terraform/builtin/providers/aws/validators_test.go

2320 lines
51 KiB
Go
Raw Normal View History

package aws
import (
"fmt"
"strings"
"testing"
"github.com/aws/aws-sdk-go/service/s3"
)
func TestValidateEcrRepositoryName(t *testing.T) {
validNames := []string{
"nginx-web-app",
"project-a/nginx-web-app",
"domain.ltd/nginx-web-app",
"3chosome-thing.com/01different-pattern",
"0123456789/999999999",
"double/forward/slash",
"000000000000000",
}
for _, v := range validNames {
_, errors := validateEcrRepositoryName(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid ECR repository name: %q", v, errors)
}
}
invalidNames := []string{
// length > 256
"3cho_some-thing.com/01different.-_pattern01different.-_pattern01diff" +
"erent.-_pattern01different.-_pattern01different.-_pattern01different" +
".-_pattern01different.-_pattern01different.-_pattern01different.-_pa" +
"ttern01different.-_pattern01different.-_pattern234567",
// length < 2
"i",
"special@character",
"different+special=character",
"double//slash",
"double..dot",
"/slash-at-the-beginning",
"slash-at-the-end/",
}
for _, v := range invalidNames {
_, errors := validateEcrRepositoryName(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid ECR repository name", v)
}
}
}
func TestValidateCloudWatchEventRuleName(t *testing.T) {
validNames := []string{
"HelloWorl_d",
"hello-world",
"hello.World0125",
}
for _, v := range validNames {
_, errors := validateCloudWatchEventRuleName(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid CW event rule name: %q", v, errors)
}
}
invalidNames := []string{
"special@character",
"slash/in-the-middle",
// Length > 64
"TooLooooooooooooooooooooooooooooooooooooooooooooooooooooooongName",
}
for _, v := range invalidNames {
_, errors := validateCloudWatchEventRuleName(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid CW event rule name", v)
}
}
}
func TestValidateLambdaFunctionName(t *testing.T) {
validNames := []string{
"arn:aws:lambda:us-west-2:123456789012:function:ThumbNail",
"arn:aws-us-gov:lambda:us-west-2:123456789012:function:ThumbNail",
"FunctionName",
"function-name",
}
for _, v := range validNames {
_, errors := validateLambdaFunctionName(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid Lambda function name: %q", v, errors)
}
}
invalidNames := []string{
"/FunctionNameWithSlash",
"function.name.with.dots",
2016-09-12 08:14:24 +02:00
// length > 140
"arn:aws:lambda:us-west-2:123456789012:function:TooLoooooo" +
"ooooooooooooooooooooooooooooooooooooooooooooooooooooooo" +
"ooooooooooooooooongFunctionName",
}
for _, v := range invalidNames {
_, errors := validateLambdaFunctionName(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid Lambda function name", v)
}
}
}
func TestValidateLambdaQualifier(t *testing.T) {
validNames := []string{
"123",
"prod",
"PROD",
"MyTestEnv",
"contains-dashes",
"contains_underscores",
"$LATEST",
}
for _, v := range validNames {
_, errors := validateLambdaQualifier(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid Lambda function qualifier: %q", v, errors)
}
}
invalidNames := []string{
// No ARNs allowed
"arn:aws:lambda:us-west-2:123456789012:function:prod",
2016-09-12 08:14:24 +02:00
// length > 128
"TooLooooooooooooooooooooooooooooooooooooooooooooooooooo" +
"ooooooooooooooooooooooooooooooooooooooooooooooooooo" +
"oooooooooooongQualifier",
}
for _, v := range invalidNames {
_, errors := validateLambdaQualifier(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid Lambda function qualifier", v)
}
}
}
func TestValidateLambdaPermissionAction(t *testing.T) {
validNames := []string{
"lambda:*",
"lambda:InvokeFunction",
"*",
}
for _, v := range validNames {
_, errors := validateLambdaPermissionAction(v, "action")
if len(errors) != 0 {
t.Fatalf("%q should be a valid Lambda permission action: %q", v, errors)
}
}
invalidNames := []string{
"yada",
"lambda:123",
"*:*",
"lambda:Invoke*",
}
for _, v := range invalidNames {
_, errors := validateLambdaPermissionAction(v, "action")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid Lambda permission action", v)
}
}
}
func TestValidateAwsAccountId(t *testing.T) {
validNames := []string{
"123456789012",
"999999999999",
}
for _, v := range validNames {
_, errors := validateAwsAccountId(v, "account_id")
if len(errors) != 0 {
t.Fatalf("%q should be a valid AWS Account ID: %q", v, errors)
}
}
invalidNames := []string{
"12345678901", // too short
"1234567890123", // too long
"invalid",
"x123456789012",
}
for _, v := range invalidNames {
_, errors := validateAwsAccountId(v, "account_id")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid AWS Account ID", v)
}
}
}
func TestValidateArn(t *testing.T) {
v := ""
_, errors := validateArn(v, "arn")
if len(errors) != 0 {
t.Fatalf("%q should not be validated as an ARN: %q", v, errors)
}
validNames := []string{
"arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment", // Beanstalk
"arn:aws:iam::123456789012:user/David", // IAM User
"arn:aws:rds:eu-west-1:123456789012:db:mysql-db", // RDS
"arn:aws:s3:::my_corporate_bucket/exampleobject.png", // S3 object
"arn:aws:events:us-east-1:319201112229:rule/rule_name", // CloudWatch Rule
"arn:aws:lambda:eu-west-1:319201112229:function:myCustomFunction", // Lambda function
"arn:aws:lambda:eu-west-1:319201112229:function:myCustomFunction:Qualifier", // Lambda func qualifier
"arn:aws-us-gov:s3:::corp_bucket/object.png", // GovCloud ARN
"arn:aws-us-gov:kms:us-gov-west-1:123456789012:key/some-uuid-abc123", // GovCloud KMS ARN
}
for _, v := range validNames {
_, errors := validateArn(v, "arn")
if len(errors) != 0 {
t.Fatalf("%q should be a valid ARN: %q", v, errors)
}
}
invalidNames := []string{
"arn",
"123456789012",
"arn:aws",
"arn:aws:logs",
"arn:aws:logs:region:*:*",
}
for _, v := range invalidNames {
_, errors := validateArn(v, "arn")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid ARN", v)
}
}
}
func TestValidatePolicyStatementId(t *testing.T) {
validNames := []string{
"YadaHereAndThere",
"Valid-5tatement_Id",
"1234",
}
for _, v := range validNames {
_, errors := validatePolicyStatementId(v, "statement_id")
if len(errors) != 0 {
t.Fatalf("%q should be a valid Statement ID: %q", v, errors)
}
}
invalidNames := []string{
"Invalid/StatementId/with/slashes",
"InvalidStatementId.with.dots",
