implement sensitive data scrubbing for sentry (tecken)
Categories
(Tecken :: General, task, P2)
Tracking
(Not tracked)
People
(Reporter: willkg, Assigned: willkg)
References
Details
Attachments
(7 files, 1 obsolete file)
52 bytes,
text/x-github-pull-request
|
Details | Review | |
52 bytes,
text/x-github-pull-request
|
Details | Review | |
52 bytes,
text/x-github-pull-request
|
Details | Review | |
52 bytes,
text/x-github-pull-request
|
Details | Review | |
52 bytes,
text/x-github-pull-request
|
Details | Review | |
52 bytes,
text/x-github-pull-request
|
Details | Review | |
52 bytes,
text/x-github-pull-request
|
Details | Review |
We updated to sentry-sdk. Now that we're using that, we need to make sure we're not sending PII along with Sentry error reports.
Assignee | ||
Comment 1•3 years ago
|
||
Grabbing this because it's blocking our migration.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 2•2 years ago
|
||
Assignee | ||
Comment 3•2 years ago
|
||
I'm in the process of extracting the scrubbing code into a library. Then I'll redo pr 2568 using the library.
Assignee | ||
Comment 4•2 years ago
|
||
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 5•2 years ago
|
||
willkg merged PR #2572: "bug 1764569: implement sentry scrubbing" in 2d4e8fe.
I'll spend some time breaking Tecken in stage to kick up some errors so I can see what's ending up in Sentry and then I can adjust things accordingly.
Assignee | ||
Comment 6•2 years ago
|
||
Also, I need to set up graphs for scrub errors in the dashboard.
- tecken webapp:
tecken.sentry_scrub_error
- eliot:
eliot.sentry_scrub_error
with tagservice
as eithercachemanager
orwebapp
Assignee | ||
Comment 7•2 years ago
|
||
I added a dashboard to grafana. It has no data, though, so it's hard to know whether it's set up correctly. But it's probably right.
I pushed this out in bug #1780235. Marking as FIXED.
Assignee | ||
Comment 8•2 years ago
|
||
I updated Tecken to sentry_sdk 1.6.0 which adjusts the Sentry event schema. The Mozilla-hosted Sentry is behind a bit, though, so when Mozilla-hosted Sentry gets the Sentry event, it kicks up an error while ingesting:
transaction_info: Discarded unknown attribute
Triggering an exception in the Tecken webapp worked fine. The relevant bits are scrubbed and the data looks good.
Triggering an exception in the Eliot webapp worked fine. Eliot is using Falcon and it looks like there's no "request" section generated by the FalconIntegration. That makes sense because (if I recall correctly) the Falcon integration is broken in the sentry-sdk. If we ever want better request information (headers, query_string, data, etc), we should probably write our own integration.
The Eliot disk cache manager doesn't have a way to trigger an exception, but given the other things are working and we have integration tests for all three services, I'm confident it's probably working, too.
Assignee | ||
Comment 9•2 years ago
|
||
I'm reopening this to add some additional things to scrub for Tecken webapp and also to fix the Eliot Sentry set up to use the WSGI middleware and update the rules per the Socorro/Tecken Sentry migration plan.
Assignee | ||
Comment 10•2 years ago
|
||
Assignee | ||
Comment 11•2 years ago
|
||
Assignee | ||
Comment 12•2 years ago
|
||
Assignee | ||
Comment 13•2 years ago
|
||
Assignee | ||
Comment 14•2 years ago
|
||
Assignee | ||
Comment 15•2 years ago
|
||
Assignee | ||
Comment 16•2 years ago
|
||
Assignee | ||
Comment 17•2 years ago
|
||
Assignee | ||
Comment 18•2 years ago
|
||
I re-verified the Sentry events for the Tecken webapp and the Eliot webapp on stage. It looks good--things are scrubbed the way they should be, there's no additional things we need to scrub, and the data shows up in the Sentry interface in a way that we can triage and use.
Assignee | ||
Comment 19•2 years ago
|
||
Assignee | ||
Comment 20•2 years ago
|
||
Assignee | ||
Comment 21•2 years ago
|
||
Assignee | ||
Comment 22•2 years ago
|
||
Assignee | ||
Comment 23•2 years ago
|
||
I deployed this to prod in bug #1782727. Marking as FIXED.
Description
•