Follow-up from "Filter Geo proxied data from api_json.log"
The following discussion from gitlab-ce!30687 should be addressed:
-
@ashmckenzie started a discussion: (+2 comments) I agree we should filter out the output but I feel filtering on
/^output$/
could (either now or in the future) potentially swallow up some other valuable output. Alternatives I'm thinking about:- I don't know if it's possible, but if we could filter out
output
beforeconfig.filter_parameters
is consulted that feels like a more accurate solution - Change the
output
key to something more specific likeencoded_git_payload
and then filter out^encoded_git_payload$/
If 1. isn't possible (and regardless of 2.), we'd also need to ensure we create a workhorse MR to appease:
# NOTE: It is **IMPORTANT** to also update gitlab-workhorse's filter when adding parameters here to not # introduce another security vulnerability: https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182
Thoughts?
- I don't know if it's possible, but if we could filter out
Let's implement option 2. in this Issue, which will mean changes required to gitlab and gitlab-shell with careful consideration to allow supporting the current output
param name and the new name.
Edited by Ash McKenzie