Closed Bug 1764569 Opened 3 years ago Closed 2 years ago

implement sensitive data scrubbing for sentry (tecken)

Categories

(Tecken :: General, task, P2)

Product:
Tecken
Component:
General
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: willkg, Assigned: willkg)

References

Details

Attachments

(7 files, 1 obsolete file)

pr 2572: bug 1764569: implement sentry scrubbing
52 bytes, text/x-github-pull-request
Details | Review
pr 2584: bug 1764569: fix minor sentry event scrubbing issues
52 bytes, text/x-github-pull-request
Details | Review
pr 2585: bug 1764569: change error capture to be explicit
52 bytes, text/x-github-pull-request
Details | Review
pr 2586: bug 1764569: fix transaction name for Eliot Sentry events
52 bytes, text/x-github-pull-request
Details | Review
pr 2587: bug 1764569: minor changes to sentry code
52 bytes, text/x-github-pull-request
Details | Review
pr 2588: bug 1764569: update fillmore to 0.1.1
52 bytes, text/x-github-pull-request
Details | Review
pr 2594: bug 1764569: update to fillmore 0.1.2; fix fillmore logging
52 bytes, text/x-github-pull-request
Details | Review

We updated to sentry-sdk. Now that we're using that, we need to make sure we're not sending PII along with Sentry error reports.

Grabbing this because it's blocking our migration.

Assignee: nobody → willkg
Status: NEW → ASSIGNED
Summary: implement pii sanitizing for sentry → implement pii sanitizing for sentry (tecken)
Summary: implement pii sanitizing for sentry (tecken) → implement sensitive data scrubbing for sentry (tecken)

I'm in the process of extracting the scrubbing code into a library. Then I'll redo pr 2568 using the library.

Attachment #9281696 - Attachment is obsolete: true

willkg merged PR #2572: "bug 1764569: implement sentry scrubbing" in 2d4e8fe.

I'll spend some time breaking Tecken in stage to kick up some errors so I can see what's ending up in Sentry and then I can adjust things accordingly.

Also, I need to set up graphs for scrub errors in the dashboard.

  • tecken webapp: tecken.sentry_scrub_error
  • eliot: eliot.sentry_scrub_error with tag service as either cachemanager or webapp

I added a dashboard to grafana. It has no data, though, so it's hard to know whether it's set up correctly. But it's probably right.

I pushed this out in bug #1780235. Marking as FIXED.

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED

I updated Tecken to sentry_sdk 1.6.0 which adjusts the Sentry event schema. The Mozilla-hosted Sentry is behind a bit, though, so when Mozilla-hosted Sentry gets the Sentry event, it kicks up an error while ingesting:

transaction_info: Discarded unknown attribute

Triggering an exception in the Tecken webapp worked fine. The relevant bits are scrubbed and the data looks good.

Triggering an exception in the Eliot webapp worked fine. Eliot is using Falcon and it looks like there's no "request" section generated by the FalconIntegration. That makes sense because (if I recall correctly) the Falcon integration is broken in the sentry-sdk. If we ever want better request information (headers, query_string, data, etc), we should probably write our own integration.

The Eliot disk cache manager doesn't have a way to trigger an exception, but given the other things are working and we have integration tests for all three services, I'm confident it's probably working, too.

I'm reopening this to add some additional things to scrub for Tecken webapp and also to fix the Eliot Sentry set up to use the WSGI middleware and update the rules per the Socorro/Tecken Sentry migration plan.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

I re-verified the Sentry events for the Tecken webapp and the Eliot webapp on stage. It looks good--things are scrubbed the way they should be, there's no additional things we need to scrub, and the data shows up in the Sentry interface in a way that we can triage and use.

I deployed this to prod in bug #1782727. Marking as FIXED.

Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: