fix(tracing): implement redact for query, add default values

2025-06-28 04:20:52 +02:00 · 2025-06-28 04:20:52 +02:00 · 5ac5d90f97
commit 5ac5d90f97
parent b813ed4347
6 changed files with 162 additions and 16 deletions
--- a/quarkus-tracing-service/src/test/java/ch/phoenix/oss/quarkus/commons/tracing/ActorTest.java
+++ b/quarkus-tracing-service/src/test/java/ch/phoenix/oss/quarkus/commons/tracing/ActorTest.java
@ -34,7 +34,7 @@ public class ActorTest {
        verify(tracingService).trace("request.route", route);
        verify(tracingService).trace("request.headers.accept", "text/plain");
        verify(tracingService).trace("request.headers.accept-encoding", "gzip,deflate");
-        verify(tracingService).trace("request.headers.authorization", "Basic am9uOmRvZQ==");
+        verify(tracingService).trace("request.headers.authorization", "********");
        verify(tracingService).trace("request.headers.connection", "Keep-Alive");
        verify(tracingService).trace(eq("request.headers.host"), startsWith("localhost:"));
        verify(tracingService).trace(eq("request.headers.user-agent"), startsWith("Apache-HttpClient"));
--- a/quarkus-tracing-service/src/test/java/ch/phoenix/oss/quarkus/commons/tracing/QueryParamTest.java
+++ b/quarkus-tracing-service/src/test/java/ch/phoenix/oss/quarkus/commons/tracing/QueryParamTest.java
@ -0,0 +1,54 @@
+package ch.phoenix.oss.quarkus.commons.tracing;
+
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.startsWith;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+
+import io.quarkus.test.junit.QuarkusTest;
+import io.quarkus.test.junit.mockito.InjectSpy;
+import io.restassured.RestAssured;
+import io.restassured.http.ContentType;
+import org.junit.jupiter.api.Test;
+
+@QuarkusTest
+public class QueryParamTest {
+
+    @InjectSpy
+    TracingService tracingService;
+
+    @Test
+    void traceQueryParams() {
+        var route = "/authenticated";
+        RestAssured.given()
+                .auth()
+                .basic("jon", "doe")
+                .accept(ContentType.TEXT)
+                .header("X-SOMETHING-ELSE", "whatever")
+                .queryParam("access_token", "api123")
+                .queryParam("refresh_token", "refresh123")
+                .queryParam("apikey", "apikey123")
+                .queryParam("grant_type", "authorization_code")
+                .when()
+                .get(route)
+                .then()
+                .statusCode(200);
+
+        verify(tracingService).trace("actor", "jon");
+        verify(tracingService).trace("request.method", "GET");
+        verify(tracingService).trace("request.route", route);
+        verify(tracingService).trace("request.headers.accept", "text/plain");
+        verify(tracingService).trace("request.headers.accept-encoding", "gzip,deflate");
+        verify(tracingService).trace("request.headers.authorization", "********");
+        verify(tracingService).trace("request.headers.connection", "Keep-Alive");
+        verify(tracingService).trace(eq("request.headers.host"), startsWith("localhost:"));
+        verify(tracingService).trace(eq("request.headers.user-agent"), startsWith("Apache-HttpClient"));
+        verify(tracingService).trace("request.headers.x-something-else", "whatever");
+        verify(tracingService).trace("request.query.params.access_token", "********");
+        verify(tracingService).trace("request.query.params.refresh_token", "********");
+        verify(tracingService).trace("request.query.params.apikey", "********");
+        verify(tracingService).trace("request.query.params.grant_type", "authorization_code");
+        verify(tracingService).trace("request.client.ip", "127.0.0.1");
+        verifyNoMoreInteractions(tracingService);
+    }
+}
--- a/quarkus-tracing-service/src/test/java/ch/phoenix/oss/quarkus/commons/tracing/RedactedTest.java
+++ b/quarkus-tracing-service/src/test/java/ch/phoenix/oss/quarkus/commons/tracing/RedactedTest.java
@ -0,0 +1,61 @@
+package ch.phoenix.oss.quarkus.commons.tracing;
+
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.startsWith;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+
+import io.quarkus.test.junit.QuarkusTest;
+import io.quarkus.test.junit.TestProfile;
+import io.quarkus.test.junit.mockito.InjectSpy;
+import io.restassured.RestAssured;
+import io.restassured.http.ContentType;
+import org.junit.jupiter.api.Test;
+
+@QuarkusTest
+@TestProfile(Test2Profile.class)
+public class RedactedTest {
+
+    @InjectSpy
+    TracingService tracingService;
+
+    @Test
+    void traceRedactedValues() {
+        var route = "/authenticated";
+        RestAssured.given()
+                .auth()
+                .basic("jon", "doe")
+                .accept(ContentType.TEXT)
+                .header("X-SOMETHING-ELSE", "whatever")
+                .queryParam("access_token", "api123")
+                .queryParam("refresh_token", "refresh123")
+                .queryParam("apikey", "apikey123")
+                .queryParam("grant_type", "authorization_code")
+                .when()
+                .get(route)
+                .then()
+                .statusCode(200);
+
+        verify(tracingService).trace("actor", "jon");
+        verify(tracingService).trace("request.method", "GET");
+        verify(tracingService).trace("request.route", route);
+        verify(tracingService).trace("request.path.raw", route);
+        verify(tracingService).trace("request.headers.accept", "text/plain");
+        verify(tracingService).trace("request.headers.accept-encoding", "gzip,deflate");
+        verify(tracingService).trace("request.headers.authorization", "********");
+        verify(tracingService).trace("request.headers.connection", "Keep-Alive");
+        verify(tracingService).trace(eq("request.headers.host"), startsWith("localhost:"));
+        verify(tracingService).trace(eq("request.headers.user-agent"), startsWith("Apache-HttpClient"));
+        verify(tracingService).trace("request.headers.x-something-else", "********");
+        verify(tracingService).trace("request.query.params.access_token", "********");
+        verify(tracingService).trace("request.query.params.refresh_token", "refresh123");
+        verify(tracingService).trace("request.query.params.apikey", "apikey123");
+        verify(tracingService).trace("request.query.params.grant_type", "authorization_code");
+        verify(tracingService)
+                .trace(
+                        "request.query.raw",
+                        "access_token=api123&refresh_token=refresh123&apikey=apikey123&grant_type=authorization_code");
+        verify(tracingService).trace("request.client.ip", "127.0.0.1");
+        verifyNoMoreInteractions(tracingService);
+    }
+}
--- a/quarkus-tracing-service/src/test/resources/application.yaml
+++ b/quarkus-tracing-service/src/test/resources/application.yaml
@ -32,6 +32,7 @@ quarkus:
          headers:
            redact:
              - AUTHORIZATION
+              - X-SOMETHING-ELSE
          query:
            include-raw: true
            redact: