Support PII Config in logStreams (#1130)

Author: ramya18101

src/tools/auth0/handlers/logStreams.ts

@@ -17,6 +17,29 @@ export const schema = {
           type: 'object',
         },
       },
+      pii_config: {
+        type: 'object',
+        required: ['log_fields'],
+        properties: {
+          log_fields: {
+            type: 'array',
+            items: {
+              type: 'string',
+              enum: ['first_name', 'last_name', 'username', 'email', 'phone', 'address'],
+            },
+          },
+          method: {
+            type: 'string',
+            enum: ['mask', 'hash'],
+            default: 'hash',
+          },
+          algorithm: {
+            type: 'string',
+            enum: ['xxhash'],
+            default: 'xxhash',
+          },
+        },
+      },
     },
     required: ['name'],
   },
@@ -75,23 +98,21 @@ export default class LogStreamsHandler extends DefaultAPIHandler {
 
     if (!logStreams) return;
 
-    const changes = await this.calcChanges(assets).then((changes) => {
-      return {
-        ...changes,
-        update: changes.update.map((update: LogStream) => {
-          if (update.type === 'eventbridge' || update.type === 'eventgrid') {
-            delete update.sink;
-          }
-          if (update.status === 'suspended') {
-            // @ts-ignore because while status is usually expected for update payloads, it is ok to be omitted
-            // for suspended log streams. Setting as `active` in these instances would probably be ok
-            // but bit presumptuous, let suspended log streams remain suspended.
-            delete update.status;
-          }
-          return update;
-        }),
-      };
-    });
+    const changes = await this.calcChanges(assets).then((changes) => ({
+      ...changes,
+      update: changes.update.map((update: LogStream) => {
+        if (update.type === 'eventbridge' || update.type === 'eventgrid') {
+          delete update.sink;
+        }
+        if (update.status === 'suspended') {
+          // @ts-ignore because while status is usually expected for update payloads, it is ok to be omitted
+          // for suspended log streams. Setting as `active` in these instances would probably be ok
+          // but bit presumptuous, let suspended log streams remain suspended.
+          delete update.status;
+        }
+        return update;
+      }),
+    }));
 
     await super.processChanges(assets, changes);
   }

test/tools/auth0/handlers/logStreams.test.ts

@@ -14,6 +14,11 @@ const mockLogStreams = [
       splunkToken: '7b838bd0-028e-4d78-a82c-3564a2007770',
       splunkSecure: false,
     },
+    pii_config: {
+      log_fields: ['first_name', 'last_name', 'phone'],
+      method: 'mask',
+      algorithm: 'xxhash',
+    },
   },
   {
     id: 'log-stream-2',
@@ -26,6 +31,11 @@ const mockLogStreams = [
       httpContentType: 'application/json',
       httpEndpoint: 'https://example.com/test',
     },
+    pii_config: {
+      log_fields: ['username', 'email', 'address'],
+      method: 'hash',
+      algorithm: 'xxhash',
+    },
   },
   {
     id: 'log-stream-3',
@@ -107,6 +117,11 @@ describe('#logStreams handler', () => {
               splunkToken: '_VALUE_NOT_SHOWN_', // secret obfuscated
               splunkSecure: false,
             },
+            pii_config: {
+              log_fields: ['first_name', 'last_name', 'phone'],
+              method: 'mask',
+              algorithm: 'xxhash',
+            },
           },
           {
             id: 'log-stream-2',
@@ -119,6 +134,11 @@ describe('#logStreams handler', () => {
               httpContentType: 'application/json',
               httpEndpoint: 'https://example.com/test',
             },
+            pii_config: {
+              log_fields: ['username', 'email', 'address'],
+              method: 'hash',
+              algorithm: 'xxhash',
+            },
           },
           {
             id: 'log-stream-3',