Bug 1918879: better surface dockerconfigjson errors causing image pull errors

[gabemontero]

As part of the triage captured at https://coreos.slack.com/archives/C01JLQ7MB2M for a recent CI incident where a corrupted pull secret caused image pull failures with builds, it became apparent that V(4) trace was minimally needed to more precisely capture the error.

The PR strives to make the error cause more available with default logging.

@stevekuznetsov @alvaroaleman FYI

/assign @adambkaplan

@openshift/openshift-team-build-api FYI

[stevekuznetsov]

WIll this error message leak token content?

[alvaroaleman]

Yeah, yesterday it looked like it ends up printing part of the secret, I don't think we can print the error itself by default. What about just printing "Error Deserializing, set env var X to value Y to see details (warning: This might leak the content of the secret"?

[gabemontero]

yep I'll redo this part

[gabemontero]

and to be clear, it was the contents piece here ... if we considered the error log that occurred here, while trying to parse blob << the raw json pull secret >> ": illegal base64 data at input byte 1152

The contents piece is << the raw json pull secret >> and the err string is illegal base64 data at input byte 1152

I'll leave the err string

[gabemontero]

I've also double checked json.Unmarshal ... all the errors just note the byte array location like in the log above

[gabemontero]

@stevekuznetsov @alvaroaleman separate commit pushed to remove byte array contents from the error log

[alvaroaleman]

Nit: The condition isn't needed, utilerrors.NewAggregate will return a nil error if the error list has zero entries or all of them are nil

[gabemontero]

ah right thanks ... update pushed in separate commit

[alvaroaleman]

/lgtm

[gabemontero]

thanks @stevekuznetsov @alvaroaleman review commits squashed awaiting look-see from @adambkaplan

[stevekuznetsov]

/lgtm

[openshift-ci-robot]

@gabemontero: This pull request references Bugzilla bug 1918879, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.7.0) matches configured target release for branch (4.7.0)
• bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1918879: better surface dockerconfigjson errors causing image pull errors

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[gabemontero]

/cherrypick release-4.6

[openshift-cherrypick-robot]

@gabemontero: once the present PR merges, I will cherry-pick it on top of release-4.6 in a new PR and assign it to you.

In response to this:

/cherrypick release-4.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[adambkaplan]

/approve

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adambkaplan, alvaroaleman, gabemontero, stevekuznetsov

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [adambkaplan]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@gabemontero: All pull requests linked via external trackers have merged:

• openshift/builder#200

Bugzilla bug 1918879 has been moved to the MODIFIED state.

In response to this:

Bug 1918879: better surface dockerconfigjson errors causing image pull errors

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-cherrypick-robot]

@gabemontero: #200 failed to apply on top of branch "release-4.6":

Applying: better surface dockerconfigjson errors causing image pull errors
Using index info to reconstruct a base tree...
M	pkg/build/builder/daemonless.go
Falling back to patching base and 3-way merge...
Auto-merging pkg/build/builder/daemonless.go
CONFLICT (content): Merge conflict in pkg/build/builder/daemonless.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 better surface dockerconfigjson errors causing image pull errors
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherrypick release-4.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.