diff --git a/core/invoker/src/main/resources/application.conf b/core/invoker/src/main/resources/application.conf index c0b22b6e8b7..6fca2210f3d 100644 --- a/core/invoker/src/main/resources/application.conf +++ b/core/invoker/src/main/resources/application.conf @@ -33,6 +33,9 @@ whisk { # 0 means that there are infinite parallel runs. parallel-runs: 10 + # hide args passed into docker run command when logging docker run command + mask-docker-run-args: false + # Timeouts for docker commands. Set to "Inf" to disable timeout. timeouts { run: 1 minute diff --git a/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerClient.scala b/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerClient.scala index 2d40a0bd408..2494a9b3512 100644 --- a/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerClient.scala +++ b/core/invoker/src/main/scala/org/apache/openwhisk/core/containerpool/docker/DockerClient.scala @@ -68,7 +68,7 @@ case class DockerClientTimeoutConfig(run: Duration, /** * Configuration for docker client */ -case class DockerClientConfig(parallelRuns: Int, timeouts: DockerClientTimeoutConfig) +case class DockerClientConfig(parallelRuns: Int, timeouts: DockerClientTimeoutConfig, maskDockerRunArgs: Boolean) /** * Serves as interface to the docker CLI tool. @@ -135,7 +135,10 @@ class DockerClient(dockerHost: Option[String] = None, } }.flatMap { _ => // Iff the semaphore was acquired successfully - runCmd(Seq("run", "-d") ++ args ++ Seq(image), config.timeouts.run) + runCmd( + Seq("run", "-d") ++ args ++ Seq(image), + config.timeouts.run, + if (config.maskDockerRunArgs) Some(Seq("run", "-d", "**ARGUMENTS HIDDEN**", image)) else None) .andThen { // Release the semaphore as quick as possible regardless of the runCmd() result case _ => runSemaphore.release() @@ -200,12 +203,13 @@ class DockerClient(dockerHost: Option[String] = None, def isOomKilled(id: ContainerId)(implicit transid: TransactionId): Future[Boolean] = runCmd(Seq("inspect", id.asString, "--format", "{{.State.OOMKilled}}"), config.timeouts.inspect).map(_.toBoolean) - protected def runCmd(args: Seq[String], timeout: Duration)(implicit transid: TransactionId): Future[String] = { + protected def runCmd(args: Seq[String], timeout: Duration, maskedArgs: Option[Seq[String]] = None)( + implicit transid: TransactionId): Future[String] = { val cmd = dockerCmd ++ args val start = transid.started( this, LoggingMarkers.INVOKER_DOCKER_CMD(args.head), - s"running ${cmd.mkString(" ")} (timeout: $timeout)", + s"running ${maskedArgs.map(maskedArgs => (dockerCmd ++ maskedArgs).mkString(" ")).getOrElse(cmd.mkString(" "))} (timeout: $timeout)", logLevel = InfoLevel) executeProcess(cmd, timeout).andThen { case Success(_) => transid.finished(this, start) diff --git a/core/standalone/src/main/scala/org/apache/openwhisk/standalone/StandaloneDockerSupport.scala b/core/standalone/src/main/scala/org/apache/openwhisk/standalone/StandaloneDockerSupport.scala index 6974100152e..8108834b6a9 100644 --- a/core/standalone/src/main/scala/org/apache/openwhisk/standalone/StandaloneDockerSupport.scala +++ b/core/standalone/src/main/scala/org/apache/openwhisk/standalone/StandaloneDockerSupport.scala @@ -211,8 +211,9 @@ class StandaloneDockerClient(pullDisabled: Boolean)(implicit log: Logging, as: A if (pullDisabled) Future.successful(()) else super.pull(image) } - override def runCmd(args: Seq[String], timeout: Duration)(implicit transid: TransactionId): Future[String] = - super.runCmd(args, timeout) + override def runCmd(args: Seq[String], timeout: Duration, maskedArgs: Option[Seq[String]] = None)( + implicit transid: TransactionId): Future[String] = + super.runCmd(args, timeout, maskedArgs) val clientConfig: DockerClientConfig = loadConfigOrThrow[DockerClientConfig](ConfigKeys.dockerClient)