-
In the .NET Conf 2023 talk "Improving your application telemetry using .NET 8 and Open Telemetry" with @noahfalk and @samsp-msft Sam mentioned that there are now Microsoft.Extensions that help with redacting PII from logs. I suppose I have tried to get a simple hello world worker service running where log message text is redacted in the console output but I could not figure out how a using Microsoft.Extensions.Compliance.Classification;
using Microsoft.Extensions.Compliance.Redaction;
using TelemetrySource;
var builder = Host.CreateApplicationBuilder(args);
builder.Services.AddHostedService<Worker>()
.AddLogging(
loggingBuilder => loggingBuilder
// .EnableEnrichment()
.EnableRedaction())
// .AddProcessLogEnricher(o => o.ProcessId = true)
.AddRedaction(
r => { r.SetRedactor<MyRedactor>(new DataClassificationSet(new DataClassification("foo", "bar"))); } // what is "foo" and "bar"
// .SetRedactor<ErasingRedactor>(new DataClassificationSet(new DataClassification("foo", "bar")))
// .SetFallbackRedactor<ErasingRedactor>()
);
var host = builder.Build();
host.Run();
public class MyRedactor : Redactor
{
public override int Redact(ReadOnlySpan<char> source, Span<char> destination)
{
throw new NotImplementedException(); // never called
}
public override int GetRedactedLength(ReadOnlySpan<char> input)
{
throw new NotImplementedException(); // never called
}
}
public class Worker : BackgroundService
{
private readonly ILogger<Worker> _logger;
public Worker(ILogger<Worker> logger)
{
_logger = logger;
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
if (_logger.IsEnabled(LogLevel.Information))
{
_logger.LogInformation("foo bar: {foo} {bar}", "foo", "bar");
}
await Task.Delay(1000, stoppingToken);
}
}
} |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments 13 replies
-
@geeknoid - Any updated docs or doc plans to call out here? Could you also double check my explanation below appears accurate? Hi @bitbonk. As best I know the folks building the new Microsoft.Extensions.* libraries are planning to start with README files for each library that covers the basics and then broader documentation on learn.microsoft.com is a work in progress. In the case of redacting for logging I think you are probably looking for something like this:
[AttributeUsage(...)]
public class PersonalDataAttribute : DataClassificationAttribute
{
public PersonalDataAttribute() : base("NameOfTaxonomy", "NameOfClassification") {}
// both of those strings are arbitrary identifiers you can pick. You would use them
// later when configuring redaction to set the policies for your different named classifications.
}
// Order type from the presentation
public class Order
{
public int Id;
public Sandwich Sandwich;
public int StoreId;
[PersonalData] public int UserId; // annotated property
}
// logging code that logs an Order
public static partial class Log
{
[LoggerMessage(LogLevel.LogInformation, "New order created {order}")]
public static partial void OrderCreated(this ILogger logger, [LogProperties] Order order);
}
As an alternative to step 1+2 above you can get the IRedactorProvider from the service container, then get a redactor from the provider using Hope this helps as a starting point and I defer to @geeknoid when more broader docs will available. |
Beta Was this translation helpful? Give feedback.
-
@joperezr Jose, I think we might have a problem with the msbuild magic to control logging code generators. This is a pretty straightforward use of the new logging generator, but the generator is not being run at build time. If I load the solution into VS and click on the Dependencies node in Solution Explorer, I can see the reference to Microsoft.Gen.Logging in there, but it says "this generator is not providing any files", which indicates the thing is not being run for some reason. |
Beta Was this translation helpful? Give feedback.
-
@bitbonk I'll take a look at your demo repo and help figuring out what is wrong here. |
Beta Was this translation helpful? Give feedback.
-
As a follow-up, is it possible to use this library for redacting sensitive information from distributed traces? I tried folowing the implemention provided by @noahfalk and here, but the usage of |
Beta Was this translation helpful? Give feedback.
-
The code redaction infrastructure just operates against strings. You give it a data classification, get back a redactor, and then apply redaction on data N times. Various higher-level components, take advaantage of the redaction infrastructure as part of their own features. This includes logging, such as when you use [LoggerMessage] and [LoggerProperties]. There is currently no integration for redaction in distributed tracing, but you can likely roll your own by buinding directly on the redaction infra. |
Beta Was this translation helpful? Give feedback.
@geeknoid - Any updated docs or doc plans to call out here? Could you also double check my explanation below appears accurate?
Hi @bitbonk. As best I know the folks building the new Microsoft.Extensions.* libraries are planning to start with README files for each library that covers the basics and then broader documentation on learn.microsoft.com is a work in progress. In the case of redacting for logging I think you are probably looking for something like this: