def test_invalid_input_values(self):
with self.assertRaises(TypeError):
RedactionConfig(redactMode='somestring')
with self.assertRaises(TypeError):
RedactionConfig(redactMode=0)
with self.assertRaises(TypeError):
RedactionConfig(redactResponseURL=0)
def test_redactResponseURL(self):
rc = RedactionConfig(redactResponseURL=True)
event = {
'RequestType': 'Create',
'RequestId': 'abcded',
'ResponseURL': 'https://localhost',
'StackId': 'arn:...',
'LogicalResourceId': 'Test',
'ResourceType': 'Custom::Test'
}
revent = rc._redact(event)
self.assertIn('ResponseURL', event)
self.assertNotIn('ResponseURL', revent)
def test_blacklist_deprecated(self):
with self.assertLogs(level=logging.WARNING) as captured:
rc = RedactionConfig(redactMode=RedactMode.BLACKLIST)
self.assertEqual(1, len(captured.records), 1)
self.assertEqual(
"The usage of RedactMode.BLACKLIST is deprecated, please change to use RedactMode.BLOCKLIST",
captured.records[0].getMessage())
def test_structure(self):
rc = RedactionConfig()
rc.add_rule_set(self.ruleSetDefault)
rc.add_rule_set(self.ruleSetCustom)
self.assertIn('^.*$', rc._redactProperties)
self.assertIn('^Custom::Test$', rc._redactProperties)
self.assertIn('^Test$', rc._redactProperties['^.*$'])
self.assertIn('^Example$', rc._redactProperties['^.*$'])
self.assertIn('^DeleteMe.*$', rc._redactProperties['^Custom::Test$'])
self.assertIn('^Custom$', rc._redactProperties['^Custom::Test$'])
def test_allowlist2(self):
rc = RedactionConfig(redactMode=RedactMode.ALLOWLIST)
rc.add_rule_set(self.ruleSetDefault)
rc.add_rule_set(self.ruleSetCustom)
event = {
'RequestType': 'Create',
'RequestId': 'abcded',
'ResponseURL': 'https://localhost',
'StackId': 'arn:...',
'LogicalResourceId': 'Test',
'ResourceType': 'Custom::Hello',
'ResourceProperties': {
'Test': NOT_REDACTED_STRING,
'Example': NOT_REDACTED_STRING,
'Custom': NOT_REDACTED_STRING,
'DeleteMe1': NOT_REDACTED_STRING,
'DeleteMe2': NOT_REDACTED_STRING,
'DoNotDelete': NOT_REDACTED_STRING
}
}
revent = rc._redact(event)
self.assertEqual(NOT_REDACTED_STRING,
event['ResourceProperties']['Test'])
self.assertEqual(NOT_REDACTED_STRING,
revent['ResourceProperties']['Test'])
self.assertEqual(NOT_REDACTED_STRING,
event['ResourceProperties']['Example'])
self.assertEqual(NOT_REDACTED_STRING,
revent['ResourceProperties']['Example'])
self.assertEqual(NOT_REDACTED_STRING,
event['ResourceProperties']['Custom'])
self.assertEqual(REDACTED_STRING,
revent['ResourceProperties']['Custom'])
self.assertEqual(NOT_REDACTED_STRING,
event['ResourceProperties']['DeleteMe1'])
self.assertEqual(REDACTED_STRING,
revent['ResourceProperties']['DeleteMe1'])
self.assertEqual(NOT_REDACTED_STRING,
event['ResourceProperties']['DeleteMe2'])
self.assertEqual(REDACTED_STRING,
revent['ResourceProperties']['DeleteMe2'])
self.assertEqual(NOT_REDACTED_STRING,
event['ResourceProperties']['DoNotDelete'])
self.assertEqual(REDACTED_STRING,
revent['ResourceProperties']['DoNotDelete'])
def test_input_values(self):
rc = RedactionConfig(redactMode=RedactMode.ALLOWLIST,
redactResponseURL=True)
self.assertEqual(rc.redactMode, RedactMode.ALLOWLIST)
self.assertTrue(rc.redactResponseURL)
def test_defaults(self):
rc = RedactionConfig()
self.assertEqual(rc.redactMode, RedactMode.BLOCKLIST)
self.assertFalse(rc.redactResponseURL)
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
import logging
from accustom import RedactionRuleSet, RedactionConfig, decorator
logging.getLogger().setLevel(logging.DEBUG)
ruleSetDefault = RedactionRuleSet()
ruleSetDefault.add_property_regex('^Test$')
ruleSetDefault.add_property('Example')
ruleSetCustom = RedactionRuleSet('^Custom::Test$')
ruleSetCustom.add_property('Custom')
ruleSetCustom.add_property_regex('^DeleteMe.*$')
rc = RedactionConfig(redactResponseURL=True)
rc.add_rule_set(ruleSetDefault)
rc.add_rule_set(ruleSetCustom)
logger = logging.getLogger(__name__)
@decorator(hideResourceDeleteFailure=True,
timeoutFunction=False,
redactConfig=rc)
def handler(event, context):
# No action actually required since we'll be looking at CW Logs.
pass