davidmrdavid
commented
2 weeks ago Incorporated feedback, merging as such. Thanks for the prompt reviews!
Closed davidmrdavid closed 2 weeks ago
davidmrdavid
commented
2 weeks ago Incorporated feedback, merging as such. Thanks for the prompt reviews!
In various log events, our telemetry captures user-provided details that may contain sensitive information, particularly in the "Details" column. For safety, this PR does two things: (1) We stop logging the reason for client operations like terminate, suspend, and resume. These are user-provided strings, and they have minimal use during investigations.
(2) When it comes to logging exceptions, we avoid logging the exception message, which may contain sensitive data. To do this, the orchestratorCompleted action now always carries a FailureDetails object, which can be inspected to obtain only the error trace and error type of an exception. This doesn't mean we do not honor the user's choice of error propagation mode, it just means that the FailureDetails property is always populated. Obviously, this may have a memory perf impact, but I found all alternatives to have tricky tradeoffs. Given that FailureDetails is positioned to be the preferred error serialization mode of future SDKs, I think it should be 'ok' to leverage it here.