V2-telemetry: Simplify sensitive metadata allowlist to accept feature only#63325
Conversation
|
@akalia25 ah, I misunderstood - I was hoping we could make action optional, not always omitted. Could we do that instead here? In env var maybe the action segment could accept "-" to omit it, eg |
| func TestEventTypesRedact(t *testing.T) { | ||
| allowedTypes := eventTypes(EventType{ | ||
| Feature: "example", | ||
| Action: "exampleAction", |
There was a problem hiding this comment.
Removing this should cause a failure right? Empty value is unsupported, only explicit wildcard is supported
There was a problem hiding this comment.
Either way, these tests should remain unchanged to ensure the existing behaviour works. What should happen instead is you add a few new test cases that demonstrate the wildcard behaviour
There was a problem hiding this comment.
this is the test I added for the wildcard behavior, should I add more?
There was a problem hiding this comment.
That one tests "is allowed", this test is TestEventTypesRedact which tests redaction. If redaction behaviour is unchanged, then the tests should remain unchanged as well
(i.e. just remove all your changes to this test :) )
There was a problem hiding this comment.
ahhh whoops 🙈 sorry, got the tests mixed up. No change to the redaction logic. I'll remove this. Thank you!
There was a problem hiding this comment.
Removed the changes I had for TestEventTypesRedact and added a new test allowlisted, with wildcard(*) action match and the expected redaction it should do. Let me know if it's unnecessary and I can remove that . Thanks again!
There was a problem hiding this comment.
I think it's a good test to have, thanks! Can you add an assertion on the resulting data?
There was a problem hiding this comment.
the function directly mutates the value you give it
| name: "disallowed event with additional allowed event type", | ||
| name: "disallowed event with additional allowed event type (feature only)", | ||
| event: &v1.Event{ | ||
| Feature: "cody.completion", | ||
| Action: "accepted", | ||
| Action: "*", | ||
| }, | ||
| expectAllowed: true, |
There was a problem hiding this comment.
This might be a carry-over from what was here before, but the test case says "disallowed event" but the result is expectAllowed: true, it sounds like the test name is incorrect?
There was a problem hiding this comment.
yeah, I think the test name is confusing. I tried keeping the same convention, and had to interpret it like this event has privateMetadata ("disallowed event") and there is an allowlist of keys ("with additional allowed event type"). I'll update to make more clear?
There was a problem hiding this comment.
I think the test case should say, "event with private metadata, that has fields it is allwoed to export"
There was a problem hiding this comment.
updated with new naming :)
| name: "disallowed event with additional allowed event type", | ||
| event: &v1.Event{ | ||
| Feature: "cody.hoverCommands", | ||
| Action: "visible", | ||
| }, | ||
| expectAllowed: true, |
There was a problem hiding this comment.
same here, the test case says "disallowed event" but the result is expectAllowed: true
There was a problem hiding this comment.
updated with new naming
| Feature: "baz.bar", | ||
| AllowedPrivateMetadataKeys: []string{"field"}, |
There was a problem hiding this comment.
Shouldn't the expected result here have Action: "*"?
| type EventTypes struct { | ||
| types []EventType | ||
| // index of '{feature}.{action}:{allowedfields}' for checking | ||
| // index of '{feature}:{action}:{allowedfields}' for checking |
There was a problem hiding this comment.
| // index of '{feature}:{action}:{allowedfields}' for checking | |
| // index of '{feature}/{action}:{allowedfields}' for checking |
| // add condition that if Action is "*" | ||
| if parts[1] == "*" { | ||
| types = append(types, EventType{ | ||
| Feature: parts[0], | ||
| AllowedPrivateMetadataKeys: parts[2:], | ||
| }) | ||
| } else { | ||
| types = append(types, EventType{ | ||
| Feature: parts[0], | ||
| Action: parts[1], | ||
| AllowedPrivateMetadataKeys: parts[2:], | ||
| }) | ||
| } |
There was a problem hiding this comment.
I don't think this is needed because we should have Action: "*" explicitly right?
There was a problem hiding this comment.
Correct! this is not needed, and this was also affecting this, because we would not get back action: * on EventType. Updated this. Thank you!
…only' of https://github.com/sourcegraph/sourcegraph into ak/update-sensitivemetadataallowlist-to-accept-feature-only
| event: &v1.Event{ | ||
| Feature: "cody.completion", | ||
| Action: "accepted", | ||
| Action: "*", |
There was a problem hiding this comment.
This is the event that goes into the "is allowed" check, I think there shouldn't be a wildcard here? We can note that this is defined as a wildcard in the "is allowed" check's list of known events
There was a problem hiding this comment.
| Action: "*", | |
| Action: "accepted", |
| event: &v1.Event{ | ||
| Feature: "cody.completion", | ||
| Action: "accepted", | ||
| Action: "Accepted", |
There was a problem hiding this comment.
per naming convention:
| Action: "Accepted", | |
| Action: "accepted", |
There was a problem hiding this comment.
ahh 🤦 thank you, sorry about that!
| mode := allowedTypes.Redact(ev) | ||
|
|
||
| assert.Equal(t, redactMarketingAndUnallowedPrivateMetadataKeys, mode) |
There was a problem hiding this comment.
Sorry for another spacing nit 😆
| mode := allowedTypes.Redact(ev) | |
| assert.Equal(t, redactMarketingAndUnallowedPrivateMetadataKeys, mode) | |
| mode := allowedTypes.Redact(ev) | |
| assert.Equal(t, redactMarketingAndUnallowedPrivateMetadataKeys, mode) |
There was a problem hiding this comment.
oh you're good! Do you have a linter you use, I'm surprised its not auto-corrected sometimes
There was a problem hiding this comment.
No, this is just eyeing it and see if it looks good to read :)
This PR adds another option to the sensitive metadata allowlist by simplifying the input requirements. to accept
featureand the allowlistedprivateMetadatakeys for that feature.This change is particularly beneficial when a
featurehas multiple associatedaction(s), and theprivateMetadatakey needs to be allowed for all events related to that feature.Building upon this initial PR:
Test plan
CI and unit tests
Changelog