VED-753 Remove PII from CloudWatch (#807)

* removed PII in CW; nhs_number (only) to Splunk

* no need for nhsNumber

* unit test

* unit test - standalone

* improved unit test

Author: JamesW1-NHS

backend/src/log_structure.py

@@ -42,7 +42,6 @@ def function_info(func):
     @wraps(func)
     def wrapper(*args, **kwargs):
         event = args[0] if args else {}
-        logger.info(f"Event: {event}")
         headers = event.get("headers", {})
         correlation_id = headers.get("X-Correlation-ID", "X-Correlation-ID not passed")
         request_id = headers.get("X-Request-ID", "X-Request-ID not passed")
@@ -64,7 +63,6 @@ def wrapper(*args, **kwargs):
         start = time.time()
         try:
             result = func(*args, **kwargs)
-            logger.info(f"Result:{result}")
             end = time.time()
             log_data["time_taken"] = f"{round(end - start, 5)}s"
             log_data.update(_log_data_from_body(event))

backend/tests/test_log_structure_wrapper.py

@@ -23,6 +23,14 @@ def mock_success_function(_event, _context):
     def mock_function_raises(_event, _context):
         raise ValueError("Test error")
 
+    def extract_all_call_args_for_logger(self, mock_logger) -> list:
+        """Extracts all arguments for logger.*."""
+        return (
+            [ args[0] for args, _ in mock_logger.info.call_args_list ]
+            + [ args[0] for args, _ in mock_logger.warning.call_args_list ]
+            + [ args[0] for args, _ in mock_logger.error.call_args_list ]
+        )
+
     def test_successful_execution(self, mock_logger, mock_firehose_logger):
         # Arrange
         test_correlation = "test_correlation"
@@ -65,6 +73,37 @@ def test_successful_execution(self, mock_logger, mock_firehose_logger):
         self.assertEqual(logged_info['local_id'], '12345^http://test')
         self.assertEqual(logged_info['vaccine_type'], 'FLU')
 
+    def test_successful_execution_pii(self, mock_logger, mock_firehose_logger):
+        """Pass personally identifiable information in an event, and ensure that it is not logged anywhere."""
+        # Arrange
+        test_correlation = "test_correlation"
+        test_request = "test_request"
+        test_supplier = "test_supplier"
+        test_actual_path = "/test"
+        test_resource_path = "/test"
+
+        self.mock_redis_client.hget.return_value = "FLU"
+        wrapped_function = function_info(self.mock_success_function)
+        event = {
+            'headers': {
+                'X-Correlation-ID': test_correlation,
+                'X-Request-ID': test_request,
+                'SupplierSystem': test_supplier
+            },
+            'path': test_actual_path,
+            'requestContext': {'resourcePath': test_resource_path},
+            'body': "{\"identifier\": [{\"system\": \"http://test\", \"value\": \"12345\"}], \"contained\": [{\"resourceType\": \"Patient\", \"id\": \"Pat1\", \"identifier\": [{\"system\": \"https://fhir.nhs.uk/Id/nhs-number\", \"value\": \"9693632109\"}]}], \"protocolApplied\": [{\"targetDisease\": [{\"coding\": [{\"system\": \"http://snomed.info/sct\", \"code\": \"840539006\", \"display\": \"Disease caused by severe acute respiratory syndrome coronavirus 2\"}]}]}]}"
+        }
+
+        # Act
+        result = wrapped_function(event, {})
+
+        # Assert
+        self.assertEqual(result, "Success")
+
+        for logger_info in self.extract_all_call_args_for_logger(mock_logger):
+            self.assertNotIn("9693632109", str(logger_info))
+
     def test_exception_handling(self, mock_logger, mock_firehose_logger):
         # Arrange
         test_correlation = "failed_test_correlation"