backend/s3: Reinstate region validation and update copy for skip_requesting_account_id deprecation message

This commit is contained in:
Brian Flad 2019-02-20 08:29:09 -08:00
parent 43f12bbfe0
commit a41e545198
No known key found for this signature in database
GPG Key ID: EC6252B42B012823
6 changed files with 61 additions and 6 deletions

View File

@ -163,7 +163,6 @@ func New() backend.Backend {
Optional: true,
Description: "Skip static validation of region name.",
Default: false,
Deprecated: "This attribute is no longer used.",
},
"skip_requesting_account_id": {
@ -171,7 +170,7 @@ func New() backend.Backend {
Optional: true,
Description: "Skip requesting the account ID.",
Default: false,
Deprecated: "The S3 Backend no longer automatically uses IAM or STS functionality to lookup the AWS Account ID and this attribute is no longer used.",
Deprecated: "The S3 Backend no longer automatically looks up the AWS Account ID and this attribute is no longer used.",
},
"skip_metadata_api_check": {
@ -261,6 +260,12 @@ func (b *Backend) configure(ctx context.Context) error {
// Grab the resource data
data := schema.FromContextBackendConfig(ctx)
if !data.Get("skip_region_validation").(bool) {
if err := awsbase.ValidateRegion(data.Get("region").(string)); err != nil {
return err
}
}
b.bucketName = data.Get("bucket").(string)
b.keyName = data.Get("key").(string)
b.serverSideEncryption = data.Get("encrypt").(bool)

2
go.mod
View File

@ -51,7 +51,7 @@ require (
github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-gateway v1.5.1 // indirect
github.com/hashicorp/aws-sdk-go-base v0.1.0
github.com/hashicorp/aws-sdk-go-base v0.2.0
github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089
github.com/hashicorp/errwrap v1.0.0
github.com/hashicorp/go-azure-helpers v0.0.0-20190129193224-166dfd221bb2

4
go.sum
View File

@ -115,8 +115,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92Bcuy
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
github.com/grpc-ecosystem/grpc-gateway v1.5.1 h1:3scN4iuXkNOyP98jF55Lv8a9j1o/IwvnDIZ0LHJK1nk=
github.com/grpc-ecosystem/grpc-gateway v1.5.1/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
github.com/hashicorp/aws-sdk-go-base v0.1.0 h1:f3eUqzUWiAVavKns7ot/IbrRz4uXdSTeU5diOTlNxAk=
github.com/hashicorp/aws-sdk-go-base v0.1.0/go.mod h1:ZIWACGGi0N7a4DZbf15yuE1JQORmWLtBcVM6F5SXNFU=
github.com/hashicorp/aws-sdk-go-base v0.2.0 h1:5bjZnWCvQg9Im5CHZr9t90IaFC4uvVlMl2fTh23IoCk=
github.com/hashicorp/aws-sdk-go-base v0.2.0/go.mod h1:ZIWACGGi0N7a4DZbf15yuE1JQORmWLtBcVM6F5SXNFU=
github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089 h1:1eDpXAxTh0iPv+1kc9/gfSI2pxRERDsTk/lNGolwHn8=
github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089/go.mod h1:mFrjN1mfidgJfYP1xrJCF+AfRhr6Eaqhb2+sfyn/OOI=
github.com/hashicorp/errwrap v0.0.0-20180715044906-d6c0cd880357/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=

View File

@ -1,3 +1,9 @@
# v0.2.0 (February 20, 2019)
ENHANCEMENTS
* validation: Add `ValidateAccountID` and `ValidateRegion` functions [GH-1]
# v0.1.0 (February 18, 2019)
* Initial release after split from github.com/terraform-providers/terraform-provider-aws

View File

@ -0,0 +1,44 @@
package awsbase
import (
"fmt"
"github.com/aws/aws-sdk-go/aws/endpoints"
)
// ValidateAccountID checks if the given AWS account ID is specifically allowed or forbidden.
// The allowedAccountIDs can be used as a whitelist and forbiddenAccountIDs can be used as a blacklist.
func ValidateAccountID(accountID string, allowedAccountIDs, forbiddenAccountIDs []string) error {
if len(forbiddenAccountIDs) > 0 {
for _, forbiddenAccountID := range forbiddenAccountIDs {
if accountID == forbiddenAccountID {
return fmt.Errorf("Forbidden AWS Account ID: %s", accountID)
}
}
}
if len(allowedAccountIDs) > 0 {
for _, allowedAccountID := range allowedAccountIDs {
if accountID == allowedAccountID {
return nil
}
}
return fmt.Errorf("AWS Account ID not allowed: %s)", accountID)
}
return nil
}
// ValidateRegion checks if the given region is a valid AWS region.
func ValidateRegion(region string) error {
for _, partition := range endpoints.DefaultPartitions() {
for _, partitionRegion := range partition.Regions() {
if region == partitionRegion.ID() {
return nil
}
}
}
return fmt.Errorf("Invalid AWS Region: %s", region)
}

2
vendor/modules.txt vendored
View File

@ -253,7 +253,7 @@ github.com/gophercloud/gophercloud/openstack/db/v1/datastores
github.com/gophercloud/gophercloud/internal
# github.com/gophercloud/utils v0.0.0-20190128072930-fbb6ab446f01
github.com/gophercloud/utils/openstack/clientconfig
# github.com/hashicorp/aws-sdk-go-base v0.1.0
# github.com/hashicorp/aws-sdk-go-base v0.2.0
github.com/hashicorp/aws-sdk-go-base
# github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089
github.com/hashicorp/consul/api