provider/aws: Validate GovCloud KMS ARNs

Fixes validation errors in GovCloud when passing a KMS ARN for `kms_key_id` in `s3_bucket_object` and `db_instance`. The region is `us-gov-west-1` which breaks the regexp. Just added the optional `gov-` in the right place.
2017-04-16 22:35:09 -07:00 · 2017-04-16 22:35:09 -07:00 · 193c0d80ad
parent 82235877d6
commit 193c0d80ad
2 changed files with 2 additions and 1 deletions
--- a/builtin/providers/aws/validators.go
+++ b/builtin/providers/aws/validators.go
@ -353,7 +353,7 @@ func validateArn(v interface{}, k string) (ws []string, errors []error) {
 	}

 	// http://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html
-	pattern := `^arn:[\w-]+:([a-zA-Z0-9\-])+:([a-z]{2}-[a-z]+-\d{1})?:(\d{12})?:(.*)$`
+	pattern := `^arn:[\w-]+:([a-zA-Z0-9\-])+:([a-z]{2}-(gov-)?[a-z]+-\d{1})?:(\d{12})?:(.*)$`
 	if !regexp.MustCompile(pattern).MatchString(value) {
 		errors = append(errors, fmt.Errorf(
 			"%q doesn't look like a valid ARN (%q): %q",
--- a/builtin/providers/aws/validators_test.go
+++ b/builtin/providers/aws/validators_test.go
@ -207,6 +207,7 @@ func TestValidateArn(t *testing.T) {
 		"arn:aws:lambda:eu-west-1:319201112229:function:myCustomFunction",                  // Lambda function
 		"arn:aws:lambda:eu-west-1:319201112229:function:myCustomFunction:Qualifier",        // Lambda func qualifier
 		"arn:aws-us-gov:s3:::corp_bucket/object.png",                                       // GovCloud ARN
+		"arn:aws-us-gov:kms:us-gov-west-1:123456789012:key/some-uuid-abc123",               // GovCloud KMS ARN
 	}
 	for _, v := range validNames {
 		_, errors := validateArn(v, "arn")