Config refactoring, rename left-mask-bits to anon-keep-bits

prebid · Aug 22, 2023 · c48c25a · c48c25a
1 parent 0f3c0ee
commit c48c25a
Show file tree

Hide file tree

Showing 10 changed files with 71 additions and 79 deletions.
diff --git a/account/account.go b/account/account.go
@@ -103,7 +103,12 @@ func GetAccount(ctx context.Context, cfg *config.Configuration, fetcher stored_r
 		return nil, errs
 	}
 
-	errs = account.Privacy.IPMasking.Validate(errs)
+	errs = account.Privacy.IPv6Config.Validate(errs)
+	if len(errs) > 0 {
+		return nil, errs
+	}
+
+	errs = account.Privacy.IPv4Config.Validate(errs)
 	if len(errs) > 0 {
 		return nil, errs
 	}

diff --git a/account/account_test.go b/account/account_test.go
@@ -20,7 +20,7 @@ import (
 
 var mockAccountData = map[string]json.RawMessage{
 	"valid_acct":                json.RawMessage(`{"disabled":false}`),
-	"invalid_acct":              json.RawMessage(`{"disabled":false, "privacy": {"ip_masking": {"ipv6": {"left_mask_bits": -32}}}}`),
+	"invalid_acct":              json.RawMessage(`{"disabled":false, "privacy": {"ipv6": {"anon-keep-bits": -32}}}`),
 	"disabled_acct":             json.RawMessage(`{"disabled":true}`),
 	"malformed_acct":            json.RawMessage(`{"disabled":"invalid type"}`),
 	"gdpr_channel_enabled_acct": json.RawMessage(`{"disabled":false,"gdpr":{"channel_enabled":{"amp":true}}}`),

diff --git a/config/account.go b/config/account.go
@@ -301,35 +301,32 @@ func (a *AccountChannel) IsSet() bool {
 
 type AccountPrivacy struct {
 	AllowActivities *AllowActivities `mapstructure:"allowactivities" json:"allowactivities"`
-	IPMasking       IPMasking        `mapstructure:"ip_masking" json:"ip_masking"`
+	IPv6Config      IPv6             `mapstructure:"ipv6" json:"ipv6"`
+	IPv4Config      IPv4             `mapstructure:"ipv4" json:"ipv4"`
 }
 
-type IPMasking struct {
-	IPv6 IPMasks `mapstructure:"ipv6" json:"ipv6"`
-	IPv4 IPMasks `mapstructure:"ipv4" json:"ipv4"`
+type IPv6 struct {
+	AnonKeepBits int `mapstructure:"anon-keep-bits" json:"anon-keep-bits"`
+	// For the follow up PR, always keep first 64 bits
+	// AlwaysKeepBits int `mapstructure:"always-keep-bits" json:"always-keep-bits"`
 }
 
-type IPMasks struct {
-	LeftMaskBits int `mapstructure:"left_mask_bits" json:"left_mask_bits"`
+type IPv4 struct {
+	AnonKeepBits int `mapstructure:"anon-keep-bits" json:"anon-keep-bits"`
 }
 
-func (ipMasking *IPMasking) Validate(errs []error) []error {
-	if e := ipMasking.IPv6.validate(IPv6BitSize, "ipv6"); e != nil {
-		errs = append(errs, e...)
-	}
-	if e := ipMasking.IPv4.validate(IPv4BitSize, "ipv4"); e != nil {
-		errs = append(errs, e...)
+func (IPv6Config *IPv6) Validate(errs []error) []error {
+	if IPv6Config.AnonKeepBits > IPv6BitSize || IPv6Config.AnonKeepBits < 0 {
+		err := fmt.Errorf("left mask bits cannot exceed %d in ipv6 address, or be less than 0", IPv6BitSize)
+		errs = append(errs, err)
 	}
 	return errs
 }
 
