want sled-agent to scream cidata bytes less

oxidecomputer · Aug 26, 2024 · 10a2895 · 10a2895
1 parent 4a60d78
commit 10a2895
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 4 deletions.
diff --git a/common/src/lib.rs b/common/src/lib.rs
@@ -118,3 +118,22 @@ where
 async fn never_bail() -> Result<bool, Error> {
     Ok(false)
 }
+
+/// A wrapper struct that does nothing other than elide the inner value from
+/// [`std::debug::Debug`] output.
+///
+/// If you want to use this for secrets, consider that it might not do
+/// everything you expect (it does not zeroize memory on drop, nor get in the
+/// way of you removing the inner value from this wrapper struct).
+#[derive(
+    Clone, Copy, serde::Deserialize, serde::Serialize, schemars::JsonSchema,
+)]
+#[repr(transparent)]
+#[serde(transparent)]
+pub struct NoDebug<T>(pub T);
+
+impl<T> std::fmt::Debug for NoDebug<T> {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "..")
+    }
+}
diff --git a/sled-agent/src/instance.rs b/sled-agent/src/instance.rs
@@ -33,6 +33,7 @@ use omicron_common::api::internal::shared::{
 };
 use omicron_common::backoff;
 use omicron_common::zpool_name::ZpoolName;
+use omicron_common::NoDebug;
 use omicron_uuid_kinds::{GenericUuid, InstanceUuid, PropolisUuid};
 use propolis_client::Client as PropolisClient;
 use rand::prelude::IteratorRandom;
@@ -337,7 +338,7 @@ struct InstanceRunner {
 
     // Disk related properties
     requested_disks: Vec<propolis_client::types::DiskRequest>,
-    cloud_init_bytes: Option<String>,
+    cloud_init_bytes: Option<NoDebug<String>>,
 
     // Internal State management
     state: InstanceStates,
@@ -724,10 +725,10 @@ impl InstanceRunner {
                 .map(Into::into)
                 .collect(),
             migrate,
-            cloud_init_bytes: self.cloud_init_bytes.clone(),
+            cloud_init_bytes: self.cloud_init_bytes.clone().map(|x| x.0),
         };
 
-        info!(self.log, "Sending ensure request to propolis: {:?}", request);
+        debug!(self.log, "Sending ensure request to propolis: {:?}", request);
         let result = client.instance_ensure().body(request).send().await;
         info!(self.log, "result of instance_ensure call is {:?}", result);
         result?;

diff --git a/sled-agent/types/src/instance.rs b/sled-agent/types/src/instance.rs
@@ -18,6 +18,7 @@ use omicron_common::api::internal::{
         DhcpConfig, NetworkInterface, ResolvedVpcFirewallRule, SourceNatConfig,
     },
 };
+use omicron_common::NoDebug;
 use omicron_uuid_kinds::PropolisUuid;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
@@ -63,7 +64,7 @@ pub struct InstanceHardware {
     pub dhcp_config: DhcpConfig,
     // TODO: replace `propolis_client::*` with locally-modeled request type
     pub disks: Vec<propolis_client::types::DiskRequest>,
-    pub cloud_init_bytes: Option<String>,
+    pub cloud_init_bytes: Option<NoDebug<String>>,
 }
 
 /// Metadata used to track statistics about an instance.