Revamp debug logs

[jonjohnsonjr]

1. Drop places that can log creds. May bring this back with build tags?
2. Introduce pkg/internal/redact to hold a context that signals we
   should omit the body when dumping logs. Maybe this should live in
   the logs package, but internal for now should be fine.
3. Stop logging the request and response body for blobs and token
   responses.

[jonjohnsonjr]

cc @ahmetb

[codecov-io]

Codecov Report

Merging #816 (11e0225) into master (a14ada4) will decrease coverage by 0.07%.
The diff coverage is 78.26%.

@@            Coverage Diff             @@
##           master     #816      +/-   ##
==========================================
- Coverage   74.77%   74.69%   -0.08%     
==========================================
  Files         103      103              
  Lines        4313     4339      +26     
==========================================
+ Hits         3225     3241      +16     
- Misses        611      616       +5     
- Partials      477      482       +5     

Impacted Files	Coverage Δ
pkg/authn/keychain.go	100.00% <ø> (ø)
pkg/v1/google/auth.go	64.58% <ø> (-2.73%)	⬇️
pkg/v1/remote/transport/bearer.go	74.10% <63.63%> (-1.63%)	⬇️
pkg/v1/remote/write.go	65.12% <77.77%> (+0.16%)	⬆️
pkg/v1/remote/transport/logger.go	88.23% <80.95%> (-11.77%)	⬇️
pkg/v1/remote/descriptor.go	74.39% <100.00%> (ø)
pkg/v1/remote/image.go	79.16% <100.00%> (ø)
pkg/v1/remote/layer.go	62.96% <100.00%> (+1.42%)	⬆️
pkg/v1/remote/transport/error.go	100.00% <100.00%> (ø)
pkg/v1/layout/write.go	48.41% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a14ada4...11e0225. Read the comment docs.

[ahmetb]

I found req/resp dumps very useful.
The only time it wasn't useful was when the content type was a blob.

so I was doing something like this to download a layer into a file.

crane blob -v us-central1-docker.pkg.dev/ahmetb-demo/ahmetb-demo/busybox@sha256:9758c28807f21c13d05c704821fdd56c0b9574912f9b916c65e1df3e6b8bc572 > blobfile

and -v ended up printing the layer blob (garbage) into the log stream as well.

[jonjohnsonjr]

Trying to figure out a good way to actually filter out stuff you don't care about. We don't want to log the token response and we don't want to log binary blobs, but it's impossible to determine those from just the request or response in this context. We could do something janky like modify the context to tell the logger not to log certain requests...

[jonjohnsonjr]

I've implemented my janky suggestion to thread this through ctx.

Note some things:

1. Authorization: <redacted>
2. [body redacted: basic token response contains credentials]
3. [body redacted: omitting binary blobs from logs]

$ crane blob -v ubuntu@sha256:6a5697faee43339ef8e33e3839060252392ad99325a48f7c9d7e93c22db4d4cf > /dev/null
2020/11/07 11:32:23 No matching credentials were found, falling back on anonymous
2020/11/07 11:32:23 --> GET https://index.docker.io/v2/
2020/11/07 11:32:23 GET /v2/ HTTP/1.1
Host: index.docker.io
User-Agent: Go-http-client/1.1
Authorization: <redacted>
Accept-Encoding: gzip


2020/11/07 11:32:23 <-- 401 https://index.docker.io/v2/ (494.178722ms)
2020/11/07 11:32:23 HTTP/1.1 401 Unauthorized
Content-Length: 87
Content-Type: application/json
Date: Sat, 07 Nov 2020 19:32:23 GMT
Docker-Distribution-Api-Version: registry/2.0
Strict-Transport-Security: max-age=31536000
Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io"

{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}

2020/11/07 11:32:23 --> GET https://auth.docker.io/token?scope=repository%3Alibrary%2Fubuntu%3Apull&service=registry.docker.io
2020/11/07 11:32:23 GET /token?scope=repository%3Alibrary%2Fubuntu%3Apull&service=registry.docker.io HTTP/1.1
Host: auth.docker.io
User-Agent: go-containerregistry
Authorization: <redacted>
Accept-Encoding: gzip


2020/11/07 11:32:24 <-- 200 https://auth.docker.io/token?scope=repository%3Alibrary%2Fubuntu%3Apull&service=registry.docker.io (403.668243ms) [body redacted: basic token response contains credentials]
2020/11/07 11:32:24 HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/json
Date: Sat, 07 Nov 2020 19:32:24 GMT
Strict-Transport-Security: max-age=31536000


