-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
*: improve redaction #65453
Comments
Wasn't able to post this on Wednesday due to GH outage, but here it is: level 👶🏽: implement I bet @knz has ideas on the above and other ideas as well. With proper mentorship, I think all of the above are suitable for an intern as while of varying complexity, the work is at the library level with clear dependencies + docs, and not a ton of prior context is necessary. |
I'm doing the struct and array auto-redaction in cockroachdb/redact#19 |
This umbrella issue has outlived its purpose, closing. |
Describe the problem
On customer incidents, we regularly struggle with redacted logs which typically
To Reproduce
Pick any CockroachCloud Zendesk ticket, download the debug zip, and see for yourself.
Expected behavior
Redaction, to the extent that is reasonable, leaves non-PII untouched and allows redacted and unredacted logs to be used more or less interchangeably. In particular, keys could be redacted smartly, by preserving the
/Table/descid/idxid
part and at least printing the types for everything else (/Table/55/3/<int>/<string>#0
for example.Lints would make redactability opt-out (a change from today's opt-in), that is, a linter would ensure that any new type added implements redactability. This is not true today. I also believe there are a few ways in which implementing redactability could be simplified, such as cockroachdb/redact#5.
There would clearly need to be some transition, such as adding the linting code but instead of ensuring the absence of non-redactable structs, we'd assert that the number of violations does not increase. This also provides a rough score of how well we are doing in terms of redactability.
Additional data / screenshots
Environment:
Additional context
The below issues deal with aspects of redactability across CRDB:
#58610
#53310
#55862
#50044
#50043
Epic: CRDB-6668
Jira issue: CRDB-7612
The text was updated successfully, but these errors were encountered: