Skip to content

Sanitize logs#2334

Merged
xiangyan99 merged 1 commit into
mainfrom
sanitize_logs
Apr 3, 2026
Merged

Sanitize logs#2334
xiangyan99 merged 1 commit into
mainfrom
sanitize_logs

Conversation

@xiangyan99
Copy link
Copy Markdown
Member

@xiangyan99 xiangyan99 commented Apr 3, 2026

What does this PR do?

[Provide a clear, concise description of the changes]

Replaced structured logging of entire options objects with explicit non-sensitive identifiers in error log statements across all commands

[Add additional context, screenshots, or information that helps reviewers]

GitHub issue number?

[Link to the GitHub issue this PR addresses]

Pre-merge Checklist

  • Required for All PRs
    • Read contribution guidelines
    • PR title clearly describes the change
    • Commit history is clean with descriptive messages (cleanup guide)
    • Added comprehensive tests for new/modified functionality
    • Created a changelog entry if the change falls among the following: new feature, bug fix, UI/UX update, breaking change, or updated dependencies. Follow the changelog entry guide
  • For MCP tool changes:
    • One tool per PR: This PR adds or modifies only one MCP tool for faster review cycles
    • Updated servers/Azure.Mcp.Server/README.md and/or servers/Fabric.Mcp.Server/README.md documentation
    • Validate README.md changes running the script ./eng/scripts/Process-PackageReadMe.ps1. See Package README
    • For new or modified tool descriptions, ran ToolDescriptionEvaluator and obtained a score of 0.4 or more and a top 3 ranking for all related test prompts
    • For tools with new names, including new tools or renamed tools, update consolidated-tools.json
    • For renamed tools, follow the Tool Rename Checklist and tag the PR with the breaking-change label
    • For new tools associated with Azure services or publicly available tools/APIs/products, add URL to documentation in the PR description
  • Extra steps for Azure MCP Server tool changes:
    • Updated command list in servers/Azure.Mcp.Server/docs/azmcp-commands.md
    • Ran ./eng/scripts/Update-AzCommandsMetadata.ps1 to update tool metadata in azmcp-commands.md (required for CI)
    • Updated test prompts in servers/Azure.Mcp.Server/docs/e2eTestPrompts.md
    • 👉 For Community (non-Microsoft team member) PRs:
      • Security review: Reviewed code for security vulnerabilities, malicious code, or suspicious activities before running tests (crypto mining, spam, data exfiltration, etc.)
      • Manual tests run: added comment /azp run mcp - pullrequest - live to run Live Test Pipeline

@github-project-automation github-project-automation Bot moved this to Untriaged in Azure MCP Server Apr 3, 2026
@xiangyan99 xiangyan99 marked this pull request as ready for review April 3, 2026 16:19
Copilot AI review requested due to automatic review settings April 3, 2026 16:19
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reduces the risk of leaking sensitive data in logs by removing structured logging of entire options objects and replacing it with explicit identifiers in LogError statements across many Azure and Fabric tool commands.

Changes:

  • Removed {@Options} structured logging from many command exception handlers.
  • Replaced prior option-object logs with specific identifiers (e.g., subscription/resource group/workspace/item IDs).
  • Added an Azure.Mcp.Server changelog entry describing the logging change.

