kmsArnStartPattern - fix support for aws-us-gov

While the `kmsArnStartPattern` regexp supports `us-gov` as a region, it does not take the AWS partition into consideration.
For more info see https://docs.aws.amazon.com/govcloud-us/latest/ug-east/using-govcloud-arns.html

Added test case for AWS partition us-gov as well as a negative test case for a non-existing AWS partition.
This commit is contained in:
Michael F 2019-02-26 00:36:57 -08:00 committed by Michael Fiedler
parent 674ff489a9
commit 01a0b0c766
2 changed files with 3 additions and 1 deletions

View File

@ -151,7 +151,7 @@ func (c *AMIConfig) prepareRegions(accessConfig *AccessConfig) (errs []error) {
func validateKmsKey(kmsKey string) (valid bool) { func validateKmsKey(kmsKey string) (valid bool) {
kmsKeyIdPattern := `[a-f0-9-]+$` kmsKeyIdPattern := `[a-f0-9-]+$`
aliasPattern := `alias/[a-zA-Z0-9:/_-]+$` aliasPattern := `alias/[a-zA-Z0-9:/_-]+$`
kmsArnStartPattern := `^arn:aws:kms:([a-z]{2}-(gov-)?[a-z]+-\d{1})?:(\d{12}):` kmsArnStartPattern := `^arn:aws(-us-gov)?:kms:([a-z]{2}-(gov-)?[a-z]+-\d{1})?:(\d{12}):`
if regexp.MustCompile(fmt.Sprintf("^%s", kmsKeyIdPattern)).MatchString(kmsKey) { if regexp.MustCompile(fmt.Sprintf("^%s", kmsKeyIdPattern)).MatchString(kmsKey) {
return true return true
} }

View File

@ -187,6 +187,7 @@ func TestAMIConfigPrepare_ValidateKmsKey(t *testing.T) {
"alias/foo/bar", "alias/foo/bar",
"arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef", "arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef",
"arn:aws:kms:us-east-1:012345678910:alias/foo/bar", "arn:aws:kms:us-east-1:012345678910:alias/foo/bar",
"arn:aws-us-gov:kms:us-gov-east-1:123456789012:key/12345678-1234-abcd-0000-123456789012",
} }
for _, validCase := range validCases { for _, validCase := range validCases {
c.AMIKmsKeyId = validCase c.AMIKmsKeyId = validCase
@ -201,6 +202,7 @@ func TestAMIConfigPrepare_ValidateKmsKey(t *testing.T) {
"ghij1234+e567_890f-a12b-a123b4cd56ef", "ghij1234+e567_890f-a12b-a123b4cd56ef",
"foo/bar", "foo/bar",
"arn:aws:kms:us-east-1:012345678910:foo/bar", "arn:aws:kms:us-east-1:012345678910:foo/bar",
"arn:foo:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef",
} }
for _, invalidCase := range invalidCases { for _, invalidCase := range invalidCases {
c.AMIKmsKeyId = invalidCase c.AMIKmsKeyId = invalidCase