com.couchbase.client.core.logging.RedactableArgument Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of core-io Show documentation
Show all versions of core-io Show documentation
The official Couchbase JVM Core IO Library
/*
* Copyright (c) 2017 Couchbase, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.couchbase.client.core.logging;
import com.couchbase.client.core.deps.com.fasterxml.jackson.annotation.JsonValue;
/**
* Wraps a piece of information that is subject to log redaction.
* Useful when logging sensitive information:
*
* log.info("Opened bucket {}", RedactableArgument.redactMeta(bucketName));
*
* Or when including sensitive information in an Exception message:
*
* throw new RuntimeException("Failed to process "
* + RedactableArgument.redactUser(documentId));
*
* The global redaction level is controlled by calling
* {@link LogRedaction#setRedactionLevel(RedactionLevel)}
*
* @see LogRedaction
* @since 1.5.3
*/
public class RedactableArgument {
/**
* The type of the redactable argument.
*/
private final ArgumentType type;
/**
* The message of the redactable argument.
*/
private final Object message;
/**
* Creates a new {@link RedactableArgument}.
*
* @param type type of the redactable argument.
* @param message message of the redactable argument.
*/
private RedactableArgument(final ArgumentType type, final Object message) {
this.type = type;
this.message = message;
}
/**
* A redactable argument of user data. User data is data that is stored into Couchbase
* by the application user account, including:
*
* - Key and value pairs in JSON documents, or the key exclusively
*
- Application/Admin usernames that identify the human person
*
- Query statements included in the log file collected by support that leak the document fields (Select floor_price from stock).
*
- Names and email addresses asked during product registration and alerting
*
- Usernames
*
- Document xattrs
*
*
* @param message the message to redact.
* @return a new {@link RedactableArgument}.
*/
public static RedactableArgument redactUser(final Object message) {
return new RedactableArgument(ArgumentType.USER, message);
}
/**
* A redactable argument of meta data. Metadata is logical data needed by Couchbase
* to store and process User data, including:
*
* - Cluster name
*
- Bucket names
*
- DDoc/view names
*
- View code
*
- Index names
*
- Mapreduce Design Doc Name and Definition (IP)
*
- XDCR Replication Stream Names
*
- And other couchbase resource specific meta data
*
*
* @param message the message to redact.
* @return a new {@link RedactableArgument}.
*/
public static RedactableArgument redactMeta(final Object message) {
return new RedactableArgument(ArgumentType.META, message);
}
/**
* A redactable argument of system data. System data is data from other parts of the system
* Couchbase interacts with over the network, including:
*
* - IP addresses
*
- IP tables
*
- Hosts names
*
- Ports
*
- DNS topology
*
*
* @param message the message to redact.
* @return a new {@link RedactableArgument}.
*/
public static RedactableArgument redactSystem(final Object message) {
return new RedactableArgument(ArgumentType.SYSTEM, message);
}
/**
* The type of this redactable argument.
*/
public ArgumentType type() {
return type;
}
/**
* The message of this redactable argument.
*/
public String message() {
return String.valueOf(message);
}
@JsonValue
@Override
public String toString() {
// The exact syntax for "system" and "meta" redaction is yet to be determined.
// In the mean time, we've been asked to redact *only* "user" data.
if (type != ArgumentType.USER) {
return message();
}
final RedactionLevel redactionLevel = LogRedaction.getRedactionLevel();
final boolean redact;
switch (redactionLevel) {
case NONE:
redact = false;
break;
case PARTIAL:
redact = (type == ArgumentType.USER);
break;
case FULL:
redact = true;
break;
default:
throw new AssertionError("Unexpected redaction level: " + redactionLevel);
}
return redact ? "<" + type.tagName + ">" + message() + "" : message();
}
/**
* The type of the redactable argument.
*/
private enum ArgumentType {
/**
* User data is data that is stored into Couchbase by
* the application user account.
*/
USER("ud"),
/**
* Metadata is logical data needed by Couchbase to
* store and process user data.
*/
META("md"),
/**
* System data is data from other parts of the system
* Couchbase interacts with over the network.
*/
SYSTEM("sd");
private final String tagName;
ArgumentType(String tagName) {
this.tagName = tagName;
}
}
}