New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1918879: better surface dockerconfigjson errors causing image pull errors #200
Bug 1918879: better surface dockerconfigjson errors causing image pull errors #200
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
WIll this error message leak token content?
var cfgJSON credentialprovider.DockerConfigJSON | ||
if err := json.Unmarshal(contents, &cfgJSON); err != nil { | ||
log.V(4).Infof("while trying to parse blob %q: %v", contents, err) | ||
return false | ||
log.V(0).Infof("error trying to parse blob %q: %v", contents, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, yesterday it looked like it ends up printing part of the secret, I don't think we can print the error itself by default. What about just printing "Error Deserializing, set env var X to value Y to see details (warning: This might leak the content of the secret"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep I'll redo this part
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and to be clear, it was the contents
piece here ... if we considered the error log that occurred here, while trying to parse blob << the raw json pull secret >> ": illegal base64 data at input byte 1152
The contents
piece is << the raw json pull secret >>
and the err string is illegal base64 data at input byte 1152
I'll leave the err string
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've also double checked json.Unmarshal
... all the errors just note the byte array location like in the log above
@stevekuznetsov @alvaroaleman separate commit pushed to remove byte array contents from the error log |
} | ||
} | ||
return "" | ||
var err error | ||
if len(errList) > 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: The condition isn't needed, utilerrors.NewAggregate will return a nil error if the error list has zero entries or all of them are nil
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah right thanks ... update pushed in separate commit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
cab1567
to
d8a64de
Compare
thanks @stevekuznetsov @alvaroaleman review commits squashed awaiting look-see from @adambkaplan |
/lgtm |
@gabemontero: This pull request references Bugzilla bug 1918879, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherrypick release-4.6 |
@gabemontero: once the present PR merges, I will cherry-pick it on top of release-4.6 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: adambkaplan, alvaroaleman, gabemontero, stevekuznetsov The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@gabemontero: All pull requests linked via external trackers have merged: Bugzilla bug 1918879 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@gabemontero: #200 failed to apply on top of branch "release-4.6":
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
As part of the triage captured at https://coreos.slack.com/archives/C01JLQ7MB2M for a recent CI incident where a corrupted pull secret caused image pull failures with builds, it became apparent that V(4) trace was minimally needed to more precisely capture the error.
The PR strives to make the error cause more available with default logging.
@stevekuznetsov @alvaroaleman FYI
/assign @adambkaplan
@openshift/openshift-team-build-api FYI