From 24c29c8d051bd605321b18dcccf04050c5e6f375 Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Mon, 22 Jul 2019 20:35:14 -0400 Subject: [PATCH] resource/aws_db_instance: Redact MasterUserPassword when displaying InvalidParameterValue error with CreateDBInstance It was previously requested that the aws_db_instance Terraform resource show the given CreateDBInstance input configuration when receiving an `InvalidParameterValue` error. This would previously show the `MasterUserPassword` field of the input in the UI. Previously before code update: ``` --- FAIL: TestAccAWSDBInstance_Password (5.84s) testing.go:561: Step 0, expected error: errors during apply: Error creating DB Instance: InvalidParameterValue: The parameter MasterUserPassword is not a valid password because it is shorter than 8 characters. status code: 400, request id: 795895e7-8110-4460-9bf7-5211729522d9, { AllocatedStorage: 5, AutoMinorVersionUpgrade: true, BackupRetentionPeriod: 0, CopyTagsToSnapshot: false, DBInstanceClass: "db.t2.micro", DBInstanceIdentifier: "tf-acc-test-796357036994784624", DBName: "", DeletionProtection: false, Engine: "mysql", EngineVersion: "", MasterUserPassword: "invalid", MasterUsername: "tfacctest", PubliclyAccessible: false, StorageEncrypted: false, Tags: [] } To match: MasterUserPassword: "\*{8}", ``` Output from acceptance testing after code update: ``` --- PASS: TestAccAWSDBInstance_Password (401.36s) ``` --- aws/resource_aws_db_instance.go | 1 + aws/resource_aws_db_instance_test.go | 52 ++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) diff --git a/aws/resource_aws_db_instance.go b/aws/resource_aws_db_instance.go index d3be465656f..8f444e6a80c 100644 --- a/aws/resource_aws_db_instance.go +++ b/aws/resource_aws_db_instance.go @@ -1185,6 +1185,7 @@ func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error }) if err != nil { if isAWSErr(err, "InvalidParameterValue", "") { + opts.MasterUserPassword = aws.String("********") return fmt.Errorf("Error creating DB Instance: %s, %+v", err, opts) } return fmt.Errorf("Error creating DB Instance: %s", err) diff --git a/aws/resource_aws_db_instance_test.go b/aws/resource_aws_db_instance_test.go index 6b535431d12..99fd458e637 100644 --- a/aws/resource_aws_db_instance_test.go +++ b/aws/resource_aws_db_instance_test.go @@ -463,6 +463,44 @@ func TestAccAWSDBInstance_MaxAllocatedStorage(t *testing.T) { }) } +func TestAccAWSDBInstance_Password(t *testing.T) { + var dbInstance rds.DBInstance + + rName := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_db_instance.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBInstanceDestroy, + Steps: []resource.TestStep{ + // Password should not be shown in error message + { + Config: testAccAWSDBInstanceConfig_Password(rName, "invalid"), + ExpectError: regexp.MustCompile(`MasterUserPassword: "\*{8}",`), + }, + { + Config: testAccAWSDBInstanceConfig_Password(rName, "valid-password"), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBInstanceExists(resourceName, &dbInstance), + resource.TestCheckResourceAttr(resourceName, "password", "valid-password"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{ + "apply_immediately", + "final_snapshot_identifier", + "password", + "skip_final_snapshot", + }, + }, + }, + }) +} + func TestAccAWSDBInstance_ReplicateSourceDb(t *testing.T) { var dbInstance, sourceDbInstance rds.DBInstance @@ -3971,6 +4009,20 @@ resource "aws_db_instance" "test" { `, rName, maxAllocatedStorage) } +func testAccAWSDBInstanceConfig_Password(rName, password string) string { + return fmt.Sprintf(` +resource "aws_db_instance" "test" { + allocated_storage = 5 + engine = "mysql" + identifier = %[1]q + instance_class = "db.t2.micro" + password = %[2]q + username = "tfacctest" + skip_final_snapshot = true +} +`, rName, password) +} + func testAccAWSDBInstanceConfig_ReplicateSourceDb(rName string) string { return fmt.Sprintf(` resource "aws_db_instance" "source" {