-func (ipMasks *IPMasks) validate(maxBits int, ipVersion string) []error {
-	var errs []error
-
-	if ipMasks.LeftMaskBits > maxBits || ipMasks.LeftMaskBits < 0 {
-		err := fmt.Errorf("left mask bits cannot exceed %d in %s address, or be less than 0", maxBits, ipVersion)
+func (IPv4Config *IPv4) Validate(errs []error) []error {
+	if IPv4Config.AnonKeepBits > IPv4BitSize || IPv4Config.AnonKeepBits < 0 {
+		err := fmt.Errorf("left mask bits cannot exceed %d in ipv4 address, or be less than 0", IPv4BitSize)
 		errs = append(errs, err)
 	}
-
 	return errs
 }
diff --git a/config/account_test.go b/config/account_test.go
@@ -914,29 +914,21 @@ func TestAccountPriceFloorsValidate(t *testing.T) {
 func TestIPMaskingValidate(t *testing.T) {
 	tests := []struct {
 		name    string
-		masking *IPMasking
+		privacy AccountPrivacy
 		want    []error
 	}{
 		{
 			name: "valid configuration",
-			masking: &IPMasking{
-				IPv4: IPMasks{
-					LeftMaskBits: 1,
-				},
-				IPv6: IPMasks{
-					LeftMaskBits: 0,
-				},
+			privacy: AccountPrivacy{
+				IPv4Config: IPv4{AnonKeepBits: 1},
+				IPv6Config: IPv6{AnonKeepBits: 0},
 			},
 		},
 		{
 			name: "invalid configuration",
-			masking: &IPMasking{
-				IPv4: IPMasks{
-					LeftMaskBits: -100,
-				},
-				IPv6: IPMasks{
-					LeftMaskBits: -200,
-				},
+			privacy: AccountPrivacy{
+				IPv4Config: IPv4{AnonKeepBits: -100},
+				IPv6Config: IPv6{AnonKeepBits: -200},
 			},
 			want: []error{
 				errors.New("left mask bits cannot exceed 32 in ipv4 address, or be less than 0"),
@@ -945,13 +937,9 @@ func TestIPMaskingValidate(t *testing.T) {
 		},
 		{
 			name: "mixed valid and invalid configuration",
-			masking: &IPMasking{
-				IPv4: IPMasks{
-					LeftMaskBits: 10,
-				},
-				IPv6: IPMasks{
-					LeftMaskBits: -10,
-				},
+			privacy: AccountPrivacy{
+				IPv4Config: IPv4{AnonKeepBits: 10},
+				IPv6Config: IPv6{AnonKeepBits: -10},
 			},
 			want: []error{
 				errors.New("left mask bits cannot exceed 128 in ipv6 address, or be less than 0"),
@@ -962,8 +950,9 @@ func TestIPMaskingValidate(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			var errs []error
-			got := tt.masking.Validate(errs)
-			assert.ElementsMatch(t, got, tt.want)
+			errs = tt.privacy.IPv4Config.Validate(errs)
+			errs = tt.privacy.IPv6Config.Validate(errs)
+			assert.ElementsMatch(t, errs, tt.want)
 		})
 	}
 }
diff --git a/config/config.go b/config/config.go
@@ -161,9 +161,11 @@ func (cfg *Configuration) validate(v *viper.Viper) []error {
 
 	errs = cfg.Experiment.validate(errs)
 	errs = cfg.BidderInfos.validate(errs)
-	errs = cfg.AccountDefaults.Privacy.IPMasking.Validate(errs)
+	errs = cfg.AccountDefaults.Privacy.IPv6Config.Validate(errs)
+	errs = cfg.AccountDefaults.Privacy.IPv4Config.Validate(errs)
 
 	return errs
+	return errs
 }
 
 type AuctionTimeouts struct {
@@ -1027,8 +1029,8 @@ func SetupViper(v *viper.Viper, filename string, bidderInfos BidderInfos) {
 	v.SetDefault("account_defaults.price_floors.max_rules", 100)
 	v.SetDefault("account_defaults.price_floors.max_schema_dims", 3)
 	v.SetDefault("account_defaults.events_enabled", false)
-	v.SetDefault("account_defaults.privacy.ip_masking.ipv6.left_mask_bits", 56)
-	v.SetDefault("account_defaults.privacy.ip_masking.ipv4.left_mask_bits", 24)
+	v.SetDefault("account_defaults.privacy.ipv6.anon-keep-bits", 56)
+	v.SetDefault("account_defaults.privacy.ipv4.anon-keep-bits", 24)
 
 	v.SetDefault("compression.response.enable_gzip", false)
 	v.SetDefault("compression.request.enable_gzip", false)

diff --git a/config/config_test.go b/config/config_test.go
@@ -206,8 +206,8 @@ func TestDefaults(t *testing.T) {
 	cmpUnsignedInts(t, "tmax_adjustments.bidder_network_latency_buffer_ms", 0, cfg.TmaxAdjustments.BidderNetworkLatencyBuffer)
 	cmpUnsignedInts(t, "tmax_adjustments.pbs_response_preparation_duration_ms", 0, cfg.TmaxAdjustments.PBSResponsePreparationDuration)
 
-	cmpInts(t, "account_defaults.privacy.ip_masking.ipv6.left_mask_bits", 56, cfg.AccountDefaults.Privacy.IPMasking.IPv6.LeftMaskBits)
-	cmpInts(t, "account_defaults.privacy.ip_masking.ipv4.left_mask_bits", 24, cfg.AccountDefaults.Privacy.IPMasking.IPv4.LeftMaskBits)
+	cmpInts(t, "account_defaults.privacy.ipv6.anon-keep-bits", 56, cfg.AccountDefaults.Privacy.IPv6Config.AnonKeepBits)
+	cmpInts(t, "account_defaults.privacy.ipv4.anon-keep-bits", 24, cfg.AccountDefaults.Privacy.IPv4Config.AnonKeepBits)
 
