Fix maps/lists with sensitive members not redacted

codegen-core/src/main/kotlin/software/amazon/smithy/rust/codegen/core/util/Smithy.kt

@@ -9,6 +9,8 @@ import software.amazon.smithy.aws.traits.ServiceTrait
 import software.amazon.smithy.codegen.core.CodegenException
 import software.amazon.smithy.model.Model
 import software.amazon.smithy.model.shapes.BooleanShape
+import software.amazon.smithy.model.shapes.ListShape
+import software.amazon.smithy.model.shapes.MapShape
 import software.amazon.smithy.model.shapes.MemberShape
 import software.amazon.smithy.model.shapes.NumberShape
 import software.amazon.smithy.model.shapes.OperationShape
@@ -99,13 +101,12 @@ fun ServiceShape.hasEventStreamOperations(model: Model): Boolean =
     }
 
 fun Shape.shouldRedact(model: Model): Boolean =
-    when (this) {
-        is MemberShape ->
-            model.expectShape(target).shouldRedact(model) ||
-                model.expectShape(container)
-                    .shouldRedact(model)
-
-        else -> this.hasTrait<SensitiveTrait>()
+    when {
+        this is MemberShape -> model.expectShape(target).shouldRedact(model)
+        hasTrait<SensitiveTrait>() -> true
+        this is ListShape -> member.shouldRedact(model)
+        this is MapShape -> key.shouldRedact(model) || value.shouldRedact(model)
+        else -> false
     }
 
 const val REDACTION = "\"*** Sensitive Data Redacted ***\""

codegen-core/src/test/kotlin/software/amazon/smithy/rust/codegen/core/smithy/generators/StructureGeneratorTest.kt

@@ -62,8 +62,10 @@ class StructureGeneratorTest {
             structure Credentials {
                 username: String,
                 password: Password,
-
-                secretKey: SecretKey
+                secretKey: SecretKey,
+                secretValueMap: MapThatContainsSecretValues,
+                secretKeyMap: MapThatContainsSecretKeys,
+                secretList: ListThatContainsSecrets
             }
 
             structure StructWithDoc {
@@ -79,6 +81,20 @@ class StructureGeneratorTest {
                 public: String,
                 private: SecretStructure,
             }
+
+            map MapThatContainsSecretKeys {
+                key: SecretKey
+                value: String
+            }
+
+            map MapThatContainsSecretValues {
+                key: String
+                value: SecretKey
+            }
+
+            list ListThatContainsSecrets {
+                member: Password
+            }
             """.asSmithyModel()
         val struct = model.lookup<StructureShape>("com.test#MyStruct")
         val structWithDoc = model.lookup<StructureShape>("com.test#StructWithDoc")
@@ -159,15 +175,27 @@ class StructureGeneratorTest {
         TestWorkspace.testProject().unitTest {
             structureGenerator(model, provider, this, credentials).render()
 
-            this.unitTest(
-                "sensitive_fields_redacted",
+            rust(
                 """
+                use std::collections::HashMap;
+
+                let mut secret_map = HashMap::new();
+                secret_map.insert("FirstSecret".to_string(), "don't leak me".to_string());
+                secret_map.insert("SecondSecret".to_string(), "don't leak me".to_string());
+
+                let secret_list = vec!["don't leak me".to_string()];
+
                 let creds = Credentials {
                     username: Some("not_redacted".to_owned()),
                     password: Some("don't leak me".to_owned()),
-                    secret_key: Some("don't leak me".to_owned())
+                    secret_key: Some("don't leak me".to_owned()),
+                    secret_key_map: Some(secret_map.clone()),
+                    secret_value_map: Some(secret_map),
+                    secret_list: Some(secret_list),
                 };
-                assert_eq!(format!("{:?}", creds), "Credentials { username: Some(\"not_redacted\"), password: \"*** Sensitive Data Redacted ***\", secret_key: \"*** Sensitive Data Redacted ***\" }");
+
+                assert_eq!(format!("{:?}", creds),
+                "Credentials { username: Some(\"not_redacted\"), password: \"*** Sensitive Data Redacted ***\", secret_key: \"*** Sensitive Data Redacted ***\", secret_value_map: \"*** Sensitive Data Redacted ***\", secret_key_map: \"*** Sensitive Data Redacted ***\", secret_list: \"*** Sensitive Data Redacted ***\" }");
                 """,
             )
         }.compileAndTest()
@@ -179,8 +207,7 @@ class StructureGeneratorTest {
         TestWorkspace.testProject().unitTest {
             structureGenerator(model, provider, this, secretStructure).render()
 
-            this.unitTest(
-                "sensitive_structure_redacted",
+            rust(
                 """
                 let secret_structure = SecretStructure {
                     secret_field: Some("secret".to_owned()),