Failed tasks no longer store traceback.#7065
Merged
Merged
Conversation
mdellweg
reviewed
Nov 17, 2025
Comment on lines
+176
to
+180
| raise ValueError("Immediate tasks must be async functions.") | ||
| raise NonAsyncImmediateTaskError(task_name=task.name) |
Member
There was a problem hiding this comment.
When this happens, it's a programming error. This should not be user visible.
aKlimau
force-pushed
the
no-traceback-exception
branch
from
7a4572d to
633d6be
Compare
aKlimau
force-pushed
the
no-traceback-exception
branch
from
633d6be to
43966ea
Compare
aKlimau
force-pushed
the
no-traceback-exception
branch
6 times, most recently
from
ffcb19b to
0c2fc24
Compare
aKlimau
force-pushed
the
no-traceback-exception
branch
13 times, most recently
from
673f40c to
f10b3ba
Compare
aKlimau
force-pushed
the
no-traceback-exception
branch
4 times, most recently
from
c0a7cb3 to
fc3aef2
Compare
aKlimau
force-pushed
the
no-traceback-exception
branch
6 times, most recently
from
c216476 to
bbb4420
Compare
mdellweg
reviewed
Jan 8, 2026
| tb_str = "".join(traceback.format_tb(tb)) | ||
| error = exception_to_dict(exc, tb_str) | ||
| error = {} | ||
| if tb: |
Member
There was a problem hiding this comment.
Does this still happen? Don't we just want the error to be a single string like:
"Remote URL not found" or "Internal Error"?
Member
There was a problem hiding this comment.
Can we maybe instead add the PLP000X codes here?
|
|
||
| def __str__(self): | ||
| return _("Domain name was not found for {}. Check if specified url is valid.").format( | ||
| self.url |
Member
There was a problem hiding this comment.
We should not leak urls either...
| self.url = url | ||
|
|
||
| def __str__(self): | ||
| return _("Domain name was not found for {}. Check if specified url is valid.").format( |
Member
There was a problem hiding this comment.
Domains in the context of Pulp may be misleading. "URL lookup failed." Should be sufficient.
jobselko
reviewed
Jan 8, 2026
mdellweg
reviewed
Jan 8, 2026
| return _("Domain name was not found for {}. Check if specified url is valid.").format( | ||
| self.url | ||
| ) | ||
| return _("URL lookup failed.") |
Member
There was a problem hiding this comment.
There's more leaked data with the other exceptions.
aKlimau
force-pushed
the
no-traceback-exception
branch
from
1d2e063 to
53f2f33
Compare
aKlimau
force-pushed
the
no-traceback-exception
branch
from
53f2f33 to
da90358
Compare
mdellweg
reviewed
Jan 14, 2026
| return _("URL: {u} not supported.").format(u=self.url) | ||
|
|
||
|
|
||
| class ProxyAuthenticationRequiredError(PulpException): |
Member
There was a problem hiding this comment.
Isn't this more a "ProxyAuthenticationFailedError"? At which point "ProxyAuthenticationError" carries the same information.
Contributor
Author
There was a problem hiding this comment.
Yes, but I was taking inspiration from HTTP 407, which has the same error name
Comment on lines
+109
to
+111
| except (PulpException, PulpGlueException): | ||
| exc_type, exc, _ = sys.exc_info() | ||
| log_task_failed(task, exc_type, exc, None, domain) # Leave no traceback in logs |
Member
There was a problem hiding this comment.
Comments are a delicate thing... They are not executed by the interpreter and usually ignored by humans. So I'd rather hint at "why" not at "what" you do here.
Suggested change
| except (PulpException, PulpGlueException): | |
| exc_type, exc, _ = sys.exc_info() | |
| log_task_failed(task, exc_type, exc, None, domain) # Leave no traceback in logs | |
| except (PulpException, PulpGlueException): | |
| # Log expected ways to fail without a stacktrace. | |
| exc_type, exc, _ = sys.exc_info() | |
| log_task_failed(task, exc_type, exc, None, domain) |
| exc_type, exc, tb = sys.exc_info() | ||
| await sync_to_async(task.set_failed)(exc, tb) | ||
| log_task_failed(task, exc_type, exc, tb, domain) | ||
| # Generic exception for user |
Member
There was a problem hiding this comment.
Similarly here:
# Unexpected Exceptions are most probably a programming error.
# Log error with a stack trace and give a generic error (equivalent of HTTP 500) to the user.
603e033 to
7dfbdbe
Compare
Tracebacks can expose sensitive information from an exception via the API. This change stops this behavior by only logging tracebacks and not storing them inside of tasks.
aKlimau
force-pushed
the
no-traceback-exception
branch
from
7dfbdbe to
31cf791
Compare
mdellweg
approved these changes
Jan 14, 2026
This was referenced Jan 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Failed task tracebacks are currently a part of task model, it can expose sensitive information from an exception via the API. This change stops this behavior by only logging tracebacks and not storing them inside of tasks.
_execute_task and _aexecute_task are modified to log tracebacks for unknown exceptions but never save them to the Task record.
Task.set_failed() is updated to make the tb (traceback) argument optional.
A new PulpExceptionNoTraceback base class is added for known, user-facing errors (like a DNS failure) where the traceback is not useful and should not be logged.
A new DnsDomainNameException (inheriting from PulpExceptionNoTraceback) is added to handle DNS lookup failures (e.g., bad remote URLs) as a known user error.