Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-57990

Avoid filtering contents without sensible data and do per-content anonymization

    XMLWordPrintable

Details

    • 2.57

    Description

      Change the behavior of the Contents to avoid filtering when it's not needed. And change the way it's anonymized by delegating it to the component to avoid losing the structure of the information.

      Should be filtered

      • NodesContent: include labels and filesystem path
      • AboutUser
      • AgentsConfigFile (secrets encrypted but maybe other sensitive info)
      • BuildQueue: name of the job
      • ConfigFileComponent (secrets encrypted but maybe other sensitive info)
      • EnvironmentVariables
      • JenkinsLogs
      • JVMProcessSystemMetricsContent (environment variables)
      • LoggerManager
      • NetworInterfaces (ips)
      • NodeMonitors (computer name)
      • OtherConfigFilesComponent
      • RoocCAs
      • SlaveLaunchLogs
      • SlaveLogs
      • SystemConfiguration Agents and Master (user running)
      • UpdateCenter (proxy information: urls)
      • SystemProperties

      Shouldn’t be filtered

      • AboutContent
      • AboutBrowser
      • ActivePlugins
      • DisabledPlugins
      • FailedPlugins
      • Dockerfile
      • MasterChecksumsContent
      • NodeChecksumsContent
      • AdministrativeMonitors
      • DeadlockRequestComponent
      • DumpExportTable
      • FileDescriptorLimit
      • GCLogs Out of scope, it needs some refactor of classes. To tackle on another ticket Done because i needed the infra for other components.
      • HeapUsageHistogram
      • ItemsContent
      • LoadStats
      • Metrics
      • RemotingDiagnostics
      • ReverseProxy
      • SlaveCommandStatistics
      • SlowRequestComponent
      • ThreadDumps

      Avoid anonymizing the labels, the structure of the files under the control of the plugin (.md files, and information files). Analyze what values should be anonymized.
      The contents generated on the fly are going to extend the PrefilteredContent by creating a new PrefilteredPrintedContent and they are going to filter the information by themselves.

      The ones that are being filtered and shouldn't to will override the shouldBeFiltered method to avoid that.

      Acceptance criteria

      • The support-core plugin is changed by creating a new PrefilteredPrintedContent that extends PrefilteredContent
      • The contents that don't need to be filtered don't do that by overriding shouldBeFiltered (false)
      • Some tests are implemented for:
        • A content that was filtered and now it's not
        • A content that was filtered affecting the structure (markdown) and now it's not affected
      • The PR in support-core is merged

      Attachments

        Issue Links

          Activity

            mramonleon Ramon Leon created issue -
            mramonleon Ramon Leon made changes -
            Field Original Value New Value
            Status Open [ 1 ] In Progress [ 3 ]
            mramonleon Ramon Leon made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            mramonleon Ramon Leon made changes -
            Remote Link This issue links to "PR #174 (Web Link)" [ 23111 ]
            mramonleon Ramon Leon made changes -
            Description Change the behavior of the {{Contents}} to avoid filtering when it's not needed. And change the way it's anonymized by delegating it to the component to avoid losing the structure of the information.

            *Should be filtered*
             * NodesContent: include labels and filesystem path

             * AboutUser

             * AgentsConfigFile (secrets encrypted but maybe other sensitive info)

             * BuildQueue: name of the job

             * ConfigFileComponent (secrets encrypted but maybe other sensitive info)

             * EnvironmentVariables

             * JenkinsLogs

             * JVMProcessSystemMetricsContent (environment variables)

             * LoggerManager

             * NetworInterfaces (ips)

             * NodeMonitors (computer name)

             * OtherConfigFilesComponent

             * RoocCAs

             * SlaveLaunchLogs

             * SlaveLogs

             * SystemConfiguration Agents and Master (user running)

             * UpdateCenter (proxy information: urls)

             * SystemProperties

            *Shouldn’t be filtered*
             * AboutContent

             * AboutBrowser

             * ActivePlugins

             * DisabledPlugins

             * FailedPlugins

             * Dockerfile

             * MasterChecksumsContent

             * NodeChecksumsContent

             * AdministrativeMonitors

             * DeadlockRequestComponent

             * DumpExportTable

             * FileDescriptorLimit

             * GCLogs Out of scope, it needs some refactor of classes. To tackle on another ticket

             * HeapUsageHistogram

             * ItemsContent

             * LoadStats

             * Metrics

             * RemotingDiagnostics

             * ReverseProxy

             * SlaveCommandStatistics

             * SlowRequestComponent

             * ThreadDumps

            Avoid anonymizing the labels, the structure of the files under the control of the plugin (.md files, and information files). Analyze what values should be anonymized.
            The contents generated on the fly are going to extend the PrefilteredContent by creating a new *PrefilteredPrintedContent* and they are going to filter the information by themselves.

