all callers of Audit() identify which keys may contain PII

2026-01-03 11:45:45 +00:00 · 2024-11-12 12:22:41 -08:00
parent a308f3f22a
commit e126ee5495
6 changed files with 113 additions and 71 deletions
--- a/internal/federationdomain/endpoints/token/token_handler_test.go
+++ b/internal/federationdomain/endpoints/token/token_handler_test.go
@@ -2340,18 +2340,22 @@ func TestRefreshGrant(t *testing.T) {
 								},
 							}),
 							testutil.WantAuditLog("Identity Refreshed From Upstream IDP", map[string]any{
-								"sessionID":        sessionID,
-								"upstreamGroups":   []any{},
-								"upstreamUsername": "some-username",
+								"sessionID": sessionID,
+								"personalInfo": map[string]any{
+									"upstreamGroups":   []any{},
+									"upstreamUsername": "some-username",
+								},
 							}),
 							testutil.WantAuditLog("Session Refreshed", map[string]any{
 								"sessionID": sessionID,
-								"username":  "some-username",
-								"groups": []any{
-									"group1",
-									"groups2",
+								"personalInfo": map[string]any{
+									"username": "some-username",
+									"groups": []any{
+										"group1",
+										"groups2",
+									},
+									"subject": "https://issuer?sub=some-subject",
 								},
-								"subject": "https://issuer?sub=some-subject",
 							}),
 						}
 					},
@@ -2533,9 +2537,11 @@ func TestRefreshGrant(t *testing.T) {
 								},
 							}),
 							testutil.WantAuditLog("Identity Refreshed From Upstream IDP", map[string]any{
-								"sessionID":        sessionID,
-								"upstreamGroups":   []any{},
-								"upstreamUsername": "some-username",
+								"sessionID": sessionID,
+								"personalInfo": map[string]any{
+									"upstreamGroups":   []any{},
+									"upstreamUsername": "some-username",
+								},
 							}),
 							testutil.WantAuditLog("Authentication Rejected By Transforms", map[string]any{
 								"sessionID": sessionID,