aws/awsutils: Update not to render sensitive fields for StringValue

Updates the StringValue utility to not render fields decorated with
sensitive fields. Instead, sensitive fields are outputted as
"<sensitive>". This change is limited to the output of StringValue
utility method.

Author: jasdel

aws/awsutil/string_value.go

@@ -23,28 +23,27 @@ func stringValue(v reflect.Value, indent int, buf *bytes.Buffer) {
 	case reflect.Struct:
 		buf.WriteString("{\n")
 
-		names := []string{}
 		for i := 0; i < v.Type().NumField(); i++ {
-			name := v.Type().Field(i).Name
-			f := v.Field(i)
-			if name[0:1] == strings.ToLower(name[0:1]) {
+			ft := v.Type().Field(i)
+			fv := v.Field(i)
+
+			if ft.Name[0:1] == strings.ToLower(ft.Name[0:1]) {
 				continue // ignore unexported fields
 			}
-			if (f.Kind() == reflect.Ptr || f.Kind() == reflect.Slice) && f.IsNil() {
+			if (fv.Kind() == reflect.Ptr || fv.Kind() == reflect.Slice) && fv.IsNil() {
 				continue // ignore unset fields
 			}
-			names = append(names, name)
-		}
 
-		for i, n := range names {
-			val := v.FieldByName(n)
 			buf.WriteString(strings.Repeat(" ", indent+2))
-			buf.WriteString(n + ": ")
-			stringValue(val, indent+2, buf)
+			buf.WriteString(ft.Name + ": ")
 
-			if i < len(names)-1 {
-				buf.WriteString(",\n")
+			if tag := ft.Tag.Get("sensitive"); tag == "true" {
+				buf.WriteString("<sensitive>")
+			} else {
+				stringValue(fv, indent+2, buf)
 			}
+
+			buf.WriteString(",\n")
 		}
 
 		buf.WriteString("\n" + strings.Repeat(" ", indent) + "}")

aws/awsutil/string_value_test.go

@@ -0,0 +1,51 @@
+// +build go1.7
+
+package awsutil
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+)
+
+type testStruct struct {
+	Field1 string
+	Field2 *string
+	Field3 []byte `sensitive:"true"`
+	Value  []*string
+}
+
+func TestStringValue(t *testing.T) {
+	cases := map[string]struct {
+		Value  interface{}
+		Expect string
+	}{
+		"general": {
+			Value: testStruct{
+				Field1: "abc123",
+				Field2: aws.String("abc123"),
+				Field3: []byte("don't show me"),
+				Value: []*string{
+					aws.String("first"),
+					aws.String("second"),
+				},
+			},
+			Expect: `{
+  Field1: "abc123",
+  Field2: "abc123",
+  Field3: <sensitive>,
+  Value: ["first","second"],
+
+}`,
+		},
+	}
+
+	for d, c := range cases {
+		t.Run(d, func(t *testing.T) {
+			actual := StringValue(c.Value)
+			if e, a := c.Expect, actual; e != a {
+				t.Errorf("expect:\n%v\nactual:\n%v\n", e, a)
+			}
+		})
+	}
+}

private/model/api/shape.go

@@ -110,6 +110,9 @@ type Shape struct {
 	// Flags that the shape cannot be rename. Prevents the shape from being
 	// renamed further by the Input/Output.
 	AliasedShapeName bool
+
+	// Sensitive types should not be logged by SDK type loggers.
+	Sensitive bool `json:"sensitive"`
 }
 
 // ErrorCodeName will return the error shape's name formated for
@@ -502,6 +505,10 @@ func (ref *ShapeRef) GoTags(toplevel bool, isRequired bool) string {
 		tags = append(tags, ShapeTag{"ignore", "true"})
 	}
 
+	if ref.Shape.Sensitive {
+		tags = append(tags, ShapeTag{"sensitive", "true"})
+	}
+
 	return fmt.Sprintf("`%s`", tags)
 }