diff --git a/builtin/providers/aws/resource_aws_ami_copy.go b/builtin/providers/aws/resource_aws_ami_copy.go index e02d7c370..3452d5b52 100644 --- a/builtin/providers/aws/resource_aws_ami_copy.go +++ b/builtin/providers/aws/resource_aws_ami_copy.go @@ -32,10 +32,11 @@ func resourceAwsAmiCopy() *schema.Resource { } resourceSchema["kms_key_id"] = &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Computed: true, - ForceNew: true, + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ValidateFunc: validateArn, } return &schema.Resource{ diff --git a/builtin/providers/aws/validators.go b/builtin/providers/aws/validators.go index b0eb2f1ff..940826a51 100644 --- a/builtin/providers/aws/validators.go +++ b/builtin/providers/aws/validators.go @@ -292,6 +292,10 @@ func validateAwsAccountId(v interface{}, k string) (ws []string, errors []error) func validateArn(v interface{}, k string) (ws []string, errors []error) { value := v.(string) + if value == "" { + return + } + // http://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html pattern := `^arn:aws:([a-zA-Z0-9\-])+:([a-z]{2}-[a-z]+-\d{1})?:(\d{12})?:(.*)$` if !regexp.MustCompile(pattern).MatchString(value) { diff --git a/builtin/providers/aws/validators_test.go b/builtin/providers/aws/validators_test.go index db8c244e9..7817f80f0 100644 --- a/builtin/providers/aws/validators_test.go +++ b/builtin/providers/aws/validators_test.go @@ -189,6 +189,12 @@ func TestValidateAwsAccountId(t *testing.T) { } func TestValidateArn(t *testing.T) { + v := "" + _, errors := validateArn(v, "arn") + if len(errors) != 0 { + t.Fatalf("%q should not be validated as an ARN: %q", v, errors) + } + validNames := []string{ "arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment", // Beanstalk "arn:aws:iam::123456789012:user/David", // IAM User