Page MenuHomePhabricator
Differential D12820

[identity] use redact_sensitive_data config to redact sensitive data in logs
ClosedPublic
Actions

Authored by varun on Jul 19 2024, 11:41 PM.
Tags
None
Referenced Files
F3173262: D12820.id42613.diff
Thu, Nov 7, 2:58 PM
Unknown Object (File)
Fri, Nov 1, 11:37 AM
Unknown Object (File)
Fri, Nov 1, 11:37 AM
Unknown Object (File)
Fri, Nov 1, 11:37 AM
Unknown Object (File)
Fri, Nov 1, 11:37 AM
Unknown Object (File)
Thu, Oct 17, 2:31 AM
Unknown Object (File)
Mon, Oct 14, 6:58 PM
Unknown Object (File)
Oct 2 2024, 4:25 AM
View All 44 Files
Subscribers
tomek

Details

Reviewers
bartek
will
ashoat
Commits
rCOMMc5c4435b7b75: [identity] use redact_sensitive_data config to redact sensitive data in logs
Summary

updated all the logs i could find that leaked user or device ID

Depends on D12819

Test Plan

modified the ping endpoint:

diff --git a/services/identity/src/client_service.rs b/services/identity/src/client_service.rs
index 37f9834d43..48f94c1077 100644
--- a/services/identity/src/client_service.rs
+++ b/services/identity/src/client_service.rs
@@ -934,6 +934,11 @@ impl IdentityClientService for ClientService {
     _request: tonic::Request<Empty>,
   ) -> Result<Response<Empty>, tonic::Status> {
     let response = Response::new(Empty {});
+    info!(
+      user_id = redact_sensitive_data("123"),
+      "{}",
+      redact_sensitive_data("Something secret")
+    );
     Ok(response)
   }

confirmed that the sensitive data was redacted in the logs:

2024-07-20T06:35:56.891148Z  INFO grpc_request{request_id="85cb9f6b-93ae-4ffc-b0b6-1b2f438e710b"}:ping: identity::client_service: REDACTED user_id="REDACTED"

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

varun created this revision.Jul 19 2024, 11:41 PM
Herald added a subscriber: tomek. · View Herald TranscriptJul 19 2024, 11:41 PM
varun mentioned this in D12818: [identity] remove user ID from "no device list" log.Jul 19 2024, 11:41 PM
Harbormaster returned this revision to the author for changes because remote builds failed.Jul 19 2024, 11:53 PM
Harbormaster failed remote builds in B30538: Diff 42583!
varun added a child revision: D12822: [terraform] bump staging identity to 0.32-staging.Jul 20 2024, 12:00 AM
varun requested review of this revision.Jul 20 2024, 12:03 AM
Harbormaster completed remote builds in B30538: Diff 42583.Jul 20 2024, 12:11 AM
ashoat resigned from this revision.Jul 21 2024, 10:09 PM

Generally makes sense to me, but would be good for one of the Rust people to review

bartek accepted this revision.EditedJul 22 2024, 1:10 AM

Nice!

This revision is now accepted and ready to land.Jul 22 2024, 1:10 AM
Closed by commit rCOMMc5c4435b7b75: [identity] use redact_sensitive_data config to redact sensitive data in logs (authored by varun). · Explain WhyJul 22 2024, 7:40 AM
This revision was automatically updated to reflect the committed changes.
varun added a commit: rCOMMc5c4435b7b75: [identity] use redact_sensitive_data config to redact sensitive data in logs.

Revision Contents
Changeset List

PathSize
services/
identity/
src/
8 lines
6 lines
database/
20 lines
grpc_services/
16 lines
9 lines
1 line

Diff 42613

View Options

services/identity/src/client_service.rs

Loading...
View Options

services/identity/src/database.rs

Loading...
View Options

services/identity/src/database/device_list.rs

Loading...
View Options

services/identity/src/grpc_services/authenticated.rs

Loading...
View Options

services/identity/src/log.rs

Loading...
View Options

services/identity/src/main.rs

Loading...