-
Notifications
You must be signed in to change notification settings - Fork 67
/
aws_lifecycle_hook_validation.go
71 lines (57 loc) · 2.03 KB
/
aws_lifecycle_hook_validation.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package validate
import (
"fmt"
"regexp"
)
const (
snsPattern = "^arn:aws:sns:[^:]+:[^:]+:[^:]+$"
iamRolePattern = "^arn:aws:iam::[^:]+:[^:]+$"
)
var validLifecycleHookResults = []string{"ABANDON", "CONTINUE"}
type AwsLifecycleHook struct {
DefaultResult string `json:"defaultResult,omitempty"`
HeartbeatTimeout int32 `json:"heartbeatTimeout,omitempty"`
LifecycleTransition string `json:"lifecycleTransition,omitempty"`
NotificationTargetARN string `json:"notificationTargetARN,omitempty"`
RoleARN string `json:"roleARN,omitempty"`
}
type awsLifecycleHookValidation struct{}
func (a *awsLifecycleHookValidation) validate(hook AwsLifecycleHook) []error {
var errors []error
if !a.isValidSnsArn(hook.NotificationTargetARN) {
errors = append(errors, fmt.Errorf("invalid SNS notification ARN: %s", hook.NotificationTargetARN))
}
if !a.isValidRoleArn(hook.RoleARN) {
errors = append(errors, fmt.Errorf("invalid IAM role ARN: %s", hook.RoleARN))
}
if !a.isValidDefaultResult(hook.DefaultResult) {
errors = append(errors, fmt.Errorf("invalid lifecycle default result: %s", hook.DefaultResult))
}
if !a.isValidHeartbeatTimeout(hook.HeartbeatTimeout) {
errors = append(errors, fmt.Errorf("lifecycle heartbeat timeout must be between 30 and 7200. Provided value was: %v", hook.HeartbeatTimeout))
}
return errors
}
func (a *awsLifecycleHookValidation) isValidSnsArn(arn string) bool {
if len(regexp.MustCompile(snsPattern).FindStringSubmatch(arn)) == 0 {
return false
}
return true
}
func (a *awsLifecycleHookValidation) isValidRoleArn(arn string) bool {
if len(regexp.MustCompile(iamRolePattern).FindStringSubmatch(arn)) == 0 {
return false
}
return true
}
func (a *awsLifecycleHookValidation) isValidHeartbeatTimeout(timeout int32) bool {
return timeout != 0 && timeout >= 30 && timeout <= 7200
}
func (a *awsLifecycleHookValidation) isValidDefaultResult(defaultResult string) bool {
for _, item := range validLifecycleHookResults {
if item == defaultResult {
return true
}
}
return false
}