2020/11/07 11:32:24 --> GET https://index.docker.io/v2/library/ubuntu/blobs/sha256:6a5697faee43339ef8e33e3839060252392ad99325a48f7c9d7e93c22db4d4cf
2020/11/07 11:32:24 GET /v2/library/ubuntu/blobs/sha256:6a5697faee43339ef8e33e3839060252392ad99325a48f7c9d7e93c22db4d4cf HTTP/1.1
Host: index.docker.io
User-Agent: go-containerregistry
Authorization: <redacted>
Accept-Encoding: gzip


2020/11/07 11:32:24 <-- 307 https://index.docker.io/v2/library/ubuntu/blobs/sha256:6a5697faee43339ef8e33e3839060252392ad99325a48f7c9d7e93c22db4d4cf (95.80319ms) [body redacted: omitting binary blobs from logs]
2020/11/07 11:32:24 HTTP/1.1 307 Temporary Redirect
Content-Type: application/octet-stream
Date: Sat, 07 Nov 2020 19:32:24 GMT
Docker-Distribution-Api-Version: registry/2.0
Location: https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/6a/6a5697faee43339ef8e33e3839060252392ad99325a48f7c9d7e93c22db4d4cf/data?verify=1604780544-woHbF5xmW4Wavkf%2FvB1C1RNeZZQ%3D
Strict-Transport-Security: max-age=31536000
Content-Length: 0


2020/11/07 11:32:24 --> GET https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/6a/6a5697faee43339ef8e33e3839060252392ad99325a48f7c9d7e93c22db4d4cf/data?verify=1604780544-woHbF5xmW4Wavkf%2FvB1C1RNeZZQ%3D
2020/11/07 11:32:24 GET /registry-v2/docker/registry/v2/blobs/sha256/6a/6a5697faee43339ef8e33e3839060252392ad99325a48f7c9d7e93c22db4d4cf/data?verify=1604780544-woHbF5xmW4Wavkf%2FvB1C1RNeZZQ%3D HTTP/1.1
Host: production.cloudflare.docker.com
User-Agent: go-containerregistry
Authorization: <redacted>
Referer: https://index.docker.io/v2/library/ubuntu/blobs/sha256:6a5697faee43339ef8e33e3839060252392ad99325a48f7c9d7e93c22db4d4cf
Accept-Encoding: gzip


2020/11/07 11:32:24 <-- 200 https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/6a/6a5697faee43339ef8e33e3839060252392ad99325a48f7c9d7e93c22db4d4cf/data?verify=1604780544-woHbF5xmW4Wavkf%2FvB1C1RNeZZQ%3D (105.603087ms) [body redacted: omitting binary blobs from logs]
2020/11/07 11:32:24 HTTP/2.0 200 OK
Content-Length: 28558714
Accept-Ranges: bytes
Age: 201801
Cache-Control: public, max-age=14400
Cf-Cache-Status: HIT
Cf-Ray: 5ee97ae4de037959-SEA
Cf-Request-Id: 0645cb230600007959be0c8000000001
Content-Type: application/octet-stream
Date: Sat, 07 Nov 2020 19:32:24 GMT
Etag: "3c8f0561bcab424ddb8887f42759da13"
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires: Sat, 07 Nov 2020 23:32:24 GMT
Last-Modified: Thu, 08 Oct 2020 15:19:51 GMT
Server: cloudflare
Set-Cookie: __cfduid=db24da07e2e9df330b9cf6bafd265e4d61604777544; expires=Mon, 07-Dec-20 19:32:24 GMT; path=/; domain=.production.cloudflare.docker.com; HttpOnly; SameSite=Lax; Secure
Vary: Accept-Encoding
X-Amz-Id-2: bZnMOqLoGLAI2Ply9pwVRIIRvJFIakdJpbKgJG+rF/hWd+xuCxywAiiNJFs4yFh4cx74eL8sFQk=
X-Amz-Request-Id: 565DB4977C19FB85
X-Amz-Storage-Class: INTELLIGENT_TIERING
X-Amz-Version-Id: uNmm5NKwwibXznv27C.AD4gWWogAu5GB

Nicely, config blob is not omitted:

$ crane config -v ubuntu | jq .created
2020/11/07 11:38:01 No matching credentials were found, falling back on anonymous
2020/11/07 11:38:01 --> GET https://index.docker.io/v2/
2020/11/07 11:38:01 GET /v2/ HTTP/1.1
Host: index.docker.io
User-Agent: Go-http-client/1.1
Authorization: <redacted>
Accept-Encoding: gzip


2020/11/07 11:38:02 <-- 401 https://index.docker.io/v2/ (481.631242ms)
2020/11/07 11:38:02 HTTP/1.1 401 Unauthorized
Content-Length: 87
Content-Type: application/json
Date: Sat, 07 Nov 2020 19:38:02 GMT
Docker-Distribution-Api-Version: registry/2.0
Strict-Transport-Security: max-age=31536000
Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io"

{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}

2020/11/07 11:38:02 --> GET https://auth.docker.io/token?scope=repository%3Alibrary%2Fubuntu%3Apull&service=registry.docker.io
2020/11/07 11:38:02 GET /token?scope=repository%3Alibrary%2Fubuntu%3Apull&service=registry.docker.io HTTP/1.1
Host: auth.docker.io
User-Agent: go-containerregistry
Authorization: <redacted>
Accept-Encoding: gzip


2020/11/07 11:38:02 <-- 200 https://auth.docker.io/token?scope=repository%3Alibrary%2Fubuntu%3Apull&service=registry.docker.io (407.501085ms) [body redacted: basic token response contains credentials]
2020/11/07 11:38:02 HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/json
Date: Sat, 07 Nov 2020 19:38:02 GMT
Strict-Transport-Security: max-age=31536000


2020/11/07 11:38:02 --> GET https://index.docker.io/v2/library/ubuntu/manifests/latest
2020/11/07 11:38:02 GET /v2/library/ubuntu/manifests/latest HTTP/1.1
Host: index.docker.io
User-Agent: go-containerregistry
Accept: application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json
Authorization: <redacted>
Accept-Encoding: gzip


2020/11/07 11:38:02 <-- 200 https://index.docker.io/v2/library/ubuntu/manifests/latest (156.544952ms)
2020/11/07 11:38:02 HTTP/1.1 200 OK
Content-Length: 1201
Content-Type: application/vnd.docker.distribution.manifest.list.v2+json
Date: Sat, 07 Nov 2020 19:38:02 GMT
Docker-Content-Digest: sha256:fff16eea1a8ae92867721d90c59a75652ea66d29c05294e6e2f898704bdb8cf1
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:fff16eea1a8ae92867721d90c59a75652ea66d29c05294e6e2f898704bdb8cf1"
Strict-Transport-Security: max-age=31536000

{"manifests":[{"digest":"sha256:1d7b639619bdca2d008eca2d5293e3c43ff84cbee597ff76de3b7a7de3e84956","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"amd64","os":"linux"},"size":943},{"digest":"sha256:ebc8925ee51929a9d691f260b34dd6ed59b4cc2f6ca61e515ce08d31d38e0a87","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm","os":"linux","variant":"v7"},"size":943},{"digest":"sha256:65cd340c0735f062e84507c3c2298502b5446037cc282bc1f3ac720ef42fb137","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm64","os":"linux","variant":"v8"},"size":943},{"digest":"sha256:ad426b7dd24d6fa923c1f46dce9a747082d0ef306716aefdc959e4cd23ffd22b","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"ppc64le","os":"linux"},"size":943},{"digest":"sha256:c534dfe09e599c2f32d286b1222df26bf4d943ae5a434c54c07dbe63a3a5f457","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"s390x","os":"linux"},"size":943}],"mediaType":"application\/vnd.docker.distribution.manifest.list.v2+json","schemaVersion":2}
2020/11/07 11:38:02 --> GET https://index.docker.io/v2/library/ubuntu/manifests/sha256:1d7b639619bdca2d008eca2d5293e3c43ff84cbee597ff76de3b7a7de3e84956
2020/11/07 11:38:02 GET /v2/library/ubuntu/manifests/sha256:1d7b639619bdca2d008eca2d5293e3c43ff84cbee597ff76de3b7a7de3e84956 HTTP/1.1
Host: index.docker.io
User-Agent: go-containerregistry
Accept: application/vnd.docker.distribution.manifest.v2+json
Authorization: <redacted>
Accept-Encoding: gzip