// length > 100
"TooooLoooooooooooooooooooooooooooooooooooooooooooo" +
"ooooooooooooooooooooooooooooooooooooooooStatementId",
}
for _, v := range invalidNames {
_, errors := validatePolicyStatementId(v, "statement_id")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid Statement ID", v)
}
}
}
func TestValidateCIDRNetworkAddress(t *testing.T) {
cases := []struct {
CIDR string
ExpectedErrSubstr string
}{
{"notacidr", `must contain a valid CIDR`},
{"10.0.1.0/16", `must contain a valid network CIDR`},
{"10.0.1.0/24", ``},
}
for i, tc := range cases {
_, errs := validateCIDRNetworkAddress(tc.CIDR, "foo")
if tc.ExpectedErrSubstr == "" {
if len(errs) != 0 {
t.Fatalf("%d/%d: Expected no error, got errs: %#v",
i+1, len(cases), errs)
}
} else {
if len(errs) != 1 {
t.Fatalf("%d/%d: Expected 1 err containing %q, got %d errs",
i+1, len(cases), tc.ExpectedErrSubstr, len(errs))
}
if !strings.Contains(errs[0].Error(), tc.ExpectedErrSubstr) {
t.Fatalf("%d/%d: Expected err: %q, to include %q",
i+1, len(cases), errs[0], tc.ExpectedErrSubstr)
}
}
}
}
2016-03-05 23:15:22 +01:00
func TestValidateHTTPMethod(t *testing.T) {
type testCases struct {
Value string
ErrCount int
}
invalidCases := []testCases{
{
Value: "incorrect",
ErrCount: 1,
},
{
Value: "delete",
ErrCount: 1,
},
}
for _, tc := range invalidCases {
_, errors := validateHTTPMethod(tc.Value, "http_method")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %q to trigger a validation error.", tc.Value)
}
}
validCases := []testCases{
{
Value: "ANY",
ErrCount: 0,
},
{
Value: "DELETE",
ErrCount: 0,
},
{
Value: "OPTIONS",
ErrCount: 0,
},
}
for _, tc := range validCases {
_, errors := validateHTTPMethod(tc.Value, "http_method")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %q not to trigger a validation error.", tc.Value)
2016-03-05 23:15:22 +01:00
}
}
}
func TestValidateLogMetricFilterName(t *testing.T) {
validNames := []string{
"YadaHereAndThere",
"Valid-5Metric_Name",
"This . is also %% valid@!)+(",
"1234",
strings.Repeat("W", 512),
}
for _, v := range validNames {
_, errors := validateLogMetricFilterName(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid Log Metric Filter Name: %q", v, errors)
}
}
invalidNames := []string{
"Here is a name with: colon",
"and here is another * invalid name",
"*",
// length > 512
strings.Repeat("W", 513),
}
for _, v := range invalidNames {
_, errors := validateLogMetricFilterName(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid Log Metric Filter Name", v)
}
}
}
func TestValidateLogMetricTransformationName(t *testing.T) {
validNames := []string{
"YadaHereAndThere",
"Valid-5Metric_Name",
"This . is also %% valid@!)+(",
"1234",
"",
strings.Repeat("W", 255),
}
for _, v := range validNames {
_, errors := validateLogMetricFilterTransformationName(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid Log Metric Filter Transformation Name: %q", v, errors)
}
}
invalidNames := []string{
"Here is a name with: colon",
"and here is another * invalid name",
"also $ invalid",
"*",
// length > 255
strings.Repeat("W", 256),
}
for _, v := range invalidNames {
_, errors := validateLogMetricFilterTransformationName(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid Log Metric Filter Transformation Name", v)
}
}
}
func TestValidateLogGroupName(t *testing.T) {
validNames := []string{
"ValidLogGroupName",
"ValidLogGroup.Name",
"valid/Log-group",
"1234",
"YadaValid#0123",
"Also_valid-name",
strings.Repeat("W", 512),
}
for _, v := range validNames {
_, errors := validateLogGroupName(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid Log Group name: %q", v, errors)
}
}
invalidNames := []string{
"Here is a name with: colon",
"and here is another * invalid name",
"also $ invalid",
"This . is also %% invalid@!)+(",
"*",
"",
// length > 512
strings.Repeat("W", 513),
}
for _, v := range invalidNames {
_, errors := validateLogGroupName(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid Log Group name", v)
}
}
}
func TestValidateLogGroupNamePrefix(t *testing.T) {
validNames := []string{
"ValidLogGroupName",
"ValidLogGroup.Name",
"valid/Log-group",
"1234",
"YadaValid#0123",
"Also_valid-name",
strings.Repeat("W", 483),
}
for _, v := range validNames {
_, errors := validateLogGroupNamePrefix(v, "name_prefix")
if len(errors) != 0 {
t.Fatalf("%q should be a valid Log Group name prefix: %q", v, errors)
}
}
invalidNames := []string{
"Here is a name with: colon",
"and here is another * invalid name",
"also $ invalid",
"This . is also %% invalid@!)+(",
"*",
"",
// length > 483
strings.Repeat("W", 484),
}
for _, v := range invalidNames {
_, errors := validateLogGroupNamePrefix(v, "name_prefix")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid Log Group name prefix", v)
}
}
}
func TestValidateS3BucketLifecycleTimestamp(t *testing.T) {
validDates := []string{
"2016-01-01",
"2006-01-02",
}
for _, v := range validDates {
_, errors := validateS3BucketLifecycleTimestamp(v, "date")
if len(errors) != 0 {
t.Fatalf("%q should be valid date: %q", v, errors)
}
}
invalidDates := []string{
"Jan 01 2016",
"20160101",
}
for _, v := range invalidDates {
_, errors := validateS3BucketLifecycleTimestamp(v, "date")
if len(errors) == 0 {
t.Fatalf("%q should be invalid date", v)
}
}
}
func TestValidateS3BucketLifecycleStorageClass(t *testing.T) {
validStorageClass := []string{
"STANDARD_IA",
"GLACIER",
}
for _, v := range validStorageClass {
_, errors := validateS3BucketLifecycleStorageClass(v, "storage_class")
if len(errors) != 0 {
t.Fatalf("%q should be valid storage class: %q", v, errors)
}
}
invalidStorageClass := []string{
"STANDARD",
"1234",
}
for _, v := range invalidStorageClass {
_, errors := validateS3BucketLifecycleStorageClass(v, "storage_class")
if len(errors) == 0 {
t.Fatalf("%q should be invalid storage class", v)
}
}
}
func TestValidateS3BucketReplicationRuleId(t *testing.T) {
validId := []string{
"YadaHereAndThere",
"Valid-5Rule_ID",
"This . is also %% valid@!)+*(:ID",
"1234",
strings.Repeat("W", 255),
}
for _, v := range validId {
_, errors := validateS3BucketReplicationRuleId(v, "id")
if len(errors) != 0 {
t.Fatalf("%q should be a valid lifecycle rule id: %q", v, errors)
}
}
invalidId := []string{
// length > 255
strings.Repeat("W", 256),
}
for _, v := range invalidId {
