github-for-jira
github-for-jira copied to clipboard
atlassian
ARC-1372 unsafe stream
What's in this PR?
Created a new stream class RawLogStream so that we can log out unsafe data to a secure environment for Splunking.
Why First attempt was to create an unsafe logger and use that instance, which would write out the logs to the secure environment. This worked but a major drawback was that it relied on devs to know about that option and then manually insert the logs they wanted. With this method its more usable since we just need to toggle the feature flag and it will stream the logs to safe and unsafe environment.
The catch Since we use a feature flag(with JiraHost) to determine whether we send the unsafe logs or not, this means we must have the jiraHost value as a log attribute, this value is pulled out of the logs data during the write process.
Runbooks How to Splunk unsafe data
Added feature flags LOG_UNSAFE_DATA
Affected issues
ARC-1372
How has this been tested?
Unit tests have been created for all new functionality.
Testing in stage to check that sensitive data is serialized or sent to unsafe environment.
Whats Next? Thats all for now. Monitor and make sure this suits our needs.
@gxueatlassian, yeah ideally!
We have this always updating list const SENSITIVE_DATA_FIELDS = ["jiraHost", "orgName", "repoName", "userGroup", "userGroup", "aaid", "username"]; from in logger-utils that will hash stuff before it makes it to logs as well
Sorry, but my logger changes have conflicted with this PR. We should get together to work through it.
Sorry, but my logger changes have conflicted with this PR. We should get together to work through it.
Conflicts were pretty minor so not a lot of trouble fortunately.
Will still set up a pair to see this one through tho!
Closing as changed the approach slightly, using logging level instead of feature flag. Was simpler to replay in a fresh branch than to unwind then make changes with the many conflicts.