From aad01a665c21bfa638eb7e4cb8091c23fa109a01 Mon Sep 17 00:00:00 2001 From: Mike Brannigan Date: Tue, 23 Aug 2016 17:30:57 -0500 Subject: [PATCH 1/3] Add password validation rules for redshift passwords --- .../aws/resource_aws_redshift_cluster.go | 25 +++++++++++- .../aws/resource_aws_redshift_cluster_test.go | 38 +++++++++++++++++++ 2 files changed, 61 insertions(+), 2 deletions(-) diff --git a/builtin/providers/aws/resource_aws_redshift_cluster.go b/builtin/providers/aws/resource_aws_redshift_cluster.go index b8fc2b874..4dba95777 100644 --- a/builtin/providers/aws/resource_aws_redshift_cluster.go +++ b/builtin/providers/aws/resource_aws_redshift_cluster.go @@ -56,8 +56,9 @@ func resourceAwsRedshiftCluster() *schema.Resource { }, "master_password": &schema.Schema{ - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateFunc: validateRedshiftClusterMasterPassword, }, "cluster_security_groups": &schema.Schema{ @@ -800,6 +801,26 @@ func validateRedshiftClusterMasterUsername(v interface{}, k string) (ws []string return } +func validateRedshiftClusterMasterPassword(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + if !regexp.MustCompile(`^.*[a-z].*`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "%q must contain at least one lowercase letter", k)) + } + if !regexp.MustCompile(`^.*[A-Z].*`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "%q must contain at least one uppercase letter", k)) + } + if !regexp.MustCompile(`^.*[0-9].*`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "%q must contain at least one number", k)) + } + if len(value) < 8 { + errors = append(errors, fmt.Errorf("%q must be more than 8 characters", k)) + } + return +} + func buildRedshiftARN(identifier, accountid, region string) (string, error) { if accountid == "" { return "", fmt.Errorf("Unable to construct cluster ARN because of missing AWS Account ID") diff --git a/builtin/providers/aws/resource_aws_redshift_cluster_test.go b/builtin/providers/aws/resource_aws_redshift_cluster_test.go index 903278c88..2e30cccc2 100644 --- a/builtin/providers/aws/resource_aws_redshift_cluster_test.go +++ b/builtin/providers/aws/resource_aws_redshift_cluster_test.go @@ -408,6 +408,44 @@ func TestResourceAWSRedshiftClusterMasterUsernameValidation(t *testing.T) { } } +func TestResourceAWSRedshiftClusterMasterPasswordValidation(t *testing.T) { + cases := []struct { + Value string + ErrCount int + }{ + { + Value: "1TESTING", + ErrCount: 1, + }, + { + Value: "1testing", + ErrCount: 1, + }, + { + Value: "TestTest", + ErrCount: 1, + }, + { + Value: "T3st", + ErrCount: 1, + }, + { + Value: "1Testing", + ErrCount: 0, + }, + } + + for _, tc := range cases { + fmt.Printf("Test Case Value: %s\n", tc.Value) + _, errors := validateRedshiftClusterMasterPassword(tc.Value, "aws_redshift_cluster_master_password") + fmt.Printf("Expected: %d and found %d\n", tc.ErrCount, len(errors)) + + if len(errors) != tc.ErrCount { + t.Fatalf("Expected the Redshift Cluster master_password to trigger a validation error") + } + } +} + var testAccAWSRedshiftClusterConfig_updateNodeCount = ` resource "aws_redshift_cluster" "default" { cluster_identifier = "tf-redshift-cluster-%d" From e281ad64816587cbce93ee9aa9f86a39858f653b Mon Sep 17 00:00:00 2001 From: Mike Brannigan Date: Tue, 23 Aug 2016 17:40:05 -0500 Subject: [PATCH 2/3] Fix error message for master password being too short --- builtin/providers/aws/resource_aws_redshift_cluster.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/providers/aws/resource_aws_redshift_cluster.go b/builtin/providers/aws/resource_aws_redshift_cluster.go index 4dba95777..41c2c4221 100644 --- a/builtin/providers/aws/resource_aws_redshift_cluster.go +++ b/builtin/providers/aws/resource_aws_redshift_cluster.go @@ -816,7 +816,7 @@ func validateRedshiftClusterMasterPassword(v interface{}, k string) (ws []string "%q must contain at least one number", k)) } if len(value) < 8 { - errors = append(errors, fmt.Errorf("%q must be more than 8 characters", k)) + errors = append(errors, fmt.Errorf("%q must be at least 8 characters", k)) } return } From 1871363e58565994366c9d75270308c3bbf9ffa6 Mon Sep 17 00:00:00 2001 From: Mike Brannigan Date: Tue, 23 Aug 2016 18:19:59 -0500 Subject: [PATCH 3/3] Remove debug statements --- builtin/providers/aws/resource_aws_redshift_cluster_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/builtin/providers/aws/resource_aws_redshift_cluster_test.go b/builtin/providers/aws/resource_aws_redshift_cluster_test.go index 2e30cccc2..5cdbb5749 100644 --- a/builtin/providers/aws/resource_aws_redshift_cluster_test.go +++ b/builtin/providers/aws/resource_aws_redshift_cluster_test.go @@ -436,9 +436,7 @@ func TestResourceAWSRedshiftClusterMasterPasswordValidation(t *testing.T) { } for _, tc := range cases { - fmt.Printf("Test Case Value: %s\n", tc.Value) _, errors := validateRedshiftClusterMasterPassword(tc.Value, "aws_redshift_cluster_master_password") - fmt.Printf("Expected: %d and found %d\n", tc.ErrCount, len(errors)) if len(errors) != tc.ErrCount { t.Fatalf("Expected the Redshift Cluster master_password to trigger a validation error")