ExternalVendorCode/balena-supervisor
1
0
Fork 0
mirror of https://github.com/balena-os/balena-supervisor.git synced 2025-02-21 10:01:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Auto-merge for PR #500 via VersionBot

Browse Source 
Mixpanel tunneling through resin API, and extra hiding of properties
This commit is contained in:
resin-io-versionbot[bot] 2017-11-01 10:29:42 +00:00 committed by GitHub
commit 89607fa2bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file
automatically by Versionist. DO NOT EDIT THIS FILE MANUALLY! automatically by Versionist. DO NOT EDIT THIS FILE MANUALLY!
This project adheres to [Semantic Versioning](http://semver.org/). This project adheres to [Semantic Versioning](http://semver.org/).
## v6.3.11 - 2017-11-01
* Add whitelist-based filtering to mixpanel events #500 [Pablo Carranza Velez]
* Tunnel all mixpanel events through the resin API #500 [Pablo Carranza Velez]
## v6.3.10 - 2017-10-31 ## v6.3.10 - 2017-10-31
* Use a custom webpack loader to avoid uncaught exceptions from JSONStream #517 [Pablo Carranza Velez] * Use a custom webpack loader to avoid uncaught exceptions from JSONStream #517 [Pablo Carranza Velez]

3
package.json
View File

@ -1,7 +1,7 @@
{ {
"name": "resin-supervisor", "name": "resin-supervisor",
"description": "This is resin.io's Supervisor, a program that runs on IoT devices and has the task of running user Apps (which are Docker containers), and updating them as Resin's API informs it to.", "description": "This is resin.io's Supervisor, a program that runs on IoT devices and has the task of running user Apps (which are Docker containers), and updating them as Resin's API informs it to.",
"version": "6.3.10", "version": "6.3.11",
"license": "Apache-2.0", "license": "Apache-2.0",
"repository": { "repository": {
"type": "git", "type": "git",
@ -34,6 +34,7 @@
"docker-toolbelt": "^3.0.3", "docker-toolbelt": "^3.0.3",
"event-stream": "^3.0.20", "event-stream": "^3.0.20",
"express": "^4.0.0", "express": "^4.0.0",
"json-mask": "^0.3.8",
"knex": "~0.12.3", "knex": "~0.12.3",
"lockfile": "^1.0.1", "lockfile": "^1.0.1",
"lodash": "^4.16.3", "lodash": "^4.16.3",

4
src/config.coffee
View File

@ -1,10 +1,11 @@
{ checkInt, checkString } = require './lib/validation' { checkInt, checkString } = require './lib/validation'
dockerRoot = checkString(process.env.DOCKER_ROOT) ? '/mnt/root/var/lib/rce' dockerRoot = checkString(process.env.DOCKER_ROOT) ? '/mnt/root/var/lib/rce'
apiEndpoint = checkString(process.env.API_ENDPOINT)
# Defaults needed for both gosuper and node supervisor are declared in entry.sh # Defaults needed for both gosuper and node supervisor are declared in entry.sh
module.exports = module.exports =
apiEndpoint: checkString(process.env.API_ENDPOINT) apiEndpoint: apiEndpoint
apiTimeout: checkInt(process.env.API_TIMEOUT, positive: true) ? 15 * 60 * 1000 apiTimeout: checkInt(process.env.API_TIMEOUT, positive: true) ? 15 * 60 * 1000
listenPort: checkInt(process.env.LISTEN_PORT, positive: true) ? 80 listenPort: checkInt(process.env.LISTEN_PORT, positive: true) ? 80
gosuperAddress: "http://unix:#{process.env.GOSUPER_SOCKET}:" gosuperAddress: "http://unix:#{process.env.GOSUPER_SOCKET}:"
@ -15,6 +16,7 @@ module.exports =
publish_key: checkString(process.env.PUBNUB_PUBLISH_KEY) ? process.env.DEFAULT_PUBNUB_PUBLISH_KEY publish_key: checkString(process.env.PUBNUB_PUBLISH_KEY) ? process.env.DEFAULT_PUBNUB_PUBLISH_KEY
ssl: true ssl: true
mixpanelToken: checkString(process.env.MIXPANEL_TOKEN) ? process.env.DEFAULT_MIXPANEL_TOKEN mixpanelToken: checkString(process.env.MIXPANEL_TOKEN) ? process.env.DEFAULT_MIXPANEL_TOKEN
mixpanelHost: "#{apiEndpoint}/mixpanel"
dockerSocket: process.env.DOCKER_SOCKET dockerSocket: process.env.DOCKER_SOCKET
supervisorImage: checkString(process.env.SUPERVISOR_IMAGE) ? 'resin/rpi-supervisor' supervisorImage: checkString(process.env.SUPERVISOR_IMAGE) ? 'resin/rpi-supervisor'
configMountPoint: checkString(process.env.CONFIG_MOUNT_POINT) ? '/mnt/mmcblk0p1/config.json' configMountPoint: checkString(process.env.CONFIG_MOUNT_POINT) ? '/mnt/mmcblk0p1/config.json'

24
src/utils.coffee
View File

@ -14,18 +14,28 @@ TypedError = require 'typed-error'
execAsync = Promise.promisify(require('child_process').exec) execAsync = Promise.promisify(require('child_process').exec)
device = require './device' device = require './device'
{ checkTruthy } = require './lib/validation' { checkTruthy } = require './lib/validation'
mask = require 'json-mask'
exports.supervisorVersion = require('./lib/supervisor-version') exports.supervisorVersion = require('./lib/supervisor-version')
configJson = JSON.parse(fs.readFileSync('/boot/config.json')) configJson = JSON.parse(fs.readFileSync('/boot/config.json'))
if Boolean(config.apiEndpoint) and !Boolean(configJson.supervisorOfflineMode) if Boolean(config.apiEndpoint) and !Boolean(configJson.supervisorOfflineMode)
mixpanelClient = mixpanel.init(config.mixpanelToken) mixpanelClient = mixpanel.init(config.mixpanelToken, { host: config.mixpanelHost })
else else
mixpanelClient = { track: _.noop } mixpanelClient = { track: _.noop }
exports.mixpanelProperties = mixpanelProperties = exports.mixpanelProperties = mixpanelProperties =
username: configJson.username username: configJson.username
mixpanelMask = [
'appId'
'delay'
'error'
'interval'
'app(appId,imageId,commit,name)'
'stateDiff(status,download_progress,commit,os_version,superisor_version,ip_address)'
].join(',')
exports.mixpanelTrack = (event, properties = {}) -> exports.mixpanelTrack = (event, properties = {}) ->
# Allow passing in an error directly and having it assigned to the error property. # Allow passing in an error directly and having it assigned to the error property.
if properties instanceof Error if properties instanceof Error
@ -40,16 +50,8 @@ exports.mixpanelTrack = (event, properties = {}) ->
properties = _.cloneDeep(properties) properties = _.cloneDeep(properties)
# Don't log private env vars (e.g. api keys) # Filter properties to only send the whitelisted keys and values
if properties?.app?.env? properties = mask(properties, mixpanelMask)
try
{ env } = properties.app
env = JSON.parse(env) if _.isString(env)
safeEnv = _.omit(env, config.privateAppEnvVars)
properties.app.env = JSON.stringify(safeEnv)
catch
properties.app.env = 'Fully hidden due to error in selective hiding'
console.log('Event:', event, JSON.stringify(properties)) console.log('Event:', event, JSON.stringify(properties))
# Mutation is bad, and it should feel bad # Mutation is bad, and it should feel bad
properties = _.assign(properties, mixpanelProperties) properties = _.assign(properties, mixpanelProperties)