Reviewed changes

Copilot reviewed 92 out of 92 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
tools/Fabric.Mcp.Tools.OneLake/src/Commands/Workspace/OneLakeWorkspaceListCommand.cs Remove options-object logging from error path
tools/Fabric.Mcp.Tools.OneLake/src/Commands/Table/TableNamespaceListCommand.cs Log only workspace/item identifiers on error
tools/Fabric.Mcp.Tools.OneLake/src/Commands/Table/TableNamespaceGetCommand.cs Log only workspace/item/namespace identifiers on error
tools/Fabric.Mcp.Tools.OneLake/src/Commands/Table/TableListCommand.cs Log only workspace/item/namespace identifiers on error
tools/Fabric.Mcp.Tools.OneLake/src/Commands/Table/TableGetCommand.cs Log only workspace/item/table identifiers on error
tools/Fabric.Mcp.Tools.OneLake/src/Commands/Table/TableConfigGetCommand.cs Log only workspace/item identifiers on error
tools/Fabric.Mcp.Tools.OneLake/src/Commands/Item/OneLakeItemListDfsCommand.cs Remove options-object logging from error path
tools/Fabric.Mcp.Tools.OneLake/src/Commands/Item/OneLakeItemListCommand.cs Remove options-object logging from error path
tools/Fabric.Mcp.Tools.OneLake/src/Commands/Item/OneLakeItemDataListCommand.cs Remove options-object logging from error path
tools/Fabric.Mcp.Tools.OneLake/src/Commands/File/FileWriteCommand.cs Remove options-object logging; keep file/workspace/item identifiers
tools/Fabric.Mcp.Tools.OneLake/src/Commands/File/FileReadCommand.cs Remove options-object logging; keep file/workspace/item identifiers
tools/Fabric.Mcp.Tools.OneLake/src/Commands/File/FileDeleteCommand.cs Remove options-object logging; keep file/workspace/item identifiers
tools/Fabric.Mcp.Tools.OneLake/src/Commands/File/DirectoryDeleteCommand.cs Remove options-object logging; keep directory/workspace/item identifiers
tools/Fabric.Mcp.Tools.OneLake/src/Commands/File/DirectoryCreateCommand.cs Remove options-object logging; keep directory/item identifiers
tools/Fabric.Mcp.Tools.OneLake/src/Commands/File/BlobPutCommand.cs Remove options-object logging; keep path/workspace/item identifiers
tools/Fabric.Mcp.Tools.OneLake/src/Commands/File/BlobListCommand.cs Remove options-object logging; keep workspace/item/path identifiers
tools/Fabric.Mcp.Tools.OneLake/src/Commands/File/BlobGetCommand.cs Remove options-object logging; keep path/workspace/item identifiers
tools/Fabric.Mcp.Tools.OneLake/src/Commands/File/BlobDeleteCommand.cs Remove options-object logging; keep path/workspace/item identifiers
tools/Fabric.Mcp.Tools.Core/src/Commands/ItemCreateCommand.cs Remove options-object logging; keep item/workspace identifiers
tools/Azure.Mcp.Tools.VirtualDesktop/src/Commands/Hostpool/HostpoolListCommand.cs Remove options-object logging; keep subscription identifier
tools/Azure.Mcp.Tools.Storage/src/Commands/Account/AccountGetCommand.cs Remove options-object logging; keep account/subscription identifiers
tools/Azure.Mcp.Tools.Storage/src/Commands/Account/AccountCreateCommand.cs Remove options-object logging; keep account/RG/location identifiers
tools/Azure.Mcp.Tools.Sql/src/Commands/Server/ServerGetCommand.cs Remove options-object logging; keep server/RG identifiers
tools/Azure.Mcp.Tools.Sql/src/Commands/Server/ServerDeleteCommand.cs Remove options-object logging; keep server/RG identifiers
tools/Azure.Mcp.Tools.Sql/src/Commands/FirewallRule/FirewallRuleListCommand.cs Remove options-object logging; keep server/RG identifiers
tools/Azure.Mcp.Tools.Sql/src/Commands/FirewallRule/FirewallRuleDeleteCommand.cs Remove options-object logging; keep server/RG/rule identifiers
tools/Azure.Mcp.Tools.Sql/src/Commands/FirewallRule/FirewallRuleCreateCommand.cs Remove options-object logging; keep server/RG/rule identifiers
tools/Azure.Mcp.Tools.Sql/src/Commands/EntraAdmin/EntraAdminListCommand.cs Remove options-object logging; keep server/RG identifiers
tools/Azure.Mcp.Tools.Sql/src/Commands/ElasticPool/ElasticPoolListCommand.cs Remove options-object logging; keep server/RG identifiers
tools/Azure.Mcp.Tools.Sql/src/Commands/Database/DatabaseUpdateCommand.cs Remove options-object logging; keep server/db/RG identifiers
tools/Azure.Mcp.Tools.Sql/src/Commands/Database/DatabaseRenameCommand.cs Remove options-object logging; keep server/db/new-name/RG identifiers
tools/Azure.Mcp.Tools.Sql/src/Commands/Database/DatabaseGetCommand.cs Remove options-object logging; keep server/db/RG identifiers
