Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure the (in|ex)clusion of the Debug trait for containers per members' sensitive trait #2029

Merged
Show file tree
Hide file tree
Changes from 8 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions CHANGELOG.next.toml
Original file line number Diff line number Diff line change
Expand Up @@ -487,13 +487,13 @@ meta = { "breaking" = false, "tada" = false, "bug" = false, "target" = "all" }
author = "lsr0"

[[aws-sdk-rust]]
message = "Implementation of the Debug trait for enums can redact what is printed per the sensitive trait."
references = ["smithy-rs#1983"]
message = "Implementation of the Debug trait for container shapes can redact what is printed per the sensitive trait."
references = ["smithy-rs#1983", "smithy-rs#2029"]
meta = { "breaking" = true, "tada" = false, "bug" = false }
author = "ysaito1001"

[[smithy-rs]]
message = "Implementation of the Debug trait for enums can redact what is printed per the sensitive trait."
references = ["smithy-rs#1983"]
message = "Implementation of the Debug trait for container shapes can redact what is printed per the sensitive trait."
references = ["smithy-rs#1983", "smithy-rs#2029"]
meta = { "breaking" = true, "tada" = false, "bug" = false, "target" = "all" }
author = "ysaito1001"
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import software.amazon.smithy.model.shapes.StructureShape
import software.amazon.smithy.model.shapes.UnionShape
import software.amazon.smithy.model.traits.EnumDefinition
import software.amazon.smithy.model.traits.EnumTrait
import software.amazon.smithy.model.traits.SensitiveTrait
import software.amazon.smithy.model.traits.StreamingTrait
import software.amazon.smithy.rust.codegen.core.rustlang.Attribute
import software.amazon.smithy.rust.codegen.core.rustlang.RustMetadata
Expand Down Expand Up @@ -77,13 +78,20 @@ abstract class SymbolMetadataProvider(private val base: RustSymbolProvider) : Wr
class BaseSymbolMetadataProvider(
base: RustSymbolProvider,
private val model: Model,
additionalAttributes: List<Attribute>,
private val additionalAttributes: List<Attribute>,
) : SymbolMetadataProvider(base) {
private val containerDefault = RustMetadata(
Attribute.Derives(defaultDerives.toSet()),
additionalAttributes = additionalAttributes,
visibility = Visibility.PUBLIC,
)
private fun containerDefault(shape: Shape): RustMetadata {
val setOfDerives = if (shape.hasTrait<SensitiveTrait>()) {
ysaito1001 marked this conversation as resolved.
Show resolved Hide resolved
defaultDerives.toSet() - RuntimeType.Debug
} else {
defaultDerives.toSet()
}
return RustMetadata(
Attribute.Derives(setOfDerives),
additionalAttributes = additionalAttributes,
visibility = Visibility.PUBLIC,
)
}

override fun memberMeta(memberShape: MemberShape): RustMetadata {
val container = model.expectShape(memberShape.container)
Expand Down Expand Up @@ -113,15 +121,20 @@ class BaseSymbolMetadataProvider(
}

override fun structureMeta(structureShape: StructureShape): RustMetadata {
return containerDefault
// In the case of fields being sensitive, we cannot impl the derived Debug
// trait because they reveal the sensitive data. At a container level,
// however, we don't know if a structure has sensitive fields without
// further looking into them. We err on the side of caution and require
// that a structure implements a custom debug trait.
return containerDefault(structureShape).withoutDerives(RuntimeType.Debug)
}

override fun unionMeta(unionShape: UnionShape): RustMetadata {
return containerDefault
return containerDefault(unionShape)
}

override fun enumMeta(stringShape: StringShape): RustMetadata {
return containerDefault.withDerives(
return containerDefault(stringShape).withDerives(
RuntimeType.std.member("hash::Hash"),
).withDerives(
// enums can be eq because they can only contain ints and strings
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ import software.amazon.smithy.rust.codegen.core.smithy.rustType
import software.amazon.smithy.rust.codegen.core.smithy.traits.SyntheticInputTrait
import software.amazon.smithy.rust.codegen.core.util.dq
import software.amazon.smithy.rust.codegen.core.util.hasTrait
import software.amazon.smithy.rust.codegen.core.util.redactIfNecessary
import software.amazon.smithy.rust.codegen.core.util.toSnakeCase

