search

OpenFn / primero-progres

Interoperability solution for UNICEF <> UNHCR interagency referrals between Primero and Progres v4 systems.
https://openfn.github.io/primero-progres/
0 stars 2 forks source link

DTP job failures log the certificate keys from `configuration` #7

Closed aleksa-krolls closed 3 years ago

aleksa-krolls commented 3 years ago

Describe the bug

I've noticed that when HTTP requests sent to DTP fail, the certificate details from configuration is included in the run logs. See L83 here: https://www.openfn.org/projects/p5am6e/runs/rk5g83y9

See issues #3 and #5 for more background on the jobs for this project.

To Reproduce and Test

Re-run this on prod to test: https://www.openfn.org/projects/p5am6e/runs/rk5g83y9 (We currently expect this run to fail.)

adaptor

language-http

expression.js

https://github.com/OpenFn/primero-progres/blob/master/jobs/2.b.uploadReferrals.js

state.json

See LP for UNHCR SSL 

"configuration": {
"Ocp-Apim-Subscription-Key":"See LP for UNHCR",
"cert":"See LP for UNHCR SSL Thumbprint",
"token":"idk-ask-mamadou",
"urlDTP":"https://antirrio.azure-api.net/primero-uat/ReceiveIncomingReferral"}

Expected behavior

Ideally no sensitive information from configuration should be logged.

aleksa-krolls commented 3 years ago

@lakhassane @taylordowns2000 Please note that this is important, but not urgent... we have 1+ week to resolve while testing is still in progress.

aleksa-krolls commented 3 years ago

@lakhassane What was implemented here to resolve this? Was this a job or adaptor change? (Wondering if additional changes need to be made across other DTP jobs.)

aleksa-krolls commented 3 years ago

@lakhassane See my slack comment. The run I linked to above is for language-http (not primero) so I want to make sure this is indeed resolved.

lakhassane commented 3 years ago

@aleksa-krolls I replicated on those that use language-http