core/zero: add pseudonymization key (#5290)

2025-08-03 00:40:25 +02:00 · 2024-09-19 14:43:01 -06:00 · 2024-09-19 14:43:01 -06:00 · ddbf2249a3
commit ddbf2249a3
parent 982275b1bb
9 changed files with 44 additions and 20 deletions
--- a/internal/zero/controller/controller.go
+++ b/internal/zero/controller/controller.go
@ -211,7 +211,7 @@ func (c *controller) runHealthChecksLeased(ctx context.Context, client databroke
 }

 func (c *controller) runUsageReporter(ctx context.Context, client databroker.DataBrokerServiceClient) error {
-	ur := usagereporter.New(c.api, c.bootstrapConfig.GetConfig().ZeroOrganizationID, time.Minute)
+	ur := usagereporter.New(c.api, c.bootstrapConfig.GetConfig().ZeroPseudonymizationKey, time.Minute)
 	return retry.WithBackoff(ctx, "zero-usage-reporter", func(ctx context.Context) error {
 		// start the usage reporter
 		return ur.Run(ctx, client)
--- a/internal/zero/controller/usagereporter/usagereporter.go
+++ b/internal/zero/controller/usagereporter/usagereporter.go
@ -39,9 +39,9 @@ type usageReporterRecord struct {

 // A UsageReporter reports usage to the zero api.
 type UsageReporter struct {
-	api            API
-	organizationID string
-	reportInterval time.Duration
+	api                 API
+	pseudonymizationKey []byte
+	reportInterval      time.Duration

 	mu       sync.Mutex
 	byUserID map[string]usageReporterRecord
@ -49,11 +49,11 @@ type UsageReporter struct {
 }

 // New creates a new UsageReporter.
-func New(api API, organizationID string, reportInterval time.Duration) *UsageReporter {
+func New(api API, pseudonymizationKey []byte, reportInterval time.Duration) *UsageReporter {
 	return &UsageReporter{
-		api:            api,
-		organizationID: organizationID,
-		reportInterval: reportInterval,
+		api:                 api,
+		pseudonymizationKey: pseudonymizationKey,
+		reportInterval:      reportInterval,

 		byUserID: make(map[string]usageReporterRecord),
 		updates:  set.New[string](0),
@ -62,7 +62,7 @@ func New(api API, organizationID string, reportInterval time.Duration) *UsageRep

 // Run runs the usage reporter.
 func (ur *UsageReporter) Run(ctx context.Context, client databroker.DataBrokerServiceClient) error {
-	ctx = log.Ctx(ctx).With().Str("organization-id", ur.organizationID).Logger().WithContext(ctx)
+	ctx = log.Ctx(ctx).With().Logger().WithContext(ctx)

 	// first initialize the user collection
 	serverVersion, latestSessionRecordVersion, latestUserRecordVersion, err := ur.runInit(ctx, client)
@ -76,7 +76,7 @@ func (ur *UsageReporter) Run(ctx context.Context, client databroker.DataBrokerSe

 func (ur *UsageReporter) report(ctx context.Context, records []usageReporterRecord) error {
 	req := cluster.ReportUsageRequest{
-		Users: convertUsageReporterRecords(ur.organizationID, records),
+		Users: convertUsageReporterRecords(ur.pseudonymizationKey, records),
 	}
 	return backoff.Retry(func() error {
 		log.Debug(ctx).Int("updated-users", len(req.Users)).Msg("reporting usage")
@ -193,15 +193,15 @@ func (ur *UsageReporter) onUpdateUser(u *user.User) {
 	}
 }

-func convertUsageReporterRecords(organizationID string, records []usageReporterRecord) []cluster.ReportUsageUser {
+func convertUsageReporterRecords(pseudonymizationKey []byte, records []usageReporterRecord) []cluster.ReportUsageUser {
 	var users []cluster.ReportUsageUser
 	for _, record := range records {
 		u := cluster.ReportUsageUser{
 			LastSignedInAt: record.lastSignedInAt,
-			PseudonymousId: cryptutil.Pseudonymize(organizationID, record.userID),
+			PseudonymousId: cryptutil.Pseudonymize(pseudonymizationKey, record.userID),
 		}
 		if record.userEmail != "" {
-			u.PseudonymousEmail = cryptutil.Pseudonymize(organizationID, record.userEmail)
+			u.PseudonymousEmail = cryptutil.Pseudonymize(pseudonymizationKey, record.userEmail)
 		}
 		users = append(users, u)
 	}
--- a/internal/zero/controller/usagereporter/usagereporter_test.go
+++ b/internal/zero/controller/usagereporter/usagereporter_test.go
@ -55,7 +55,7 @@ func TestUsageReporter(t *testing.T) {
 			}
 			return nil
 		},
-	}, "bQjwPpxcwJRbvsSMFgbZFkXmxFJ", time.Millisecond*100)
+	}, []byte("bQjwPpxcwJRbvsSMFgbZFkXmxFJ"), time.Millisecond*100)

 	eg, ctx := errgroup.WithContext(ctx)
 	eg.Go(func() error {
@ -125,12 +125,12 @@ func Test_convertUsageReporterRecords(t *testing.T) {

 	tm1 := time.Date(2024, time.September, 11, 11, 56, 0, 0, time.UTC)

-	assert.Empty(t, convertUsageReporterRecords("XXX", nil))
+	assert.Empty(t, convertUsageReporterRecords([]byte("XXX"), nil))
 	assert.Equal(t, []cluster.ReportUsageUser{{
 		LastSignedInAt:    tm1,
 		PseudonymousId:    "T9V1yL/UueF/LVuF6XjoSNde0INElXG10zKepmyPke8=",
 		PseudonymousEmail: "8w5rtnZyv0EGkpHmTlkmupgb1jCzn/IxGCfvpdGGnvI=",
-	}}, convertUsageReporterRecords("XXX", []usageReporterRecord{{
+	}}, convertUsageReporterRecords([]byte("XXX"), []usageReporterRecord{{
 		userID:         "ID",
 		userEmail:      "EMAIL@example.com",
 		lastSignedInAt: tm1,
@ -138,7 +138,7 @@ func Test_convertUsageReporterRecords(t *testing.T) {
 	assert.Equal(t, []cluster.ReportUsageUser{{
 		LastSignedInAt: tm1,
 		PseudonymousId: "T9V1yL/UueF/LVuF6XjoSNde0INElXG10zKepmyPke8=",
-	}}, convertUsageReporterRecords("XXX", []usageReporterRecord{{
+	}}, convertUsageReporterRecords([]byte("XXX"), []usageReporterRecord{{
 		userID:         "ID",
 		lastSignedInAt: tm1,
 	}}), "should leave empty email")