 	//Assert purpose VendorExceptionMap hash tables were built correctly
 	expectedTCF2 := TCF2{
@@ -481,11 +481,10 @@ account_defaults:
         max_rules: 120
         max_schema_dims: 5
     privacy:
-        ip_masking:
-            ipv6:
-                left_mask_bits: 50
-            ipv4:
-                left_mask_bits: 20
+        ipv6:
+            anon-keep-bits: 50
+        ipv4:
+            anon-keep-bits: 20
 tmax_adjustments:
   enabled: true
   bidder_response_duration_min_ms: 700
@@ -592,8 +591,8 @@ func TestFullConfig(t *testing.T) {
 	cmpBools(t, "account_defaults.events_enabled", *cfg.AccountDefaults.EventsEnabled, true)
 	cmpNils(t, "account_defaults.events.enabled", cfg.AccountDefaults.Events.Enabled)
 
-	cmpInts(t, "account_defaults.privacy.ip_masking.ipv6.left_mask_bits", 50, cfg.AccountDefaults.Privacy.IPMasking.IPv6.LeftMaskBits)
-	cmpInts(t, "account_defaults.privacy.ip_masking.ipv4.left_mask_bits", 20, cfg.AccountDefaults.Privacy.IPMasking.IPv4.LeftMaskBits)
+	cmpInts(t, "account_defaults.privacy.ipv6.anon-keep-bits", 50, cfg.AccountDefaults.Privacy.IPv6Config.AnonKeepBits)
+	cmpInts(t, "account_defaults.privacy.ipv4.anon-keep-bits", 20, cfg.AccountDefaults.Privacy.IPv4Config.AnonKeepBits)
 
 	// Assert compression related defaults
 	cmpBools(t, "enable_gzip", false, cfg.EnableGzip)

diff --git a/exchange/utils.go b/exchange/utils.go
@@ -212,7 +212,7 @@ func (rs *requestSplitter) cleanOpenRTBRequests(ctx context.Context,
 			applyFPD(auctionReq.FirstPartyData[bidderRequest.BidderName], bidderRequest.BidRequest)
 		}
 
-		privacyEnforcement.Apply(bidderRequest.BidRequest, auctionReq.Account.Privacy.IPMasking)
+		privacyEnforcement.Apply(bidderRequest.BidRequest, auctionReq.Account.Privacy)
 		allowedBidderRequests = append(allowedBidderRequests, bidderRequest)
 
 		// GPP downgrade: always downgrade unless we can confirm GPP is supported

diff --git a/privacy/enforcement.go b/privacy/enforcement.go
@@ -30,8 +30,8 @@ func (e Enforcement) AnyActivities() bool {
 }
 
 // Apply cleans personally identifiable information from an OpenRTB bid request.
-func (e Enforcement) Apply(bidRequest *openrtb2.BidRequest, ipMasking config.IPMasking) {
-	e.apply(bidRequest, NewScrubber(ipMasking))
+func (e Enforcement) Apply(bidRequest *openrtb2.BidRequest, privacy config.AccountPrivacy) {
+	e.apply(bidRequest, NewScrubber(privacy.IPv6Config, privacy.IPv4Config))
 }
 
 func (e Enforcement) apply(bidRequest *openrtb2.BidRequest, scrubber Scrubber) {

diff --git a/privacy/scrubber.go b/privacy/scrubber.go
@@ -75,15 +75,15 @@ type Scrubber interface {
 }
 
 type scrubber struct {
-	ipV6 config.IPMasks
-	ipV4 config.IPMasks
+	ipV6 config.IPv6
+	ipV4 config.IPv4
 }
 
 // NewScrubber returns an OpenRTB scrubber.
-func NewScrubber(ipMasking config.IPMasking) Scrubber {
+func NewScrubber(ipV6 config.IPv6, ipV4 config.IPv4) Scrubber {
 	return scrubber{
-		ipV6: ipMasking.IPv6,
-		ipV4: ipMasking.IPv4,
+		ipV6: ipV6,
+		ipV4: ipV4,
 	}
 }
 
@@ -170,8 +170,8 @@ func (s scrubber) ScrubRequest(bidRequest *openrtb2.BidRequest, enforcement Enfo
 			if deviceCopy.Geo != nil {
 				deviceCopy.Geo = scrubGeoPrecision(deviceCopy.Geo)
 			}
-			deviceCopy.IP = scrubIP(deviceCopy.IP, s.ipV4.LeftMaskBits, config.IPv4BitSize)
-			deviceCopy.IPv6 = scrubIP(deviceCopy.IPv6, s.ipV6.LeftMaskBits, config.IPv6BitSize)
+			deviceCopy.IP = scrubIP(deviceCopy.IP, s.ipV4.AnonKeepBits, config.IPv4BitSize)
+			deviceCopy.IPv6 = scrubIP(deviceCopy.IPv6, s.ipV6.AnonKeepBits, config.IPv6BitSize)
 		}
 	}
 
