From f67bfffaeca836990eafa7432354e19b1158d565 Mon Sep 17 00:00:00 2001 From: spoonman01 Date: Wed, 18 Sep 2024 17:38:21 +0200 Subject: [PATCH 1/3] fix(refine-log-filtering) Filter out specific logs --- build.gradle.kts | 2 +- .../com/wire/bots/polls/dto/roman/Message.kt | 21 +++++++++-- .../com/wire/bots/polls/setup/HttpClient.kt | 36 ++++++++----------- src/main/resources/logback.xml | 1 + 4 files changed, 35 insertions(+), 25 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index d63b606..fdd6482 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -2,7 +2,7 @@ plugins { kotlin("jvm") version "1.5.30" application distribution - id("net.nemerosa.versioning") version "2.14.0" + id("net.nemerosa.versioning") version "3.1.0" } group = "com.wire.bots.polls" diff --git a/src/main/kotlin/com/wire/bots/polls/dto/roman/Message.kt b/src/main/kotlin/com/wire/bots/polls/dto/roman/Message.kt index daa9e32..b93b0e7 100644 --- a/src/main/kotlin/com/wire/bots/polls/dto/roman/Message.kt +++ b/src/main/kotlin/com/wire/bots/polls/dto/roman/Message.kt @@ -69,11 +69,17 @@ data class Message( * Type of the file */ val mimeType: String?, + ) { data class Text( val data: String, val mentions: List? - ) + + ) { + override fun toString(): String { + return "Text(mentions=$mentions)" + } + } /** * Poll representation for the proxy. @@ -97,7 +103,18 @@ data class Message( * Id of the button when it was clicked on. */ val offset: Int? - ) + ) { + override fun toString(): String { + return "PollObjectMessage(id='$id', buttons=$buttons, offset=$offset)" + } + } + + /** + * Avoid printing out the token by mistake if object is printed. + */ + override fun toString(): String { + return "Message(botId='$botId', userId=$userId, conversationId=$conversationId, type='$type', messageId=$messageId, text=$text, refMessageId=$refMessageId, reaction=$reaction, image=$image, handle=$handle, locale=$locale, poll=$poll, mimeType=$mimeType)" + } } /* JSON from the swagger diff --git a/src/main/kotlin/com/wire/bots/polls/setup/HttpClient.kt b/src/main/kotlin/com/wire/bots/polls/setup/HttpClient.kt index 7af6d94..c1c0a7e 100644 --- a/src/main/kotlin/com/wire/bots/polls/setup/HttpClient.kt +++ b/src/main/kotlin/com/wire/bots/polls/setup/HttpClient.kt @@ -3,19 +3,12 @@ package com.wire.bots.polls.setup import com.wire.bots.polls.utils.ClientRequestMetric import com.wire.bots.polls.utils.createLogger import com.wire.bots.polls.utils.httpCall -import io.ktor.client.HttpClient -import io.ktor.client.engine.apache.Apache -import io.ktor.client.features.json.JacksonSerializer -import io.ktor.client.features.json.JsonFeature -import io.ktor.client.features.logging.LogLevel -import io.ktor.client.features.logging.Logger -import io.ktor.client.features.logging.Logging +import io.ktor.client.* +import io.ktor.client.engine.apache.* +import io.ktor.client.features.json.* +import io.ktor.client.features.logging.* import io.micrometer.core.instrument.MeterRegistry - -/** - * Prepares HTTP Client. - */ fun createHttpClient(meterRegistry: MeterRegistry) = HttpClient(Apache) { install(JsonFeature) { @@ -32,23 +25,22 @@ fun createHttpClient(meterRegistry: MeterRegistry) = } } -/** - * Debug logger for HTTP Requests. - */ -private val Logger.Companion.DEBUG: Logger - get() = object : Logger, org.slf4j.Logger by createLogger("DebugHttpClient") { - override fun log(message: String) { - debug(message) - } - } - - /** * Trace logger for HTTP Requests. + * + * Logs request/response bodies, params and headers. + * Avoids logging lines containing sensitive data */ private val Logger.Companion.TRACE: Logger get() = object : Logger, org.slf4j.Logger by createLogger("TraceHttpClient") { override fun log(message: String) { + for (blockedWord in blockedWordList) { + if (message.contains(blockedWord, ignoreCase = true)) { + return + } + } trace(message) } } + +private val blockedWordList = listOf("Authorization", "token", "Bearer", "text") diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml index 2adb7ba..1381289 100644 --- a/src/main/resources/logback.xml +++ b/src/main/resources/logback.xml @@ -27,6 +27,7 @@ + From cb59d5761f423cc007e04eec3a4bdd0c4ba7d38f Mon Sep 17 00:00:00 2001 From: spoonman01 Date: Thu, 19 Sep 2024 09:30:06 +0200 Subject: [PATCH 2/3] Remove redundant "text" keyword in logger filtering --- src/main/kotlin/com/wire/bots/polls/setup/HttpClient.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/kotlin/com/wire/bots/polls/setup/HttpClient.kt b/src/main/kotlin/com/wire/bots/polls/setup/HttpClient.kt index c1c0a7e..958df2b 100644 --- a/src/main/kotlin/com/wire/bots/polls/setup/HttpClient.kt +++ b/src/main/kotlin/com/wire/bots/polls/setup/HttpClient.kt @@ -43,4 +43,4 @@ private val Logger.Companion.TRACE: Logger } } -private val blockedWordList = listOf("Authorization", "token", "Bearer", "text") +private val blockedWordList = listOf("Authorization", "token", "Bearer") From ab5cedaa60fde5716d4ab56f74cdf3c47082db1d Mon Sep 17 00:00:00 2001 From: spoonman01 Date: Thu, 19 Sep 2024 14:34:36 +0200 Subject: [PATCH 3/3] Update github-action ci step to v1 --- .github/workflows/prod.yml | 24 ++++++++++++++++-------- .github/workflows/staging.yml | 24 ++++++++++++++++-------- 2 files changed, 32 insertions(+), 16 deletions(-) diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml index c108ea5..468a0b5 100644 --- a/.github/workflows/prod.yml +++ b/.github/workflows/prod.yml @@ -77,18 +77,26 @@ jobs: # delete bakup file rm "$SERVICE.yaml.bak" - # Setup gcloud CLI - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v0 + - name: Enable auth plugin + run: | + echo "USE_GKE_GCLOUD_AUTH_PLUGIN=True" >> $GITHUB_ENV + # Auth to GKE + - name: Authenticate to GKE + uses: google-github-actions/auth@v1 with: - service_account_email: kubernetes-deployment-agent@wire-bot.iam.gserviceaccount.com - service_account_key: ${{ secrets.GKE_SA_KEY }} project_id: wire-bot - export_default_credentials: true + credentials_json: ${{ secrets.GKE_SA_KEY }} + service_account: kubernetes-deployment-agent@wire-bot.iam.gserviceaccount.com + + # Setup gcloud CLI + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1 - # Configure Docker to use the gcloud command-line tool - - name: Configure Docker Google cloud + # Prepare components + - name: Prepare gcloud components run: | + gcloud components install gke-gcloud-auth-plugin + gcloud components update gcloud --quiet auth configure-docker # Get the GKE credentials so we can deploy to the cluster diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index 3e6a9cf..0eae132 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -50,18 +50,26 @@ jobs: build-args: | release_version=${{ env.RELEASE_VERSION }} - # Setup gcloud CLI - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v0 + - name: Enable auth plugin + run: | + echo "USE_GKE_GCLOUD_AUTH_PLUGIN=True" >> $GITHUB_ENV + # Auth to GKE + - name: Authenticate to GKE + uses: google-github-actions/auth@v1 with: - service_account_email: kubernetes-deployment-agent@wire-bot.iam.gserviceaccount.com - service_account_key: ${{ secrets.GKE_SA_KEY }} project_id: wire-bot - export_default_credentials: true + credentials_json: ${{ secrets.GKE_SA_KEY }} + service_account: kubernetes-deployment-agent@wire-bot.iam.gserviceaccount.com + + # Setup gcloud CLI + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v1 - # Configure Docker to use the gcloud command-line tool - - name: Configure Docker Google cloud + # Prepare components + - name: Prepare gcloud components run: | + gcloud components install gke-gcloud-auth-plugin + gcloud components update gcloud --quiet auth configure-docker # Get the GKE credentials so we can deploy to the cluster