search

pydantic / logfire

Uncomplicated Observability for Python and beyond! 🪵🔥
https://docs.pydantic.dev/logfire/
MIT License
1.62k stars 46 forks source link

Unnecessary `Redacted due to 'auth'` #248

Open mattzcarey opened 2 weeks ago

mattzcarey commented 2 weeks ago

Description

I have a FastAPI endpoint which I am hitting to get some authentication types from some documentation. The endpoint is /auth/classify. Neither the input or the output from that endpoint contains secrets yet the body is still redacted:

input": {
  "auth_types" :[
    "[Redacted due to 'auth']"
  ]
}

Is there anyway to switch this off as it would be nice to see these in the logs. To be clear this isnt a header or anything. This is just a body with the key auth and a value of string[] (it's actually an enum of values like 'BASIC', 'BEARER' etc.)

I guess I can manually emit a span but that kinda defeats the point of auto instrumentation.

Python, Logfire & OS Versions, related packages (not required)

logfire="0.40.0"
platform="macOS-14.5-arm64-arm-64bit"
python="3.11.6 (main, May  8 2024, 18:55:10) [Clang 15.0.0 (clang-1500.3.9.4)]"
[related_packages]
requests="2.32.3"
pydantic="2.7.2"
fastapi="0.111.0"
openai="1.30.5"
protobuf="4.25.3"
rich="13.7.1"
executing="2.0.1"
opentelemetry-api="1.25.0"
opentelemetry-exporter-otlp-proto-common="1.25.0"
opentelemetry-exporter-otlp-proto-http="1.25.0"
opentelemetry-instrumentation="0.46b0"
opentelemetry-instrumentation-aiohttp-client="0.46b0"
opentelemetry-instrumentation-asgi="0.46b0"
opentelemetry-instrumentation-dbapi="0.46b0"
opentelemetry-instrumentation-fastapi="0.46b0"
opentelemetry-instrumentation-httpx="0.46b0"
opentelemetry-instrumentation-jinja2="0.46b0"
opentelemetry-instrumentation-requests="0.46b0"
opentelemetry-instrumentation-sqlite3="0.46b0"
opentelemetry-instrumentation-urllib="0.46b0"
opentelemetry-instrumentation-urllib3="0.46b0"
opentelemetry-proto="1.25.0"
opentelemetry-sdk="1.25.0"
opentelemetry-semantic-conventions="0.46b0"
opentelemetry-util-http="0.46b0"
alexmojaki commented 2 weeks ago

See https://docs.pydantic.dev/logfire/guides/advanced/scrubbing/#scrubbing-less-with-a-callback for how to whitelist values.

You can find this page if you search the docs for 'redacted' but I think you're at least the 4th person to ask about this so I think people just aren't trying that. We should probably change [Redacted due to 'auth'] to [Scrubbed due to 'auth'] to increase the chances that people will see the page in the sidebar or the params to configure and make the connection. Do you think that would have helped you?

@dmontagu I think we need to implement https://pydanticlogfire.slack.com/archives/C06EDRBSAH3/p1714500893342199?thread_ts=1714500208.780959&cid=C06EDRBSAH3:

The UI could help, e.g. you could click on a redacted value and get a popup with some generated callback code and a link to docs.

WDYT of that? It'd require some changes to both the SDK and UI and some design discussion.

mattzcarey commented 2 weeks ago

Thanks. Makes alot of sense I didnt quite get there in the docs yet :)

alexmojaki commented 2 weeks ago

Reopening because we still need to do something here, too many users stumble on it.