Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow certain response headers coming from AzurePipelinesCredential to be logged #41871

Closed
ahsonkhan opened this issue Sep 16, 2024 · 1 comment · Fixed by #42058
Closed

Allow certain response headers coming from AzurePipelinesCredential to be logged #41871

ahsonkhan opened this issue Sep 16, 2024 · 1 comment · Fixed by #42058
Assignees
@billwert
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library.
Milestone
2024-10

Comments

@ahsonkhan
Copy link
Member

ahsonkhan commented Sep 16, 2024
edited
Loading

These two response headers are useful for the service team to debug and diagnose issues, and hence it is requested that we do log them.

  • x-vss-e2eid
  • x-msedge-ref

We decided, other than logging them, to also add these header values to the exception message that is thrown, so they are always visible, even with logging disabled.

Given our logged headers are based on an allow list, currently these two headers are REDACTED.

azure-sdk-for-java/sdk/core/azure-core/src/main/java/com/azure/core/http/policy/HttpLogOptions.java

Lines 69 to 74 in 6673a1c

static final List<String> DEFAULT_HEADERS_ALLOWLIST = Arrays.asList("x-ms-request-id", "x-ms-client-request-id",
"x-ms-return-client-request-id", "traceparent", "MS-CV",
"Accept", "Cache-Control", "Connection", "Content-Length", "Content-Type", "Date", "ETag", "Expires",
"If-Match", "If-Modified-Since", "If-None-Match", "If-Unmodified-Since", "Last-Modified", "Pragma",
"Request-Id", "Retry-After", "Server", "Transfer-Encoding", "User-Agent", "WWW-Authenticate");

@ahsonkhan ahsonkhan added this to the 2024-10 milestone Sep 16, 2024
@ahsonkhan ahsonkhan mentioned this issue Sep 16, 2024
Closed
@ahsonkhan
Copy link
Member Author

See Azure/azure-sdk-for-cpp#6001 for an example change from C++.

@scottaddie scottaddie added the Client This issue points to a problem in the data-plane of the library. label Sep 23, 2024
billwert added a commit to billwert/azure-sdk-for-java that referenced this issue Sep 26, 2024
@billwert
Fix Azure#41871
00612d5 
Add two headers for Piplines to the allow list (best effort), and log the values of those unconditionally in exceptions. The headers do not contain secrets; the error case is the most important thing, but having them in normal logs is nice.
@billwert billwert mentioned this issue Sep 26, 2024
Merged
billwert added a commit to billwert/azure-sdk-for-java that referenced this issue Sep 26, 2024
@billwert
Fix Azure#41871
dc28a60 
Add two headers for Piplines to the allow list (best effort), and log the values of those unconditionally in exceptions. The headers do not contain secrets; the error case is the most important thing, but having them in normal logs is nice.
mssfang pushed a commit to mssfang/azure-sdk-for-java that referenced this issue Oct 21, 2024
@billwert @mssfang
Identity azure pipelines cred fixes (Azure#42058)
9d4d2de 
* Fix Azure#41986

Add header to cause pipelines OIDC endpoint not to redirect.

* Fix Azure#41871

Add two headers for Piplines to the allow list (best effort), and log the values of those unconditionally in exceptions. The headers do not contain secrets; the error case is the most important thing, but having them in normal logs is nice.

* pr feedback

* more pr feedback fixes

* mark fields private
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@billwert billwert

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library.
Projects
Azure Identity SDK Improvements
Status: Done
Milestone
2024-10
Development

Successfully merging a pull request may close this issue.

Identity azure pipelines cred fixes billwert/azure-sdk-for-java
3 participants
@billwert @ahsonkhan @scottaddie