Merge branch 'mbrannigan-feature/add_password_validation_redshift_cluster'

This commit is contained in:
stack72 2016-08-24 20:52:01 +01:00
commit 7389dca606
No known key found for this signature in database
GPG Key ID: 8619A619B085CB16
3 changed files with 64 additions and 8 deletions

View File

@ -56,9 +56,10 @@ func resourceAwsRedshiftCluster() *schema.Resource {
},
"master_password": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Sensitive: true,
Type: schema.TypeString,
Optional: true,
Sensitive: true,
ValidateFunc: validateRedshiftClusterMasterPassword,
},
"cluster_security_groups": &schema.Schema{
@ -873,6 +874,26 @@ func validateRedshiftClusterMasterUsername(v interface{}, k string) (ws []string
return
}
func validateRedshiftClusterMasterPassword(v interface{}, k string) (ws []string, errors []error) {
value := v.(string)
if !regexp.MustCompile(`^.*[a-z].*`).MatchString(value) {
errors = append(errors, fmt.Errorf(
"%q must contain at least one lowercase letter", k))
}
if !regexp.MustCompile(`^.*[A-Z].*`).MatchString(value) {
errors = append(errors, fmt.Errorf(
"%q must contain at least one uppercase letter", k))
}
if !regexp.MustCompile(`^.*[0-9].*`).MatchString(value) {
errors = append(errors, fmt.Errorf(
"%q must contain at least one number", k))
}
if len(value) < 8 {
errors = append(errors, fmt.Errorf("%q must be at least 8 characters", k))
}
return
}
func buildRedshiftARN(identifier, accountid, region string) (string, error) {
if accountid == "" {
return "", fmt.Errorf("Unable to construct cluster ARN because of missing AWS Account ID")

View File

@ -408,6 +408,42 @@ func TestResourceAWSRedshiftClusterMasterUsernameValidation(t *testing.T) {
}
}
func TestResourceAWSRedshiftClusterMasterPasswordValidation(t *testing.T) {
cases := []struct {
Value string
ErrCount int
}{
{
Value: "1TESTING",
ErrCount: 1,
},
{
Value: "1testing",
ErrCount: 1,
},
{
Value: "TestTest",
ErrCount: 1,
},
{
Value: "T3st",
ErrCount: 1,
},
{
Value: "1Testing",
ErrCount: 0,
},
}
for _, tc := range cases {
_, errors := validateRedshiftClusterMasterPassword(tc.Value, "aws_redshift_cluster_master_password")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected the Redshift Cluster master_password to trigger a validation error")
}
}
}
var testAccAWSRedshiftClusterConfig_updateNodeCount = `
resource "aws_redshift_cluster" "default" {
cluster_identifier = "tf-redshift-cluster-%d"

View File

@ -32,9 +32,10 @@ The following arguments are supported:
string.
* `database_name` - (Optional) The name of the first database to be created when the cluster is created.
If you do not provide a name, Amazon Redshift will create a default database called `dev`.
* `node_type` - (Optional) The node type to be provisioned for the cluster.
* `master_password` - (Optional) Password for the master DB user. Note that this may
show up in logs, and it will be stored in the state file
* `node_type` - (Required) The node type to be provisioned for the cluster.
* `master_password` - (Optinal) Password for the master DB user. Note that this may
show up in logs, and it will be stored in the state file. Password must contain at least 8 chars and
contain at least one uppercase letter, one lowercase letter, and one number.
* `master_username` - (Required) Username for the master DB user
* `cluster_security_groups` - (Optional) A list of security groups to be associated with this cluster.
* `vpc_security_group_ids` - (Optional) A list of Virtual Private Cloud (VPC) security groups to be associated with the cluster.
@ -61,8 +62,6 @@ string.
* `bucket_name` - (Optional, required when `enable_logging` is `true`) The name of an existing S3 bucket where the log files are to be stored. Must be in the same region as the cluster and the cluster must have read bucket and put object permissions.
For more information on the permissions required for the bucket, please read the AWS [documentation](http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging)
* `s3_key_prefix` - (Optional) The prefix applied to the log file names.
* `snapshot_identifier` - (Optional) The name of the snapshot from which to create the new cluster.
* `snapshot_cluster_identifier` - (Optional) The name of the cluster the source snapshot was created from. This parameter is required if your IAM user has a policy containing a snapshot resource element that specifies anything other than * for the cluster name.
* `tags` - (Optional) A mapping of tags to assign to the resource.