// TODO(https://github.com/awslabs/smithy-rs/issues/1401) This builder generator is only used by the client.
Expand Down Expand Up @@ -110,13 +111,15 @@ class BuilderGenerator(
private val runtimeConfig = symbolProvider.config().runtimeConfig
private val members: List<MemberShape> = shape.allMembers.values.toList()
private val structureSymbol = symbolProvider.toSymbol(shape)
private val builderName = "Builder"

fun render(writer: RustWriter) {
val symbol = symbolProvider.toSymbol(shape)
writer.docs("See #D.", symbol)
val segments = shape.builderSymbol(symbolProvider).namespace.split("::")
writer.withInlineModule(shape.builderSymbol(symbolProvider).module()) {
renderBuilder(this)
renderDebugImpl(this)
}
}

Expand Down Expand Up @@ -195,12 +198,10 @@ class BuilderGenerator(
}

private fun renderBuilder(writer: RustWriter) {
val builderName = "Builder"

writer.docs("A builder for #D.", structureSymbol)
// Matching derives to the main structure + `Default` since we are a builder and everything is optional.
val baseDerives = structureSymbol.expectRustMetadata().derives
val derives = baseDerives.derives.intersect(setOf(RuntimeType.Debug, RuntimeType.PartialEq, RuntimeType.Clone)) + RuntimeType.Default
val derives = baseDerives.derives.intersect(setOf(RuntimeType.PartialEq, RuntimeType.Clone)) + RuntimeType.Default
baseDerives.copy(derives = derives).render(writer)
writer.rustBlock("pub struct $builderName") {
for (member in members) {
Expand Down Expand Up @@ -232,6 +233,23 @@ class BuilderGenerator(
}
}

private fun renderDebugImpl(writer: RustWriter) {
writer.rustBlock("impl #T for $builderName", RuntimeType.Debug) {
writer.rustBlock("fn fmt(&self, f: &mut #1T::Formatter<'_>) -> #1T::Result", RuntimeType.stdfmt) {
rust("""let mut formatter = f.debug_struct(${builderName.dq()});""")
members.forEach { member ->
val memberName = symbolProvider.toMemberName(member)
val fieldValue = member.redactIfNecessary(model, "self.$memberName")

rust(
"formatter.field(${memberName.dq()}, &$fieldValue);",
)
}
rust("formatter.finish()")
}
}
}

private fun RustWriter.renderVecHelper(member: MemberShape, memberName: String, coreType: RustType.Vec) {
docs("Appends an item to `$memberName`.")
rust("///")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -94,12 +94,7 @@ open class EnumGenerator(
) {
protected val symbol: Symbol = symbolProvider.toSymbol(shape)
protected val enumName: String = symbol.name
private val isSensitive = shape.shouldRedact(model)
protected val meta = if (isSensitive) {
symbol.expectRustMetadata().withoutDerives(RuntimeType.Debug)
} else {
symbol.expectRustMetadata()
}
protected val meta = symbol.expectRustMetadata()
protected val sortedMembers: List<EnumMemberModel> =
enumTrait.values.sortedBy { it.value }.map { EnumMemberModel(it, symbolProvider) }
protected open var target: CodegenTarget = CodegenTarget.CLIENT
Expand Down Expand Up @@ -136,7 +131,7 @@ open class EnumGenerator(
renderUnnamedEnum()
}

if (isSensitive) {
if (shape.shouldRedact(model)) {
renderDebugImplForSensitiveEnum()
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -144,8 +144,7 @@ open class StructureGenerator(
val containerMeta = symbol.expectRustMetadata()
writer.documentShape(shape, model)
writer.deprecatedShape(shape)
val withoutDebug = containerMeta.derives.copy(derives = containerMeta.derives.derives - RuntimeType.Debug)
containerMeta.copy(derives = withoutDebug).render(writer)
containerMeta.render(writer)

