Class: OpenTelemetry::Instrumentation::Net::LDAP::AttributeMapper

Inherits:
Object
  • Object
show all
Defined in:
lib/opentelemetry/instrumentation/net/ldap/attribute_mapper.rb

Overview

attribute mapper to redact keys which are not allowed

Constant Summary collapse

LDAP_GENERAL_ATTRIBUTES = 
Set['attributes', 'base', 'filter', 'ignore_server_caps', 'left', 'op', 'operations',
'paged_searches_supported', 'replace', 'right', 'scope'].freeze
LDAP_OBJECT_ATTRIBUTES = 
Set['accountExpires', 'codePage', 'countryCode', 'cn', 'description', 'displayName',
'distinguishedName', 'dn', 'givenName', 'instanceType', 'mail', 'memberOf', 'name',
'objectCategory', 'objectClass', 'pwdChangedTime', 'pwdLastSet', 'sAMAccountName',
'userAccountControl', 'userPrincipalName'].freeze
SPAN_ATTRIBUTES = 
Set['exception.message', 'exception.stacktrace', 'exception.type', 'ldap.auth.method',
'ldap.auth.username', 'ldap.error.message', 'ldap.operation.type', 'ldap.request.message',
'ldap.response.status_code', 'ldap.tree.base', 'network.protocol.name',
'network.protocol.version', 'network.transport', 'peer.service', 'server.address',
'server.port'].freeze
ALLOWED_KEYS = 
(LDAP_GENERAL_ATTRIBUTES + LDAP_OBJECT_ATTRIBUTES + SPAN_ATTRIBUTES).freeze

Class Method Summary collapse

Class Method Details

.deep_map(obj) ⇒ Object 



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/opentelemetry/instrumentation/net/ldap/attribute_mapper.rb', line 42

def self.deep_map(obj)
  case obj
  when Hash
    obj.each_with_object({}) do |(k, v), result|
      key_str = k.to_s
      result[k] = ALLOWED_KEYS.include?(key_str) ? deep_map(v) : redact(v)
    end
  when Array
    # Special case: LDAP operation tuple like ["replace", "unicodePwd", ["value"]]
    if obj.size == 3 && obj[1].is_a?(String) && !ALLOWED_KEYS.include?(obj[1])
      [obj[0], obj[1], ['[REDACTED]']]
    else
      obj.map { |item| deep_map(item) }
    end
  when String
    return obj unless obj.strip.start_with?('{', '[')

    map_json(obj)
  else
    obj
  end
end

.map(attributes) ⇒ Object 



38
39
40
 
# File 'lib/opentelemetry/instrumentation/net/ldap/attribute_mapper.rb', line 38

def self.map(attributes)
  deep_map(attributes)
end

.map_json(json_string) ⇒ Object 



30
31
32
33
34
35
36
 
# File 'lib/opentelemetry/instrumentation/net/ldap/attribute_mapper.rb', line 30

def self.map_json(json_string)
  parsed = JSON.parse(json_string)
  redacted = deep_map(parsed)
  JSON.generate(redacted)
rescue JSON::ParserError
  json_string
end

.redact(_value) ⇒ Object 



26
27
28
 
# File 'lib/opentelemetry/instrumentation/net/ldap/attribute_mapper.rb', line 26

def self.redact(_value)
  '[REDACTED]'
end