add "*principal*" to list of sanitized field names (#1664)

* add "*principal*" to list of sanitized field names

closes #1641

* update docs and changelog

* revert masking

Author: beniwohli

CHANGELOG.asciidoc

@@ -37,6 +37,7 @@ endif::[]
 ===== Features
  * Add backend granularity data to SQL backends as well as Cassandra and pymongo {pull}1585[#1585], {pull}1639[#1639]
  * Add support for instrumenting the Elasticsearch 8 Python client {pull}1642[#1642]
+ * Add `*principal*` to default `sanitize_field_names` configuration {pull}1664[#1664]
  * Add docs and better support for custom metrics, including in AWS Lambda {pull}1643[#1643]
 
 [float]

docs/configuration.asciidoc

@@ -876,6 +876,7 @@ WARNING: We recommend always including the default set of validators if you cust
                                                                   "*credit*",
                                                                   "*card*",
                                                                   "*auth*",
+                                                                  "*principal*",
                                                                   "set-cookie"]`
 |============
 

elasticapm/conf/constants.py

@@ -31,16 +31,17 @@
 import decimal
 import re
 from collections import namedtuple
+from typing import Pattern
 
 
-def _starmatch_to_regex(pattern):
+def _starmatch_to_regex(pattern: str) -> Pattern:
     """
     This is a duplicate of starmatch_to_regex() in utils/__init__.py
 
     Duplication to avoid circular imports
     """
     options = re.DOTALL
-    # check if we are case sensitive
+    # check if we are case-sensitive
     if pattern.startswith("(?-i)"):
         pattern = pattern[5:]
     else:
@@ -98,6 +99,7 @@ def _starmatch_to_regex(pattern):
     "*credit*",
     "*card*",
     "*auth*",
+    "*principal*",
     "set-cookie",
 ]
 
@@ -107,12 +109,7 @@ def _starmatch_to_regex(pattern):
     SUCCESS="success", FAILURE="failure", UNKNOWN="unknown"
 )
 
-try:
-    # Python 2
-    LABEL_TYPES = (bool, int, long, float, decimal.Decimal)
-except NameError:
-    # Python 3
-    LABEL_TYPES = (bool, int, float, decimal.Decimal)
+LABEL_TYPES = (bool, int, float, decimal.Decimal)
 
 TRACESTATE = namedtuple("TRACESTATE", ["SAMPLE_RATE"])(SAMPLE_RATE="s")
 TRACE_CONTINUATION_STRATEGY = namedtuple("TRACE_CONTINUATION_STRATEGY", ["CONTINUE", "RESTART", "RESTART_EXTERNAL"])(

elasticapm/utils/__init__.py

@@ -183,7 +183,7 @@ def read_pem_file(file_obj) -> bytes:
 
 def starmatch_to_regex(pattern: str) -> Pattern:
     options = re.DOTALL
-    # check if we are case sensitive
+    # check if we are case-sensitive
     if pattern.startswith("(?-i)"):
         pattern = pattern[5:]
     else:

tests/processors/tests.py

@@ -63,6 +63,7 @@ def http_test_data():
                     "authorization": "bearer xyz",
                     "some-header": "some-secret-value",
                     "cookie": "foo=bar; baz=foo",
+                    "Ms-Client-Principal-Id": "foo",
                 },
                 "cookies": {
                     "foo": "bar",
@@ -85,6 +86,7 @@ def http_test_data():
                     "authorization": "bearer xyz",
                     "some-header": "some-secret-value",
                     "cookie": "foo=bar; baz=foo",
+                    "Ms-Client-Principal-Id": "foo",
                 },
             },
         }
@@ -296,6 +298,7 @@ def test_sanitize_http_headers(elasticapm_client, custom_header, http_test_data)
         "password": processors.MASK,
         "secret": processors.MASK,
         "authorization": processors.MASK,
+        "Ms-Client-Principal-Id": processors.MASK,
     }
     expected.update(custom_header)
     assert result["context"]["request"]["headers"] == expected