Conversation
|
TBH I'm not sure if it's safe to do it like that - those keys depend on the protocol version used by mongo client and can change in the future so PII may be leaked. Need to check how does it look with older queries but probably won't be able to do it this week. |
|
Good point! I added this, because when we redact all the values then the resulting query does not show anything, and the developer can not figure out what query is the slow one. See this screenshot:
Having more information is very helpful:
But you are right about old versions. It could leak PII and that is not good. So we could: (side note: this code will come in handy if we do a Elasticsearch integration in the future, because those queries are also json) |
|
I'm worried about future ones, not the past. Monitoring API was only introduced in 3.1 so there is not much to check in that part. And bounding upper version is a really bad idea. There is also an option of adding an optional callback but with it being a kind of an integration that should enable itself by default (in the future) it's not a great solution either. TBH maybe just adding a warning in docs "PII stripping tested up to Mongo x.y.z" is enough? |
Agalin
left a comment
There was a problem hiding this comment.
Can you also rerun your test code (that one spans from which you've included) with pymongo 3.1?
Yes, I think this should be enough. |
|
Could you please merge this into your branch @Agalin |
|
Yeah, LGTM. |
I have now created a function, that does nicer PII stripping, where most of the keys are still there, but the values are gone.