@@ -200,12 +200,12 @@ func (s scrubber) ScrubDevice(device *openrtb2.Device, id ScrubStrategyDeviceID,
 
 	switch ipv4 {
 	case ScrubStrategyIPV4Lowest8:
-		deviceCopy.IP = scrubIP(device.IP, s.ipV4.LeftMaskBits, config.IPv4BitSize)
+		deviceCopy.IP = scrubIP(device.IP, s.ipV4.AnonKeepBits, config.IPv4BitSize)
 	}
 
 	switch ipv6 {
 	case ScrubStrategyIPV6Subnet:
-		deviceCopy.IPv6 = scrubIP(device.IPv6, s.ipV6.LeftMaskBits, config.IPv6BitSize)
+		deviceCopy.IPv6 = scrubIP(device.IPv6, s.ipV6.AnonKeepBits, config.IPv6BitSize)
 	}
 
 	switch geo {

diff --git a/privacy/scrubber_test.go b/privacy/scrubber_test.go
@@ -151,14 +151,14 @@ func TestScrubDevice(t *testing.T) {
 	}
 	testIPMasking := getTestIPMasking()
 	for _, test := range testCases {
-		result := NewScrubber(testIPMasking).ScrubDevice(device, test.id, test.ipv4, test.ipv6, test.geo)
+		result := NewScrubber(testIPMasking.IPv6Config, testIPMasking.IPv4Config).ScrubDevice(device, test.id, test.ipv4, test.ipv6, test.geo)
 		assert.Equal(t, test.expected, result, test.description)
 	}
 }
 
 func TestScrubDeviceNil(t *testing.T) {
 	testIPMasking := getTestIPMasking()
-	result := NewScrubber(testIPMasking).ScrubDevice(nil, ScrubStrategyDeviceIDNone, ScrubStrategyIPV4None, ScrubStrategyIPV6None, ScrubStrategyGeoNone)
+	result := NewScrubber(testIPMasking.IPv6Config, testIPMasking.IPv4Config).ScrubDevice(nil, ScrubStrategyDeviceIDNone, ScrubStrategyIPV4None, ScrubStrategyIPV6None, ScrubStrategyGeoNone)
 	assert.Nil(t, result)
 }
 
@@ -277,14 +277,14 @@ func TestScrubUser(t *testing.T) {
 
 	testIPMasking := getTestIPMasking()
 	for _, test := range testCases {
-		result := NewScrubber(testIPMasking).ScrubUser(user, test.scrubUser, test.scrubGeo)
+		result := NewScrubber(testIPMasking.IPv6Config, testIPMasking.IPv4Config).ScrubUser(user, test.scrubUser, test.scrubGeo)
 		assert.Equal(t, test.expected, result, test.description)
 	}
 }
 
 func TestScrubUserNil(t *testing.T) {
 	testIPMasking := getTestIPMasking()
-	result := NewScrubber(testIPMasking).ScrubUser(nil, ScrubStrategyUserNone, ScrubStrategyGeoNone)
+	result := NewScrubber(testIPMasking.IPv6Config, testIPMasking.IPv4Config).ScrubUser(nil, ScrubStrategyUserNone, ScrubStrategyGeoNone)
 	assert.Nil(t, result)
 }
 
@@ -448,7 +448,7 @@ func TestScrubRequest(t *testing.T) {
 			}
 			bidRequest.User.EIDs = []openrtb2.EID{{Source: "test"}}
 
-			result := NewScrubber(testIPMasking).ScrubRequest(bidRequest, test.enforcement)
+			result := NewScrubber(testIPMasking.IPv6Config, testIPMasking.IPv4Config).ScrubRequest(bidRequest, test.enforcement)
 			assert.Equal(t, test.expected, result, test.description)
 		})
 	}
@@ -719,13 +719,13 @@ func getTestDevice() *openrtb2.Device {
 	}
 }
 
-func getTestIPMasking() config.IPMasking {
-	return config.IPMasking{
-		IPv6: config.IPMasks{
-			LeftMaskBits: 54,
+func getTestIPMasking() config.AccountPrivacy {
+	return config.AccountPrivacy{
+		IPv6Config: config.IPv6{
+			54,
 		},
-		IPv4: config.IPMasks{
-			LeftMaskBits: 24,
+		IPv4Config: config.IPv4{
+			24,
 		},
 	}
 }