[Messenger] add missing log context when sending to failure transport #46450
Conversation
|
Hey! I see that this is your first PR. That is great! Welcome! Symfony has a contribution guide which I suggest you to read. In short:
Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change. When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor! I am going to sit back now and wait for the reviews. Cheers! Carsonbot |
|
Thanks for the PR. This change looks like a new feature to me, or is there something that breaks without it? |
|
Hello and thanks for the reply! 🙂 You're right, it's not broken. I was also hesitating between a bug and a feature... |
|
That’s a new feature 😀 |
|
I have updated the pull request accordingly. 😉 |
|
Message content can be very huge. This can also overflow some third party service. But I like the idea. I'm my application, I usually log raw object, then I add a custom monolog processor to keep only what I need. (I gave a talk about it) We could do the same here
So if people want more or less information in the log, they can decorate / replace the default processor in the DIC. WDYT? (I actually really like the idea. I think it could be generalized to the framework, when applicable) |
|
Your idea goes further than my initial thoughts, but I really like it! 🙂 Instead of adding an additional risk of overflow (the message is already logged in multiple places), we would fix a minor lack and improve the component monitoring. Moreover, the possibility to replace/decorate the processor would be great. I can try to work on this approach in the coming days if nobody else is on it. |
Please, wait for more approval from the core team, I'm not sure everything is OK with that ping @symfony/mergers |
There was a problem hiding this comment.
I agree with @lyrixx. This is a great feature. But messages can be huge. Messages can also include sensitive data (passwords) that should not end up in the logs.
I suggest to remove the message. Adding the message class is little but enough info to add more logging in your app if you need to know the exact contents of the message.
| $this->logger?->info('Rejected message {class} will be sent to the failure transport {transport}.', [ | ||
| 'class' => \get_class($envelope->getMessage()), | ||
| 'message' => $message, |
| $this->logger?->info('Rejected message {class} will be sent to the failure transport {transport}.', [ | ||
| 'class' => \get_class($envelope->getMessage()), | ||
| 'message' => $message, | ||
| 'class' => \get_class($message), |
There was a problem hiding this comment.
| 'class' => \get_class($message), | |
| 'message_class' => \get_class($message), |
|
@Nyholm removing this key is basically closing the pull request. 😅 Joke aside, what is your opinion on the processor approach proposed by @lyrixx? We could only keep the message class by default and let users decide if they want to add further data through decorators. Because even if we decide to not add the message within
|
|
Adding the raw message is a no go unfortunately. IMHO the custom processor is the way to go. |
|
Thanks for your feedback. In that case, I'm closing this pull request. But while I understand the reason why adding the message could cause problems (e.g. leak of sensitive data or logs overflow), I don't understand why it's a problem here and not in the other parts of the component. Am I missing something? |
|
You are correct. Maybe we did miss something in previous prs. I would be super happy if you want to help by removing those instances to. |
|
No problem, I'll submit a PR with the removal of other instances. But I would love to have a workaround idea for the application I'm working on since we use the message details to monitor exactly what's going on. 😉 Should we subscribe to Messenger events and add our own log entries? |
Yes, |
This PR was merged into the 5.4 branch. Discussion ---------- [Messenger] Do not log the message object itself In order to avoid the leak of sensitive data (e.g. credentials) or the overflow of third-party services. | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | | License | MIT | Doc PR | This is a follow-up of #46450 where we had a discussion with @Nyholm about the problems related to the logging of the message object. I'm targeting the `5.4` branch as we see this change as a (security ?) fix rather than a new feature. Commits ------- f1604e6 [Messenger] Do not log the message object itself
Why?
Logs generated by
SendFailedMessageToFailureTransportListener::onMessageFaileddo not include the message in the context, unlike those generated bySendFailedMessageForRetryListener::onMessageFailed.Before
After