Differential D12820

[identity] use redact_sensitive_data config to redact sensitive data in logs
ClosedPublic
Actions

Authored by varun on Jul 19 2024, 11:41 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Wed, Sep 4, 8:53 PM

	Unknown Object (File)
	Mon, Sep 2, 4:20 AM

	Unknown Object (File)
	Sat, Aug 31, 2:07 PM

	Unknown Object (File)
	Fri, Aug 30, 2:09 AM

	Unknown Object (File)
	Thu, Aug 29, 8:56 PM

	Unknown Object (File)
	Thu, Aug 29, 2:14 PM

	Unknown Object (File)
	Thu, Aug 29, 11:33 AM

	Unknown Object (File)
	Wed, Aug 21, 6:52 AM

View All 30 Files

Subscribers

Details

Reviewers

bartek
will
ashoat

Commits

rCOMMc5c4435b7b75: [identity] use redact_sensitive_data config to redact sensitive data in logs

Summary

updated all the logs i could find that leaked user or device ID

Depends on D12819

Test Plan

modified the ping endpoint:

diff --git a/services/identity/src/client_service.rs b/services/identity/src/client_service.rs
index 37f9834d43..48f94c1077 100644
--- a/services/identity/src/client_service.rs
+++ b/services/identity/src/client_service.rs
@@ -934,6 +934,11 @@ impl IdentityClientService for ClientService {
     _request: tonic::Request<Empty>,
   ) -> Result<Response<Empty>, tonic::Status> {
     let response = Response::new(Empty {});
+    info!(
+      user_id = redact_sensitive_data("123"),
+      "{}",
+      redact_sensitive_data("Something secret")
+    );
     Ok(response)
   }

confirmed that the sensitive data was redacted in the logs:

2024-07-20T06:35:56.891148Z  INFO grpc_request{request_id="85cb9f6b-93ae-4ffc-b0b6-1b2f438e710b"}:ping: identity::client_service: REDACTED user_id="REDACTED"

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

varun created this revision.Jul 19 2024, 11:41 PM

Herald added a subscriber: tomek. · View Herald TranscriptJul 19 2024, 11:41 PM

varun mentioned this in D12818: [identity] remove user ID from "no device list" log.Jul 19 2024, 11:41 PM

Harbormaster returned this revision to the author for changes because remote builds failed.Jul 19 2024, 11:53 PM

Harbormaster failed remote builds in B30538: Diff 42583!

varun added a child revision: D12822: [terraform] bump staging identity to 0.32-staging.Jul 20 2024, 12:00 AM

varun requested review of this revision.Jul 20 2024, 12:03 AM

Harbormaster completed remote builds in B30538: Diff 42583.Jul 20 2024, 12:11 AM

Generally makes sense to me, but would be good for one of the Rust people to review

Nice!

This revision is now accepted and ready to land.Jul 22 2024, 1:10 AM

Closed by commit rCOMMc5c4435b7b75: [identity] use redact_sensitive_data config to redact sensitive data in logs (authored by varun). · Explain WhyJul 22 2024, 7:40 AM

This revision was automatically updated to reflect the committed changes.

varun added a commit: rCOMMc5c4435b7b75: [identity] use redact_sensitive_data config to redact sensitive data in logs.

Revision Contents
Changeset List

Path

Size

services/

identity/

src/

client_service.rs

8 lines

6 lines

database/

20 lines

grpc_services/

authenticated.rs

16 lines

9 lines

1 line

Diff 42613

services/identity/src/client_service.rs

Loading...

services/identity/src/database.rs

Loading...

services/identity/src/database/device_list.rs

Loading...

services/identity/src/grpc_services/authenticated.rs

Loading...

services/identity/src/log.rs

Loading...

services/identity/src/main.rs

Loading...