fix: remove logging of sensitive data (#20168)

Author: trevorwhitney

tools/querytee/fanout_handler.go

@@ -83,7 +83,7 @@ func (h *FanOutHandler) Do(ctx context.Context, req queryrangebase.Request) (que
 	}
 
 	issuer := detectIssuer(httpReq)
-	user := goldfish.ExtractUserFromQueryTags(httpReq, h.logger)
+	user := goldfish.ExtractUserFromQueryTags(httpReq)
 	level.Debug(h.logger).Log(
 		"msg", "Received request",
 		"path", httpReq.URL.Path,

tools/querytee/goldfish/manager.go

@@ -181,7 +181,7 @@ func (m *Manager) processQueryPair(req *http.Request, cellAResp, cellBResp *Resp
 	sample := &goldfish.QuerySample{
 		CorrelationID:      correlationID,
 		TenantID:           tenantID,
-		User:               ExtractUserFromQueryTags(req, m.logger),
+		User:               ExtractUserFromQueryTags(req),
 		IsLogsDrilldown:    isLogsDrilldownRequest(req),
 		Query:              req.URL.Query().Get("query"),
 		QueryType:          queryType,
@@ -523,23 +523,10 @@ func parseDuration(s string) time.Duration {
 	return d
 }
 
-func ExtractUserFromQueryTags(req *http.Request, logger log.Logger) string {
-	tags := httpreq.ExtractQueryTagsFromHTTP(req)
-
-	// Debug logging for user extraction
-	if tags != "" {
-		level.Debug(logger).Log("goldfish", "user-extraction", "query-tags", tags)
-	}
-
+func ExtractUserFromQueryTags(req *http.Request) string {
 	// Also check for X-Grafana-User header directly
+	tags := httpreq.ExtractQueryTagsFromHTTP(req)
 	grafanaUser := req.Header.Get("X-Grafana-User")
-	if grafanaUser != "" {
-		level.Debug(logger).Log("goldfish", "user-extraction", "x-grafana-user", grafanaUser)
-	}
-
-	// Log all headers for debugging
-	level.Debug(logger).Log("goldfish", "user-extraction", "all-headers", fmt.Sprintf("%v", req.Header))
-
 	kvs := httpreq.TagsToKeyValues(tags)
 
 	// Iterate through key-value pairs (keys at even indices, values at odd)
@@ -548,19 +535,16 @@ func ExtractUserFromQueryTags(req *http.Request, logger log.Logger) string {
 			key, keyOK := kvs[i].(string)
 			value, valueOK := kvs[i+1].(string)
 			if keyOK && valueOK && key == "user" {
-				level.Debug(logger).Log("goldfish", "user-extraction", "found-user-in-tags", value)
 				return value
 			}
 		}
 	}
 
 	// Fallback to X-Grafana-User if not found in query tags
 	if grafanaUser != "" {
-		level.Debug(logger).Log("goldfish", "user-extraction", "using-x-grafana-user", grafanaUser)
 		return grafanaUser
 	}
 
-	level.Debug(logger).Log("goldfish", "user-extraction", "result", unknownUser)
 	return unknownUser
 }
 

tools/querytee/goldfish/manager_test.go

@@ -402,8 +402,7 @@ func TestExtractUserFromQueryTags(t *testing.T) {
 				req.Header.Set("X-Query-Tags", tt.queryTags)
 			}
 
-			logger := log.NewNopLogger()
-			got := ExtractUserFromQueryTags(req, logger)
+			got := ExtractUserFromQueryTags(req)
 			assert.Equal(t, tt.expectedUser, got)
 		})
 	}

tools/querytee/proxy_endpoint.go

@@ -132,7 +132,7 @@ func (p *ProxyEndpoint) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 
 	traceID, _, _ := tracing.ExtractTraceSpanID(ctx)
-	user := goldfish.ExtractUserFromQueryTags(r, p.logger)
+	user := goldfish.ExtractUserFromQueryTags(r)
 	logger := log.With(p.logger, "traceID", traceID, "tenant", tenantID, "user", user)
 
 	// The codec decode/encode cycle loses custom headers, so we preserve them for downstream