Updated docs for `logging.apiLogging.obfuscateURLs` config option (#3122)

* Updated docs for `logging.apiLogging.obfuscateURLs` config option Fixes #3117 Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com> Signed-off-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> --------- Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>
2023-02-08 15:59:43 -08:00 · 2023-02-08 15:59:43 -08:00 · a40d382086
parent 3e5af6cd3a
commit a40d382086
2 changed files with 22 additions and 4 deletions
--- a/daprdocs/content/en/operations/configuration/configuration-overview.md
+++ b/daprdocs/content/en/operations/configuration/configuration-overview.md
@ -117,6 +117,7 @@ The `logging` section under the `Configuration` spec contains the following prop
 logging:
  apiLogging:
    enabled: false
    obfuscateURLs: false
    omitHealthChecks: false
 ```
@ -125,6 +126,7 @@ The following table lists the properties for logging:
 | Property     | Type   | Description |
 |--------------|--------|-------------|
 | `apiLogging.enabled` | boolean | The default value for the `--enable-api-logging` flag for `daprd` (and the corresponding `dapr.io/enable-api-logging` annotation): the value set in the Configuration spec is used as default unless a `true` or `false` value is passed to each Dapr Runtime. Default: `false`.
 | `apiLogging.obfuscateURLs` | boolean | When enabled, obfuscates the values of URLs in HTTP API logs (if enabled), logging the abstract route name rather than the full path being invoked, which could contain Personal Identifiable Information (PII). Default: `false`.
 | `apiLogging.omitHealthChecks` | boolean | If `true`, calls to health check endpoints (e.g. `/v1.0/healthz`) are not logged when API logging is enabled. This is useful if those calls are adding a lot of noise in your logs. Default: `false`
 See [logging documentation]({{< ref "logs.md" >}}) for more information.
--- a/daprdocs/content/en/operations/troubleshooting/api-logs-troubleshooting.md
+++ b/daprdocs/content/en/operations/troubleshooting/api-logs-troubleshooting.md
@ -40,11 +40,11 @@ $ dapr run --enable-api-logging -- node myapp.js
 ℹ️  Starting Dapr with id order-processor on port 56730
 ✅  You are up and running! Both Dapr and your app logs will appear here.
 .....
-INFO[0000] HTTP API Called app_id=order-processor instance=mypc method="POST /v1.0/state/{name}" scope=dapr.runtime.http-info type=log useragent=Go-http-client/1.1 ver=edge
+INFO[0000] HTTP API Called app_id=order-processor instance=mypc method="POST /v1.0/state/mystate" scope=dapr.runtime.http-info type=log useragent=Go-http-client/1.1 ver=edge
 == APP == INFO:root:Saving Order: {'orderId': '483'}
-INFO[0000] HTTP API Called app_id=order-processor instance=mypc method="GET /v1.0/state/{name}/{key}" scope=dapr.runtime.http-info type=log useragent=Go-http-client/1.1 ver=edge
+INFO[0000] HTTP API Called app_id=order-processor instance=mypc method="GET /v1.0/state/mystate/key123" scope=dapr.runtime.http-info type=log useragent=Go-http-client/1.1 ver=edge
 == APP == INFO:root:Getting Order: {'orderId': '483'}
-INFO[0000] HTTP API Called app_id=order-processor instance=mypc method="DELETE /v1.0/state/{name}" scope=dapr.runtime.http-info type=log useragent=Go-http-client/1.1 ver=edge
+INFO[0000] HTTP API Called app_id=order-processor instance=mypc method="DELETE /v1.0/state/mystate" scope=dapr.runtime.http-info type=log useragent=Go-http-client/1.1 ver=edge
 == APP == INFO:root:Deleted Order: {'orderId': '483'}
 INFO[0000] HTTP API Called app_id=order-processor instance=mypc method="PUT /v1.0/metadata/cliPID" scope=dapr.runtime.http-info type=log useragent=Go-http-client/1.1 ver=edge
 ```
@ -68,7 +68,7 @@ See the kubernetes API logs by executing the below command.
 kubectl logs <pod_name> daprd -n <name_space>
 ```
-The example below show `info` level API logging in Kubernetes.
+The example below show `info` level API logging in Kubernetes (with [URL obfuscation](#obfuscate-urls-in-http-api-logging) enabled).
 ```bash
 time="2022-03-16T18:32:02.487041454Z" level=info msg="HTTP API Called" method="POST /v1.0/invoke/{id}/method/{method:*}" app_id=invoke-caller instance=invokecaller-f4f949886-cbnmt scope=dapr.runtime.http-info type=log useragent=Go-http-client/1.1 ver=edge
@ -98,6 +98,22 @@ logging:
    enabled: true
 ```
 ### Obfuscate URLs in HTTP API logging
 By default, logs for API calls in the HTTP endpoints include the full URL being invoked (for example, `POST /v1.0/invoke/directory/method/user-123`), which could contain Personal Identifiable Information (PII).
 To reduce the risk of PII being accidentally included in API logs (when enabled), Dapr can instead log the abstract route being invoked (for example, `POST /v1.0/invoke/{id}/method/{method:*}`). This can help ensuring compliance with privacy regulations such as GDPR.
 To enable obfuscation of URLs in Dapr's HTTP API logs, set `logging.apiLogging.obfuscateURLs` to `true`. For example:
 ```yaml
 logging:
  apiLogging:
    obfuscateURLs: true
 ```
 Logs emitted by the Dapr gRPC APIs are not impacted by this configuration option, as they only include the name of the method invoked and no arguments.
 ### Omit health checks from API logging
 When API logging is enabled, all calls to the Dapr API server are logged, including those to health check endpoints (e.g. `/v1.0/healthz`). Depending on your environment, this may generate multiple log lines per minute and could create unwanted noise.