writer.rustBlock("struct $name ${lifetimeDeclaration()}") {
writer.forEachMember(members) { member, memberName, memberSymbol ->
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,13 @@ import software.amazon.smithy.rust.codegen.core.rustlang.docs
import software.amazon.smithy.rust.codegen.core.rustlang.documentShape
import software.amazon.smithy.rust.codegen.core.rustlang.rust
import software.amazon.smithy.rust.codegen.core.rustlang.rustBlock
import software.amazon.smithy.rust.codegen.core.rustlang.rustTemplate
import software.amazon.smithy.rust.codegen.core.smithy.CodegenTarget
import software.amazon.smithy.rust.codegen.core.smithy.RuntimeType
import software.amazon.smithy.rust.codegen.core.smithy.expectRustMetadata
import software.amazon.smithy.rust.codegen.core.smithy.renamedFrom
import software.amazon.smithy.rust.codegen.core.util.REDACTION
import software.amazon.smithy.rust.codegen.core.util.shouldRedact
import software.amazon.smithy.rust.codegen.core.util.toSnakeCase

fun CodegenTarget.renderUnknownVariant() = when (this) {
Expand Down Expand Up @@ -47,16 +51,20 @@ class UnionGenerator(
private val renderUnknownVariant: Boolean = true,
) {
private val sortedMembers: List<MemberShape> = shape.allMembers.values.sortedBy { symbolProvider.toMemberName(it) }
private val unionSymbol = symbolProvider.toSymbol(shape)

fun render() {
renderUnion()
renderImplBlock()
if (shape.shouldRedact(model)) {
renderDebugImplForSensitiveUnion()
}
}

private fun renderUnion() {
writer.documentShape(shape, model)
writer.deprecatedShape(shape)

val unionSymbol = symbolProvider.toSymbol(shape)
val containerMeta = unionSymbol.expectRustMetadata()
containerMeta.render(writer)
writer.rustBlock("enum ${unionSymbol.name}") {
Expand All @@ -82,6 +90,9 @@ class UnionGenerator(
rust("Unknown,")
}
}
}

private fun renderImplBlock() {
writer.rustBlock("impl ${unionSymbol.name}") {
sortedMembers.forEach { member ->
val memberSymbol = symbolProvider.toSymbol(member)
Expand Down Expand Up @@ -109,6 +120,19 @@ class UnionGenerator(
}
}
}
private fun renderDebugImplForSensitiveUnion() {
writer.rustTemplate(
"""
impl #{Debug} for ${unionSymbol.name} {
fn fmt(&self, f: &mut #{StdFmt}::Formatter<'_>) -> #{StdFmt}::Result {
write!(f, $REDACTION)
}
}
""",
"Debug" to RuntimeType.Debug,
"StdFmt" to RuntimeType.stdfmt,
)
}

companion object {
const val UnknownVariantName = "Unknown"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ internal class BuilderGeneratorTest {
private val model = StructureGeneratorTest.model
private val inner = StructureGeneratorTest.inner
private val struct = StructureGeneratorTest.struct
private val credentials = StructureGeneratorTest.credentials

@Test
fun `generate builders`() {
Expand Down Expand Up @@ -94,4 +95,27 @@ internal class BuilderGeneratorTest {
""",
)
}

@Test
fun `builder for a struct with sensitive fields should implement the debug trait as such`() {
val provider = testSymbolProvider(model)
val writer = RustWriter.forModule("model")
val credsGenerator = StructureGenerator(model, provider, writer, credentials)
val builderGenerator = BuilderGenerator(model, provider, credentials)
credsGenerator.render()
builderGenerator.render(writer)
writer.implBlock(credentials, provider) {
builderGenerator.renderConvenienceMethod(this)
}
writer.compileAndTest(
"""
use super::*;
let builder = Credentials::builder()
.username("admin")
.password("pswd")
.secret_key("12345");
assert_eq!(format!("{:?}", builder), "Builder { username: Some(\"admin\"), password: \"*** Sensitive Data Redacted ***\", secret_key: \"*** Sensitive Data Redacted ***\" }");
""",
)
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import software.amazon.smithy.rust.codegen.core.testutil.TestWorkspace
import software.amazon.smithy.rust.codegen.core.testutil.asSmithyModel
import software.amazon.smithy.rust.codegen.core.testutil.compileAndTest
import software.amazon.smithy.rust.codegen.core.testutil.testSymbolProvider
import software.amazon.smithy.rust.codegen.core.util.REDACTION
import software.amazon.smithy.rust.codegen.core.util.lookup

class UnionGeneratorTest {
Expand Down Expand Up @@ -125,6 +126,45 @@ class UnionGeneratorTest {
project.compileAndTest()
}

