Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filter sensitive values from being logged in ProcessProxy #1279

Merged
merged 27 commits into from
Mar 14, 2023
Merged

Filter sensitive values from being logged in ProcessProxy #1279

merged 27 commits into from
Mar 14, 2023

Conversation

starskyreverie
Copy link
Contributor

@starskyreverie starskyreverie commented Mar 14, 2023
edited
Loading

Allows users to set kwarg sensitive_env for ProcessProxy, an array of phrases indicating secrets that users may not want logged.

starskyreverie and others added 25 commits March 3, 2023 11:21
@starskyreverie
Update gateway_client.py
449b25f
@starskyreverie
Update gateway_client.py
bdffd13
@starskyreverie
Fix linting :)
e32f624
@starskyreverie
remove trailing whitespace
c6ddd69
@starskyreverie
Update gateway_client.py
7e9a55e
@starskyreverie
Update gateway_client.py
9ce015c
@starskyreverie
Fix execute calls everywhere
b181302
@starskyreverie
fixes
a35da15
@starskyreverie
fix tests
2a90a0b
@starskyreverie
fix test
88259c2
@starskyreverie
Fix log
d3d9a6d
@starskyreverie
Remove 'is defined' from jinja templates
3dec739
@starskyreverie
Remove remaining 'is defined's
9776d5f
@starskyreverie
Add back to numeric variables in Jinja templates
e50d352 
:
@starskyreverie
Add back to kernel uid/gid
013879f
@starskyreverie
woops
33e59a4
@starskyreverie
few fixes
c6553d8
@starskyreverie
Merge branch 'jupyter-oss:main' into main
de7ff4d
@starskyreverie
Filter sensitive values from being logged in processproxy
94ce1d4
@pre-commit-ci
[pre-commit.ci] auto fixes from pre-commit.com hooks
a0dd2ca 
for more information, see https://pre-commit.ci
@starskyreverie
Copy dict
1d73385
@starskyreverie
Merge branch 'main' of https://github.com/pq43/enterprise_gateway
f2cce39
@pre-commit-ci
[pre-commit.ci] auto fixes from pre-commit.com hooks
3800f31 
for more information, see https://pre-commit.ci
@starskyreverie
test fixes
e047e1d
@starskyreverie
Merge branch 'main' of https://github.com/pq43/enterprise_gateway
9ef7ccc
kevin-bates
kevin-bates reviewed Mar 14, 2023
View reviewed changes
Copy link
Member

@kevin-bates kevin-bates left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @pq43 - thank you for the pull request. This seems like a decent idea although I think it needs to be configurable by an operator

@kevin-bates kevin-bates added enhancement security gateway-provisioners Has application for gateway-provisioners (EG 4.0) labels Mar 14, 2023
@starskyreverie starskyreverie requested review from lresende and kevin-bates and removed request for lresende March 14, 2023 16:15
@kevin-bates
Copy link
Member

I guess I meant for these to be manifested as configurable traits (that can be configured via a configuration file), but initially rolling with envs is probably fine so let's skip the trait aspect of this.

Please add documentation for each of the new envs to this page: https://github.com/jupyter-server/enterprise_gateway/blob/main/docs/source/operators/config-add-env.md

@starskyreverie
Copy link
Contributor Author

Oh okay, sounds good! To do what you said via traitlets, should I define EG_SENSITIVE_ENV_KEYS in mixins.py or is there a better place?

@kevin-bates
Copy link
Member

To do what you said via traitlets, should I define EG_SENSITIVE_ENV_KEYS in mixins.py or is there a better place?

Yes, but I'm thinking it might be best to just keep these as envs for now. These will need to reside in Gateway Provisioners when EG moves to those and we could decide to use traits at that time, but introducing traits now will only create migration headaches.

kevin-bates
kevin-bates approved these changes Mar 14, 2023
View reviewed changes
Copy link
Member

@kevin-bates kevin-bates left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good @pq43 - thank you.

@lresende lresende merged commit a09cfb7 into jupyter-server:main Mar 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lresende lresende lresende approved these changes

@kevin-bates kevin-bates kevin-bates approved these changes

Assignees
No one assigned
Labels
enhancement gateway-provisioners Has application for gateway-provisioners (EG 4.0) security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@starskyreverie @kevin-bates @lresende