_, errors := validateS3BucketReplicationRuleId(v, "id")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid replication configuration rule id", v)
}
}
}
func TestValidateS3BucketReplicationRulePrefix(t *testing.T) {
validId := []string{
"YadaHereAndThere",
"Valid-5Rule_ID",
"This . is also %% valid@!)+*(:ID",
"1234",
strings.Repeat("W", 1024),
}
for _, v := range validId {
_, errors := validateS3BucketReplicationRulePrefix(v, "id")
if len(errors) != 0 {
t.Fatalf("%q should be a valid lifecycle rule id: %q", v, errors)
}
}
invalidId := []string{
// length > 1024
strings.Repeat("W", 1025),
}
for _, v := range invalidId {
_, errors := validateS3BucketReplicationRulePrefix(v, "id")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid replication configuration rule id", v)
}
}
}
func TestValidateS3BucketReplicationDestinationStorageClass(t *testing.T) {
validStorageClass := []string{
s3.StorageClassStandard,
s3.StorageClassStandardIa,
s3.StorageClassReducedRedundancy,
}
for _, v := range validStorageClass {
_, errors := validateS3BucketReplicationDestinationStorageClass(v, "storage_class")
if len(errors) != 0 {
t.Fatalf("%q should be valid storage class: %q", v, errors)
}
}
invalidStorageClass := []string{
"FOO",
"1234",
}
for _, v := range invalidStorageClass {
_, errors := validateS3BucketReplicationDestinationStorageClass(v, "storage_class")
if len(errors) == 0 {
t.Fatalf("%q should be invalid storage class", v)
}
}
}
func TestValidateS3BucketReplicationRuleStatus(t *testing.T) {
validRuleStatuses := []string{
s3.ReplicationRuleStatusEnabled,
s3.ReplicationRuleStatusDisabled,
}
for _, v := range validRuleStatuses {
_, errors := validateS3BucketReplicationRuleStatus(v, "status")
if len(errors) != 0 {
t.Fatalf("%q should be valid rule status: %q", v, errors)
}
}
invalidRuleStatuses := []string{
"FOO",
"1234",
}
for _, v := range invalidRuleStatuses {
_, errors := validateS3BucketReplicationRuleStatus(v, "status")
if len(errors) == 0 {
t.Fatalf("%q should be invalid rule status", v)
}
}
}
func TestValidateS3BucketLifecycleRuleId(t *testing.T) {
validId := []string{
"YadaHereAndThere",
"Valid-5Rule_ID",
"This . is also %% valid@!)+*(:ID",
"1234",
strings.Repeat("W", 255),
}
for _, v := range validId {
_, errors := validateS3BucketLifecycleRuleId(v, "id")
if len(errors) != 0 {
t.Fatalf("%q should be a valid lifecycle rule id: %q", v, errors)
}
}
invalidId := []string{
// length > 255
strings.Repeat("W", 256),
}
for _, v := range invalidId {
_, errors := validateS3BucketLifecycleRuleId(v, "id")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid lifecycle rule id", v)
}
}
}
func TestValidateIntegerInRange(t *testing.T) {
validIntegers := []int{-259, 0, 1, 5, 999}
min := -259
max := 999
for _, v := range validIntegers {
_, errors := validateIntegerInRange(min, max)(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be an integer in range (%d, %d): %q", v, min, max, errors)
}
}
invalidIntegers := []int{-260, -99999, 1000, 25678}
for _, v := range invalidIntegers {
_, errors := validateIntegerInRange(min, max)(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should be an integer outside range (%d, %d)", v, min, max)
}
}
}
func TestResourceAWSElastiCacheClusterIdValidation(t *testing.T) {
cases := []struct {
Value string
ErrCount int
}{
{
Value: "tEsting",
ErrCount: 1,
},
{
Value: "t.sting",
ErrCount: 1,
},
{
Value: "t--sting",
ErrCount: 1,
},
{
Value: "1testing",
ErrCount: 1,
},
{
Value: "testing-",
ErrCount: 1,
},
{
Value: randomString(65),
ErrCount: 1,
},
}
for _, tc := range cases {
_, errors := validateElastiCacheClusterId(tc.Value, "aws_elasticache_cluster_cluster_id")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected the ElastiCache Cluster cluster_id to trigger a validation error")
}
}
}
2016-05-05 12:14:25 +02:00
func TestValidateDbEventSubscriptionName(t *testing.T) {
validNames := []string{
"valid-name",
"valid02-name",
"Valid-Name1",
}
for _, v := range validNames {
_, errors := validateDbEventSubscriptionName(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid RDS Event Subscription Name: %q", v, errors)
}
}
invalidNames := []string{
"Here is a name with: colon",
"and here is another * invalid name",
"also $ invalid",
"This . is also %% invalid@!)+(",
"*",
"",
" ",
"_",
// length > 255
strings.Repeat("W", 256),
}
for _, v := range invalidNames {
_, errors := validateDbEventSubscriptionName(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid RDS Event Subscription Name", v)
}
}
}
func TestValidateJsonString(t *testing.T) {
type testCases struct {
Value string
ErrCount int
}
invalidCases := []testCases{
{
Value: `{0:"1"}`,
ErrCount: 1,
},
{
Value: `{'abc':1}`,
ErrCount: 1,
},
{
Value: `{"def":}`,
ErrCount: 1,
},
{
Value: `{"xyz":[}}`,
ErrCount: 1,
},
}
for _, tc := range invalidCases {
_, errors := validateJsonString(tc.Value, "json")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %q to trigger a validation error.", tc.Value)
}
}
validCases := []testCases{
{
Value: ``,
ErrCount: 0,
},
{
Value: `{}`,
ErrCount: 0,
},
{
Value: `{"abc":["1","2"]}`,
ErrCount: 0,
},
}
for _, tc := range validCases {
_, errors := validateJsonString(tc.Value, "json")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %q not to trigger a validation error.", tc.Value)
}
}
}
provider/aws: validation: Add validation function for IAM Policies The previous JSON validator that we were using for IAM policy documents wouldn't catch AWS IAM Policy errors. The supplied policy document would pass our validator, then fail with the following API error: ``` * aws_iam_role_policy.foo: Error putting IAM role policy tf_test_policy_ymw7hbil9w: MalformedPolicyDocument: The policy failed legacy parsing status code: 400, request id: e7615d90-3c99-11e7-babc-c14e741605bf ``` This happens if the Policy Document doesn't start with the opening JSON bracket, and often happens in the following case: ``` policy = <<EOF { "Version": "2012-10-17", "Statement": [ { ... } ] } EOF ``` Where, when using a HEREDOC, the policy document is indented incorrectly. The new validation function for the IAM policies verifies that the first character of the supplied policy document is the leading JSON bracket, prior to validating the JSON string. Test Output: ``` $ make test TEST=./builtin/providers/aws/ TESTARGS="-v -run=TestValidateIAMPolicyJsonString" ==> Checking that code complies with gofmt requirements... ==> Checking AWS provider for unchecked errors... ==> NOTE: at this time we only look for uncheck errors in the AWS package go generate $(go list ./... | grep -v /terraform/vendor/) 2017/05/19 10:56:32 Generated command/internal_plugin_list.go go test -i ./builtin/providers/aws/ || exit 1 echo ./builtin/providers/aws/ | \ xargs -t -n4 go test -v -run=TestValidateIAMPolicyJsonString -timeout=60s -parallel=4 go test -v -run=TestValidateIAMPolicyJsonString -timeout=60s -parallel=4 ./builtin/providers/aws/ === RUN TestValidateIAMPolicyJsonString --- PASS: TestValidateIAMPolicyJsonString (0.00s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 0.009s ``` ``` $ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAWSPolicy_' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/05/19 10:38:43 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAWSPolicy_ -timeout 120m === RUN TestAWSPolicy_namePrefix --- PASS: TestAWSPolicy_namePrefix (20.01s) === RUN TestAWSPolicy_invalidJson --- PASS: TestAWSPolicy_invalidJson (0.00s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 20.027s ``` ``` $ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMRolePolicy_' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/05/19 11:02:56 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMRolePolicy_ -timeout 120m === RUN TestAccAWSIAMRolePolicy_importBasic --- PASS: TestAccAWSIAMRolePolicy_importBasic (18.45s) === RUN TestAccAWSIAMRolePolicy_basic --- PASS: TestAccAWSIAMRolePolicy_basic (35.92s) === RUN TestAccAWSIAMRolePolicy_namePrefix --- PASS: TestAccAWSIAMRolePolicy_namePrefix (14.78s) === RUN TestAccAWSIAMRolePolicy_generatedName --- PASS: TestAccAWSIAMRolePolicy_generatedName (20.20s) === RUN TestAccAWSIAMRolePolicy_invalidJSON --- PASS: TestAccAWSIAMRolePolicy_invalidJSON (0.00s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 89.363s ```
2017-05-19 17:11:44 +02:00
func TestValidateIAMPolicyJsonString(t *testing.T) {
type testCases struct {
Value string
ErrCount int
}
invalidCases := []testCases{
{
Value: `{0:"1"}`,
ErrCount: 1,
},
{
Value: `{'abc':1}`,
ErrCount: 1,
},
{
Value: `{"def":}`,
ErrCount: 1,
},
{
Value: `{"xyz":[}}`,
ErrCount: 1,
},
{
Value: ``,
ErrCount: 1,
},
{
Value: ` {"xyz": "foo"}`,
ErrCount: 1,
},
}
for _, tc := range invalidCases {
_, errors := validateIAMPolicyJson(tc.Value, "json")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %q to trigger a validation error.", tc.Value)
}
}
validCases := []testCases{
{
Value: `{}`,
ErrCount: 0,
},
{
Value: `{"abc":["1","2"]}`,
ErrCount: 0,
},
}
for _, tc := range validCases {
_, errors := validateIAMPolicyJson(tc.Value, "json")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %q not to trigger a validation error.", tc.Value)
}
}
}
func TestValidateCloudFormationTemplate(t *testing.T) {
type testCases struct {
Value string
ErrCount int
}
invalidCases := []testCases{
{
Value: `{"abc":"`,
ErrCount: 1,
},
{
Value: "abc: [",
ErrCount: 1,
},
}
for _, tc := range invalidCases {
_, errors := validateCloudFormationTemplate(tc.Value, "template")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %q to trigger a validation error.", tc.Value)
}
}
validCases := []testCases{
{
Value: `{"abc":"1"}`,
ErrCount: 0,
},
{
Value: `abc: 1`,
ErrCount: 0,
},
}
for _, tc := range validCases {
_, errors := validateCloudFormationTemplate(tc.Value, "template")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %q not to trigger a validation error.", tc.Value)
}
}
}
func TestValidateApiGatewayIntegrationType(t *testing.T) {
type testCases struct {
Value string
ErrCount int
}
invalidCases := []testCases{
{
Value: "incorrect",
ErrCount: 1,
},
{
Value: "aws_proxy",
ErrCount: 1,
},
}
for _, tc := range invalidCases {
_, errors := validateApiGatewayIntegrationType(tc.Value, "types")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %q to trigger a validation error.", tc.Value)
}
}
validCases := []testCases{
{
Value: "MOCK",
ErrCount: 0,
},
{
Value: "AWS_PROXY",
ErrCount: 0,
},
}
for _, tc := range validCases {
_, errors := validateApiGatewayIntegrationType(tc.Value, "types")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %q not to trigger a validation error.", tc.Value)
}
}
}
func TestValidateSQSQueueName(t *testing.T) {
validNames := []string{
"valid-name",
"valid02-name",
"Valid-Name1",
"_",
"-",
strings.Repeat("W", 80),
}
for _, v := range validNames {
if errors := validateSQSQueueName(v, "name"); len(errors) > 0 {
t.Fatalf("%q should be a valid SQS queue Name", v)
}
}
invalidNames := []string{
"Here is a name with: colon",
"another * invalid name",
"also $ invalid",
"This . is also %% invalid@!)+(",
"*",
"",
" ",
".",
strings.Repeat("W", 81), // length > 80
}
for _, v := range invalidNames {
if errors := validateSQSQueueName(v, "name"); len(errors) == 0 {
t.Fatalf("%q should be an invalid SQS queue Name", v)
}
}
}
func TestValidateSQSFifoQueueName(t *testing.T) {
validNames := []string{
"valid-name.fifo",
"valid02-name.fifo",
"Valid-Name1.fifo",
"_.fifo",
"a.fifo",
"A.fifo",
"9.fifo",
"-.fifo",
fmt.Sprintf("%s.fifo", strings.Repeat("W", 75)),
}
for _, v := range validNames {
if errors := validateSQSFifoQueueName(v, "name"); len(errors) > 0 {
t.Fatalf("%q should be a valid SQS FIFO queue Name: %v", v, errors)
}
}
invalidNames := []string{
"Here is a name with: colon",
"another * invalid name",
"also $ invalid",
"This . is also %% invalid@!)+(",
".fifo",
"*",
"",
" ",
".",
strings.Repeat("W", 81), // length > 80
}
for _, v := range invalidNames {
if errors := validateSQSFifoQueueName(v, "name"); len(errors) == 0 {
t.Fatalf("%q should be an invalid SQS FIFO queue Name: %v", v, errors)
}
}
}
func TestValidateSNSSubscriptionProtocol(t *testing.T) {
validProtocols := []string{
"lambda",
"sqs",
"sqs",
"application",
"http",
"https",
}
for _, v := range validProtocols {
if _, errors := validateSNSSubscriptionProtocol(v, "protocol"); len(errors) > 0 {
t.Fatalf("%q should be a valid SNS Subscription protocol: %v", v, errors)
}
}
invalidProtocols := []string{
"Email",
"email",
"Email-JSON",
"email-json",
"SMS",
"sms",
}
for _, v := range invalidProtocols {
if _, errors := validateSNSSubscriptionProtocol(v, "protocol"); len(errors) == 0 {
