Introduce LoggingMarkers marker for logging sensitive data #2051
Conversation
|
@kpavlov Could you check the test failure on this PR? Thanks |
kpavlov
changed the title
Introduce a utility class `LoggingMarkers` providing an SLF4J marker for tagging log entries with Personally Identifiable Information (PII). Update `BeanOutputConverter` to use the `PII_MARKER` in error logs for invalid JSON conversions. Enhance tests to verify PII marker usage in logging.
Signed-off-by: Konstantin Pavlov <{ID}+{username}@users.noreply.github.com>
Updated Maven configurations to dynamically reference the Java version using `${java.version}`. Added Kotlin compiler settings, including `jvmTarget` alignment with Java version and enabling `javaParameters`. This ensures consistency and better compatibility across builds.
Signed-off-by: Konstantin Pavlov <{ID}+{username}@users.noreply.github.com>
Updated the test to assert log size explicitly before accessing the first log entry. This ensures the test is more robust and avoids potential issues with accessing logs unexpectedly.
Signed-off-by: Konstantin Pavlov <{ID}+{username}@users.noreply.github.com>
Replaced string concatenation with a placeholder in the logger.error call to improve performance and maintain consistency with logging best practices. This helps avoid unnecessary overhead when logging is disabled.
Signed-off-by: Konstantin Pavlov <{ID}+{username}@users.noreply.github.com>
Replaced `PII_MARKER` with `SENSITIVE_DATA_MARKER`. Introduced `RESTRICTED_DATA_MARKER`, `REGULATED_DATA_MARKER` and `PUBLIC_DATA_MARKER`
Updated associated logging logic and tests to reflect these changes.
Signed-off-by: Konstantin Pavlov <{ID}+{username}@users.noreply.github.com>
Added missing periods to improve consistency and clarity in the Javadoc comments. This change ensures proper formatting and adheres to standard writing conventions.
Signed-off-by: Konstantin Pavlov <{ID}+{username}@users.noreply.github.com>
|
@ilayaperumalg I have updated the PR and fixed incompatibility with JDK 17 |
|
The core of Spring AI does not depend on Spring Boot, which is usually a green flag for using slf4j. Spring projects that do not depend on spring boot use commons logging, typically via the |
|
LogAccessor wouldn't allow adding additional metadata to log messages. If so, my proposal for log message classification would not work. Please feel free to close this PR. |
|
@kpavlov Yea, lots of convenience in sl4j. I'm reconsidering the switch... what happens in the logging impls that make use of this feature - sl4j will do the masking so we can be sure all impls will behave correctly? |
| @@ -0,0 +1,69 @@ | |||
| package org.springframework.ai.util; | |||
There was a problem hiding this comment.
Will need to add copywrite statement. will add it when merging.
Introduce a utility class
LoggingMarkersproviding an SLF4J marker for tagging log entries with different data security classification, such as:Update
BeanOutputConverterto use theSENSITIVE_DATA_MARKERin error logs for invalid JSON conversions. Enhance tests to verify SENSITIVE_DATA_MARKER marker usage in logging.Updated Maven configurations to dynamically reference the Java version using
${java.version}. Added Kotlin compiler settings, includingjvmTargetalignment with Java version and enablingjavaParametersto ensure consistency and better compatibility across builds.