Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trace the ProcessRunner #20354

Merged
merged 4 commits into from
Aug 12, 2021
Merged

Trace the ProcessRunner #20354

merged 4 commits into from
Aug 12, 2021

Conversation

christothes
Copy link
Member

To better troubleshoot process based credentials like AzureCli, VS, and VSCode.

related to #20210

@christothes christothes requested a review from schaabs as a code owner April 13, 2021 16:52
@ghost ghost added the Azure.Identity label Apr 13, 2021
@christothes christothes self-assigned this Apr 13, 2021
@christothes christothes mentioned this pull request Apr 13, 2021
Closed
schaabs
schaabs reviewed Apr 13, 2021
View reviewed changes
sdk/identity/Azure.Identity/src/ProcessRunner.cs Outdated
@@ -25,6 +25,7 @@ internal sealed class ProcessRunner : IDisposable

public ProcessRunner(IProcess process, TimeSpan timeout, CancellationToken cancellationToken)
{
AzureIdentityEventSource.Singleton.ProcessRunnerInformational($"Running process `{process.StartInfo.FileName}' with arguments {string.Join(", ", process.StartInfo.Arguments)}");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe the arguments will contains a resource string in most cases, as well as tenant id if it was specified by the user. We've talked before about whether these are considered PII in the past, but I don't recall the outcome. @g2vinay are we ok to log resource strings and tenant ids or should they be redacted?

Copy link
Member

@g2vinay g2vinay Apr 13, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe last we decided these were not PII.
In Java scopes are logged in other credentials when a token is retrieved.
@catalinaperalta can you confirm this ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I recall correctly, tenantID was not PII but resource strings do get close to being PII depending on the resource name. I'll try to find my notes about this.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just checked tenantID is OII (organization identifiable data) so not PII, but I think resources (and therefore their resource strings?) do fall under customer content. I can share the link I have for the data governance site on our teams channel.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe, just to be extra cautious, this change should be coupled with the upcoming setting to log PII information (previously only relevant for MSAL logging).

@ghost ghost added the no-recent-activity There has been no recent activity on this issue. label Jun 18, 2021
@ghost
Copy link

ghost commented Jun 18, 2021

Hi @christothes. Thank you, for your interest in helping to improve the Azure SDK experience and for your contribution. We've noticed that there hasn't been recent engagement on this pull request. If this is still an active work stream, please let us know by pushing some changes or leaving a comment. Otherwise, we'll close this out in 7 days.

@christothes
Copy link
Member Author

You're welcome, msftbot.

@ghost ghost removed the no-recent-activity There has been no recent activity on this issue. label Jun 18, 2021
@christothes
Copy link
Member Author

dependent on #22852

@christothes christothes mentioned this pull request Jul 29, 2021
Merged
@christothes christothes force-pushed the chriss/ProcesRunnerLogging branch from 39b9e0f to 6db08cb Compare August 11, 2021 18:50
@christothes christothes merged commit 69ee6a6 into Azure:main Aug 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catalinaperalta catalinaperalta catalinaperalta left review comments

@g2vinay g2vinay g2vinay left review comments

@schaabs schaabs schaabs approved these changes

Assignees

@christothes christothes

Labels
Azure.Identity
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@christothes @g2vinay @catalinaperalta @schaabs