Skip to content

Commit

Permalink
Adding request body into Attributes for auditing purpose with PII fie…
Browse files Browse the repository at this point in the history
…lds are filtered (cadence-workflow#5151)

* add unit test for filter PII functions to check bugs and error when cloning

* handles when pointers are nil to avoid bugs and errors

* resume the changes from previous reverted branch

* use json tags to filter PII instead of hard copies

* Create a new struct in unit test that only contains PII. Would be much more clearer to see filtered result.

* some clean up
  • Loading branch information
bowenxia authored Mar 13, 2023
1 parent bb7cb10 commit 5e5895a
Show file tree
Hide file tree
Showing 9 changed files with 912 additions and 140 deletions.
38 changes: 38 additions & 0 deletions common/authorization/authority_mock.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions common/authorization/authorizer.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ type (
WorkflowType *types.WorkflowType
TaskList *types.TaskList
Permission Permission
RequestBody FilteredRequestBody // request object except for data inputs (PII)
}

// Result is result from authority.
Expand Down Expand Up @@ -97,3 +98,8 @@ func GetAuthProviderClient(privateKey string) (clientworker.AuthorizationProvide
}
return clientworker.NewAdminJwtAuthorizationProvider(pk), nil
}

// FilteredRequestBody request object except for data inputs (PII)
type FilteredRequestBody interface {
SerializeForLogging() (string, error)
}
10 changes: 10 additions & 0 deletions common/log/tag/tags.go
Original file line number Diff line number Diff line change
Expand Up @@ -469,11 +469,21 @@ func ActorID(actorID string) Tag {
return newStringTag("actor-id", actorID)
}

// ActorEmail returns tag for the actor's email address
func ActorEmail(actorEmail string) Tag {
return newStringTag("actor-email", actorEmail)
}

// HandlerCall returns tag for the API name of a request
func HandlerCall(handlerCall string) Tag {
return newStringTag("handler-call", handlerCall)
}

// RequestBody returns the tag for the API request body
func RequestBody(requestBody string) Tag {
return newStringTag("request-body", requestBody)
}

// history engine shard

// ShardID returns tag for ShardID
Expand Down
63 changes: 63 additions & 0 deletions common/types/admin.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,13 @@ type AddSearchAttributeRequest struct {
SecurityToken string `json:"securityToken,omitempty"`
}

func (v *AddSearchAttributeRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

// GetSearchAttribute is an internal getter (TBD...)
func (v *AddSearchAttributeRequest) GetSearchAttribute() (o map[string]IndexedValueType) {
if v != nil && v.SearchAttribute != nil {
Expand All @@ -47,6 +54,13 @@ type AdminDescribeWorkflowExecutionRequest struct {
Execution *WorkflowExecution `json:"execution,omitempty"`
}

func (v *AdminDescribeWorkflowExecutionRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

// GetDomain is an internal getter (TBD...)
func (v *AdminDescribeWorkflowExecutionRequest) GetDomain() (o string) {
if v != nil {
Expand Down Expand Up @@ -91,6 +105,13 @@ type GetWorkflowExecutionRawHistoryV2Request struct {
NextPageToken []byte `json:"nextPageToken,omitempty"`
}

func (v *GetWorkflowExecutionRawHistoryV2Request) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

// GetDomain is an internal getter (TBD...)
func (v *GetWorkflowExecutionRawHistoryV2Request) GetDomain() (o string) {
if v != nil {
Expand Down Expand Up @@ -206,6 +227,13 @@ type ResendReplicationTasksRequest struct {
EndVersion *int64 `json:"endVersion,omitempty"`
}

func (v *ResendReplicationTasksRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