t.Fatalf("%q should be an invalid SNS Subscription protocol: %v", v, errors)
}
}
}
func TestValidateSecurityRuleType(t *testing.T) {
validTypes := []string{
"ingress",
"egress",
}
for _, v := range validTypes {
if _, errors := validateSecurityRuleType(v, "type"); len(errors) > 0 {
t.Fatalf("%q should be a valid Security Group Rule type: %v", v, errors)
}
}
invalidTypes := []string{
"foo",
"ingresss",
}
for _, v := range invalidTypes {
if _, errors := validateSecurityRuleType(v, "type"); len(errors) == 0 {
t.Fatalf("%q should be an invalid Security Group Rule type: %v", v, errors)
}
}
}
func TestValidateOnceAWeekWindowFormat(t *testing.T) {
cases := []struct {
Value string
ErrCount int
}{
{
// once a day window format
Value: "04:00-05:00",
ErrCount: 1,
},
{
// invalid day of week
Value: "san:04:00-san:05:00",
ErrCount: 1,
},
{
// invalid hour
Value: "sun:24:00-san:25:00",
ErrCount: 1,
},
{
// invalid min
Value: "sun:04:00-sun:04:60",
ErrCount: 1,
},
{
// valid format
Value: "sun:04:00-sun:05:00",
ErrCount: 0,
},
{
// "Sun" can also be used
Value: "Sun:04:00-Sun:05:00",
ErrCount: 0,
},
{
// valid format
Value: "",
ErrCount: 0,
},
}
for _, tc := range cases {
_, errors := validateOnceAWeekWindowFormat(tc.Value, "maintenance_window")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %d validation errors, But got %d errors for \"%s\"", tc.ErrCount, len(errors), tc.Value)
}
}
}
func TestValidateOnceADayWindowFormat(t *testing.T) {
cases := []struct {
Value string
ErrCount int
}{
{
// once a week window format
Value: "sun:04:00-sun:05:00",
ErrCount: 1,
},
{
// invalid hour
Value: "24:00-25:00",
ErrCount: 1,
},
{
// invalid min
Value: "04:00-04:60",
ErrCount: 1,
},
{
// valid format
Value: "04:00-05:00",
ErrCount: 0,
},
{
// valid format
Value: "",
ErrCount: 0,
},
}
for _, tc := range cases {
_, errors := validateOnceADayWindowFormat(tc.Value, "backup_window")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %d validation errors, But got %d errors for \"%s\"", tc.ErrCount, len(errors), tc.Value)
}
}
}
func TestValidateRoute53RecordType(t *testing.T) {
validTypes := []string{
"AAAA",
"SOA",
"A",
"TXT",
"CNAME",
"MX",
"NAPTR",
"PTR",
"SPF",
"SRV",
"NS",
}
invalidTypes := []string{
"a",
"alias",
"SpF",
"Txt",
"AaAA",
}
for _, v := range validTypes {
_, errors := validateRoute53RecordType(v, "route53_record")
if len(errors) != 0 {
t.Fatalf("%q should be a valid Route53 record type: %v", v, errors)
}
}
for _, v := range invalidTypes {
_, errors := validateRoute53RecordType(v, "route53_record")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid Route53 record type", v)
}
}
}
func TestValidateEcsPlacementConstraint(t *testing.T) {
cases := []struct {
constType string
constExpr string
Err bool
}{
{
constType: "distinctInstance",
constExpr: "",
Err: false,
},
{
constType: "memberOf",
constExpr: "",
Err: true,
},
{
constType: "distinctInstance",
constExpr: "expression",
Err: false,
},
{
constType: "memberOf",
constExpr: "expression",
Err: false,
},
}
for _, tc := range cases {
if err := validateAwsEcsPlacementConstraint(tc.constType, tc.constExpr); err != nil && !tc.Err {
t.Fatalf("Unexpected validation error for \"%s:%s\": %s",
tc.constType, tc.constExpr, err)
}
}
}
func TestValidateEcsPlacementStrategy(t *testing.T) {
cases := []struct {
stratType string
stratField string
Err bool
}{
{
stratType: "random",
stratField: "",
Err: false,
},
{
stratType: "spread",
stratField: "instanceID",
Err: false,
},
{
stratType: "binpack",
stratField: "cpu",
Err: false,
},
{
stratType: "binpack",
stratField: "memory",
Err: false,
},
{
stratType: "binpack",
stratField: "disk",
Err: true,
},
{
stratType: "fakeType",
stratField: "",
Err: true,
},
}
for _, tc := range cases {
if err := validateAwsEcsPlacementStrategy(tc.stratType, tc.stratField); err != nil && !tc.Err {
t.Fatalf("Unexpected validation error for \"%s:%s\": %s",
tc.stratType, tc.stratField, err)
}
}
}
func TestValidateStepFunctionActivityName(t *testing.T) {
validTypes := []string{
"foo",
"FooBar123",
}
invalidTypes := []string{
strings.Repeat("W", 81), // length > 80
}
for _, v := range validTypes {
_, errors := validateSfnActivityName(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid Step Function Activity name: %v", v, errors)
}
}
for _, v := range invalidTypes {
_, errors := validateSfnActivityName(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid Step Function Activity name", v)
}
}
}
func TestValidateStepFunctionStateMachineDefinition(t *testing.T) {
validDefinitions := []string{
"foobar",
strings.Repeat("W", 1048576),
}
invalidDefinitions := []string{
strings.Repeat("W", 1048577), // length > 1048576
}
for _, v := range validDefinitions {
_, errors := validateSfnStateMachineDefinition(v, "definition")
if len(errors) != 0 {
t.Fatalf("%q should be a valid Step Function State Machine definition: %v", v, errors)
}
}
for _, v := range invalidDefinitions {
_, errors := validateSfnStateMachineDefinition(v, "definition")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid Step Function State Machine definition", v)
}
}
}
func TestValidateStepFunctionStateMachineName(t *testing.T) {
validTypes := []string{
"foo",
"BAR",
"FooBar123",
"FooBar123Baz-_",
}
invalidTypes := []string{
"foo bar",
"foo<bar>",
"foo{bar}",
"foo[bar]",
"foo*bar",
"foo?bar",
"foo#bar",
"foo%bar",
"foo\bar",
"foo^bar",
"foo|bar",
"foo~bar",
"foo$bar",
"foo&bar",
"foo,bar",
"foo:bar",
"foo;bar",
"foo/bar",
strings.Repeat("W", 81), // length > 80
}
for _, v := range validTypes {
_, errors := validateSfnStateMachineName(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid Step Function State Machine name: %v", v, errors)
}
}
for _, v := range invalidTypes {
_, errors := validateSfnStateMachineName(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid Step Function State Machine name", v)
}
}
}
func TestValidateEmrEbsVolumeType(t *testing.T) {
cases := []struct {
VolType string
ErrCount int
}{
{
VolType: "gp2",
ErrCount: 0,
},
{
VolType: "io1",
ErrCount: 0,
},
{
VolType: "standard",
ErrCount: 0,
},
{
VolType: "stand",
ErrCount: 1,
},
{
VolType: "io",
ErrCount: 1,
},
{
VolType: "gp1",
ErrCount: 1,
},
{
VolType: "fast-disk",
ErrCount: 1,
},
}
for _, tc := range cases {
