From 06325c42c6c4d57de47cc90fc95e8312fcaceeab Mon Sep 17 00:00:00 2001 From: JukieWalsh Date: Fri, 12 Apr 2019 11:39:14 -0400 Subject: [PATCH 1/4] Change regex to allow hyphens, underscores, and uppercase characters --- aws/validators.go | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/aws/validators.go b/aws/validators.go index 741ce14f9ce5..b433df625273 100644 --- a/aws/validators.go +++ b/aws/validators.go @@ -117,15 +117,19 @@ func validateTransferServerID(v interface{}, k string) (ws []string, errors []er func validateTransferUserName(v interface{}, k string) (ws []string, errors []error) { value := v.(string) - // https://docs.aws.amazon.com/transfer/latest/userguide/API_CreateUser.html - pattern := `^[a-z0-9]{3,32}$` - if !regexp.MustCompile(pattern).MatchString(value) { - errors = append(errors, fmt.Errorf( - "%q isn't a valid transfer user name (only lowercase alphanumeric characters are allowed): %q", - k, value)) + if regexp.MustCompile(`[^0-9a-zA-Z_-]`).MatchString(value) { + errors = append(errors, fmt.Errorf("%q can only contain alphanumeric characters, underscores, and hyphens", k)) + } + if len(value) < 3 { + errors = append(errors, fmt.Errorf("%q must be at least 3 characters", k)) + } + if len(value) > 32 { + errors = append(errors, fmt.Errorf("%q cannot be more than 32 characters", k)) + } + if regexp.MustCompile(`^-`).MatchString(value) { + errors = append(errors, fmt.Errorf("%q cannot begin with a hyphen", k)) } - return } From 02613239079634045c8bee92e64fe01cc4db857b Mon Sep 17 00:00:00 2001 From: JukieWalsh Date: Fri, 12 Apr 2019 12:40:17 -0400 Subject: [PATCH 2/4] Add test function for user_name validation --- aws/resource_aws_transfer_user_test.go | 36 ++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/aws/resource_aws_transfer_user_test.go b/aws/resource_aws_transfer_user_test.go index 4278a388c464..b053c18d59a3 100644 --- a/aws/resource_aws_transfer_user_test.go +++ b/aws/resource_aws_transfer_user_test.go @@ -125,6 +125,32 @@ func TestAccAWSTransferUser_disappears(t *testing.T) { }) } +func TestAccAWSTransferUserName_validation(t *testing.T) { + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSTransferUserDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSTransferUserName_validation("!@#$%^"), + ExpectError: regexp.MustCompile(`"user_name" can only contain alphanumeric characters, underscores, and hyphens`), + }, + { + Config: testAccAWSTransferUserName_validation(acctest.RandString(2)), + ExpectError: regexp.MustCompile(`"user_name" must be at least 3 characters`), + }, + { + Config: testAccAWSTransferUserName_validation(acctest.RandString(33)), + ExpectError: regexp.MustCompile(`"user_name" cannot be more than 32 characters`), + }, + { + Config: testAccAWSTransferUserName_validation("-abcdef"), + ExpectError: regexp.MustCompile(`"user_name" cannot begin with a hyphen`), + }, + }, + }) +} + func testAccCheckAWSTransferUserExists(n string, res *transfer.DescribedUser) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -260,6 +286,16 @@ resource "aws_transfer_user" "foo" { `, rName, rName) } +func testAccAWSTransferUserName_validation(rName string) string { + return fmt.Sprintf(` +resource "aws_transfer_user" "foo" { + server_id = "s-123456abcdeffffff" + user_name = "%s" + role = "arn:aws:iam::123456789012:role/foo" +} +`, rName) +} + func testAccAWSTransferUserConfig_options(rName string) string { return fmt.Sprintf(` resource "aws_transfer_server" "foo" { From 0714b2816dcade49e32ad28810112ef60ef07811 Mon Sep 17 00:00:00 2001 From: dajuke Date: Sun, 14 Apr 2019 18:45:46 -0400 Subject: [PATCH 3/4] add test case for valid username --- aws/resource_aws_transfer_user_test.