[jira] [Commented] (CASSANDRA-17197) Diagnostic events for guardrails

Wed, 09 Mar 2022 05:25:07 -0800 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17503590#comment-17503590
 ] 

Andres de la Peña commented on CASSANDRA-17197:
-----------------------------------------------

An important detail is that the messages emitted when a guardrail is triggered 
might contain user data. None of the current guardrails does this, but the 
proposed guardrails for collection items and size (CASSANDRA-17153) will 
include the primary key of the offending row, and it's likely that other 
incoming guardrails will do the same.

This user data shouldn't be included into diagnostic events, so it isn't sent 
to external systems monitoring diagnostic events. I have added [a 
commit|https://github.com/apache/cassandra/pull/1485/commits/97329b94fb3de770aaae64880cef2b9cff857a00]
 to the PR that allows to redact sensitive data in the messages that are 
included in guardrail diagnostic events. The approach for redacting the 
messages is based on a previous patch by [~Gerrrr].

I'd be fine doing this in a separate ticket, given that we don't yet have any 
guardrail publishing user data. However, since this is a security thing, I 
think I'd prefer to include this with diagnostic events, so we don't miss it 
when adding other guardrails.

Here is CI for the updated patch:
||PR||CI||
|[trunk|https://github.com/apache/cassandra/pull/1485]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/1345/workflows/1638df69-2729-4222-872f-4f3e081bff1b]
 
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/1345/workflows/ef04d0d2-04a4-4675-83db-7fb0ffe21ea4]|

> Diagnostic events for guardrails
> --------------------------------
>
>                 Key: CASSANDRA-17197
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17197
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Feature/Guardrails
>            Reporter: Andres de la Peña
>            Assignee: Andres de la Peña
>            Priority: Normal
>             Fix For: 4.x
>
>
> Add diagnostic events for guardrails, so we can monitor when each type of 
> guardrail is triggered.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to