Merge pull request #11750 from savonarola/1011-redact-auth-http-request

Do not trace authn http request bodies
2023-10-13 17:25:28 +03:00 · 2023-10-13 17:25:28 +03:00 · 90a0c093bf
parent d59747a011 68f31a9da2
commit 90a0c093bf
3 changed files with 11 additions and 5 deletions
--- a/apps/emqx_bridge_http/src/emqx_bridge_http.app.src
+++ b/apps/emqx_bridge_http/src/emqx_bridge_http.app.src
@ -1,6 +1,6 @@
 {application, emqx_bridge_http, [
    {description, "EMQX HTTP Bridge and Connector Application"},
-    {vsn, "0.1.3"},
+    {vsn, "0.1.4"},
    {registered, []},
    {applications, [kernel, stdlib, emqx_connector, emqx_resource, ehttpc]},
    {env, []},
--- a/apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl
+++ b/apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl
@ -57,6 +57,8 @@
 -define(DEFAULT_PIPELINE_SIZE, 100).
 -define(DEFAULT_REQUEST_TIMEOUT_MS, 30_000).

+-define(READACT_REQUEST_NOTE, "the request body is redacted due to security reasons").
+
 %%=====================================================================
 %% Hocon schema

@ -303,7 +305,8 @@ on_query(
        "QUERY",
        "http_connector_received",
        #{
-            request => redact(Request),
+            request => redact_request(Request),
+            note => ?READACT_REQUEST_NOTE,
            connector => InstId,
            state => redact(State)
        }
@ -329,7 +332,7 @@ on_query(
        {error, #{status_code := StatusCode}} ->
            ?SLOG(error, #{
                msg => "http_connector_do_request_received_error_response",
-                note => "the body will be redacted due to security reasons",
+                note => ?READACT_REQUEST_NOTE,
                request => redact_request(NRequest),
                connector => InstId,
                status_code => StatusCode
@ -338,7 +341,8 @@ on_query(
        {error, Reason} ->
            ?SLOG(error, #{
                msg => "http_connector_do_request_failed",
-                request => redact(NRequest),
+                note => ?READACT_REQUEST_NOTE,
+                request => redact_request(NRequest),
                reason => Reason,
                connector => InstId
            }),
@ -379,7 +383,8 @@ on_query_async(
        "QUERY_ASYNC",
        "http_connector_received",
        #{
-            request => redact(Request),
+            request => redact_request(Request),
+            note => ?READACT_REQUEST_NOTE,
            connector => InstId,
            state => redact(State)
        }
--- a/changes/ee/fix-11750.en.md
+++ b/changes/ee/fix-11750.en.md
@ -0,0 +1 @@
+Eliminated logging and tracing of HTTP request bodies in HTTP authentification and HTTP bridges.
				`@ -0,0 +1 @@`
				`Eliminated logging and tracing of HTTP request bodies in HTTP authentification and HTTP bridges.`