tools/Azure.Mcp.Tools.Sql/src/Commands/Database/DatabaseDeleteCommand.cs Remove options-object logging; keep server/db/RG identifiers
tools/Azure.Mcp.Tools.Sql/src/Commands/Database/DatabaseCreateCommand.cs Remove options-object logging; keep server/db/RG identifiers
tools/Azure.Mcp.Tools.ServiceFabric/src/Commands/ManagedCluster/ManagedClusterNodeTypeRestartCommand.cs Remove options-object logging; keep subscription/RG/cluster/node type identifiers
tools/Azure.Mcp.Tools.ServiceFabric/src/Commands/ManagedCluster/ManagedClusterNodeGetCommand.cs Remove options-object logging; keep subscription/RG/cluster/node identifiers
tools/Azure.Mcp.Tools.Pricing/src/Commands/PricingGetCommand.cs Remove options-object logging; keep service/region identifiers
tools/Azure.Mcp.Tools.Postgres/src/Commands/PostgresListCommand.cs Remove options-object logging from generic operation error
tools/Azure.Mcp.Tools.Policy/src/Commands/Assignment/PolicyAssignmentListCommand.cs Remove options-object logging; keep subscription/scope identifiers
tools/Azure.Mcp.Tools.MySql/src/Commands/MySqlListCommand.cs Remove options-object logging from generic operation error
tools/Azure.Mcp.Tools.Monitor/src/Commands/Metrics/MetricsQueryCommand.cs Remove options-object logging; keep resource + metric-name identifiers
tools/Azure.Mcp.Tools.Monitor/src/Commands/Metrics/MetricsDefinitionsCommand.cs Remove options-object logging; keep resource + namespace identifiers
tools/Azure.Mcp.Tools.Monitor/src/Commands/ActivityLog/ActivityLogListCommand.cs Remove options-object logging; keep resource identifiers + hours
tools/Azure.Mcp.Tools.Marketplace/src/Commands/Product/ProductListCommand.cs Remove options-object logging; keep subscription/search identifiers
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/SubnetSize/SubnetSizeAskCommand.cs Remove options-object logging; keep subscription/sku identifiers
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/ImportJob/ImportJobGetCommand.cs Remove options-object logging; keep filesystem identifier
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/ImportJob/ImportJobDeleteCommand.cs Remove options-object logging; keep job/filesystem identifiers
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/ImportJob/ImportJobCreateCommand.cs Remove options-object logging; keep filesystem identifier
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/ImportJob/ImportJobCancelCommand.cs Remove options-object logging; keep job/filesystem identifiers
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/FileSystemListCommand.cs Remove options-object logging; keep resource group identifier
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/AutoimportJob/AutoimportJobGetCommand.cs Remove options-object logging; keep job/filesystem identifiers
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/AutoimportJob/AutoimportJobDeleteCommand.cs Remove options-object logging; keep job/filesystem identifiers
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/AutoimportJob/AutoimportJobCreateCommand.cs Remove options-object logging; keep filesystem identifier
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/AutoimportJob/AutoimportJobCancelCommand.cs Remove options-object logging; keep job/filesystem identifiers
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/AutoexportJob/AutoexportJobGetCommand.cs Remove options-object logging; keep job/filesystem identifiers
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/AutoexportJob/AutoexportJobDeleteCommand.cs Remove options-object logging; keep job/filesystem identifiers
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/AutoexportJob/AutoexportJobCreateCommand.cs Remove options-object logging; keep filesystem identifier
tools/Azure.Mcp.Tools.ManagedLustre/src/Commands/FileSystem/AutoexportJob/AutoexportJobCancelCommand.cs Remove options-object logging; keep job/filesystem identifiers
tools/Azure.Mcp.Tools.FunctionApp/src/Commands/FunctionApp/FunctionAppGetCommand.cs Remove options-object logging; keep subscription/RG/function-app identifiers
tools/Azure.Mcp.Tools.FoundryExtensions/src/Commands/ResourceGetCommand.cs Remove options-object logging; keep subscription/RG/resource-name identifiers
tools/Azure.Mcp.Tools.FileShares/src/Commands/Snapshot/SnapshotDeleteCommand.cs Remove options-object logging; keep snapshot/share/RG identifiers