_, errors := validateAwsEmrEbsVolumeType(tc.VolType, "volume")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %d errors, got %d: %s", tc.ErrCount, len(errors), errors)
}
}
}
func TestValidateAppautoscalingScalableDimension(t *testing.T) {
cases := []struct {
Value string
ErrCount int
}{
{
Value: "ecs:service:DesiredCount",
ErrCount: 0,
},
{
Value: "ec2:spot-fleet-request:TargetCapacity",
ErrCount: 0,
},
{
Value: "ec2:service:DesiredCount",
ErrCount: 1,
},
{
Value: "ecs:spot-fleet-request:TargetCapacity",
ErrCount: 1,
},
{
Value: "",
ErrCount: 1,
},
}
for _, tc := range cases {
_, errors := validateAppautoscalingScalableDimension(tc.Value, "scalable_dimension")
if len(errors) != tc.ErrCount {
t.Fatalf("Scalable Dimension validation failed for value %q: %q", tc.Value, errors)
}
}
}
func TestValidateAppautoscalingServiceNamespace(t *testing.T) {
cases := []struct {
Value string
ErrCount int
}{
{
Value: "ecs",
ErrCount: 0,
},
{
Value: "ec2",
ErrCount: 0,
},
{
Value: "autoscaling",
ErrCount: 1,
},
{
Value: "s3",
ErrCount: 1,
},
{
Value: "es",
ErrCount: 1,
},
{
Value: "",
ErrCount: 1,
},
}
for _, tc := range cases {
_, errors := validateAppautoscalingServiceNamespace(tc.Value, "service_namespace")
if len(errors) != tc.ErrCount {
t.Fatalf("Service Namespace validation failed for value %q: %q", tc.Value, errors)
}
}
}
func TestValidateDmsEndpointId(t *testing.T) {
validIds := []string{
"tf-test-endpoint-1",
"tfTestEndpoint",
}
for _, s := range validIds {
_, errors := validateDmsEndpointId(s, "endpoint_id")
if len(errors) > 0 {
t.Fatalf("%q should be a valid endpoint id: %v", s, errors)
}
}
invalidIds := []string{
"tf_test_endpoint_1",
"tf.test.endpoint.1",
"tf test endpoint 1",
"tf-test-endpoint-1!",
"tf-test-endpoint-1-",
"tf-test-endpoint--1",
"tf-test-endpoint-1tf-test-endpoint-1tf-test-endpoint-1tf-test-endpoint-1tf-test-endpoint-1tf-test-endpoint-1tf-test-endpoint-1tf-test-endpoint-1tf-test-endpoint-1tf-test-endpoint-1tf-test-endpoint-1tf-test-endpoint-1tf-test-endpoint-1tf-test-endpoint-1tf-test-endpoint-1",
}
for _, s := range invalidIds {
_, errors := validateDmsEndpointId(s, "endpoint_id")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid endpoint id: %v", s, errors)
}
}
}
func TestValidateDmsCertificateId(t *testing.T) {
validIds := []string{
"tf-test-certificate-1",
"tfTestEndpoint",
}
for _, s := range validIds {
_, errors := validateDmsCertificateId(s, "certificate_id")
if len(errors) > 0 {
t.Fatalf("%q should be a valid certificate id: %v", s, errors)
}
}
invalidIds := []string{
"tf_test_certificate_1",
"tf.test.certificate.1",
"tf test certificate 1",
"tf-test-certificate-1!",
"tf-test-certificate-1-",
"tf-test-certificate--1",
"tf-test-certificate-1tf-test-certificate-1tf-test-certificate-1tf-test-certificate-1tf-test-certificate-1tf-test-certificate-1tf-test-certificate-1tf-test-certificate-1tf-test-certificate-1tf-test-certificate-1tf-test-certificate-1tf-test-certificate-1tf-test-certificate-1tf-test-certificate-1tf-test-certificate-1",
}
for _, s := range invalidIds {
_, errors := validateDmsEndpointId(s, "certificate_id")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid certificate id: %v", s, errors)
}
}
}
func TestValidateDmsReplicationInstanceId(t *testing.T) {
validIds := []string{
"tf-test-replication-instance-1",
"tfTestReplicaitonInstance",
}
for _, s := range validIds {
_, errors := validateDmsReplicationInstanceId(s, "replicaiton_instance_id")
if len(errors) > 0 {
t.Fatalf("%q should be a valid replication instance id: %v", s, errors)
}
}
invalidIds := []string{
"tf_test_replication-instance_1",
"tf.test.replication.instance.1",
"tf test replication instance 1",
"tf-test-replication-instance-1!",
"tf-test-replication-instance-1-",
"tf-test-replication-instance--1",
"tf-test-replication-instance-1tf-test-replication-instance-1tf-test-replication-instance-1",
}
for _, s := range invalidIds {
_, errors := validateDmsReplicationInstanceId(s, "replication_instance_id")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid replication instance id: %v", s, errors)
}
}
}
func TestValidateDmsReplicationSubnetGroupId(t *testing.T) {
validIds := []string{
"tf-test-replication-subnet-group-1",
"tf_test_replication_subnet_group_1",
"tf.test.replication.subnet.group.1",
"tf test replication subnet group 1",
"tfTestReplicationSubnetGroup",
}
for _, s := range validIds {
_, errors := validateDmsReplicationSubnetGroupId(s, "replication_subnet_group_id")
if len(errors) > 0 {
t.Fatalf("%q should be a valid replication subnet group id: %v", s, errors)
}
}
invalidIds := []string{
"default",
"tf-test-replication-subnet-group-1!",
"tf-test-replication-subnet-group-1tf-test-replication-subnet-group-1tf-test-replication-subnet-group-1tf-test-replication-subnet-group-1tf-test-replication-subnet-group-1tf-test-replication-subnet-group-1tf-test-replication-subnet-group-1tf-test-replication-subnet-group-1",
}
for _, s := range invalidIds {
_, errors := validateDmsReplicationSubnetGroupId(s, "replication_subnet_group_id")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid replication subnet group id: %v", s, errors)
}
}
}
func TestValidateDmsReplicationTaskId(t *testing.T) {
validIds := []string{
"tf-test-replication-task-1",
"tfTestReplicationTask",
}
for _, s := range validIds {
_, errors := validateDmsReplicationTaskId(s, "replication_task_id")
if len(errors) > 0 {
t.Fatalf("%q should be a valid replication task id: %v", s, errors)
}
}
invalidIds := []string{
"tf_test_replication_task_1",
"tf.test.replication.task.1",
"tf test replication task 1",
"tf-test-replication-task-1!",
"tf-test-replication-task-1-",
"tf-test-replication-task--1",
"tf-test-replication-task-1tf-test-replication-task-1tf-test-replication-task-1tf-test-replication-task-1tf-test-replication-task-1tf-test-replication-task-1tf-test-replication-task-1tf-test-replication-task-1tf-test-replication-task-1tf-test-replication-task-1",
}
for _, s := range invalidIds {
_, errors := validateDmsReplicationTaskId(s, "replication_task_id")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid replication task id: %v", s, errors)
}
}
}
func TestValidateAccountAlias(t *testing.T) {
validAliases := []string{
"tf-alias",
"0tf-alias1",
}
for _, s := range validAliases {
_, errors := validateAccountAlias(s, "account_alias")
