New flag to scrub IP addresses#1161
Open
maxgolov wants to merge 12 commits into
Open
Conversation
Scrub IP addresses by default.
maxgolov
requested review from
ThomsonTan,
bliptec,
kindbe,
lalitb,
mkoscumb,
reyang and
sid-dahiya
as code owners
lalitb
approved these changes
Jun 7, 2023
Contributor
|
MacOS CI tests failure can be ignored for now. |
Contributor
|
@maxgolov Do you have plan to mark it for review, or else close if this is not valid ? |
Contributor
Author
|
@lalitb - we need it, but we identified an extra scenario that's not covered by the patch. I'll do another iteration on it. |
The initial change set RECORD_FLAGS_EVENTTAG_SCRUB_IP unconditionally for every event, forcing IP scrubbing on all SDK consumers in direct-upload mode -- a breaking change for apps that need client IP (e.g. geo-location). Make scrubbing the default but opt-out: the decorator sets the SCRUB_IP record flag unless CFG_BOOL_ENABLE_IP_SCRUBBING is explicitly set to false. record.flags is forwarded on the cross-platform/direct-upload path, so this redacts client IP at the collector without relying on ext.metadata privacy tags. - ILogConfiguration.hpp: add CFG_BOOL_ENABLE_IP_SCRUBBING config key - EventPropertiesDecorator.hpp: gate SCRUB_IP flag behind the config - EventPropertiesDecoratorTests.cpp: add default-on, opt-out, explicit-enable tests with a per-instance ConfigurableLogManager helper Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…bbing
- Statistics.cpp: SDK statistics/metastats events bypass EventPropertiesDecorator,
so apply the same collector-side client-IP scrub (gated by
CFG_BOOL_ENABLE_IP_SCRUBBING, on by default) to those records too. Closes the
gap identified in PR review.
- LogConfigurationKey.java + ODWLogConfiguration.{h,mm}: expose
CFG_BOOL_ENABLE_IP_SCRUBBING ('enableIpScrubbing') to the Android (Java) and
Apple (Obj-C) wrappers for API parity.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
bmehta001
requested review from
Copilot
and removed request for
bliptec and
kindbe
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a new configuration flag to request collector-side scrubbing (obfuscation) of the client IP address, and ensures the flag is applied consistently both for normal telemetry events and internal stats events.
Changes:
- Added
CFG_BOOL_ENABLE_IP_SCRUBBING/enableIpScrubbingconfiguration key across C++ public config, Objective-C wrapper keys, and Android wrapper keys. - Set a new on-wire record flag (
RECORD_FLAGS_EVENTTAG_SCRUB_IP) by default (unless explicitly opted out via config) inEventPropertiesDecorator. - Ensured stats/meta-stats records (which bypass
EventPropertiesDecorator) also set the same scrub flag, and added unit tests covering default/opt-out/explicit-enable behavior.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| wrappers/obj-c/ODWLogConfiguration.mm | Adds the Objective-C wrapper string constant for enableIpScrubbing. |
| wrappers/obj-c/ODWLogConfiguration.h | Exposes the Objective-C wrapper constant declaration for enableIpScrubbing. |
| tests/unittests/EventPropertiesDecoratorTests.cpp | Adds isolated configuration plumbing for tests and verifies default/opt-out/explicit-enable behavior for the scrub flag. |
| lib/stats/Statistics.cpp | Applies the scrub-IP record flag to stats records (which bypass the main decorator path). |
| lib/include/public/ILogConfiguration.hpp | Adds the public C++ configuration key constant and documentation for enableIpScrubbing. |
| lib/decorators/EventPropertiesDecorator.hpp | Introduces RECORD_FLAGS_EVENTTAG_SCRUB_IP and sets it by default unless config opts out. |
| lib/android_build/maesdk/src/main/java/com/microsoft/applications/events/LogConfigurationKey.java | Adds the Android wrapper enum entry for enableIpScrubbing. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The doc implied the setting only applies in direct-upload mode, but the scrub flag is set for all events and modes. Clarify that the flag is honored by the OneCollector direct-upload path while UTC mode applies its own client-privacy handling. No behavior change -- the flag is intentionally mode-agnostic and is ignored by the UTC pipeline. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…fig docs - EventPropertiesDecorator.hpp: include ILogManager.hpp so the header is self-contained for the ILogManager (m_owner) and ILogConfiguration types / CFG_BOOL_ENABLE_IP_SCRUBBING used inline, instead of relying on the includer. - Clarify CFG_BOOL_ENABLE_IP_SCRUBBING docs (C++ / Java / Obj-C): scrubbing is applied unless explicitly set to false (on by default) and the key is not present in the default configuration, so GetDefaultConfiguration() does not surface it. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…hared header Move the RECORD_FLAGS_EVENTTAG_* on-wire bits out of EventPropertiesDecorator.hpp into a dedicated decorators/RecordFlagConstants.hpp, exposed as static constexpr std::int64_t in the MAT namespace (no longer #define macros). This lets the stats pipeline reference RECORD_FLAGS_EVENTTAG_SCRUB_IP via the small shared header instead of pulling in the full decorator header, and avoids macro pollution. - New: lib/decorators/RecordFlagConstants.hpp - EventPropertiesDecorator.hpp: include the shared header; drop the macros - Statistics.cpp: include the shared header instead of EventPropertiesDecorator.hpp Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implement IP address scrub.