Module: Mongo::Monitoring::Event::Secure

Included in:

CommandStarted, CommandSucceeded, Protocol::Msg, Protocol::Query

Defined in:

lib/mongo/monitoring/event/secure.rb

Overview

Provides behavior to redact sensitive information from commands and replies.

Since:

• 2.1.0

Constant Summary

REDACTED_COMMANDS =

The list of commands that has the data redacted for security.

Since:

• 2.1.0

[
  'authenticate',
  'saslStart',
  'saslContinue',
  'getnonce',
  'createUser',
  'updateUser',
  'copydbgetnonce',
  'copydbsaslstart',
  'copydb'
].freeze

Instance Method Summary

• #compression_allowed?(command_name) ⇒ true, false

  Is compression allowed for a given command message.

• #redacted(command_name, document) ⇒ BSON::Document

  Redact secure information from the document if it’s command is in the list.

Instance Method Details

#compression_allowed?(command_name) ⇒ true, false

Is compression allowed for a given command message.

Examples:

Determine if compression is allowed for a given command.

secure.compression_allowed?(selector)

Parameters:

• command_name (String, Symbol) —

  The command name.

Returns:

• (true, false) —

  Whether compression can be used.

Since:

• 2.5.0

# File 'lib/mongo/monitoring/event/secure.rb', line 66

def compression_allowed?(command_name)
  @compression_allowed ||= !REDACTED_COMMANDS.include?(command_name.to_s)
end

#redacted(command_name, document) ⇒ BSON::Document

Redact secure information from the document if it’s command is in the list.

Examples:

Get the redacted document.

secure.redacted(command_name, document)

Parameters:

• command_name (String, Symbol) —

  The command name.

• document (BSON::Document) —

  The document.

Returns:

• (BSON::Document) —

  The redacted document.

Since:

• 2.1.0

# File 'lib/mongo/monitoring/event/secure.rb', line 52

def redacted(command_name, document)
  REDACTED_COMMANDS.include?(command_name.to_s) ? BSON::Document.new : document
end