From a24fa8cf2e65c1945c2af7b460c7359316b05970 Mon Sep 17 00:00:00 2001 From: iliana etaoin Date: Tue, 27 Aug 2024 13:00:27 -0700 Subject: [PATCH] stop logging `cloud_init_bytes` in sled-agent (#6439) aka "want sled-agent to stop screaming at base64 floppy disks" Fixes #6387. 1. Create a `NoDebug` wrapper struct for this purpose in omicron-common. (Note that the OpenAPI schema for sled-agent does not change; schemars seems to honor `#[serde(transparent)]`.) 2. Apply `NoDebug` inside the `cloud_init_bytes` `Option`. Thus we log everything else about the instance hardware, and whether or not there is cidata, but not the cidata itself. 3. Demote an INFO-level log of the Propolis client's `InstanceEnsureRequest` to DEBUG. --- common/src/lib.rs | 24 ++++++++++++++++++++++++ sled-agent/src/instance.rs | 7 ++++--- sled-agent/types/src/instance.rs | 3 ++- 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/common/src/lib.rs b/common/src/lib.rs index 6da32c56ba..b9d6dd3172 100644 --- a/common/src/lib.rs +++ b/common/src/lib.rs @@ -118,3 +118,27 @@ where async fn never_bail() -> Result { Ok(false) } + +/// A wrapper struct that does nothing other than elide the inner value from +/// [`std::fmt::Debug`] output. +/// +/// We define this within Omicron instead of using one of the many available +/// crates that do the same thing because it's trivial to do so, and we want the +/// flexibility to add traits to this type without needing to wait on upstream +/// to add an optional dependency. +/// +/// If you want to use this for secrets, consider that it might not do +/// everything you expect (it does not zeroize memory on drop, nor get in the +/// way of you removing the inner value from this wrapper struct). +#[derive( + Clone, Copy, serde::Deserialize, serde::Serialize, schemars::JsonSchema, +)] +#[repr(transparent)] +#[serde(transparent)] +pub struct NoDebug(pub T); + +impl std::fmt::Debug for NoDebug { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + write!(f, "..") + } +} diff --git a/sled-agent/src/instance.rs b/sled-agent/src/instance.rs index b035ef7e71..33b2d0cf67 100644 --- a/sled-agent/src/instance.rs +++ b/sled-agent/src/instance.rs @@ -31,6 +31,7 @@ use omicron_common::api::internal::shared::{ }; use omicron_common::backoff; use omicron_common::zpool_name::ZpoolName; +use omicron_common::NoDebug; use omicron_uuid_kinds::{GenericUuid, InstanceUuid, PropolisUuid}; use propolis_client::Client as PropolisClient; use rand::prelude::IteratorRandom; @@ -335,7 +336,7 @@ struct InstanceRunner { // Disk related properties requested_disks: Vec, - cloud_init_bytes: Option, + cloud_init_bytes: Option>, // Internal State management state: InstanceStates, @@ -718,10 +719,10 @@ impl InstanceRunner { .map(Into::into) .collect(), migrate, - cloud_init_bytes: self.cloud_init_bytes.clone(), + cloud_init_bytes: self.cloud_init_bytes.clone().map(|x| x.0), }; - info!(self.log, "Sending ensure request to propolis: {:?}", request); + debug!(self.log, "Sending ensure request to propolis: {:?}", request); let result = client.instance_ensure().body(request).send().await; info!(self.log, "result of instance_ensure call is {:?}", result); result?; diff --git a/sled-agent/types/src/instance.rs b/sled-agent/types/src/instance.rs index bd0f536aa3..a39fae414b 100644 --- a/sled-agent/types/src/instance.rs +++ b/sled-agent/types/src/instance.rs @@ -17,6 +17,7 @@ use omicron_common::api::internal::{ DhcpConfig, NetworkInterface, ResolvedVpcFirewallRule, SourceNatConfig, }, }; +use omicron_common::NoDebug; use omicron_uuid_kinds::InstanceUuid; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; @@ -60,7 +61,7 @@ pub struct InstanceHardware { pub dhcp_config: DhcpConfig, // TODO: replace `propolis_client::*` with locally-modeled request type pub disks: Vec, - pub cloud_init_bytes: Option, + pub cloud_init_bytes: Option>, } /// Metadata used to track statistics about an instance.