2020/11/07 11:38:02 <-- 200 https://index.docker.io/v2/library/ubuntu/manifests/sha256:1d7b639619bdca2d008eca2d5293e3c43ff84cbee597ff76de3b7a7de3e84956 (146.998232ms)
2020/11/07 11:38:02 HTTP/1.1 200 OK
Content-Length: 943
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Date: Sat, 07 Nov 2020 19:38:02 GMT
Docker-Content-Digest: sha256:1d7b639619bdca2d008eca2d5293e3c43ff84cbee597ff76de3b7a7de3e84956
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:1d7b639619bdca2d008eca2d5293e3c43ff84cbee597ff76de3b7a7de3e84956"
Strict-Transport-Security: max-age=31536000

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 3352,
      "digest": "sha256:d70eaf7277eada08fca944de400e7e4dd97b1262c06ed2b1011500caa4decaf1"
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 28558714,
         "digest": "sha256:6a5697faee43339ef8e33e3839060252392ad99325a48f7c9d7e93c22db4d4cf"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 847,
         "digest": "sha256:ba13d3bc422b493440f97a8f148d245e1999cb616cb05876edc3ef29e79852f2"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 162,
         "digest": "sha256:a254829d9e55168306fd80a49e02eb015551facee9c444d9dce3b26d19238b82"
      }
   ]
}
2020/11/07 11:38:02 --> GET https://index.docker.io/v2/library/ubuntu/blobs/sha256:d70eaf7277eada08fca944de400e7e4dd97b1262c06ed2b1011500caa4decaf1
2020/11/07 11:38:02 GET /v2/library/ubuntu/blobs/sha256:d70eaf7277eada08fca944de400e7e4dd97b1262c06ed2b1011500caa4decaf1 HTTP/1.1
Host: index.docker.io
User-Agent: go-containerregistry
Authorization: <redacted>
Accept-Encoding: gzip


2020/11/07 11:38:03 <-- 307 https://index.docker.io/v2/library/ubuntu/blobs/sha256:d70eaf7277eada08fca944de400e7e4dd97b1262c06ed2b1011500caa4decaf1 (98.773373ms)
2020/11/07 11:38:03 HTTP/1.1 307 Temporary Redirect
Content-Type: application/octet-stream
Date: Sat, 07 Nov 2020 19:38:03 GMT
Docker-Distribution-Api-Version: registry/2.0
Location: https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/d7/d70eaf7277eada08fca944de400e7e4dd97b1262c06ed2b1011500caa4decaf1/data?verify=1604780883-qCMAezARAKLJspjPZOu7QeBcdVU%3D
Strict-Transport-Security: max-age=31536000
Content-Length: 0


2020/11/07 11:38:03 --> GET https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/d7/d70eaf7277eada08fca944de400e7e4dd97b1262c06ed2b1011500caa4decaf1/data?verify=1604780883-qCMAezARAKLJspjPZOu7QeBcdVU%3D
2020/11/07 11:38:03 GET /registry-v2/docker/registry/v2/blobs/sha256/d7/d70eaf7277eada08fca944de400e7e4dd97b1262c06ed2b1011500caa4decaf1/data?verify=1604780883-qCMAezARAKLJspjPZOu7QeBcdVU%3D HTTP/1.1
Host: production.cloudflare.docker.com
User-Agent: go-containerregistry
Authorization: <redacted>
Referer: https://index.docker.io/v2/library/ubuntu/blobs/sha256:d70eaf7277eada08fca944de400e7e4dd97b1262c06ed2b1011500caa4decaf1
Accept-Encoding: gzip


2020/11/07 11:38:03 <-- 200 https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/d7/d70eaf7277eada08fca944de400e7e4dd97b1262c06ed2b1011500caa4decaf1/data?verify=1604780883-qCMAezARAKLJspjPZOu7QeBcdVU%3D (104.349078ms)
2020/11/07 11:38:03 HTTP/2.0 200 OK
Content-Length: 3352
Accept-Ranges: bytes
Age: 286646
Cache-Control: public, max-age=14400
Cf-Cache-Status: HIT
Cf-Ray: 5ee98329dfa6146e-SEA
Cf-Request-Id: 0645d04e270000146ee5187000000001
Content-Type: application/octet-stream
Date: Sat, 07 Nov 2020 19:38:03 GMT
Etag: "fe268949a0f7d74e2e13805e03f49cbb"
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires: Sat, 07 Nov 2020 23:38:03 GMT
Last-Modified: Fri, 23 Oct 2020 17:33:30 GMT
Server: cloudflare
Set-Cookie: __cfduid=de468f60f28083d52dc85d256dd33ea661604777883; expires=Mon, 07-Dec-20 19:38:03 GMT; path=/; domain=.production.cloudflare.docker.com; HttpOnly; SameSite=Lax; Secure
Vary: Accept-Encoding
X-Amz-Id-2: ZoeBd9VAPCmM51HylyTpxLqLl5IbPfYN/qPf8z62OH6BNktn/r20/ZYBOUFZAhfGdaBV/rNit9c=
X-Amz-Request-Id: FF329A71108D1856
X-Amz-Version-Id: Cz_.hhn0XL9BNrmNuiFt1A_P.X0TidMU