            The ones that are being filtered and shouldn't to will override the {{shouldBeFiltered}} method to avoid that.
            h3. Acceptance criteria
             * The support-core plugin is changed by creating a new {{PrefilteredPrintedContent}} that extends {{PrefilteredContent}}

             * The contents that don't need to be filtered don't do that by overriding {{shouldBeFiltered}} (false)

             * The contents that need to be filtered extends from a {{PrefilteredContent}}, most likely {{PrefilteredPrintedContent}} and do the filtering by themselves implementing the new {{writeTo}} method. Look at: [https://github.com/jenkinsci/support-core-plugin/blob/e2d79249818d41111ea96979a710ac3404018f78/src/main/java/com/cloudbees/jenkins/support/api/StringContent.java#L58] avoiding to filter the structure of the markdown or whatever is going to affect the comprehension of the content.

             * Some tests are implemented for:

             ** A content that was filtered and now it's not

             ** A content that was filtered affecting the structure (markdown) and now it's not affected

             * The PR in support-core is merged
            Change the behavior of the {{Contents}} to avoid filtering when it's not needed. And change the way it's anonymized by delegating it to the component to avoid losing the structure of the information.

            *Should be filtered*
             * NodesContent: include labels and filesystem path

             * AboutUser

             * AgentsConfigFile (secrets encrypted but maybe other sensitive info)

             * BuildQueue: name of the job

             * ConfigFileComponent (secrets encrypted but maybe other sensitive info)

             * EnvironmentVariables

             * JenkinsLogs

             * JVMProcessSystemMetricsContent (environment variables)

             * LoggerManager

             * NetworInterfaces (ips)

             * NodeMonitors (computer name)

             * OtherConfigFilesComponent

             * RoocCAs

             * SlaveLaunchLogs

             * SlaveLogs

             * SystemConfiguration Agents and Master (user running)

             * UpdateCenter (proxy information: urls)

             * SystemProperties

            *Shouldn’t be filtered*
             * AboutContent

             * AboutBrowser

             * ActivePlugins

             * DisabledPlugins

             * FailedPlugins

             * Dockerfile

             * MasterChecksumsContent

             * NodeChecksumsContent

             * AdministrativeMonitors

             * DeadlockRequestComponent

             * DumpExportTable

             * FileDescriptorLimit

             * GCLogs -Out of scope, it needs some refactor of classes. To tackle on another ticket- Done because i needed the infra for other components.

             * HeapUsageHistogram

             * ItemsContent

             * LoadStats

             * Metrics

             * RemotingDiagnostics

             * ReverseProxy

             * SlaveCommandStatistics

             * SlowRequestComponent

             * ThreadDumps

            Avoid anonymizing the labels, the structure of the files under the control of the plugin (.md files, and information files). Analyze what values should be anonymized.
             The contents generated on the fly are going to extend the PrefilteredContent by creating a new *PrefilteredPrintedContent* and they are going to filter the information by themselves.

            The ones that are being filtered and shouldn't to will override the {{shouldBeFiltered}} method to avoid that.
            h3. Acceptance criteria
             * The support-core plugin is changed by creating a new {{PrefilteredPrintedContent}} that extends {{PrefilteredContent}}

             * The contents that don't need to be filtered don't do that by overriding {{shouldBeFiltered}} (false)

             * The contents that need to be filtered extends from a {{PrefilteredContent}}, most likely {{PrefilteredPrintedContent}} and do the filtering by themselves implementing the new {{writeTo}} method. Look at: [https://github.com/jenkinsci/support-core-plugin/blob/e2d79249818d41111ea96979a710ac3404018f78/src/main/java/com/cloudbees/jenkins/support/api/StringContent.java#L58] avoiding to filter the structure of the markdown or whatever is going to affect the comprehension of the content.

             * Some tests are implemented for:

             *
             ** A content that was filtered and now it's not

             *
             ** A content that was filtered affecting the structure (markdown) and now it's not affected

             * The PR in support-core is merged
            mramonleon Ramon Leon made changes -
            Released As 2.57
            Resolution Done [ 10000 ]
            Status In Review [ 10005 ] Resolved [ 5 ]
            aheritier Arnaud Héritier made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            allan_burdajewicz Allan BURDAJEWICZ made changes -
            Link This issue duplicates JENKINS-57217 [ JENKINS-57217 ]

            People

              mramonleon Ramon Leon
              mramonleon Ramon Leon
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: