Merge pull request #2521 from TimeIncOSS/f-aws-iam-validation

provider/aws: Add validation for aws_iam_role.name
2025-02-20 11:48:24 -06:00 · 2015-06-26 15:53:08 +01:00 · 2015-06-26 15:53:08 +01:00 · b0d6dc39b1
commit b0d6dc39b1
parent 016c2047f0 a91db09efe
1 changed files with 14 additions and 0 deletions
--- a/builtin/providers/aws/resource_aws_iam_role.go
+++ b/builtin/providers/aws/resource_aws_iam_role.go
@ -2,6 +2,7 @@ package aws

 import (
 	"fmt"
+	"regexp"

 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
@ -31,6 +32,19 @@ func resourceAwsIamRole() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
+				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+					// https://github.com/boto/botocore/blob/2485f5c/botocore/data/iam/2010-05-08/service-2.json#L8329-L8334
+					value := v.(string)
+					if len(value) > 64 {
+						errors = append(errors, fmt.Errorf(
+							"%q cannot be longer than 64 characters", k))
+					}
+					if !regexp.MustCompile("^[\\w+=,.@-]*$").MatchString(value) {
+						errors = append(errors, fmt.Errorf(
+							"%q must match [\\w+=,.@-]", k))
+					}
+					return
+				},
 			},
 			"path": &schema.Schema{
 				Type:     schema.TypeString,