This repository was archived by the owner on Sep 30, 2024. It is now read-only.
Update sensitive metadata allowlist to filter on keys#62830
Merged
akalia25 merged 19 commits intoMay 22, 2024
Conversation
* Fix bedrock URL encoding to mimic AWS CLI * Update changelog
Allow a namespace to be configured, defaulting to all namespaces. Without this setting, if an admin deploys the appliance with namespace-scoped RBAC, it would throw errors due to not being able to watch ConfigMaps in all namespaces.
Without this, this error won't be logged to Sentry, resulting in us missing it unless we check GCP ## Test plan Discussed with @jac
Fix global header navigation layers
Now that #62644 (CORE-23) is rolled out, this import block is no longer needed (and may even be disruptive when provisioning new rollout pipelines). The change was rolled out in: - sourcegraph/managed-services#1416 - sourcegraph/managed-services#1417 - sourcegraph/managed-services#1403 ## Test plan n/a
VPC direct egress is now GA: see example in https://registry.terraform.io/providers/hashicorp/google/5.29.0/docs/resources/cloud_run_v2_service#example-usage---cloudrunv2-service-directvpc and https://cloud.google.com/run/docs/configuring/vpc-direct-vpc This also fixes the infinite `GA` -> `BETA` drift we have in TFC
This PR creates a new GraphQL integration test file focused on symbol search. It exercises the same searches the web client uses for code navigation. In a follow-up, we will add cases for older commits and enable Rockskip.
bobheadxi
reviewed
May 22, 2024
bobheadxi
reviewed
May 22, 2024
bobheadxi
reviewed
May 22, 2024
Member
|
For context, Aditya and I paired on this over a call; I'm aligned with overall direction, but let's make sure everything is sufficiently documented :) |
…tps://github.com/sourcegraph/sourcegraph into ak/update-telemetry-sensitive-metadata-allowlist
bobheadxi
reviewed
May 22, 2024
bobheadxi
reviewed
May 22, 2024
bobheadxi
reviewed
May 22, 2024
bobheadxi
added a commit
that referenced
this pull request
May 28, 2024
Fixes a regression from #62830 that caused us to remove all sensitive metadata in dotcom mode, even though we generally collect all sensitive metadata in dotcom. This also fixes export of actually-allowlisted private metadata from custom instances. tl;dr we accidentally started removing all private metadata, all the time ## Test plan New unit test covering the redact mode that was evaluated
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a mechanism to selectively include specific
privateMetadatakeys to be allowlisted and sent for all users. Previously, allowlisting only worked to allowlist all keys on the event to be sent. This gives us greater flexibility/safety on what fields we'll be sending on events that have an allowList.Benefits
privateMetadatakeys that are deemed safe and valuable for analysis.co-authored with: @bobheadxi
Test plan