feat: Redact anonymous attributes within feature events (#77)

Author: keelerm84

apps/flutter_client_contract_test_service/bin/contract_test_service.dart

@@ -24,6 +24,7 @@ class TestApiImpl extends SdkTestApi {
     'client-independence',
     'context-comparison',
     'inline-context',
+    'anonymous-redaction'
   ];
 
   static const clientUrlPrefix = '/client/';

packages/common/lib/src/serialization/event_serialization.dart

@@ -51,7 +51,8 @@ final class EvalEventSerialization {
     json['context'] = LDContextSerialization.toJson(event.context,
         isEvent: true,
         allAttributesPrivate: allAttributesPrivate,
-        globalPrivateAttributes: globalPrivateAttributes);
+        globalPrivateAttributes: globalPrivateAttributes,
+        redactAnonymous: !isDebug);
 
     if (event.version != null) {
       json['version'] = event.version;

packages/common/lib/src/serialization/ld_context_serialization.dart

@@ -165,11 +165,16 @@ final class LDContextSerialization {
   /// references, then those attributes will be redacted in all context
   /// kinds.
   ///
+  /// if [isEvent] is true, and [redactAnonymous] is true, then for any
+  /// anonymous context provided, all attributes will be redacted regardless of
+  /// the [allAttributesPrivate] or [globalPrivateAttributes] settings.
+  ///
   /// Attempting to serialize an invalid context will return null.
   static Map<String, dynamic>? toJson(LDContext context,
       {required bool isEvent,
       bool allAttributesPrivate = false,
-      Set<AttributeReference>? globalPrivateAttributes}) {
+      Set<AttributeReference>? globalPrivateAttributes,
+      bool redactAnonymous = false}) {
     if (!context.valid) {
       // Cannot serialize an invalid context.
       return null;
@@ -179,7 +184,8 @@ final class LDContextSerialization {
       Map<String, dynamic> result = {
         ..._LDContextAttributesSerialization.toJson(attributes,
             isEvent: isEvent,
-            allAttributesPrivate: allAttributesPrivate,
+            allAttributesPrivate: allAttributesPrivate ||
+                (redactAnonymous && attributes.anonymous),
             globalPrivateAttributes: globalPrivateAttributes)
       };
       result['kind'] = attributes.kind;
@@ -191,7 +197,8 @@ final class LDContextSerialization {
         result[attributes.kind] = _LDContextAttributesSerialization.toJson(
             attributes,
             isEvent: isEvent,
-            allAttributesPrivate: allAttributesPrivate,
+            allAttributesPrivate: allAttributesPrivate ||
+                (redactAnonymous && attributes.anonymous),
             globalPrivateAttributes: globalPrivateAttributes);
       }
       return result;

packages/common/test/events/event_processor_test.dart

@@ -163,7 +163,11 @@ void main() {
     final (processor, _) = createProcessor(innerClient);
 
     final inputEvalEvent = EvalEvent(
-        context: LDContextBuilder().kind('user', 'user-key').build(),
+        context: LDContextBuilder()
+            .kind('user', 'user-key')
+            .setString('name', 'Example Name')
+            .anonymous(true)
+            .build(),
         flagKey: 'the-flag',
         defaultValue: LDValue.ofNum(10),
         evaluationDetail: LDEvaluationDetail(
@@ -186,6 +190,12 @@ void main() {
     expect(ldValueEvalEvent.getFor('kind').stringValue(), 'feature');
     expect(ldValueEvalEvent.getFor('creationDate').intValue(),
         inputEvalEvent.creationDate.millisecondsSinceEpoch);
+    expect(
+        ldValueEvalEvent
+            .getFor('context')
+            .getFor('_meta')
+            .getFor('redactedAttributes'),
+        LDValue.buildArray().addString('/name').build());
 
     final ldValueSummaryEvent = decodedAsLdValue.get(1);
     // Not validating each field, as the serialization tests handle that.

packages/common/test/serialization/ld_context_serialization_test.dart

@@ -85,6 +85,23 @@ void main() {
         .addString('dizzle', 'hgi')
         .build();
 
+    final expectedAnonymousContextWithFullRedaction = LDValueObjectBuilder()
+        .addString('kind', 'organization')
+        .addString('key', 'abc')
+        .addBool('anonymous', true)
+        .addValue(
+            '_meta',
+            LDValueObjectBuilder()
+                .addValue(
+                    'redactedAttributes',
+                    LDValueArrayBuilder()
+                        .addString('/firstName')
+                        .addString('/bizzle')
+                        .addString('/dizzle')
+                        .build())
+                .build())
+        .build();
+
     group('when it is serializing as a context', () {
       final isEvent = false;
       test('it includes all the attributes and the non-redacted meta data form',
@@ -147,6 +164,22 @@ void main() {
             expectedAnonymousContext);
       });
 
+      test('redactAnonymous only affects anonymous contexts', () {
+        final encoded = LDContextSerialization.toJson(basicContext,
+            isEvent: isEvent, redactAnonymous: true);
+        expect(LDValueSerialization.fromJson(encoded), expectedBasicContext);
+
+        final encodedWithName = LDContextSerialization.toJson(contextWithName,
+            isEvent: isEvent, redactAnonymous: true);
+        expect(LDValueSerialization.fromJson(encodedWithName),
+            expectedContextWithName);
+
+        final anonymousEncoded = LDContextSerialization.toJson(anonymousContext,
+            isEvent: isEvent, redactAnonymous: true);
+        expect(LDValueSerialization.fromJson(anonymousEncoded),
+            expectedAnonymousContextWithFullRedaction);
+      });
+
       test(
           'it redacts all non-protected attributes when allAttributesPrivate = true',
           () {
@@ -277,6 +310,7 @@ void main() {
   group('given a multi-kind context', () {
     final orgAndUserContext = LDContextBuilder()
         .kind('organization', 'LD')
+        .anonymous(true)
         .setBool('rocks', true)
         .name('name')
         .setValue('department',
@@ -317,6 +351,7 @@ void main() {
                     'organization',
                     LDValueObjectBuilder()
                         .addString('key', 'LD')
+                        .addBool('anonymous', true)
                         .addValue(
                             '_meta',
                             LDValueObjectBuilder()
@@ -363,6 +398,7 @@ void main() {
                     LDValueObjectBuilder()
                         .addString('key', 'LD')
                         .addBool('rocks', true)
+                        .addBool('anonymous', true)
                         .addString('name', 'name')
                         .addValue(
                             'department',
@@ -392,6 +428,54 @@ void main() {
                 .build());
       });
 
+      test('it should only redact anonymous attributes from anonymous contexts',
+          () {
+        final encoded = LDContextSerialization.toJson(orgAndUserContext,
+            isEvent: isEvent, redactAnonymous: true);
+
+        expect(
+            LDValueSerialization.fromJson(encoded),
+            LDValueObjectBuilder()
+                .addString('kind', 'multi')
+                .addValue(
+                    'organization',
+                    LDValueObjectBuilder()
+                        .addString('key', 'LD')
+                        .addBool('anonymous', true)
+                        .addValue(
+                            '_meta',
+                            LDValueObjectBuilder()
+                                .addValue(
+                                    'redactedAttributes',
+                                    LDValueArrayBuilder()
+                                        .addString('/name')
+                                        .addString('/rocks')
+                                        .addString('/department')
+                                        .build())
+                                .build())
+                        .build())
+                .addValue(
+                    'user',
+                    LDValueObjectBuilder()
+                        .addString('key', 'abc')
+                        .addValue('object',
+                            LDValueObjectBuilder().addString('a', 'a').build())
+                        .addNum('order', 3.0)
+                        .addString('name', 'alphabet')
+                        .addValue(
+                            '_meta',
+                            LDValueObjectBuilder()
+                                .addValue(
+                                    'redactedAttributes',
+                                    LDValueArrayBuilder()
+                                        .addString('letters')
+                                        .addString('/object/b')
+                                        .build())
+                                .build())
+                        .build())
+                .build());
+      });
+
       test('it should apply global private attributes to all contexts', () {
         final encoded = LDContextSerialization.toJson(orgAndUserContext,
             isEvent: isEvent,
@@ -406,6 +490,7 @@ void main() {
                     LDValueObjectBuilder()
                         .addString('key', 'LD')
                         .addBool('rocks', true)
+                        .addBool('anonymous', true)
                         .addValue(
                             'department',
                             LDValueObjectBuilder()