f91 is described below

commit 6605b5f9187adc84a298a290bfdee914d6c2fe4c
Author: Brendan Doyle <bd...@gmail.com>
AuthorDate: Mon Aug 22 14:01:41 2022 -0700

    add config to mask docker run args when logging (#5310)
    
    Co-authored-by: Brendan Doyle <br...@qualtrics.com>
---
 core/invoker/src/main/resources/application.conf             |  3 +++
 .../openwhisk/core/containerpool/docker/DockerClient.scala   | 12 ++++++++----
 .../openwhisk/standalone/StandaloneDockerSupport.scala       |  5 +++--
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/core/invoker/src/main/resources/application.conf b/core/invoker/src/main/resources/application.conf
index c0b22b6e8..6fca2210f 100644
--- a/core/invoker/src/main/resources/application.conf
+++ b/core/invoker/src/main/resources/application.conf
@@ -33,6 +33,9 @@ whisk {
     # 0 means that there are infinite parallel runs.
     parallel-runs: 10
 
+    # hide args passed into docker run command when logging docker run command
+    mask-docker-run-args: false
+
     # Timeouts for docker commands. Set to "Inf" to disable timeout.
     timeouts {
       run: 1 minute
diff --git a/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerClient.scala b/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerClient.scala
index 2d40a0bd4..2494a9b35 100644
--- a/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerClient.scala
+++ b/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerClient.scala
@@ -68,7 +68,7 @@ case class DockerClientTimeoutConfig(run: Duration,
 /**
  * Configuration for docker client
  */
-case class DockerClientConfig(parallelRuns: Int, timeouts: DockerClientTimeoutConfig)
+case class DockerClientConfig(parallelRuns: Int, timeouts: DockerClientTimeoutConfig, maskDockerRunArgs: Boolean)
 
 /**
  * Serves as interface to the docker CLI tool.
@@ -135,7 +135,10 @@ class DockerClient(dockerHost: Option[String] = None,
       }
     }.flatMap { _ =>
       // Iff the semaphore was acquired successfully
-      runCmd(Seq("run", "-d") ++ args ++ Seq(image), config.timeouts.run)
+      runCmd(
+        Seq("run", "-d") ++ args ++ Seq(image),
+        config.timeouts.run,
+        if (config.maskDockerRunArgs) Some(Seq("run", "-d", "**ARGUMENTS HIDDEN**", image)) else None)
         .andThen {
           // Release the semaphore as quick as possible regardless of the runCmd() result
           case _ => runSemaphore.release()
@@ -200,12 +203,13 @@ class DockerClient(dockerHost: Option[String] = None,
   def isOomKilled(id: ContainerId)(implicit transid: TransactionId): Future[Boolean] =
     runCmd(Seq("inspect", id.asString, "--format", "{{.State.OOMKilled}}"), config.timeouts.inspect).map(_.toBoolean)
 
-  protected def runCmd(args: Seq[String], timeout: Duration)(implicit transid: TransactionId): Future[String] = {
+  protected def runCmd(args: Seq[String], timeout: Duration, maskedArgs: Option[Seq[String]] = None)(
+    implicit transid: TransactionId): Future[String] = {
     val cmd = dockerCmd ++ args
     val start = transid.started(
       this,
       LoggingMarkers.INVOKER_DOCKER_CMD(args.head),
-      s"running ${cmd.mkString(" ")} (timeout: $timeout)",
+      s"running ${maskedArgs.map(maskedArgs => (dockerCmd ++ maskedArgs).mkString(" ")).getOrElse(cmd.mkString(" "))} (timeout: $timeout)",
       logLevel = InfoLevel)
     executeProcess(cmd, timeout).andThen {
       case Success(_) => transid.finished(this, start)
diff --git a/core/standalone/src/main/scala/org/apache/openwhisk/standalone/StandaloneDockerSupport.scala b/core/standalone/src/main/scala/org/apache/openwhisk/standalone/StandaloneDockerSupport.scala
index 697410015..8108834b6 100644
--- a/core/standalone/src/main/scala/org/apache/openwhisk/standalone/StandaloneDockerSupport.scala
+++ b/core/standalone/src/main/scala/org/apache/openwhisk/standalone/StandaloneDockerSupport.scala
@@ -211,8 +211,9 @@ class StandaloneDockerClient(pullDisabled: Boolean)(implicit log: Logging, as: A
     if (pullDisabled) Future.successful(()) else super.pull(image)
   }
 
-  override def runCmd(args: Seq[String], timeout: Duration)(implicit transid: TransactionId): Future[String] =
-    super.runCmd(args, timeout)
+  override def runCmd(args: Seq[String], timeout: Duration, maskedArgs: Option[Seq[String]] = None)(
+    implicit transid: TransactionId): Future[String] =
+    super.runCmd(args, timeout, maskedArgs)
 
   val clientConfig: DockerClientConfig = loadConfigOrThrow[DockerClientConfig](ConfigKeys.dockerClient)