tools/Azure.Mcp.Tools.FileShares/src/Commands/Informational/FileShareGetUsageDataCommand.cs Remove options-object logging; keep subscription/location identifiers
tools/Azure.Mcp.Tools.FileShares/src/Commands/Informational/FileShareGetProvisioningRecommendationCommand.cs Remove options-object logging; keep subscription/location identifiers
tools/Azure.Mcp.Tools.FileShares/src/Commands/Informational/FileShareGetLimitsCommand.cs Remove options-object logging; keep subscription/location identifiers
tools/Azure.Mcp.Tools.FileShares/src/Commands/FileShare/FileShareDeleteCommand.cs Remove options-object logging; keep share/RG identifiers
tools/Azure.Mcp.Tools.FileShares/src/Commands/FileShare/FileShareCheckNameAvailabilityCommand.cs Remove options-object logging; keep share/location identifiers
tools/Azure.Mcp.Tools.Extension/src/Commands/CliInstallCommand.cs Remove options-object logging; keep CLI type identifier
tools/Azure.Mcp.Tools.Extension/src/Commands/CliGenerateCommand.cs Remove options-object logging; keep CLI type identifier
tools/Azure.Mcp.Tools.EventHubs/src/Commands/EventHub/EventHubUpdateCommand.cs Remove options-object logging; keep event-hub/namespace/RG/sub identifiers
tools/Azure.Mcp.Tools.EventHubs/src/Commands/EventHub/EventHubGetCommand.cs Remove options-object logging; keep event-hub/namespace/RG/sub identifiers
tools/Azure.Mcp.Tools.EventHubs/src/Commands/EventHub/EventHubDeleteCommand.cs Remove options-object logging; keep event-hub/namespace/RG/sub identifiers
tools/Azure.Mcp.Tools.EventHubs/src/Commands/ConsumerGroup/ConsumerGroupGetCommand.cs Remove options-object logging; keep CG/eventhub/namespace/RG identifiers
tools/Azure.Mcp.Tools.EventGrid/src/Commands/Topic/TopicListCommand.cs Remove options-object logging; keep subscription identifier
tools/Azure.Mcp.Tools.EventGrid/src/Commands/Subscription/SubscriptionListCommand.cs Remove options-object logging; keep subscription/RG/topic/location identifiers
tools/Azure.Mcp.Tools.EventGrid/src/Commands/Events/EventsPublishCommand.cs Remove options-object logging; keep subscription/topic identifiers
tools/Azure.Mcp.Tools.DeviceRegistry/src/Commands/Namespace/NamespaceListCommand.cs Remove options-object logging; keep subscription/RG identifiers
tools/Azure.Mcp.Tools.Cosmos/src/Commands/CosmosListCommand.cs Remove options-object logging; keep account/RG identifiers
tools/Azure.Mcp.Tools.ContainerApps/src/Commands/ContainerApp/ContainerAppListCommand.cs Remove options-object logging; keep subscription/RG identifiers
tools/Azure.Mcp.Tools.Compute/src/Commands/Vmss/VmssGetCommand.cs Remove options-object logging; keep vmss/instance/RG/sub identifiers
tools/Azure.Mcp.Tools.Compute/src/Commands/Vm/VmGetCommand.cs Remove options-object logging; keep vm/RG/sub identifiers
tools/Azure.Mcp.Tools.Compute/src/Commands/Disk/DiskUpdateCommand.cs Remove options-object logging; keep disk/RG identifiers
tools/Azure.Mcp.Tools.Compute/src/Commands/Disk/DiskGetCommand.cs Remove options-object logging; keep disk/RG identifiers
tools/Azure.Mcp.Tools.Compute/src/Commands/Disk/DiskDeleteCommand.cs Remove options-object logging; keep disk/RG identifiers
tools/Azure.Mcp.Tools.Compute/src/Commands/Disk/DiskCreateCommand.cs Remove options-object logging; keep disk/RG identifiers
tools/Azure.Mcp.Tools.Communication/src/Commands/Sms/SmsSendCommand.cs Remove options-object logging; keep from/to/message-length identifiers
tools/Azure.Mcp.Tools.Communication/src/Commands/Email/EmailSendCommand.cs Remove options-object logging; keep endpoint identifier
tools/Azure.Mcp.Tools.AzureMigrate/src/Commands/PlatformLandingZone/RequestCommand.cs Remove options-object logging; keep action/RG identifiers
tools/Azure.Mcp.Tools.Aks/src/Commands/Nodepool/NodepoolGetCommand.cs Remove options-object logging; keep sub/RG/cluster/nodepool identifiers
tools/Azure.Mcp.Tools.Aks/src/Commands/Cluster/ClusterGetCommand.cs Remove options-object logging; keep sub/RG/cluster identifiers
tools/Azure.Mcp.Tools.Advisor/src/Commands/Recommendation/RecommendationListCommand.cs Remove options-object logging; keep subscription/RG identifiers
tools/Azure.Mcp.Tools.Acr/src/Commands/Registry/RegistryListCommand.cs Remove options-object logging; keep subscription/RG identifiers
servers/Azure.Mcp.Server/changelog-entries/1775229599410.yaml Adds changelog entry for the logging sanitation change