{"architecture":"amd64","config":{"Hostname":"","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/bash"],"ArgsEscaped":true,"Image":"sha256:8d5c6d6340d4365a65dc5becb6ecb055dcf505527c94d2dfa167f9b99a48a985","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"container":"917be43da4a1ceb52416d44076c5f99b0d20ceca3f5f9a2918a020e05ec3616a","container_config":{"Hostname":"917be43da4a1","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh","-c","#(nop) ","CMD [\"/bin/bash\"]"],"ArgsEscaped":true,"Image":"sha256:8d5c6d6340d4365a65dc5becb6ecb055dcf505527c94d2dfa167f9b99a48a985","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":{}},"created":"2020-10-23T17:32:36.438324921Z","docker_version":"18.09.7","history":[{"created":"2020-10-23T17:32:33.883592185Z","created_by":"/bin/sh -c #(nop) ADD file:435d9776fdd3a1834f344fb82e459dbbb67cd50c71ab5e29b719273888d5bb7c in / "},{"created":"2020-10-23T17:32:34.71810844Z","created_by":"/bin/sh -c set -xe \t\t\u0026\u0026 echo '#!/bin/sh' \u003e /usr/sbin/policy-rc.d \t\u0026\u0026 echo 'exit 101' \u003e\u003e /usr/sbin/policy-rc.d \t\u0026\u0026 chmod +x /usr/sbin/policy-rc.d \t\t\u0026\u0026 dpkg-divert --local --rename --add /sbin/initctl \t\u0026\u0026 cp -a /usr/sbin/policy-rc.d /sbin/initctl \t\u0026\u0026 sed -i 's/^exit.*/exit 0/' /sbin/initctl \t\t\u0026\u0026 echo 'force-unsafe-io' \u003e /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \t\t\u0026\u0026 echo 'DPkg::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' \u003e /etc/apt/apt.conf.d/docker-clean \t\u0026\u0026 echo 'APT::Update::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' \u003e\u003e /etc/apt/apt.conf.d/docker-clean \t\u0026\u0026 echo 'Dir::Cache::pkgcache \"\"; Dir::Cache::srcpkgcache \"\";' \u003e\u003e /etc/apt/apt.conf.d/docker-clean \t\t\u0026\u0026 echo 'Acquire::Languages \"none\";' \u003e /etc/apt/apt.conf.d/docker-no-languages \t\t\u0026\u0026 echo 'Acquire::GzipIndexes \"true\"; Acquire::CompressionTypes::Order:: \"gz\";' \u003e /etc/apt/apt.conf.d/docker-gzip-indexes \t\t\u0026\u0026 echo 'Apt::AutoRemove::SuggestsImportant \"false\";' \u003e /etc/apt/apt.conf.d/docker-autoremove-suggests"},{"created":"2020-10-23T17:32:35.470778446Z","created_by":"/bin/sh -c [ -z \"$(apt-get indextargets)\" ]","empty_layer":true},{"created":"2020-10-23T17:32:36.258836592Z","created_by":"/bin/sh -c mkdir -p /run/systemd \u0026\u0026 echo 'docker' \u003e /run/systemd/container"},{"created":"2020-10-23T17:32:36.438324921Z","created_by":"/bin/sh -c #(nop)  CMD [\"/bin/bash\"]","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:47dde53750b4a8ed24acebe52cf31ad131e73a9611048fc2f92c9b6274ab4bf3","sha256:0c2689e3f9206b1c4adfb16a1976d25bd270755e734588409b31ef29e3e756d6","sha256:cc9d18e90faad04bc3893cfaa50b7846ee75f48f5b8377a213fa52af2189095c"]}}
"2020-10-23T17:32:36.438324921Z"

[jonjohnsonjr]

cc @mattmoor this also includes timing info from the transport, which you may find useful