Commit 83696e88 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Increment trace mutation metric when masking secrets

This commits adds trace mutation metric, that we hope to don't see
incremented. Once we confirm this is not being used we will hide the
feature behind a feature flag disabled.
parent 06a3f976
...@@ -867,13 +867,17 @@ module Ci ...@@ -867,13 +867,17 @@ module Ci
options.dig(:release)&.any? options.dig(:release)&.any?
end end
def hide_secrets(trace) def hide_secrets(data, metrics = ::Gitlab::Ci::Trace::Metrics.new)
return unless trace return unless trace
trace = trace.dup data.dup.tap do |trace|
Gitlab::Ci::MaskSecret.mask!(trace, project.runners_token) if project Gitlab::Ci::MaskSecret.mask!(trace, project.runners_token) if project
Gitlab::Ci::MaskSecret.mask!(trace, token) if token Gitlab::Ci::MaskSecret.mask!(trace, token) if token
trace
if trace != data
metrics.increment_trace_operation(operation: :mutated)
end
end
end end
def serializable_hash(options = {}) def serializable_hash(options = {})
......
# frozen_string_literal: true
module Gitlab
module Ci
class Trace
class Metrics
extend Gitlab::Utils::StrongMemoize
OPERATIONS = [:mutated].freeze
def increment_trace_operation(operation: :unknown)
unless OPERATIONS.include?(operation)
raise ArgumentError, 'unknown trace operation'
end
self.class.trace_operations.increment(operation: operation)
end
def self.trace_operations
strong_memoize(:trace_operations) do
name = :gitlab_ci_trace_operations_total
comment = 'Total amount of different operations on a build trace'
Gitlab::Metrics.counter(name, comment)
end
end
end
end
end
end
...@@ -1012,18 +1012,53 @@ RSpec.describe Ci::Build do ...@@ -1012,18 +1012,53 @@ RSpec.describe Ci::Build do
end end
describe '#hide_secrets' do describe '#hide_secrets' do
let(:metrics) { spy('metrics') }
let(:subject) { build.hide_secrets(data) } let(:subject) { build.hide_secrets(data) }
context 'hide runners token' do context 'hide runners token' do
let(:data) { "new #{project.runners_token} data"} let(:data) { "new #{project.runners_token} data"}
it { is_expected.to match(/^new x+ data$/) } it { is_expected.to match(/^new x+ data$/) }
it 'increments trace mutation metric' do
build.hide_secrets(data, metrics)
expect(metrics)
.to have_received(:increment_trace_operation)
.with(operation: :mutated)
end
end end
context 'hide build token' do context 'hide build token' do
let(:data) { "new #{build.token} data"} let(:data) { "new #{build.token} data"}
it { is_expected.to match(/^new x+ data$/) } it { is_expected.to match(/^new x+ data$/) }
it 'increments trace mutation metric' do
build.hide_secrets(data, metrics)
expect(metrics)
.to have_received(:increment_trace_operation)
.with(operation: :mutated)
end
end
context 'when build does not include secrets' do
let(:data) { 'my build log' }
it 'does not mutate trace' do
trace = build.hide_secrets(data)
expect(trace).to eq data
end
it 'does not increment trace mutation metric' do
build.hide_secrets(data, metrics)
expect(metrics)
.not_to have_received(:increment_trace_operation)
.with(operation: :mutated)
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment