aksd: bump headlamp to telemetry privacy hardening#627
Draft
gambtho wants to merge 1 commit intoAzure:mainfrom
Draft
aksd: bump headlamp to telemetry privacy hardening#627gambtho wants to merge 1 commit intoAzure:mainfrom
gambtho wants to merge 1 commit intoAzure:mainfrom
Conversation
Pulls in six commits in the headlamp-downstream branch: - aksd: lock down App Insights SDK config and strip envelope tags - aksd: test privacy telemetry initializer - aksd: allowlist telemetry event types in headlampEventSlice - aksd: test allowlist gating and data non-propagation - aksd: replace trackException with minimal exception event - aksd: test ErrorBoundary exception telemetry Net result: each outgoing telemetry envelope contains only an allowlisted event name and (for 'exception') errorName. No URL, user id, session id, IP, cluster, namespace, resource name, error message, or stack.
Contributor
There was a problem hiding this comment.
Pull request overview
Bumps the headlamp git submodule pointer to pull in the Headlamp “telemetry privacy hardening” work from the headlamp-downstream branch, so that outgoing App Insights telemetry is restricted to an allowlisted event name (and errorName for the exception event) with privacy-defense-in-depth sanitization.
Changes:
- Update the
headlampsubmodule SHA to include the six downstream commits that harden telemetry privacy (SDK config lockdown, allowlist gating, minimal exception event, and accompanying tests). - Align this repo’s Headlamp dependency to the state required by the linked Headlamp PR (#626).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Submodule pointer bump for the headlamp telemetry privacy hardening work. Pulls in six commits from the
headlamp-downstreambranch:aksd: lock down App Insights SDK config and strip envelope tagsaksd: test privacy telemetry initializeraksd: allowlist telemetry event types in headlampEventSliceaksd: test allowlist gating and data non-propagationaksd: replace trackException with minimal exception eventaksd: test ErrorBoundary exception telemetryAfter merge, each outgoing App Insights envelope contains only an allowlisted event name and (for
'exception')errorName. No URL, user id, session id, IP, cluster, namespace, resource name, error message, or stack.Depends on: #626 (the corresponding headlamp-downstream PR). Merge that first, then this.
Test plan
headlamp-downstream(so this submodule SHA is reachable on the upstream branch).git submodule update --init --recursiveresolves to the new SHA cleanly.