Merge pull request #9584 from hashicorp/aws-iam-group-name-validation

provider/aws: Add validation to IAM User and Group Name
2016-10-25 14:23:17 +01:00 · 2016-10-25 14:23:17 +01:00 · c7935a0fd2
parent a18660bd5b 79557bca80
commit c7935a0fd2
6 changed files with 102 additions and 6 deletions
--- a/builtin/providers/aws/resource_aws_iam_group.go
+++ b/builtin/providers/aws/resource_aws_iam_group.go
@ -2,6 +2,7 @@ package aws

 import (
 	"fmt"
+	"regexp"

 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
@ -32,6 +33,7 @@ func resourceAwsIamGroup() *schema.Resource {
 			"name": &schema.Schema{
 				Type:         schema.TypeString,
 				Required:     true,
+				ValidateFunc: validateAwsIamGroupName,
 			},
 			"path": &schema.Schema{
 				Type:     schema.TypeString,
@ -127,3 +129,13 @@ func resourceAwsIamGroupDelete(d *schema.ResourceData, meta interface{}) error {
 	}
 	return nil
 }
+
+func validateAwsIamGroupName(v interface{}, k string) (ws []string, errors []error) {
+	value := v.(string)
+	if !regexp.MustCompile(`^[0-9A-Za-z=,.@-]+$`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"only alphanumeric characters, hyphens, commas, periods, @ symbols and equals signs allowed in %q: %q",
+			k, value))
+	}
+	return
+}
--- a/builtin/providers/aws/resource_aws_iam_group_test.go
+++ b/builtin/providers/aws/resource_aws_iam_group_test.go
@ -11,6 +11,42 @@ import (
 	"github.com/hashicorp/terraform/terraform"
 )

+func TestValidateIamGroupName(t *testing.T) {
+	validNames := []string{
+		"test-group",
+		"testgroup123",
+		"TestGroup",
+		"Test-Group",
+		"test.group",
+		"test.123,group",
+		"testgroup@hashicorp",
+	}
+	for _, v := range validNames {
+		_, errors := validateAwsIamGroupName(v, "name")
+		if len(errors) != 0 {
+			t.Fatalf("%q should be a valid IAM Group name: %q", v, errors)
+		}
+	}
+
+	invalidNames := []string{
+		"!",
+		"/",
+		" ",
+		":",
+		";",
+		"testgroup_123",
+		"test name",
+		"/slash-at-the-beginning",
+		"slash-at-the-end/",
+	}
+	for _, v := range invalidNames {
+		_, errors := validateAwsIamGroupName(v, "name")
+		if len(errors) == 0 {
+			t.Fatalf("%q should be an invalid IAM Group name", v)
+		}
+	}
+}
+
 func TestAccAWSIAMGroup_basic(t *testing.T) {
 	var conf iam.GetGroupOutput

--- a/builtin/providers/aws/resource_aws_iam_user.go
+++ b/builtin/providers/aws/resource_aws_iam_user.go
@ -3,6 +3,7 @@ package aws
 import (
 	"fmt"
 	"log"
+	"regexp"

 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
@ -41,6 +42,7 @@ func resourceAwsIamUser() *schema.Resource {
 			"name": &schema.Schema{
 				Type:         schema.TypeString,
 				Required:     true,
+				ValidateFunc: validateAwsIamUserName,
 			},
 			"path": &schema.Schema{
 				Type:     schema.TypeString,
@ -212,3 +214,13 @@ func resourceAwsIamUserDelete(d *schema.ResourceData, meta interface{}) error {
 	}
 	return nil
 }
+
+func validateAwsIamUserName(v interface{}, k string) (ws []string, errors []error) {
+	value := v.(string)
+	if !regexp.MustCompile(`^[0-9A-Za-z=,.@-]+$`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"only alphanumeric characters, hyphens, commas, periods, @ symbols and equals signs allowed in %q: %q",
+			k, value))
+	}
+	return
+}
--- a/builtin/providers/aws/resource_aws_iam_user_test.go
+++ b/builtin/providers/aws/resource_aws_iam_user_test.go
@ -12,6 +12,42 @@ import (
 	"github.com/hashicorp/terraform/terraform"
 )

+func TestValidateIamUserName(t *testing.T) {
+	validNames := []string{
+		"test-user",
+		"testuser123",
+		"TestUser",
+		"Test-User",
+		"test.user",
+		"test.123,user",
+		"testuser@hashicorp",
+	}
+	for _, v := range validNames {
+		_, errors := validateAwsIamUserName(v, "name")
+		if len(errors) != 0 {
+			t.Fatalf("%q should be a valid IAM User name: %q", v, errors)
+		}
+	}
+
+	invalidNames := []string{
+		"!",
+		"/",
+		" ",
+		":",
+		";",
+		"testuser_123",
+		"test name",
+		"/slash-at-the-beginning",
+		"slash-at-the-end/",
+	}
+	for _, v := range invalidNames {
+		_, errors := validateAwsIamUserName(v, "name")
+		if len(errors) == 0 {
+			t.Fatalf("%q should be an invalid IAM User name", v)
+		}
+	}
+}
+
 func TestAccAWSUser_basic(t *testing.T) {
 	var conf iam.GetUserOutput

--- a/website/source/docs/providers/aws/r/iam_group.html.markdown
+++ b/website/source/docs/providers/aws/r/iam_group.html.markdown
@ -23,7 +23,7 @@ resource "aws_iam_group" "developers" {

 The following arguments are supported:

-* `name` - (Required) The group's name.
+* `name` - (Required) The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-.`. 
 * `path` - (Optional, default "/") Path in which to create the group.

 ## Attributes Reference
--- a/website/source/docs/providers/aws/r/iam_user.html.markdown
+++ b/website/source/docs/providers/aws/r/iam_user.html.markdown
@ -46,7 +46,7 @@ EOF

 The following arguments are supported:

-* `name` - (Required) The user's name.
+* `name` - (Required) The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-.`.
 * `path` - (Optional, default "/") Path in which to create the user.
 * `force_destroy` - (Optional, default false) When destroying this user, destroy
  even if it has non-Terraform-managed IAM access keys. Without `force_destroy`