-
Notifications
You must be signed in to change notification settings - Fork 518
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Send PII to Spotlight when no DSN is set #3804
Conversation
Quick fix for getsentry/spotlight#543 until we implement a global scrubber that only scrubs events sent to the clound thorugh the DSN.
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## master #3804 +/- ##
==========================================
- Coverage 79.90% 79.90% -0.01%
==========================================
Files 137 137
Lines 15382 15385 +3
Branches 2610 2611 +1
==========================================
+ Hits 12291 12293 +2
Misses 2220 2220
- Partials 871 872 +1
|
I made the initialization of our EventScrubber more explicit. It did work before, but now it is "more correct" in a way. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this change is fine. Changing the default value of send_default_pii
from False
to None
in ClientConstructor
is kind of a sensitive change, but as we use should_send_default_pii()
everywhere, this is fine.
I have now refactored your change @BYK to not change the default value of If you are ok with this, I will merge it! (or you can merge it, to avoid another round trip) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now I feel good about this.
@antonpirker I disagree with this direction and also with the suggestion that changing the default is a bad idea. The default, by definition, is a selection we make on behalf of the user when they have no preference. This means, if they explicitly set it to Keeping it this way takes away that option, meaning taking away control. What is the motivation you had for the refactoring and added changes. Is it only type purity? |
Agreed. Maybe I am just paranoid. I reverted my refactoring. Changing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After some discussion, I am convinced that this is fine.
I don't think you were being paranoid. Since we have not communicated what was the concern on the PR itself, I'm just recording it here for posterity: @antonpirker's concern was some code potentially reading |
@BYK A note about stripping PII at the point of collection (in the integration) vs in a central place right before sending: The benefit of stripping in the integration is, that the integration knows best what data could contain PII and what data does not. Doing this in a central place could lead a lot of "if span is from mongodb: strip that field. if span is from anthropic AI: strop those fields". This can get messy fast. |
@antonpirker ah, I missed one crucial detail (or failed to explain it properly). The core idea here is integrations still announcing/marking those fields as sensitive in a central place where the scrubber just goes through the mundane job of removing those fields from the final payload. Sounds better? :) |
Sounds better, indeed! :-) |
Quick fix for getsentry/spotlight#543 until we implement a global scrubber that only scrubs events sent to the clound thorugh the DSN.