search

department-of-veterans-affairs / va.gov-cms

Editor-centered management for Veteran-centered content.
https://prod.cms.va.gov
GNU General Public License v2.0
98 stars 69 forks source link

Monolog processor to put UID in log messages #19175

Closed timcosgrove closed 3 weeks ago

timcosgrove commented 1 month ago

User Story or Problem Statement

In #19156, we removed Monolog's current_user processor, which was writing both uid and username information to log messages. username is PII, but uid is not. It is useful to be able to tie a log message back to the user whose actions resulted in the log message, so we should re-enable uid.

Description or Additional Context

The 'current_user' processor Monolog provides is here: https://git.drupalcode.org/project/monolog/-/blob/3.0.x/src/Logger/Processor/CurrentUserProcessor.php?ref_type=heads

This can almost certainly be used as a starting part for what we want. We specifically do not want to write email, username, or any other personally identifying information to the log; only user ID should be written.

The processor can be activated by adding it to a custom module's services. Example here: https://github.com/department-of-veterans-affairs/va.gov-cms/blob/main/docroot/modules/custom/va_gov_backend/va_gov_backend.services.yml#L47

Steps for Implementation

Acceptance Criteria

gracekretschmer-metrostar commented 4 weeks ago

Pull into sprint 20.

edmund-dunn commented 3 weeks ago

Image This is what shows up for the drupal logs being passed to Datadog, note that it is only the uid NOT the username. This was taken from the logs from before we removed the default current_user processor.

The update is a copy/paste of the default processor and replacing the username part with the uid where it is being made available even though only the uid appears to be passed currently.