Skip to content

Commit 9bd92da

Browse files
GavinZZGavinZZ
authored
fix(custom-resources): provider framework will always log all data including confidential data (#30689)
### Issue # (if applicable) Closes #30275. ### Reason for this change When using a Provider to create a custom resource, the request and response objects are logged by the provider function. There is no apparent way to prevent or redact this logging, resulting in secrets being logged if returned in the custom resource's Data object. By extension, if secret values are passed in the resource's ResourceProperties they will be logged as well. ### Description of changes Allow `NoEcho` fields to mask the data response to `*****`. ### Description of how you validated changes Integ test covering this and verifeid in the log stream that `redacted` is included in the message. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent 38e2ecf commit 9bd92da

File tree

110 files changed

+37541
-2134
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

110 files changed

+37541
-2134
lines changed

packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.global-replicas-provisioned.js.snapshot/asset.15197a5512179542fe2cff74af89bb047793c9c4e0b4395f114641a81cd52ae5/cfn-response.js

Lines changed: 0 additions & 88 deletions
This file was deleted.

0 commit comments

Comments
 (0)