Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: AIP-147 – Sensitive fields #26

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: AIP-147 – Sensitive fields #26

wants to merge 2 commits into from

Conversation

lukesneeringer
Copy link
Contributor

No description provided.

@lukesneeringer lukesneeringer requested a review from a team as a code owner February 16, 2021 17:55
@google-cla google-cla bot added the cla: yes label Feb 16, 2021
mkistler
mkistler approved these changes Oct 30, 2022
View reviewed changes
Copy link

@mkistler mkistler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. 👍

Note that we need to get AIP 203 created and merged so that the references here will resolve.

rofrankel
rofrankel requested changes Nov 1, 2022
View reviewed changes
aip/general/0147/aip.md
publicKey: Buffer;

// The private key data in PEM-encoded form.
set privateKey(k: Buffer): void;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the right way to express input-only for OAS? I don't know if a TS interface is the right way to describe an RPC. What is someone supposed to do in OAS?

aip/general/0147/aip.md
## Guidance

If the sensitive information is _required_ for the resource as a whole to
exist, the data **should** be accepted as an [input-only field][input-only]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should probably actually draft AIP-203 first. Google's AIP-203 is all in terms of protobuf; I want to know what it means for a field to be required or input-only in OAS.

aip/general/0147/aip.md
for the resource to exist, users of the API may assume that existence of the
resource implies storage of the sensitive data. For example:

```typescript
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No protobuf tabs?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rofrankel rofrankel rofrankel requested changes

@mkistler mkistler mkistler approved these changes

Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lukesneeringer @rofrankel @mkistler