diff --git a/src/tools/auth0/handlers/logStreams.ts b/src/tools/auth0/handlers/logStreams.ts index 6d33a565..e9f6c9fc 100644 --- a/src/tools/auth0/handlers/logStreams.ts +++ b/src/tools/auth0/handlers/logStreams.ts @@ -17,6 +17,29 @@ export const schema = { type: 'object', }, }, + pii_config: { + type: 'object', + required: ['log_fields'], + properties: { + log_fields: { + type: 'array', + items: { + type: 'string', + enum: ['first_name', 'last_name', 'username', 'email', 'phone', 'address'], + }, + }, + method: { + type: 'string', + enum: ['mask', 'hash'], + default: 'hash', + }, + algorithm: { + type: 'string', + enum: ['xxhash'], + default: 'xxhash', + }, + }, + }, }, required: ['name'], }, @@ -75,23 +98,21 @@ export default class LogStreamsHandler extends DefaultAPIHandler { if (!logStreams) return; - const changes = await this.calcChanges(assets).then((changes) => { - return { - ...changes, - update: changes.update.map((update: LogStream) => { - if (update.type === 'eventbridge' || update.type === 'eventgrid') { - delete update.sink; - } - if (update.status === 'suspended') { - // @ts-ignore because while status is usually expected for update payloads, it is ok to be omitted - // for suspended log streams. Setting as `active` in these instances would probably be ok - // but bit presumptuous, let suspended log streams remain suspended. - delete update.status; - } - return update; - }), - }; - }); + const changes = await this.calcChanges(assets).then((changes) => ({ + ...changes, + update: changes.update.map((update: LogStream) => { + if (update.type === 'eventbridge' || update.type === 'eventgrid') { + delete update.sink; + } + if (update.status === 'suspended') { + // @ts-ignore because while status is usually expected for update payloads, it is ok to be omitted + // for suspended log streams. Setting as `active` in these instances would probably be ok + // but bit presumptuous, let suspended log streams remain suspended. + delete update.status; + } + return update; + }), + })); await super.processChanges(assets, changes); } diff --git a/test/tools/auth0/handlers/logStreams.test.ts b/test/tools/auth0/handlers/logStreams.test.ts index 11c0f3eb..b2bdcb0e 100644 --- a/test/tools/auth0/handlers/logStreams.test.ts +++ b/test/tools/auth0/handlers/logStreams.test.ts @@ -14,6 +14,11 @@ const mockLogStreams = [ splunkToken: '7b838bd0-028e-4d78-a82c-3564a2007770', splunkSecure: false, }, + pii_config: { + log_fields: ['first_name', 'last_name', 'phone'], + method: 'mask', + algorithm: 'xxhash', + }, }, { id: 'log-stream-2', @@ -26,6 +31,11 @@ const mockLogStreams = [ httpContentType: 'application/json', httpEndpoint: 'https://example.com/test', }, + pii_config: { + log_fields: ['username', 'email', 'address'], + method: 'hash', + algorithm: 'xxhash', + }, }, { id: 'log-stream-3', @@ -107,6 +117,11 @@ describe('#logStreams handler', () => { splunkToken: '_VALUE_NOT_SHOWN_', // secret obfuscated splunkSecure: false, }, + pii_config: { + log_fields: ['first_name', 'last_name', 'phone'], + method: 'mask', + algorithm: 'xxhash', + }, }, { id: 'log-stream-2', @@ -119,6 +134,11 @@ describe('#logStreams handler', () => { httpContentType: 'application/json', httpEndpoint: 'https://example.com/test', }, + pii_config: { + log_fields: ['username', 'email', 'address'], + method: 'hash', + algorithm: 'xxhash', + }, }, { id: 'log-stream-3',