AIP-147: No rules to enforce "sensitive fields" guidance

googleapis / api-linter

A linter for APIs defined in protocol buffers.

https://linter.aip.dev/

Apache License 2.0

599 stars 144 forks source link

AIP-147: No rules to enforce "sensitive fields" guidance #1429

Open loeffel-io opened 2 months ago

loeffel-io commented 2 months ago

It looks like there are no rules for AIP 147 (INPUT_ONLY)

noahdietz commented 2 months ago

Indeed there are not. I think this is at least partially due to the lack of a strong heuristic/signal to use in identifying the fields that the guidance would pertain to. For example, going off of field name having _secret doesn't really give a strong signal that the field in question is actually sensitive and needs to be handled as AIP-147 describes.

Do you have any suggestions?

I think this might be one of the "suggested pattern" AIPs rather than "required design" AIPs e.g. AIP-131.

noahdietz commented 2 months ago

If we had an annotation that identified the contents as a known sensitive data type e.g. a PEM key or that the field's contents were simply "sensitive", we'd be able to definitively identify fields that the guidance applied to.