Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mask lock stats PII in CloudSpannerReceiver #16349

Closed
architjugran opened this issue Nov 17, 2022 · 1 comment
Closed

Mask lock stats PII in CloudSpannerReceiver #16349

architjugran opened this issue Nov 17, 2022 · 1 comment
Labels
enhancement New feature or request receiver/googlecloudspanner

Comments

@architjugran
Copy link
Contributor

architjugran commented Nov 17, 2022
edited by dashpole
Loading

Component(s)

receiver/googlecloudspanner

Is your feature request related to a problem? Please describe.

Feature request:
When monitoring Cloud Spanner statics by using Cloud Spanner receiver , one of our customers would like to mask PII information which included labels metrics as row_range_start_key so that development engineers can tune or debug Cloud Spanner based on statics metrics like Query statistics, Read statistics, Transaction statistics, Lock statistics and others.

Context:
Metrics collected by Cloud Spanner receiver could include PII data in their labels row_range_start_key is used as label in the lock-stats metric.

Customer is ok for the system tables to include PII data as labels but would not like to export that information to the backend.

Describe the solution you'd like

Add a configurable option to mask the PII in lock stats metrics for customers.

For the metric "top minute lock stats", the label "row_range_start_key" (https://cloud.google.com/spanner/docs/introspection/lock-statistics#explain-row-range) has PII information of table key values. We can give the ability to hash the keys individually such that
table_name(key1,key2) becomes table_name(hash1,hash2).
Note that even though key values are hashed, a user can identify if sets of keys share common prefix like table1(key1,key2) and table1(key1,key3)

Describe alternatives you've considered

Workarounds explored :
Redaction processor would not work for my use-case .
Reason being I want to modify the value of the metric label in a certain manner.

Example: if value is "Table_name(key1, key2, key1...)" , i will modify it to be "Table_name(hash1, hash2, hash1...)" if the user wants to. As you can see, each key will correspond to a hashed value, and table_name will not be hashed.
Hence I don't think above functionality is possible via redaction processor.

Additional context

No response
@architjugran architjugran added enhancement New feature or request needs triage New item requiring triage labels Nov 17, 2022
@architjugran architjugran mentioned this issue Nov 17, 2022
Merged
@github-actions
Copy link
Contributor

Pinging code owners: @ydrozhdzhal @asukhyy @khospodarysko @architjugran. See Adding Labels via Comments if you do not have permissions to add labels yourself.

@fatsheep9146 fatsheep9146 removed the needs triage New item requiring triage label Nov 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request receiver/googlecloudspanner
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dashpole @fatsheep9146 @architjugran