From 0d68f6545dc848011a62fb12b74bd054c6826cc4 Mon Sep 17 00:00:00 2001 From: Krzysztof Wilczynski Date: Wed, 14 Sep 2016 17:29:38 +0100 Subject: [PATCH 1/2] Add JSON validation to the aws_kms_key resource. This commit adds support for new helper function which is used to normalise and validate JSON string. Signed-off-by: Krzysztof Wilczynski --- builtin/providers/aws/resource_aws_kms_key.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/builtin/providers/aws/resource_aws_kms_key.go b/builtin/providers/aws/resource_aws_kms_key.go index 264be2b2c..86669cb9c 100644 --- a/builtin/providers/aws/resource_aws_kms_key.go +++ b/builtin/providers/aws/resource_aws_kms_key.go @@ -55,6 +55,7 @@ func resourceAwsKmsKey() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, + ValidateFunc: validateJsonString, DiffSuppressFunc: suppressEquivalentAwsPolicyDiffs, }, "is_enabled": &schema.Schema{ @@ -143,7 +144,8 @@ func resourceAwsKmsKeyRead(d *schema.ResourceData, meta interface{}) error { return err } - d.Set("policy", normalizeJson(*p.Policy)) + policy, _ := normalizeJsonString(*p.Policy) + d.Set("policy", policy) krs, err := conn.GetKeyRotationStatus(&kms.GetKeyRotationStatusInput{ KeyId: metadata.KeyId, @@ -216,14 +218,14 @@ func resourceAwsKmsKeyDescriptionUpdate(conn *kms.KMS, d *schema.ResourceData) e } func resourceAwsKmsKeyPolicyUpdate(conn *kms.KMS, d *schema.ResourceData) error { - policy := d.Get("policy").(string) + policy, _ := normalizeJsonString(d.Get("policy").(string)) keyId := d.Get("key_id").(string) log.Printf("[DEBUG] KMS key: %s, update policy: %s", keyId, policy) req := &kms.PutKeyPolicyInput{ KeyId: aws.String(keyId), - Policy: aws.String(normalizeJson(policy)), + Policy: aws.String(policy), PolicyName: aws.String("default"), } _, err := conn.PutKeyPolicy(req) From 8f689812d1bfc1504be463a4bdffcd38b9d8a722 Mon Sep 17 00:00:00 2001 From: Krzysztof Wilczynski Date: Wed, 21 Sep 2016 19:38:01 +0100 Subject: [PATCH 2/2] Handle JSON parsing error in the ReadFunc for the policy document. Signed-off-by: Krzysztof Wilczynski --- builtin/providers/aws/resource_aws_kms_key.go | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/builtin/providers/aws/resource_aws_kms_key.go b/builtin/providers/aws/resource_aws_kms_key.go index 86669cb9c..5d3107736 100644 --- a/builtin/providers/aws/resource_aws_kms_key.go +++ b/builtin/providers/aws/resource_aws_kms_key.go @@ -5,11 +5,11 @@ import ( "log" "time" - "github.com/hashicorp/terraform/helper/resource" - "github.com/hashicorp/terraform/helper/schema" - "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/kms" + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/helper/schema" ) func resourceAwsKmsKey() *schema.Resource { @@ -144,7 +144,10 @@ func resourceAwsKmsKeyRead(d *schema.ResourceData, meta interface{}) error { return err } - policy, _ := normalizeJsonString(*p.Policy) + policy, err := normalizeJsonString(*p.Policy) + if err != nil { + return errwrap.Wrapf("policy contains an invalid JSON: {{err}}", err) + } d.Set("policy", policy) krs, err := conn.GetKeyRotationStatus(&kms.GetKeyRotationStatusInput{ @@ -218,7 +221,10 @@ func resourceAwsKmsKeyDescriptionUpdate(conn *kms.KMS, d *schema.ResourceData) e } func resourceAwsKmsKeyPolicyUpdate(conn *kms.KMS, d *schema.ResourceData) error { - policy, _ := normalizeJsonString(d.Get("policy").(string)) + policy, err := normalizeJsonString(d.Get("policy").(string)) + if err != nil { + return errwrap.Wrapf("policy contains an invalid JSON: {{err}}", err) + } keyId := d.Get("key_id").(string) log.Printf("[DEBUG] KMS key: %s, update policy: %s", keyId, policy) @@ -228,7 +234,7 @@ func resourceAwsKmsKeyPolicyUpdate(conn *kms.KMS, d *schema.ResourceData) error Policy: aws.String(policy), PolicyName: aws.String("default"), } - _, err := conn.PutKeyPolicy(req) + _, err = conn.PutKeyPolicy(req) return err }