Skip to content

feat: redact secrets in debug logging #209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Sep 18, 2024
Merged

feat: redact secrets in debug logging #209

merged 6 commits into from
Sep 18, 2024

Conversation

pyrooka
Copy link
Member

@pyrooka pyrooka commented Sep 12, 2024
edited
Loading

This PR improves the debug logging logic in the core,
so that secrets are not shown in the debug logs anymore.

FYI: this PR targets the debug-logging feature branch.

@pyrooka pyrooka changed the base branch from main to debug-logging September 12, 2024 16:22
pyrooka
pyrooka commented Sep 12, 2024
View reviewed changes
test/test_http_adapter.py
@@ -33,40 +30,7 @@
key = os.path.join(os.path.dirname(__file__), '../resources/test_ssl.key')


def _local_server(tls_version: int, port: int) -> Callable:
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I moved this to a separate file, so that it's easier to use it in other tests too.

@pyrooka pyrooka requested review from dpopp07 and padamstx September 12, 2024 16:36
@padamstx padamstx force-pushed the debug-logging branch 4 times, most recently from e0a28a7 to 7b11e75 Compare September 16, 2024 21:25
@pyrooka
chore: add a missing type hint
3c0a584 
Signed-off-by: Norbert Biczo <pyrooka@users.noreply.github.com>
@pyrooka
chore: make the local test server more general
3eca256 
Signed-off-by: Norbert Biczo <pyrooka@users.noreply.github.com>
@pyrooka
chore: remove debug print (oops)
5c110a3 
Signed-off-by: Norbert Biczo <pyrooka@users.noreply.github.com>
@pyrooka
feat: redact secrets in debug logging
a348672 
Signed-off-by: Norbert Biczo <pyrooka@users.noreply.github.com>
padamstx
padamstx reviewed Sep 17, 2024
View reviewed changes
Copy link
Contributor

@padamstx padamstx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm testing out your feature branch with the platform-services python SDK and I've run into some problems related to the use of a redacted message. It looks like the log record contains both the fully-resolved/redacted message AND the individual arguments that were originally passed on the call to logger.debug() which are used to format the message. I think once we replace the log record's message with the fully-resolved/redacted version, then we should probably remove the arguments from the log record to avoid this error (presumably)

@padamstx
Copy link
Contributor

Update: After experimenting with your feature branch in my local sandbox, I opened a PR with a handful of changes (most of which we discussed on slack) that fix the issues that I ran into.
PR: #210

padamstx and others added 2 commits September 18, 2024 17:56
@padamstx
chore: improve message filtering (#210)
08f00eb 
Signed-off-by: Phil Adams <phil_adams@us.ibm.com>
@pyrooka
chore: fix copyright year in a new file
01391ff 
Signed-off-by: Norbert Biczo <pyrooka@users.noreply.github.com>
padamstx
padamstx approved these changes Sep 18, 2024
View reviewed changes
Copy link
Contributor

@padamstx padamstx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@padamstx padamstx merged commit d4919fe into debug-logging Sep 18, 2024
4 checks passed
@padamstx padamstx deleted the nb/redact-secrets branch September 18, 2024 19:36
padamstx pushed a commit that referenced this pull request Sep 18, 2024
@pyrooka @padamstx
feat: redact secrets in debug logging (#209)
ed043dc 
Signed-off-by: Norbert Biczo <pyrooka@users.noreply.github.com>
ibm-devx-sdk pushed a commit that referenced this pull request Sep 18, 2024
@semantic-release-bot
chore(release): 3.21.0 release notes
dc37d94 
# [3.21.0](v3.20.6...v3.21.0) (2024-09-18)

### Bug Fixes

* **logging:** improve python core's debug logging ([67b126c](67b126c))

### Features

* redact secrets in debug logging ([#209](#209)) ([ed043dc](ed043dc))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dpopp07 dpopp07 Awaiting requested review from dpopp07

1 more reviewer

@padamstx padamstx padamstx approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pyrooka @padamstx