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/aws/resource_aws_transfer_user_test.go b/aws/resource_aws_transfer_user_test.go index b053c18d59a3..5baa28a767a4 100644 --- a/aws/resource_aws_transfer_user_test.go +++ b/aws/resource_aws_transfer_user_test.go @@ -147,6 +147,11 @@ func TestAccAWSTransferUserName_validation(t *testing.T) { Config: testAccAWSTransferUserName_validation("-abcdef"), ExpectError: regexp.MustCompile(`"user_name" cannot begin with a hyphen`), }, + { + Config: testAccAWSTransferUserName_validation("valid_username"), + ExpectNonEmptyPlan: true, + PlanOnly: true, + }, }, }) } From 7345bd8e023daedd09dc280bce4a186d8a7a2a08 Mon Sep 17 00:00:00 2001 From: Jukie Date: Sun, 14 Apr 2019 23:43:04 -0400 Subject: [PATCH 4/4] Use single regex and add valid resource configs in validation tests --- aws/resource_aws_transfer_user_test.go | 36 +++++++++++++++++++++----- aws/validators.go | 13 ++-------- 2 files changed, 32 insertions(+), 17 deletions(-) diff --git a/aws/resource_aws_transfer_user_test.go b/aws/resource_aws_transfer_user_test.go index 5baa28a767a4..3e14871476bd 100644 --- a/aws/resource_aws_transfer_user_test.go +++ b/aws/resource_aws_transfer_user_test.go @@ -133,19 +133,19 @@ func TestAccAWSTransferUserName_validation(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccAWSTransferUserName_validation("!@#$%^"), - ExpectError: regexp.MustCompile(`"user_name" can only contain alphanumeric characters, underscores, and hyphens`), + ExpectError: regexp.MustCompile(`Invalid "user_name": must be between 3 and 32 alphanumeric or special characters hyphen and underscore. However, "user_name" cannot begin with a hyphen`), }, { Config: testAccAWSTransferUserName_validation(acctest.RandString(2)), - ExpectError: regexp.MustCompile(`"user_name" must be at least 3 characters`), + ExpectError: regexp.MustCompile(`Invalid "user_name": must be between 3 and 32 alphanumeric or special characters hyphen and underscore. However, "user_name" cannot begin with a hyphen`), }, { Config: testAccAWSTransferUserName_validation(acctest.RandString(33)), - ExpectError: regexp.MustCompile(`"user_name" cannot be more than 32 characters`), + ExpectError: regexp.MustCompile(`Invalid "user_name": must be between 3 and 32 alphanumeric or special characters hyphen and underscore. However, "user_name" cannot begin with a hyphen`), }, { Config: testAccAWSTransferUserName_validation("-abcdef"), - ExpectError: regexp.MustCompile(`"user_name" cannot begin with a hyphen`), + ExpectError: regexp.MustCompile(`Invalid "user_name": must be between 3 and 32 alphanumeric or special characters hyphen and underscore. However, "user_name" cannot begin with a hyphen`), }, { Config: testAccAWSTransferUserName_validation("valid_username"), @@ -293,10 +293,34 @@ resource "aws_transfer_user" "foo" { func testAccAWSTransferUserName_validation(rName string) string { return fmt.Sprintf(` +resource "aws_transfer_server" "foo" { + identity_provider_type = "SERVICE_MANAGED" + tags = { + NAME = "tf-acc-test-transfer-server" + } +} resource "aws_transfer_user" "foo" { - server_id = "s-123456abcdeffffff" + server_id = "${aws_transfer_server.foo.id}" user_name = "%s" - role = "arn:aws:iam::123456789012:role/foo" + role = "${aws_iam_role.foo.arn}" +} +resource "aws_iam_role" "foo" { + name = "tf-test-transfer-user-iam-role" + + assume_role_policy = < 32 { - errors = append(errors, fmt.Errorf("%q cannot be more than 32 characters", k)) - } - if regexp.MustCompile(`^-`).MatchString(value) { - errors = append(errors, fmt.Errorf("%q cannot begin with a hyphen", k)) + if !regexp.MustCompile(`^[a-zA-Z0-9_][a-zA-Z0-9_-]{2,31}$`).MatchString(value) { + errors = append(errors, fmt.Errorf("Invalid %q: must be between 3 and 32 alphanumeric or special characters hyphen and underscore. However, %q cannot begin with a hyphen", k, k)) } return }