if len(errors) > 0 {
t.Fatalf("%q should be a valid account alias: %v", s, errors)
}
}
invalidAliases := []string{
"tf",
"-tf",
"tf-",
"TF-Alias",
"tf-alias-tf-alias-tf-alias-tf-alias-tf-alias-tf-alias-tf-alias-tf-alias",
}
for _, s := range invalidAliases {
_, errors := validateAccountAlias(s, "account_alias")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid account alias: %v", s, errors)
}
}
}
func TestValidateIamRoleProfileName(t *testing.T) {
validNames := []string{
"tf-test-role-profile-1",
}
for _, s := range validNames {
_, errors := validateIamRolePolicyName(s, "name")
if len(errors) > 0 {
t.Fatalf("%q should be a valid IAM role policy name: %v", s, errors)
}
}
invalidNames := []string{
"invalid#name",
"this-is-a-very-long-role-policy-name-this-is-a-very-long-role-policy-name-this-is-a-very-long-role-policy-name-this-is-a-very-long",
}
for _, s := range invalidNames {
_, errors := validateIamRolePolicyName(s, "name")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid IAM role policy name: %v", s, errors)
}
}
}
func TestValidateIamRoleProfileNamePrefix(t *testing.T) {
validNamePrefixes := []string{
"tf-test-role-profile-",
}
for _, s := range validNamePrefixes {
_, errors := validateIamRolePolicyNamePrefix(s, "name_prefix")
if len(errors) > 0 {
t.Fatalf("%q should be a valid IAM role policy name prefix: %v", s, errors)
}
}
invalidNamePrefixes := []string{
"invalid#name_prefix",
"this-is-a-very-long-role-policy-name-prefix-this-is-a-very-long-role-policy-name-prefix-this-is-a-very-",
}
for _, s := range invalidNamePrefixes {
_, errors := validateIamRolePolicyNamePrefix(s, "name_prefix")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid IAM role policy name prefix: %v", s, errors)
}
}
}
func TestValidateApiGatewayUsagePlanQuotaSettingsPeriod(t *testing.T) {
validEntries := []string{
"DAY",
"WEEK",
"MONTH",
}
invalidEntries := []string{
"fooBAR",
"foobar45Baz",
"foobar45Baz@!",
}
for _, v := range validEntries {
_, errors := validateApiGatewayUsagePlanQuotaSettingsPeriod(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid API Gateway Quota Settings Period: %v", v, errors)
}
}
for _, v := range invalidEntries {
_, errors := validateApiGatewayUsagePlanQuotaSettingsPeriod(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should not be a API Gateway Quota Settings Period", v)
}
}
}
func TestValidateApiGatewayUsagePlanQuotaSettings(t *testing.T) {
cases := []struct {
Offset int
Period string
ErrCount int
}{
{
Offset: 0,
Period: "DAY",
ErrCount: 0,
},
{
Offset: -1,
Period: "DAY",
ErrCount: 1,
},
{
Offset: 1,
Period: "DAY",
ErrCount: 1,
},
{
Offset: 0,
Period: "WEEK",
ErrCount: 0,
},
{
Offset: 6,
Period: "WEEK",
ErrCount: 0,
},
{
Offset: -1,
Period: "WEEK",
ErrCount: 1,
},
{
Offset: 7,
Period: "WEEK",
ErrCount: 1,
},
{
Offset: 0,
Period: "MONTH",
ErrCount: 0,
},
{
Offset: 27,
Period: "MONTH",
ErrCount: 0,
},
{
Offset: -1,
Period: "MONTH",
ErrCount: 1,
},
{
Offset: 28,
Period: "MONTH",
ErrCount: 1,
},
}
for _, tc := range cases {
m := make(map[string]interface{})
m["offset"] = tc.Offset
m["period"] = tc.Period
errors := validateApiGatewayUsagePlanQuotaSettings(m)
if len(errors) != tc.ErrCount {
t.Fatalf("API Gateway Usage Plan Quota Settings validation failed: %v", errors)
}
}
}
func TestValidateElbName(t *testing.T) {
validNames := []string{
"tf-test-elb",
}
for _, s := range validNames {
_, errors := validateElbName(s, "name")
if len(errors) > 0 {
t.Fatalf("%q should be a valid ELB name: %v", s, errors)
}
}
invalidNames := []string{
"tf.test.elb.1",
"tf-test-elb-tf-test-elb-tf-test-elb",
"-tf-test-elb",
"tf-test-elb-",
}
for _, s := range invalidNames {
_, errors := validateElbName(s, "name")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid ELB name: %v", s, errors)
}
}
}
func TestValidateElbNamePrefix(t *testing.T) {
validNamePrefixes := []string{
"test-",
}
for _, s := range validNamePrefixes {
_, errors := validateElbNamePrefix(s, "name_prefix")
if len(errors) > 0 {
t.Fatalf("%q should be a valid ELB name prefix: %v", s, errors)
}
}
invalidNamePrefixes := []string{
"tf.test.elb.",
"tf-test",
"-test",
}
for _, s := range invalidNamePrefixes {
_, errors := validateElbNamePrefix(s, "name_prefix")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid ELB name prefix: %v", s, errors)
}
}
}
func TestValidateDbSubnetGroupName(t *testing.T) {
cases := []struct {
Value string
ErrCount int
}{
{
Value: "tEsting",
ErrCount: 1,
},
{
Value: "testing?",
ErrCount: 1,
},
{
Value: "default",
ErrCount: 1,
},
{
Value: randomString(300),
ErrCount: 1,
},
}
for _, tc := range cases {
_, errors := validateDbSubnetGroupName(tc.Value, "aws_db_subnet_group")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected the DB Subnet Group name to trigger a validation error")
}
}
}
func TestValidateDbSubnetGroupNamePrefix(t *testing.T) {
cases := []struct {
Value string
ErrCount int
}{
{
Value: "tEsting",
ErrCount: 1,
},
{
Value: "testing?",
ErrCount: 1,
},
{
Value: randomString(230),
ErrCount: 1,
},
}
for _, tc := range cases {
_, errors := validateDbSubnetGroupNamePrefix(tc.Value, "aws_db_subnet_group")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected the DB Subnet Group name prefix to trigger a validation error")
}
}
}
func TestValidateDbOptionGroupName(t *testing.T) {
cases := []struct {
Value string
ErrCount int
}{
{
Value: "testing123!",
ErrCount: 1,
},
{
Value: "1testing123",
ErrCount: 1,
},
{
Value: "testing--123",
ErrCount: 1,
},
{
Value: "testing123-",
ErrCount: 1,
},
{
Value: randomString(256),
ErrCount: 1,
},
}
for _, tc := range cases {
_, errors := validateDbOptionGroupName(tc.Value, "aws_db_option_group_name")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected the DB Option Group Name to trigger a validation error")
}
}
}
func TestValidateDbOptionGroupNamePrefix(t *testing.T) {
cases := []struct {
Value string
ErrCount int
}{
{
Value: "testing123!",
ErrCount: 1,
},
{
Value: "1testing123",
ErrCount: 1,
},
{
Value: "testing--123",
ErrCount: 1,
},
{
Value: randomString(230),
ErrCount: 1,
},
}
for _, tc := range cases {
_, errors := validateDbOptionGroupNamePrefix(tc.Value, "aws_db_option_group_name")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected the DB Option Group name prefix to trigger a validation error")
}
