Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Collector security documentation #5209

Merged
merged 48 commits into from
Nov 2, 2024
Merged

Add Collector security documentation #5209

merged 48 commits into from
Nov 2, 2024

Conversation

tiffany76
Copy link
Contributor

This PR moves end user security documentation from a README in the Collector core repository to the OTel docs website.

Based on decisions in previous issues and PRs, the following are assumed:

  • Security documentation intended for component developers will remain in the README, which will be amended in a follow-up PR.
  • Both documents will cross-reference the other.
  • The top-level Collector landing page and the Collector configuration page will link to the security documents.

Tracking issue: #3479
Related to: #3227

NOTE: Much of the work for this PR was done by @mjingle in #3652. With her permission, I am building on her efforts.

@opentelemetrybot opentelemetrybot requested a review from a team September 17, 2024 01:10
@tiffany76
Copy link
Contributor Author

Still lots to do. I'll let everyone know when it's in a state fit for reviewing. 👍

@mx-psi mx-psi self-requested a review September 17, 2024 07:49
@opentelemetrybot opentelemetrybot requested a review from a team September 19, 2024 22:24
jpkrohling
jpkrohling reviewed Sep 20, 2024
View reviewed changes
content/en/docs/security/_index.md Outdated
Collector configuration. Running a secure Collector can help you

- Protect telemetry that might contain sensitive information, such as personally
identifiable information (PII), application-specific data, or network traffic
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty sure we have a guidance somewhere stating that people should not store PII in telemetry data. Perhaps we should reinforce it here, and add a link to that place? Something like: "help you protect telemetry that shouldn't, but might contain sensitive information, such ..."

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still searching for the existing guidance, but I've updated the wording as suggested. I'll keep looking for the PII reference.

content/en/docs/security/config-best-practices.md Outdated Show resolved Hide resolved
content/en/docs/security/config-best-practices.md Outdated Show resolved Hide resolved
content/en/docs/security/config-best-practices.md Outdated Show resolved Hide resolved
content/en/docs/security/config-best-practices.md Outdated Show resolved Hide resolved
content/en/docs/security/config-best-practices.md Outdated Show resolved Hide resolved
content/en/docs/security/config-best-practices.md Outdated Show resolved Hide resolved
content/en/docs/security/config-best-practices.md Outdated Show resolved Hide resolved
content/en/docs/security/hosting-best-practices.md Outdated Show resolved Hide resolved
content/en/docs/security/hosting-best-practices.md Outdated Show resolved Hide resolved
@tiffany76 @jpkrohling
Apply suggestions from Juraci
3e7c3c9 
Co-authored-by: Juraci Paixão Kröhling <juraci.github@kroehling.de>
@opentelemetrybot opentelemetrybot requested a review from a team September 23, 2024 22:52
@tiffany76
Copy link
Contributor Author

/fix:refcache

@opentelemetrybot
Copy link
Collaborator

You triggered fix:refcache action run at https://github.com/open-telemetry/opentelemetry.io/actions/runs/11564524632

@opentelemetrybot
Copy link
Collaborator

fix:refcache was successful.

IMPORTANT: (RE-)RUN /fix:all to ensure that there are no remaining check issues.

@tiffany76
Copy link
Contributor Author

tiffany76 commented Oct 28, 2024
edited
Loading

@open-telemetry/sig-security-maintainers, @open-telemetry/collector-approvers, @open-telemetry/docs-approvers: Hi all, I'm asking for a last round of reviews. Please let me know if you'd like me to make any changes.

Also, please see my earlier comment and add your thoughts:

I just reread @jpkrohling's comment about keeping these docs closer to the Collector getting started docs. I know there was some back and forth about it. I don't have a preference either way and will move the files to the Collector docs, if that's what everyone agrees on.

EDIT to add preview links:
Security landing page
Configuration best practices
Hosting best practices

mx-psi
mx-psi approved these changes Oct 29, 2024
View reviewed changes
Copy link
Member

@mx-psi mx-psi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me for a first version

reyang
reyang approved these changes Oct 29, 2024
View reviewed changes
Copy link
Member

@reyang reyang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, well written!

@opentelemetrybot opentelemetrybot requested a review from a team October 29, 2024 20:12
@tiffany76 @reyang
Update content/en/docs/security/hosting-best-practices.md
3eceaba 
Co-authored-by: Reiley Yang <reyang@microsoft.com>
@tiffany76
Copy link
Contributor Author

We have an approval from each SIG, so I was thinking we could give it one more day and then merge this on Friday. How does that sound?

@jpkrohling @open-telemetry/docs-approvers

@reyang
Copy link
Member

reyang commented Oct 31, 2024

We have an approval from each SIG, so I was thinking we could give it one more day and then merge this on Friday. How does that sound?

@jpkrohling @open-telemetry/docs-approvers

:shipit: 🚢

chalin
chalin approved these changes Nov 2, 2024
View reviewed changes
Copy link
Contributor

@chalin chalin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good (did a quick scan, not an in depth read though).
I've added suggested fixes for section-local paths.
I'll let other maintainers give their formal approval for the content.

content/en/docs/security/_index.md Outdated Show resolved Hide resolved
content/en/docs/security/config-best-practices.md Outdated Show resolved Hide resolved
content/en/docs/security/hosting-best-practices.md Outdated Show resolved Hide resolved
content/en/docs/security/hosting-best-practices.md Outdated Show resolved Hide resolved
content/en/docs/security/config-best-practices.md Outdated Show resolved Hide resolved
@tiffany76 @chalin
Apply fixes from Patrice
ac9713f 
Co-authored-by: Patrice Chalin <chalin@users.noreply.github.com>
@tiffany76
Copy link
Contributor Author

/fix:format

@opentelemetrybot
Copy link
Collaborator

You triggered fix:format action run at https://github.com/open-telemetry/opentelemetry.io/actions/runs/11644880315

@opentelemetrybot
Copy link
Collaborator

fix:format was successful.

IMPORTANT: (RE-)RUN /fix:all to ensure that there are no remaining check issues.

@cartermp cartermp added this pull request to the merge queue Nov 2, 2024
Merged via the queue into open-telemetry:main with commit d96ef10 Nov 2, 2024
17 checks passed
@tiffany76 tiffany76 deleted the collector-security branch November 3, 2024 04:34
@tiffany76 tiffany76 mentioned this pull request Nov 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reyang reyang reyang approved these changes

@cartermp cartermp cartermp approved these changes

@mx-psi mx-psi mx-psi approved these changes

@chalin chalin chalin approved these changes

@svrnm svrnm svrnm approved these changes

@jpkrohling jpkrohling Awaiting requested review from jpkrohling

Assignees
No one assigned
Labels
sig:collector sig:security
Projects
SIG Comms: PRs & Issues
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@tiffany76 @opentelemetrybot @reyang @jpkrohling @svrnm @chalin @mx-psi @cartermp