Page MenuHomePhabricator

[identity] use redact_sensitive_data config to redact sensitive data in logs
ClosedPublic

Authored by varun on Jul 19 2024, 11:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 7, 2:58 PM
Unknown Object (File)
Fri, Nov 1, 11:37 AM
Unknown Object (File)
Fri, Nov 1, 11:37 AM
Unknown Object (File)
Fri, Nov 1, 11:37 AM
Unknown Object (File)
Fri, Nov 1, 11:37 AM
Unknown Object (File)
Oct 17 2024, 2:31 AM
Unknown Object (File)
Oct 14 2024, 6:58 PM
Unknown Object (File)
Oct 2 2024, 4:25 AM
Subscribers

Details

Summary

updated all the logs i could find that leaked user or device ID

Depends on D12819

Test Plan

modified the ping endpoint:

diff --git a/services/identity/src/client_service.rs b/services/identity/src/client_service.rs
index 37f9834d43..48f94c1077 100644
--- a/services/identity/src/client_service.rs
+++ b/services/identity/src/client_service.rs
@@ -934,6 +934,11 @@ impl IdentityClientService for ClientService {
     _request: tonic::Request<Empty>,
   ) -> Result<Response<Empty>, tonic::Status> {
     let response = Response::new(Empty {});
+    info!(
+      user_id = redact_sensitive_data("123"),
+      "{}",
+      redact_sensitive_data("Something secret")
+    );
     Ok(response)
   }

confirmed that the sensitive data was redacted in the logs:

2024-07-20T06:35:56.891148Z  INFO grpc_request{request_id="85cb9f6b-93ae-4ffc-b0b6-1b2f438e710b"}:ping: identity::client_service: REDACTED user_id="REDACTED"

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Harbormaster returned this revision to the author for changes because remote builds failed.Jul 19 2024, 11:53 PM
Harbormaster failed remote builds in B30538: Diff 42583!

Generally makes sense to me, but would be good for one of the Rust people to review

This revision is now accepted and ready to land.Jul 22 2024, 1:10 AM