Comment thread tools/Azure.Mcp.Tools.EventHubs/src/Commands/EventHub/EventHubGetCommand.cs
Comment thread tools/Azure.Mcp.Tools.EventHubs/src/Commands/EventHub/EventHubGetCommand.cs
Comment thread servers/Azure.Mcp.Server/changelog-entries/1775229599410.yaml
@xiangyan99 xiangyan99 enabled auto-merge (squash) April 3, 2026 17:02
@xiangyan99 xiangyan99 disabled auto-merge April 3, 2026 17:14
@xiangyan99 xiangyan99 merged commit 894f47b into main Apr 3, 2026
52 checks passed
@xiangyan99 xiangyan99 deleted the sanitize_logs branch April 3, 2026 17:14
@github-project-automation github-project-automation Bot moved this from Untriaged to Done in Azure MCP Server Apr 3, 2026
xiangyan99 added a commit that referenced this pull request Apr 3, 2026
@xiangyan99
Sanitize logs (#2334)
3cfcf1a
xiangyan99 added a commit that referenced this pull request Apr 3, 2026
@xiangyan99
Sanitize logs (#2334) (#2336)
8d9c5de
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@g2vinay g2vinay g2vinay approved these changes

@KarishmaGhiya KarishmaGhiya KarishmaGhiya approved these changes

@alzimmermsft alzimmermsft alzimmermsft approved these changes

@vladimisms vladimisms Awaiting requested review from vladimisms vladimisms is a code owner

@jongio jongio Awaiting requested review from jongio jongio is a code owner

@achyuth-ms achyuth-ms Awaiting requested review from achyuth-ms achyuth-ms is a code owner

@ericshape ericshape Awaiting requested review from ericshape ericshape is a code owner

@jeremyfrosti jeremyfrosti Awaiting requested review from jeremyfrosti jeremyfrosti is a code owner

@anannya03 anannya03 Awaiting requested review from anannya03 anannya03 is a code owner

@kk-src kk-src Awaiting requested review from kk-src kk-src is a code owner

@msalaman msalaman Awaiting requested review from msalaman msalaman is a code owner

@mattkohnms mattkohnms Awaiting requested review from mattkohnms mattkohnms is a code owner

@ramnov ramnov Awaiting requested review from ramnov ramnov is a code owner

@srnagar srnagar Awaiting requested review from srnagar srnagar is a code owner

@JacksonWeber JacksonWeber Awaiting requested review from JacksonWeber JacksonWeber is a code owner

@lzchen lzchen Awaiting requested review from lzchen lzchen is a code owner

@rads-1996 rads-1996 Awaiting requested review from rads-1996 rads-1996 is a code owner

@rajkumar-rangaraj rajkumar-rangaraj Awaiting requested review from rajkumar-rangaraj rajkumar-rangaraj is a code owner

@xiang17 xiang17 Awaiting requested review from xiang17 xiang17 is a code owner

@meirloichter meirloichter Awaiting requested review from meirloichter meirloichter is a code owner

@rebecca-makar rebecca-makar Awaiting requested review from rebecca-makar rebecca-makar is a code owner

@wolfgang-desalvador wolfgang-desalvador Awaiting requested review from wolfgang-desalvador wolfgang-desalvador is a code owner

@ankushbindlish2 ankushbindlish2 Awaiting requested review from ankushbindlish2 ankushbindlish2 is a code owner

@kszobi kszobi Awaiting requested review from kszobi kszobi is a code owner

@jairmyree jairmyree Awaiting requested review from jairmyree jairmyree is a code owner

@akshayrohilla akshayrohilla Awaiting requested review from akshayrohilla akshayrohilla is a code owner

@wbreza wbreza Awaiting requested review from wbreza wbreza is a code owner

@anuchandy anuchandy Awaiting requested review from anuchandy

@gossion gossion Awaiting requested review from gossion gossion is a code owner

@ankiga-MSFT ankiga-MSFT Awaiting requested review from ankiga-MSFT ankiga-MSFT is a code owner

Assignees

No one assigned

Labels

tools-ACR tools-Advisor tools-Aks tools-Azd Azure Developer CLI related tools-AzureMigrate tools-Communication tools for Azure communication services tools-Compute tools-CosmosDB tools-DeviceRegistry tools-EventGrid tools-EventHubs Event Hubs MCP tools tools-FileShares tools-FoundryExtensions tools-FunctionApp tools-managedlustre Azure Managed Lustre tools-Marketplace tools-Monitor tools-MySQL tools-Policy tools-Postgres PostgreSQL tools-Price tools-ServiceFabric Service Fabric tools-SQL tools-Storage tools-VirtualDesktop Azure Virtual Desktop service

Projects

Azure MCP Server
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@xiangyan99 @g2vinay @KarishmaGhiya @alzimmermsft