}
}
func TestValidateOpenIdURL(t *testing.T) {
cases := []struct {
Value string
ErrCount int
}{
{
Value: "http://wrong.scheme.com",
ErrCount: 1,
},
{
Value: "ftp://wrong.scheme.co.uk",
ErrCount: 1,
},
{
Value: "%@invalidUrl",
ErrCount: 1,
},
{
Value: "https://example.com/?query=param",
ErrCount: 1,
},
}
for _, tc := range cases {
_, errors := validateOpenIdURL(tc.Value, "url")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected %d of OpenID URL validation errors, got %d", tc.ErrCount, len(errors))
}
}
}
func TestValidateAwsKmsName(t *testing.T) {
cases := []struct {
Value string
ErrCount int
}{
{
Value: "alias/aws/s3",
ErrCount: 0,
},
{
Value: "alias/hashicorp",
ErrCount: 0,
},
{
Value: "hashicorp",
ErrCount: 1,
},
{
Value: "hashicorp/terraform",
ErrCount: 1,
},
}
for _, tc := range cases {
_, errors := validateAwsKmsName(tc.Value, "name")
if len(errors) != tc.ErrCount {
t.Fatalf("AWS KMS Alias Name validation failed: %v", errors)
}
}
}
func TestValidateCognitoIdentityPoolName(t *testing.T) {
validValues := []string{
"123",
"1 2 3",
"foo",
"foo bar",
"foo_bar",
"1foo 2bar 3",
}
for _, s := range validValues {
_, errors := validateCognitoIdentityPoolName(s, "identity_pool_name")
if len(errors) > 0 {
t.Fatalf("%q should be a valid Cognito Identity Pool Name: %v", s, errors)
}
}
invalidValues := []string{
"1-2-3",
"foo!",
"foo-bar",
"foo-bar",
"foo1-bar2",
}
for _, s := range invalidValues {
_, errors := validateCognitoIdentityPoolName(s, "identity_pool_name")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid Cognito Identity Pool Name: %v", s, errors)
}
}
}
func TestValidateCognitoProviderDeveloperName(t *testing.T) {
validValues := []string{
"1",
"foo",
"1.2",
"foo1-bar2-baz3",
"foo_bar",
}
for _, s := range validValues {
_, errors := validateCognitoProviderDeveloperName(s, "developer_provider_name")
if len(errors) > 0 {
t.Fatalf("%q should be a valid Cognito Provider Developer Name: %v", s, errors)
}
}
invalidValues := []string{
"foo!",
"foo:bar",
"foo/bar",
"foo;bar",
}
for _, s := range invalidValues {
_, errors := validateCognitoProviderDeveloperName(s, "developer_provider_name")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid Cognito Provider Developer Name: %v", s, errors)
}
}
}
func TestValidateCognitoSupportedLoginProviders(t *testing.T) {
validValues := []string{
"foo",
"7346241598935552",
"123456789012.apps.googleusercontent.com",
"foo_bar",
"foo;bar",
"foo/bar",
"foo-bar",
"xvz1evFS4wEEPTGEFPHBog;kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw",
strings.Repeat("W", 128),
}
for _, s := range validValues {
_, errors := validateCognitoSupportedLoginProviders(s, "supported_login_providers")
if len(errors) > 0 {
t.Fatalf("%q should be a valid Cognito Supported Login Providers: %v", s, errors)
}
}
invalidValues := []string{
"",
strings.Repeat("W", 129), // > 128
"foo:bar_baz",
"foobar,foobaz",
"foobar=foobaz",
}
for _, s := range invalidValues {
_, errors := validateCognitoSupportedLoginProviders(s, "supported_login_providers")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid Cognito Supported Login Providers: %v", s, errors)
}
}
}
func TestValidateCognitoIdentityProvidersClientId(t *testing.T) {
validValues := []string{
"7lhlkkfbfb4q5kpp90urffao",
"12345678",
"foo_123",
strings.Repeat("W", 128),
}
for _, s := range validValues {
_, errors := validateCognitoIdentityProvidersClientId(s, "client_id")
if len(errors) > 0 {
t.Fatalf("%q should be a valid Cognito Identity Provider Client ID: %v", s, errors)
}
}
invalidValues := []string{
"",
strings.Repeat("W", 129), // > 128
"foo-bar",
"foo:bar",
"foo;bar",
}
for _, s := range invalidValues {
_, errors := validateCognitoIdentityProvidersClientId(s, "client_id")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid Cognito Identity Provider Client ID: %v", s, errors)
}
}
}
func TestValidateCognitoIdentityProvidersProviderName(t *testing.T) {
validValues := []string{
"foo",
"7346241598935552",
"foo_bar",
"foo:bar",
"foo/bar",
"foo-bar",
"cognito-idp.us-east-1.amazonaws.com/us-east-1_Zr231apJu",
strings.Repeat("W", 128),
}
for _, s := range validValues {
_, errors := validateCognitoIdentityProvidersProviderName(s, "provider_name")
if len(errors) > 0 {
t.Fatalf("%q should be a valid Cognito Identity Provider Name: %v", s, errors)
}
}
invalidValues := []string{
"",
strings.Repeat("W", 129), // > 128
"foo;bar_baz",
"foobar,foobaz",
"foobar=foobaz",
}
for _, s := range invalidValues {
_, errors := validateCognitoIdentityProvidersProviderName(s, "provider_name")
if len(errors) == 0 {
t.Fatalf("%q should not be a valid Cognito Identity Provider Name: %v", s, errors)
}
}
}
func TestValidateWafMetricName(t *testing.T) {
validNames := []string{
"testrule",
"testRule",
"testRule123",
}
for _, v := range validNames {
_, errors := validateWafMetricName(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid WAF metric name: %q", v, errors)
}
}
invalidNames := []string{
"!",
"/",
" ",
":",
";",
"white space",
"/slash-at-the-beginning",
"slash-at-the-end/",
}
for _, v := range invalidNames {
_, errors := validateWafMetricName(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid WAF metric name", v)
}
}
}
func TestValidateIamRoleDescription(t *testing.T) {
validNames := []string{
"This 1s a D3scr!pti0n with weird content: @ #^ù£ê®æ ø]ŒîÏî~ÈÙ£÷=,ë",
strings.Repeat("W", 1000),
}
for _, v := range validNames {
_, errors := validateIamRoleDescription(v, "description")
if len(errors) != 0 {
t.Fatalf("%q should be a valid IAM Role Description: %q", v, errors)
}
}
invalidNames := []string{
strings.Repeat("W", 1001), // > 1000
}
for _, v := range invalidNames {
_, errors := validateIamRoleDescription(v, "description")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid IAM Role Description", v)
}
}
}
func TestValidateSsmParameterType(t *testing.T) {
validTypes := []string{
"String",
"StringList",
"SecureString",
}
for _, v := range validTypes {
_, errors := validateSsmParameterType(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid SSM parameter type: %q", v, errors)
}
}
invalidTypes := []string{
"foo",
"string",
"Securestring",
}
for _, v := range invalidTypes {
_, errors := validateSsmParameterType(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid SSM parameter type", v)
}
}
}