@Test
fun `impl debug for non-sensitive union should implement the derived debug trait`() {
val writer = generateUnion(
"""
union MyUnion {
foo: PrimitiveInteger
bar: String,
}
""",
)

writer.compileAndTest(
"""
assert_eq!(format!("{:?}", MyUnion::Foo(3)), "Foo(3)");
assert_eq!(format!("{:?}", MyUnion::Bar("bar".to_owned())), "Bar(\"bar\")");
""",
)
}

@Test
fun `impl debug for sensitive union should redact text`() {
val writer = generateUnion(
"""
@sensitive
union MyUnion {
foo: PrimitiveInteger,
bar: String,
}
""",
)

writer.compileAndTest(
"""
assert_eq!(format!("{:?}", MyUnion::Foo(3)), $REDACTION);
assert_eq!(format!("{:?}", MyUnion::Bar("bar".to_owned())), $REDACTION);
""",
)
}

private fun generateUnion(modelSmithy: String, unionName: String = "MyUnion", unknownVariant: Boolean = true): RustWriter {
val model = "namespace test\n$modelSmithy".asSmithyModel()
val provider: SymbolProvider = testSymbolProvider(model)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,10 @@ import software.amazon.smithy.rust.codegen.core.smithy.mapRustType
import software.amazon.smithy.rust.codegen.core.smithy.module
import software.amazon.smithy.rust.codegen.core.smithy.rustType
import software.amazon.smithy.rust.codegen.core.smithy.traits.SyntheticInputTrait
import software.amazon.smithy.rust.codegen.core.util.dq
import software.amazon.smithy.rust.codegen.core.util.hasTrait
import software.amazon.smithy.rust.codegen.core.util.letIf
import software.amazon.smithy.rust.codegen.core.util.redactIfNecessary
import software.amazon.smithy.rust.codegen.core.util.toSnakeCase
import software.amazon.smithy.rust.codegen.server.smithy.ServerCodegenContext
import software.amazon.smithy.rust.codegen.server.smithy.ServerRuntimeType
Expand Down Expand Up @@ -166,7 +168,7 @@ class ServerBuilderGenerator(
// Matching derives to the main structure, - `PartialEq` (see class documentation for why), + `Default`
// since we are a builder and everything is optional.
val baseDerives = structureSymbol.expectRustMetadata().derives
val derives = baseDerives.derives.intersect(setOf(RuntimeType.Debug, RuntimeType.Clone)) + RuntimeType.Default
val derives = baseDerives.derives.intersect(setOf(RuntimeType.Clone)) + RuntimeType.Default
baseDerives.copy(derives = derives).render(writer)
writer.rustBlock("pub${ if (visibility == Visibility.PUBCRATE) " (crate)" else "" } struct Builder") {
members.forEach { renderBuilderMember(this, it) }
Expand All @@ -184,6 +186,8 @@ class ServerBuilderGenerator(
}
renderBuildFn(this)
}

renderImplDebugForBuilder(writer)
}

private fun renderImplFromConstraintViolationForRequestRejection(writer: RustWriter) {
Expand Down Expand Up @@ -417,6 +421,23 @@ class ServerBuilderGenerator(
)
}

private fun renderImplDebugForBuilder(writer: RustWriter) {
writer.rustBlock("impl #T for Builder", RuntimeType.Debug) {
writer.rustBlock("fn fmt(&self, f: &mut #1T::Formatter<'_>) -> #1T::Result", RuntimeType.stdfmt) {
rust("""let mut formatter = f.debug_struct("Builder");""")
members.forEach { member ->
val memberName = symbolProvider.toMemberName(member)
val fieldValue = member.redactIfNecessary(model, "self.$memberName")

rust(
"formatter.field(${memberName.dq()}, &$fieldValue);",
)
}
rust("formatter.finish()")
}
}
}

/**
* Returns the symbol for a builder's member.
* All builder members are optional, but only some are `Option<T>`s where `T` needs to be constrained.
Expand Down
Loading