// GetWorkflowID is an internal getter (TBD...)
func (v *ResendReplicationTasksRequest) GetWorkflowID() (o string) {
if v != nil {
Expand Down Expand Up @@ -242,6 +270,13 @@ type GetDynamicConfigRequest struct {
Filters []*DynamicConfigFilter `json:"filters,omitempty"`
}

func (v *GetDynamicConfigRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

type GetDynamicConfigResponse struct {
Value *DataBlob `json:"value,omitempty"`
}
Expand All @@ -251,18 +286,39 @@ type UpdateDynamicConfigRequest struct {
ConfigValues []*DynamicConfigValue `json:"configValues,omitempty"`
}

func (v *UpdateDynamicConfigRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

type RestoreDynamicConfigRequest struct {
ConfigName string `json:"configName,omitempty"`
Filters []*DynamicConfigFilter `json:"filters,omitempty"`
}

func (v *RestoreDynamicConfigRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

// AdminDeleteWorkflowRequest is an internal type (TBD...)
type AdminDeleteWorkflowRequest struct {
Domain string `json:"domain,omitempty"`
Execution *WorkflowExecution `json:"execution,omitempty"`
SkipErrors bool `json:"skipErrors,omitempty"`
}

func (v *AdminDeleteWorkflowRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

func (v *AdminDeleteWorkflowRequest) GetDomain() (o string) {
if v != nil {
return v.Domain
Expand Down Expand Up @@ -298,6 +354,13 @@ type ListDynamicConfigRequest struct {
ConfigName string `json:"configName,omitempty"`
}

func (v *ListDynamicConfigRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

type ListDynamicConfigResponse struct {
Entries []*DynamicConfigEntry `json:"entries,omitempty"`
}
42 changes: 42 additions & 0 deletions common/types/replicator.go
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,13 @@ type GetDLQReplicationMessagesRequest struct {
TaskInfos []*ReplicationTaskInfo `json:"taskInfos,omitempty"`
}

func (v *GetDLQReplicationMessagesRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

// GetTaskInfos is an internal getter (TBD...)
func (v *GetDLQReplicationMessagesRequest) GetTaskInfos() (o []*ReplicationTaskInfo) {
if v != nil && v.TaskInfos != nil {
Expand All @@ -249,6 +256,13 @@ type GetDomainReplicationMessagesRequest struct {
ClusterName string `json:"clusterName,omitempty"`
}

func (v *GetDomainReplicationMessagesRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

// GetLastRetrievedMessageID is an internal getter (TBD...)
func (v *GetDomainReplicationMessagesRequest) GetLastRetrievedMessageID() (o int64) {
if v != nil && v.LastRetrievedMessageID != nil {
Expand Down Expand Up @@ -284,6 +298,13 @@ type GetReplicationMessagesRequest struct {
ClusterName string `json:"clusterName,omitempty"`
}

func (v *GetReplicationMessagesRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

// GetClusterName is an internal getter (TBD...)
func (v *GetReplicationMessagesRequest) GetClusterName() (o string) {
if v != nil {
Expand Down Expand Up @@ -393,6 +414,13 @@ type MergeDLQMessagesRequest struct {
NextPageToken []byte `json:"nextPageToken,omitempty"`
}

func (v *MergeDLQMessagesRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

// GetType is an internal getter (TBD...)
func (v *MergeDLQMessagesRequest) GetType() (o DLQType) {
if v != nil && v.Type != nil {
Expand Down Expand Up @@ -454,6 +482,13 @@ type PurgeDLQMessagesRequest struct {
InclusiveEndMessageID *int64 `json:"inclusiveEndMessageID,omitempty"`
}

func (v *PurgeDLQMessagesRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

// GetType is an internal getter (TBD...)
func (v *PurgeDLQMessagesRequest) GetType() (o DLQType) {
if v != nil && v.Type != nil {
Expand Down Expand Up @@ -496,6 +531,13 @@ type ReadDLQMessagesRequest struct {
NextPageToken []byte `json:"nextPageToken,omitempty"`
}

func (v *ReadDLQMessagesRequest) SerializeForLogging() (string, error) {
if v == nil {
return "", nil
}
return SerializeRequest(v)
}

// GetType is an internal getter (TBD...)
func (v *ReadDLQMessagesRequest) GetType() (o DLQType) {
if v != nil && v.Type != nil {
Expand Down
Loading

0 comments on commit 5e5895a

Please sign in to comment.