feat: Adding support for redacted environment variable values through openjd_redacted_env

Signed-off-by: Brian Axelson <86568017+baxeaz@users.noreply.github.com>

Author: baxeaz

src/openjd/sessions/_action_filter.py

@@ -318,6 +318,7 @@ def __init__(
         callback: Optional[SessionCallbackType] = None,
         os_env_vars: Optional[dict[str, str]] = None,
         session_root_directory: Optional[Path] = None,
+        enabled_extensions: Optional[list[str]] = None,
     ):
         """
         Arguments:
@@ -389,9 +390,14 @@ def __init__(
                 )
         self._reset_action_state()
 
+        # Store the enabled extensions
+        self._enabled_extensions = enabled_extensions or []
+
         # Set up our logging hook & callback
         self._log_filter = ActionMonitoringFilter(
-            session_id=self._session_id, callback=self._action_log_filter_callback
+            session_id=self._session_id,
+            callback=self._action_log_filter_callback,
+            enabled_extensions=self._enabled_extensions,
         )
         LOG.addFilter(self._log_filter)
         self._logger = LoggerAdapter(LOG, extra={"session_id": self._session_id})

src/openjd/sessions/_session.py

@@ -19,6 +19,7 @@
 from ._logging import LoggerAdapter, LogContent, LogExtraInfo
 from ._os_checker import is_linux, is_posix, is_windows
 from ._session_user import PosixSessionUser, WindowsSessionUser, SessionUser
+from ._action_filter import pre_redact_command
 
 if is_windows():  # pragma: nocover
     from subprocess import CREATE_NEW_PROCESS_GROUP, CREATE_NO_WINDOW  # type: ignore
@@ -274,11 +275,15 @@ def _start_subprocess(self) -> Optional[Popen]:
                 # https://docs.python.org/2/library/subprocess.html#subprocess.CREATE_NEW_PROCESS_GROUP
                 popen_args["creationflags"] = CREATE_NEW_PROCESS_GROUP
 
+            # Get the command string for logging
             cmd_line_for_logger: str
             if is_posix():
                 cmd_line_for_logger = shlex.join(command)
             else:
-                cmd_line_for_logger = list2cmdline(self._args)
+                # On Windows, we need to handle redaction in command strings
+                cmd_line = list2cmdline(self._args)
+                # Pre-redact any sensitive information in the command string
+                cmd_line_for_logger = pre_redact_command(cmd_line)
             self._logger.info(
                 "Running command %s",
                 cmd_line_for_logger,

src/openjd/sessions/_subprocess.py

@@ -6,12 +6,15 @@
 from logging import INFO, getLogger
 from logging.handlers import QueueHandler
 from queue import Empty, SimpleQueue
-from typing import Generator
+from typing import Generator, Optional
+from hashlib import sha256
+from unittest.mock import MagicMock
 import pytest
 
 from openjd.sessions import PosixSessionUser, WindowsSessionUser, BadCredentialsException
 from openjd.sessions._os_checker import is_posix, is_windows
 from openjd.sessions._logging import LoggerAdapter
+from openjd.sessions._action_filter import ActionMonitoringFilter
 
 if is_windows():
     from openjd.sessions._win32._helpers import (  # type: ignore
@@ -55,15 +58,102 @@ def pytest_collection_modifyitems(config, items):
         config.option.markexpr = mark_expr
 
 
+def create_unique_logger_name(prefix: str = "", seed: Optional[str] = None) -> str:
+    """Create a unique logger name using a hash to avoid collisions.
+
+    Args:
+        prefix: Optional prefix for the logger name
+        seed: Optional seed string to use for generating the hash
+
+    Returns:
+        A unique logger name
+    """
+    if seed:
+        h = sha256()
+        h.update(seed.encode("utf-8"))
+        suffix = h.hexdigest()[0:32]
+    else:
+        charset = string.ascii_letters + string.digits
+        suffix = "".join(random.choices(charset, k=32))
+
+    return f"{prefix}{suffix}"
+
+
 def build_logger(handler: QueueHandler) -> LoggerAdapter:
-    charset = string.ascii_letters + string.digits + string.punctuation
-    name_suffix = "".join(random.choices(charset, k=32))
+    """Build a logger for testing purposes.
+
+    Args:
+        handler: The queue handler to attach to the logger
+
+    Returns:
+        A configured LoggerAdapter
+    """
+    name_suffix = create_unique_logger_name()
     log = getLogger(".".join((__name__, name_suffix)))
     log.setLevel(INFO)
     log.addHandler(handler)
     return LoggerAdapter(log, extra=dict())
 
 
+def setup_action_filter_test(
+    queue_handler: QueueHandler,
+    session_id: str = "foo",
+    callback: Optional[MagicMock] = None,
+    suppress_filtered: bool = False,
+    enabled_extensions: Optional[list[str]] = None,
+) -> tuple[LoggerAdapter, ActionMonitoringFilter, MagicMock]:
+    """Set up a test environment for testing ActionMonitoringFilter.
+
+    This helper method creates a unique logger name, sets up the ActionMonitoringFilter,
+    and configures the logger with the filter.
+
+    Args:
+        queue_handler: The QueueHandler to attach to the logger
+        session_id: The session ID to use for the filter
+        callback: Optional mock callback to use for the filter
+        suppress_filtered: Whether to suppress filtered messages
+        enabled_extensions: Optional list of extensions to enable
+
+    Returns:
+        A tuple containing (logger_adapter, action_filter, callback_mock)
+
+    Note:
+        This helper works for most tests, but for tests that need to verify specific
+        callback behavior with redacted values, it's better to create the filter and
+        logger directly in the test. This is because when multiple filters are applied
+        to the same log message (which can happen when running multiple tests), the
+        redaction can happen before the callback is invoked, resulting in the callback
+        receiving redacted values instead of the original values.
+    """
+    # Create a unique logger name WITHOUT using the message as seed
+    # This ensures each test gets a truly unique logger name
+    logger_name = create_unique_logger_name(prefix="action_filter_")
+
+    # Create a mock callback if one wasn't provided
+    if callback is None:
+        callback = MagicMock()
+
+    # Create the filter directly with the provided parameters
+    action_filter = ActionMonitoringFilter(
+        session_id=session_id,
+        callback=callback,
+        suppress_filtered=suppress_filtered,
+        enabled_extensions=enabled_extensions,
+    )
+
+    # Set up the logger
+    log = getLogger(".".join((__name__, logger_name)))
+    log.setLevel(INFO)
+    log.addHandler(queue_handler)
+    log.addFilter(action_filter)
+
+    # Create and return the logger adapter with the session_id
+    # This is critical for the filter to work properly
+    logger_adapter = LoggerAdapter(log, extra={"session_id": session_id})
+
+    return logger_adapter, action_filter, callback
+
+
 def collect_queue_messages(queue: SimpleQueue) -> list[str]:
     """Extract the text of messages from a SimpleQueue containing LogRecords"""
     messages: list[str] = []