Skip to content

fix(custom-resources): provider framework will always log all data including confidential data#30689

Merged
mergify[bot] merged 9 commits intomainfrom
mask_output_in_provider_framework
Jul 16, 2024
Merged

fix(custom-resources): provider framework will always log all data including confidential data#30689
mergify[bot] merged 9 commits intomainfrom
mask_output_in_provider_framework

Conversation

@GavinZZ
Copy link
Copy Markdown
Member

@GavinZZ GavinZZ commented Jun 26, 2024

Issue # (if applicable)

Closes #30275.

Reason for this change

When using a Provider to create a custom resource, the request and response objects are logged by the provider function. There is no apparent way to prevent or redact this logging, resulting in secrets being logged if returned in the custom resource's Data object. By extension, if secret values are passed in the resource's ResourceProperties they will be logged as well.

Description of changes

Allow NoEcho fields to mask the data response to *****.

Description of how you validated changes

Integ test covering this and verifeid in the log stream that redacted is included in the message.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aws-cdk-automation aws-cdk-automation requested a review from a team June 26, 2024 20:08
@github-actions github-actions bot added effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p1 labels Jun 26, 2024
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Jun 26, 2024
@GavinZZ GavinZZ force-pushed the mask_output_in_provider_framework branch from 22df5ac to 8d38c20 Compare June 26, 2024 20:16
@GavinZZ GavinZZ marked this pull request as ready for review June 27, 2024 17:26
@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Jun 27, 2024
paulhcsun
paulhcsun reviewed Jun 27, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@paulhcsun paulhcsun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor changes, otherwise this looks good to me.

paulhcsun
paulhcsun approved these changes Jun 28, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@paulhcsun paulhcsun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

noice @Mergifyio update

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jun 28, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@GavinZZ GavinZZ added the pr/do-not-merge This PR should not be merged at this time. label Jun 28, 2024
@aws-cdk-automation aws-cdk-automation removed the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Jun 28, 2024
This was referenced Jul 1, 2024
Closed
Closed
@GavinZZ GavinZZ removed the pr/do-not-merge This PR should not be merged at this time. label Jul 2, 2024
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jul 2, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@GavinZZ GavinZZ force-pushed the mask_output_in_provider_framework branch from e37dede to b5d694c Compare July 15, 2024 22:57
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jul 16, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

aws-cdk-automation commented Jul 16, 2024

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 026c1a7
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jul 16, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 9bd92da into main Jul 16, 2024
@mergify mergify bot deleted the mask_output_in_provider_framework branch July 16, 2024 00:48
@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

aws-cdk-automation commented Jul 25, 2024

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

@aws aws locked as resolved and limited conversation to collaborators Jul 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@paulhcsun paulhcsun paulhcsun approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

contribution/core This is a PR that came from AWS. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

custom-resources: Provider logs Data from response with NoEcho: true

3 participants

@GavinZZ @aws-cdk-automation @paulhcsun