feat: add status page migration SDK methods#3
Merged
Conversation
Add four async status page migration endpoints plus hardened body-log redaction required to ship them safely. New public API (statuspage.go): - StartStatusPageMigration — POST /status-page/migrate-structure - StartStatusPageEmailSubscriberMigration — POST /status-page/migrate-email-subscribers - GetStatusPageMigrationStatus — GET /status-page/migration/status - CancelStatusPageMigration — POST /status-page/migration/cancel New exported types: StartStatusPageMigrationInput, StartStatusPageEmailSubscriberMigrationInput, StartStatusPageMigrationOutput (shared by both start methods), StatusPageMigrationProgress, StatusPageMigrationJob. Body-log redaction (client.go): - sanitizeBody now recurses into nested maps and arrays, normalizes keys (case + punctuation insensitive), and covers ~23 credential aliases (api_key, authorization, bearertoken, refresh_token, client_secret, private_key, etc). - Applied to request log (makeRequest), response log (parseResponse), handleAPIError log, and to the error strings returned from parseResponse and handleAPIError — so echoed credentials cannot leak either through logs or through the Go error chain. These migration endpoints are the first SDK calls that put a third-party credential (source provider api_key) in a JSON request body, so the existing URL-only sanitization was insufficient. Tests: httptest-backed coverage per method + per redaction site. go test -race -count=1 ./... green. New-code coverage: sanitizeBody 91.7%, sanitizeJSONValue 100%, parseResponse 88.9%, handleAPIError 91.7%, all migration methods ≥84%. Additive, backward-compatible. Intended for v0.7.0.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds four asynchronous status page migration endpoints plus the body-log redaction required to ship them safely.
New public API (
statuspage.go)StartStatusPageMigration/status-page/migrate-structureStartStatusPageEmailSubscriberMigration/status-page/migrate-email-subscribersGetStatusPageMigrationStatus/status-page/migration/statusCancelStatusPageMigration/status-page/migration/cancelNew exported types:
StartStatusPageMigrationInput,StartStatusPageEmailSubscriberMigrationInput,StartStatusPageMigrationOutput(shared by both start methods),StatusPageMigrationProgress,StatusPageMigrationJob.Both
Start*methods return a job ID that can be polled withGetStatusPageMigrationStatusand cancelled withCancelStatusPageMigration.Body-log redaction hardening (
client.go)These migration endpoints are the first SDK calls that put a third-party credential (source-provider
api_key) inside a JSON request body. The existing URL-only sanitization was insufficient — secrets would have been written into request/response logs and propagated through the returnederrorvalues. This change:sanitizeBodynow recurses into nested maps and arrays.API_KEY,Api-Key,apiKeyall match.api_key,apikey,xapikey,accesskey,password,passwd,pwd,token,access_token,refresh_token,id_token,session_token,auth_token,oauth_token,bearer_token,authorization,auth,secret,client_secret,secret_key,private_key,signing_key,credential,credentials.makeRequestrequest log,parseResponseresponse log + returned error,handleAPIErrorlog + returned error.Non-JSON bodies still pass through unchanged (documented via
TestReturnedAPIErrorsPreserveNonJSONBody). Redacting plaintext bodies is deferred as optional hardening.Why one commit not two
The redaction hardening was prompted by this feature (first endpoint to carry a third-party secret in the body). Splitting would produce an unrunnable-as-standalone security commit. Kept as one feature commit to preserve tight coupling.
Test plan
go test -race -count=1 ./...green (1.9s)gofmt -l .cleangoimports -l .cleango vet ./...cleansanitizeBody91.7%,sanitizeJSONValue100%,parseResponse88.9%,handleAPIError91.7%,StartStatusPageMigration100%,StartStatusPageEmailSubscriberMigration100%,startStatusPageMigration86.7%,GetStatusPageMigrationStatus84.2%,CancelStatusPageMigration86.7%fc-statuspage(paths and JSON fields match)fmt.Errorf→errors.New) resolved; Codex expanded redaction scope beyond the original fixCompatibility
Additive only. No existing public API changed. Intended for a minor bump (v0.6.0 → v0.7.0).
Downstream consumer
This unblocks flashduty-cli#1, which currently ships a CLI-local HTTP transport for these endpoints. Once this release is tagged, the CLI will bump its
go.mod, extend itsflashdutyClientinterface, and portstatus_page_migrate.goto use the SDK +RunContextpattern.