diff --git a/aws/resource_aws_secretsmanager_secret.go b/aws/resource_aws_secretsmanager_secret.go index 064402ad42d..edb12687036 100644 --- a/aws/resource_aws_secretsmanager_secret.go +++ b/aws/resource_aws_secretsmanager_secret.go @@ -42,6 +42,7 @@ func resourceAwsSecretsManagerSecret() *schema.Resource { Computed: true, ForceNew: true, ConflictsWith: []string{"name_prefix"}, + ValidateFunc: validateSecretManagerSecretName, }, "name_prefix": { Type: schema.TypeString, @@ -49,6 +50,7 @@ func resourceAwsSecretsManagerSecret() *schema.Resource { Computed: true, ForceNew: true, ConflictsWith: []string{"name"}, + ValidateFunc: validateSecretManagerSecretNamePrefix, }, "policy": { Type: schema.TypeString, diff --git a/aws/validators.go b/aws/validators.go index 7e8ec79e515..4a4da445d70 100644 --- a/aws/validators.go +++ b/aws/validators.go @@ -2014,6 +2014,19 @@ func validateLbTargetGroupName(v interface{}, k string) (ws []string, errors []e return } +func validateSecretManagerSecretName(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + if !regexp.MustCompile(`^[0-9A-Za-z/_+=.@-]+$`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "only alphanumeric characters and /_+=.@- special characters are allowed in %q", k)) + } + if len(value) > 512 { + errors = append(errors, fmt.Errorf( + "%q cannot be greater than 512 characters", k)) + } + return +} + func validateLbTargetGroupNamePrefix(v interface{}, k string) (ws []string, errors []error) { value := v.(string) prefixMaxLength := 32 - resource.UniqueIDSuffixLength @@ -2031,3 +2044,17 @@ func validateLbTargetGroupNamePrefix(v interface{}, k string) (ws []string, erro } return } + +func validateSecretManagerSecretNamePrefix(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + if !regexp.MustCompile(`^[0-9A-Za-z/_+=.@-]+$`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "only alphanumeric characters and /_+=.@- special characters are allowed in %q", k)) + } + prefixMaxLength := 512 - resource.UniqueIDSuffixLength + if len(value) > prefixMaxLength { + errors = append(errors, fmt.Errorf( + "%q cannot be greater than %d characters", k, prefixMaxLength)) + } + return +} diff --git a/aws/validators_test.go b/aws/validators_test.go index cafbef52bec..fe0e73073e0 100644 --- a/aws/validators_test.go +++ b/aws/validators_test.go @@ -2890,7 +2890,6 @@ func TestValidateLbTargetGroupName(t *testing.T) { ErrCount: 1, }, } - for _, tc := range cases { _, errors := validateLbTargetGroupName(tc.Value, "aws_lb_target_group") if len(errors) != tc.ErrCount { @@ -2917,7 +2916,6 @@ func TestValidateLbTargetGroupNamePrefix(t *testing.T) { ErrCount: 1, }, } - for _, tc := range cases { _, errors := validateLbTargetGroupNamePrefix(tc.Value, "aws_lb_target_group") if len(errors) != tc.ErrCount { @@ -2925,3 +2923,55 @@ func TestValidateLbTargetGroupNamePrefix(t *testing.T) { } } } + +func TestValidateSecretManagerSecretName(t *testing.T) { + cases := []struct { + Value string + ErrCount int + }{ + { + Value: "testing123!", + ErrCount: 1, + }, + { + Value: "testing 123", + ErrCount: 1, + }, + { + Value: randomString(513), + ErrCount: 1, + }, + } + for _, tc := range cases { + _, errors := validateSecretManagerSecretName(tc.Value, "aws_secretsmanager_secret") + if len(errors) != tc.ErrCount { + t.Fatalf("Expected the AWS Secretsmanager Secret Name to not trigger a validation error for %q", tc.Value) + } + } +} + +func TestValidateSecretManagerSecretNamePrefix(t *testing.T) { + cases := []struct { + Value string + ErrCount int + }{ + { + Value: "testing123!", + ErrCount: 1, + }, + { + Value: "testing 123", + ErrCount: 1, + }, + { + Value: randomString(512), + ErrCount: 1, + }, + } + for _, tc := range cases { + _, errors := validateSecretManagerSecretNamePrefix(tc.Value, "aws_secretsmanager_secret") + if len(errors) != tc.ErrCount { + t.Fatalf("Expected the AWS Secretsmanager Secret Name to not trigger a validation error for %q", tc.Value) + } + } +}