feat(mxgateway): expose GatewayLogRedactor via shared ILogRedactor seam
This commit is contained in:
Joseph Doherty
@@ -0,0 +1,28 @@
|
|||||||
|
using ZB.MOM.WW.Telemetry.Serilog;
|
||||||
|
|
||||||
|
namespace ZB.MOM.WW.MxGateway.Server.Diagnostics;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Adapts the static <see cref="GatewayLogRedactor"/> to the shared <see cref="ILogRedactor"/> seam
|
||||||
|
/// so the telemetry RedactionEnricher masks API-key/credential material on every log event.
|
||||||
|
/// </summary>
|
||||||
|
public sealed class GatewayLogRedactorSeam : ILogRedactor
|
||||||
|
{
|
||||||
|
private static readonly string[] IdentityKeys = ["ClientIdentity", "authorization", "Authorization"];
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Masks API-key/credential material in known identity-bearing log properties.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="properties">The log event property dictionary to redact in place.</param>
|
||||||
|
public void Redact(IDictionary<string, object?> properties)
|
||||||
|
{
|
||||||
|
ArgumentNullException.ThrowIfNull(properties);
|
||||||
|
foreach (var key in IdentityKeys)
|
||||||
|
{
|
||||||
|
if (properties.TryGetValue(key, out var value) && value is string s)
|
||||||
|
{
|
||||||
|
properties[key] = GatewayLogRedactor.RedactClientIdentity(s);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -73,6 +73,7 @@ public static class GatewayApplication
|
|||||||
failureStatus: null,
|
failureStatus: null,
|
||||||
tags: new[] { ZbHealthTags.Ready });
|
tags: new[] { ZbHealthTags.Ready });
|
||||||
builder.Services.AddSingleton<GatewayMetrics>();
|
builder.Services.AddSingleton<GatewayMetrics>();
|
||||||
|
builder.Services.AddSingleton<ILogRedactor, GatewayLogRedactorSeam>();
|
||||||
builder.Services.AddSingleton<MxAccessGrpcMapper>();
|
builder.Services.AddSingleton<MxAccessGrpcMapper>();
|
||||||
builder.Services.AddSingleton<MxAccessGrpcRequestValidator>();
|
builder.Services.AddSingleton<MxAccessGrpcRequestValidator>();
|
||||||
builder.Services.AddSingleton<IEventStreamService, EventStreamService>();
|
builder.Services.AddSingleton<IEventStreamService, EventStreamService>();
|
||||||
|
|||||||
@@ -0,0 +1,15 @@
|
|||||||
|
using System.Collections.Generic;
|
||||||
|
using ZB.MOM.WW.MxGateway.Server.Diagnostics;
|
||||||
|
using Xunit;
|
||||||
|
|
||||||
|
public class GatewayLogRedactorSeamTests
|
||||||
|
{
|
||||||
|
[Fact]
|
||||||
|
public void Redact_MasksApiKeyInClientIdentity()
|
||||||
|
{
|
||||||
|
var redactor = new GatewayLogRedactorSeam();
|
||||||
|
var props = new Dictionary<string, object?> { ["ClientIdentity"] = "Bearer mxgw_operator01_super-secret" };
|
||||||
|
redactor.Redact(props);
|
||||||
|
Assert.Equal("Bearer mxgw_operator01_[redacted]", props["ClientIdentity"]);
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user